f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1888.998224][T10723] memory: usage 307200kB, limit 307200kB, failcnt 101140 [ 1889.009531][T10723] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1889.034235][T10723] Memory cgroup stats for /syz0: [ 1889.034337][T10723] anon 83005440 [ 1889.034337][T10723] file 139264 04:19:22 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47b") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1889.034337][T10723] kernel_stack 36372480 [ 1889.034337][T10723] slab 44945408 [ 1889.034337][T10723] sock 4096 [ 1889.034337][T10723] shmem 0 [ 1889.034337][T10723] file_mapped 0 [ 1889.034337][T10723] file_dirty 0 [ 1889.034337][T10723] file_writeback 0 [ 1889.034337][T10723] anon_thp 0 [ 1889.034337][T10723] inactive_anon 0 [ 1889.034337][T10723] active_anon 82931712 [ 1889.034337][T10723] inactive_file 32768 [ 1889.034337][T10723] active_file 0 [ 1889.034337][T10723] unevictable 0 [ 1889.034337][T10723] slab_reclaimable 5541888 [ 1889.034337][T10723] slab_unreclaimable 39403520 04:19:22 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1889.034337][T10723] pgfault 153747 [ 1889.034337][T10723] pgmajfault 0 [ 1889.034337][T10723] workingset_refault 495 [ 1889.034337][T10723] workingset_activate 396 [ 1889.034337][T10723] workingset_nodereclaim 0 [ 1889.034337][T10723] pgrefill 21266 [ 1889.034337][T10723] pgscan 21422 [ 1889.034337][T10723] pgsteal 1297 04:19:23 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d4f44df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1889.258306][T10723] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=932,uid=0 04:19:23 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5044df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1889.327985][T10723] Memory cgroup out of memory: Killed process 932 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1889.531841][T11001] syz-executor.0 invoked oom-killer: gfp_mask=0x402cc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 1889.593370][T11001] CPU: 1 PID: 11001 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1889.602620][T11001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1889.612866][T11001] Call Trace: [ 1889.616263][T11001] dump_stack+0x172/0x1f0 [ 1889.620605][T11001] dump_header+0x177/0x1152 [ 1889.625266][T11001] ? ___ratelimit+0xf8/0x595 [ 1889.629876][T11001] ? trace_hardirqs_on+0x67/0x240 [ 1889.634914][T11001] ? mark_oom_victim.cold+0x18/0x18 [ 1889.640217][T11001] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1889.646043][T11001] ? ___ratelimit+0x60/0x595 [ 1889.650653][T11001] ? do_raw_spin_unlock+0x57/0x270 [ 1889.655876][T11001] oom_kill_process.cold+0x10/0x15 [ 1889.661004][T11001] out_of_memory+0x79a/0x12c0 [ 1889.665691][T11001] ? lock_downgrade+0x920/0x920 [ 1889.670559][T11001] ? oom_killer_disable+0x280/0x280 [ 1889.675786][T11001] ? __kasan_check_read+0x11/0x20 [ 1889.680836][T11001] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1889.686402][T11001] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1889.692055][T11001] ? do_raw_spin_unlock+0x57/0x270 [ 1889.697178][T11001] ? _raw_spin_unlock+0x2d/0x50 [ 1889.702047][T11001] try_charge+0xf4b/0x1440 [ 1889.706488][T11001] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1889.712050][T11001] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1889.717615][T11001] ? __kasan_check_read+0x11/0x20 [ 1889.722654][T11001] ? lock_downgrade+0x920/0x920 [ 1889.727516][T11001] ? percpu_ref_tryget_live+0x111/0x290 [ 1889.733085][T11001] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1889.738566][T11001] ? memcg_kmem_put_cache+0x50/0x50 [ 1889.743785][T11001] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1889.749350][T11001] __memcg_kmem_charge+0x13a/0x3a0 [ 1889.754476][T11001] __alloc_pages_nodemask+0x4f4/0x900 [ 1889.759871][T11001] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1889.765611][T11001] ? kasan_unpoison_shadow+0x35/0x50 [ 1889.770912][T11001] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1889.777174][T11001] alloc_pages_current+0x107/0x210 [ 1889.782298][T11001] __vmalloc_node_range+0x4a9/0x7d0 [ 1889.787523][T11001] __vmalloc+0x44/0x50 [ 1889.791617][T11001] ? do_replace+0x1d0/0x420 [ 1889.796131][T11001] do_replace+0x1d0/0x420 [ 1889.800481][T11001] ? compat_target_to_user+0x340/0x340 [ 1889.805962][T11001] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1889.812229][T11001] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1889.818488][T11001] ? ns_capable_common+0x93/0x100 [ 1889.823539][T11001] do_ebt_set_ctl+0xec/0x110 [ 1889.828140][T11001] nf_setsockopt+0x77/0xd0 [ 1889.832571][T11001] ip_setsockopt+0xdf/0x100 [ 1889.837086][T11001] udp_setsockopt+0x68/0xb0 [ 1889.841610][T11001] sock_common_setsockopt+0x94/0xd0 [ 1889.846826][T11001] __sys_setsockopt+0x261/0x4c0 [ 1889.851702][T11001] ? sock_create_kern+0x50/0x50 [ 1889.856574][T11001] ? __x64_sys_clock_gettime+0x16d/0x240 [ 1889.863844][T11001] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1889.869929][T11001] __x64_sys_setsockopt+0xbe/0x150 [ 1889.875060][T11001] do_syscall_64+0xfa/0x760 [ 1889.879585][T11001] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1889.885481][T11001] RIP: 0033:0x459829 [ 1889.889404][T11001] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1889.909023][T11001] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1889.917444][T11001] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1889.925428][T11001] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000003 [ 1889.933409][T11001] RBP: 000000000075bf20 R08: 0000000000000220 R09: 0000000000000000 [ 1889.941393][T11001] R10: 0000000020000080 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1889.949375][T11001] R13: 00000000004c792f R14: 00000000004dd280 R15: 00000000ffffffff [ 1890.043358][T11001] memory: usage 307032kB, limit 307200kB, failcnt 101140 [ 1890.071057][T11001] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1890.093418][T11001] Memory cgroup stats for /syz0: [ 1890.093544][T11001] anon 83005440 [ 1890.093544][T11001] file 139264 [ 1890.093544][T11001] kernel_stack 36372480 [ 1890.093544][T11001] slab 44945408 [ 1890.093544][T11001] sock 4096 [ 1890.093544][T11001] shmem 0 [ 1890.093544][T11001] file_mapped 0 [ 1890.093544][T11001] file_dirty 0 [ 1890.093544][T11001] file_writeback 0 [ 1890.093544][T11001] anon_thp 0 [ 1890.093544][T11001] inactive_anon 0 [ 1890.093544][T11001] active_anon 82931712 [ 1890.093544][T11001] inactive_file 32768 [ 1890.093544][T11001] active_file 0 [ 1890.093544][T11001] unevictable 0 [ 1890.093544][T11001] slab_reclaimable 5541888 [ 1890.093544][T11001] slab_unreclaimable 39403520 [ 1890.093544][T11001] pgfault 153747 [ 1890.093544][T11001] pgmajfault 0 [ 1890.093544][T11001] workingset_refault 495 [ 1890.093544][T11001] workingset_activate 396 [ 1890.093544][T11001] workingset_nodereclaim 0 [ 1890.093544][T11001] pgrefill 21266 [ 1890.093544][T11001] pgscan 21422 [ 1890.093544][T11001] pgsteal 1297 [ 1890.187493][T11001] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=10955,uid=0 [ 1890.203287][T11001] Memory cgroup out of memory: Killed process 10955 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1890.218752][T11001] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1890.222744][T11313] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1890.245686][T11313] CPU: 0 PID: 11313 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1890.254821][T11313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1890.264870][T11313] Call Trace: [ 1890.268149][T11313] dump_stack+0x172/0x1f0 [ 1890.272469][T11313] dump_header+0x177/0x1152 [ 1890.276965][T11313] ? ___ratelimit+0xf8/0x595 [ 1890.281560][T11313] ? trace_hardirqs_on+0x67/0x240 [ 1890.286591][T11313] ? mark_oom_victim.cold+0x18/0x18 [ 1890.291783][T11313] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1890.297577][T11313] ? ___ratelimit+0x60/0x595 [ 1890.302159][T11313] ? do_raw_spin_unlock+0x57/0x270 [ 1890.307305][T11313] oom_kill_process.cold+0x10/0x15 [ 1890.312402][T11313] out_of_memory+0x79a/0x12c0 [ 1890.317067][T11313] ? lock_downgrade+0x920/0x920 [ 1890.321900][T11313] ? oom_killer_disable+0x280/0x280 [ 1890.327086][T11313] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1890.332615][T11313] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1890.338234][T11313] ? do_raw_spin_unlock+0x57/0x270 [ 1890.343330][T11313] ? _raw_spin_unlock+0x2d/0x50 [ 1890.348165][T11313] try_charge+0xa2d/0x1440 [ 1890.352657][T11313] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1890.358185][T11313] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1890.363713][T11313] ? __kasan_check_read+0x11/0x20 [ 1890.368725][T11313] ? lock_downgrade+0x920/0x920 [ 1890.373557][T11313] ? percpu_ref_tryget_live+0x111/0x290 [ 1890.379105][T11313] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1890.384554][T11313] ? memcg_kmem_put_cache+0x50/0x50 [ 1890.389758][T11313] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1890.395304][T11313] __memcg_kmem_charge+0x13a/0x3a0 [ 1890.400404][T11313] __alloc_pages_nodemask+0x4f4/0x900 [ 1890.405790][T11313] ? __lockdep_free_key_range+0x120/0x120 [ 1890.411501][T11313] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1890.417203][T11313] ? __pte_alloc+0x1b5/0x310 [ 1890.421795][T11313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1890.428019][T11313] ? copy_page_range+0x10c2/0x2120 [ 1890.433113][T11313] ? __kasan_check_read+0x11/0x20 [ 1890.438127][T11313] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1890.444373][T11313] alloc_pages_current+0x107/0x210 [ 1890.449528][T11313] pte_alloc_one+0x1b/0x1a0 [ 1890.454033][T11313] __pte_alloc+0x20/0x310 [ 1890.458374][T11313] copy_page_range+0x1610/0x2120 [ 1890.463307][T11313] ? perf_trace_lock+0xeb/0x4c0 [ 1890.468149][T11313] ? __pmd_alloc+0x460/0x460 [ 1890.472727][T11313] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1890.478275][T11313] ? __rb_insert_augmented+0x20c/0xd90 [ 1890.483720][T11313] ? validate_mm_rb+0xa3/0xc0 [ 1890.488417][T11313] ? __vma_link_rb+0x275/0x370 [ 1890.493181][T11313] ? __kasan_check_write+0x14/0x20 [ 1890.498339][T11313] dup_mm+0xa67/0x1430 [ 1890.502428][T11313] ? vm_area_dup+0x170/0x170 [ 1890.507008][T11313] ? debug_mutex_init+0x2d/0x5a [ 1890.511860][T11313] copy_process+0x28b7/0x6b00 [ 1890.516545][T11313] ? perf_trace_lock+0xeb/0x4c0 [ 1890.521410][T11313] ? __cleanup_sighand+0x60/0x60 [ 1890.526369][T11313] ? __kasan_check_read+0x11/0x20 [ 1890.531391][T11313] ? do_raw_spin_unlock+0x57/0x270 [ 1890.536517][T11313] _do_fork+0x146/0xfa0 [ 1890.540671][T11313] ? copy_init_mm+0x20/0x20 [ 1890.545172][T11313] ? __kasan_check_read+0x11/0x20 [ 1890.550183][T11313] ? _copy_to_user+0x118/0x160 [ 1890.554934][T11313] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1890.561164][T11313] ? put_timespec64+0xda/0x140 [ 1890.565919][T11313] __x64_sys_clone+0x18d/0x250 [ 1890.570687][T11313] ? __ia32_sys_vfork+0xc0/0xc0 [ 1890.575529][T11313] ? trace_hardirqs_off_caller+0x65/0x230 [ 1890.581237][T11313] ? trace_hardirqs_on+0x67/0x240 [ 1890.586253][T11313] do_syscall_64+0xfa/0x760 [ 1890.590749][T11313] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1890.596627][T11313] RIP: 0033:0x459829 [ 1890.600504][T11313] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1890.620093][T11313] RSP: 002b:00007f35763f8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1890.628511][T11313] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1890.636481][T11313] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1890.644575][T11313] RBP: 000000000075bfc8 R08: ffffffffffffffff R09: 0000000000000000 [ 1890.652538][T11313] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f35763f96d4 [ 1890.660499][T11313] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1890.668950][T11313] memory: usage 306928kB, limit 307200kB, failcnt 101160 [ 1890.676082][T11313] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1890.682927][T11313] Memory cgroup stats for /syz0: [ 1890.683042][T11313] anon 83005440 [ 1890.683042][T11313] file 139264 [ 1890.683042][T11313] kernel_stack 36503552 [ 1890.683042][T11313] slab 44945408 [ 1890.683042][T11313] sock 4096 [ 1890.683042][T11313] shmem 0 [ 1890.683042][T11313] file_mapped 0 [ 1890.683042][T11313] file_dirty 0 [ 1890.683042][T11313] file_writeback 0 [ 1890.683042][T11313] anon_thp 0 [ 1890.683042][T11313] inactive_anon 0 [ 1890.683042][T11313] active_anon 82931712 [ 1890.683042][T11313] inactive_file 32768 [ 1890.683042][T11313] active_file 0 [ 1890.683042][T11313] unevictable 0 [ 1890.683042][T11313] slab_reclaimable 5541888 [ 1890.683042][T11313] slab_unreclaimable 39403520 [ 1890.683042][T11313] pgfault 153747 [ 1890.683042][T11313] pgmajfault 0 [ 1890.683042][T11313] workingset_refault 495 [ 1890.683042][T11313] workingset_activate 396 [ 1890.683042][T11313] workingset_nodereclaim 0 [ 1890.683042][T11313] pgrefill 21266 [ 1890.683042][T11313] pgscan 21422 [ 1890.683042][T11313] pgsteal 1297 [ 1890.776678][T11313] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=10963,uid=0 04:19:24 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x7fffffe, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:19:24 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) 04:19:24 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5144df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:24 executing program 3: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d1244df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:24 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf0") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:19:24 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47b") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1890.792170][T11313] Memory cgroup out of memory: Killed process 10963 (syz-executor.0) total-vm:72972kB, anon-rss:180kB, file-rss:35792kB, shmem-rss:0kB, UID:0 04:19:24 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5244df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1890.858378][ T26] kauditd_printk_skb: 19 callbacks suppressed [ 1890.858397][ T26] audit: type=1400 audit(1564373964.639:1226): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5144DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=11318 comm="syz-executor.1" 04:19:24 executing program 3: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket(0xa, 0x2, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000300)=@broute={'broute\x00\x88\x00\x03\x00\x00\x00\x00\x02\x00', 0x20, 0x2, 0x230, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200004c0], 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000030000000000000081006e7230000000000000000000000000007465616d300000000000000000000000796cff0130000000000000004000000076657468305f746f5f7465616d000000aaaaaaaaaabb000000000000aaaaaaaaaabb0000000000000000d0000000d000000000010000766c616e00000000000000000000000000000000000000000000000000000000080000000000000200000000892f0700636f6e6e6c6162656c0000000000000000000000000000000000000020000000080000000000000000000000000000004e465155455545000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff0000000000000000000000000004000000e70000000000000000000000000000000000000000000001000000feffffff010000000b000000000000000000626f6e643000000000000000000000007465616d300000000000000000000000626f6e6430000000000000000000000076657468315f746f5f62726964676500aaaaaaaaaabb000000000000ffffffffffff00000008000000007000000070000000a0000000434f4e4e5345434d41524b000000000082790000000000000000000000000000080003697a1012a317c7dfa5e47cfb59"]}, 0x2a8) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, 0x0, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320263a09d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1891.063531][T11329] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:19:24 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5344df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1891.087751][ T26] audit: type=1400 audit(1564373964.699:1227): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D1244DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=11319 comm="syz-executor.3" 04:19:25 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) 04:19:25 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x8000000, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) [ 1891.223693][ T26] audit: type=1400 audit(1564373964.779:1228): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5244DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=11331 comm="syz-executor.1" 04:19:25 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5444df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1891.383098][ T26] audit: type=1400 audit(1564373964.999:1229): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5344DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=11437 comm="syz-executor.1" [ 1891.510504][T11459] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 04:19:25 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5544df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1891.555843][ T26] audit: type=1400 audit(1564373965.289:1230): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5444DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=11460 comm="syz-executor.1" 04:19:25 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1891.605298][T11459] CPU: 1 PID: 11459 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1891.614442][T11459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1891.625031][T11459] Call Trace: [ 1891.628341][T11459] dump_stack+0x172/0x1f0 [ 1891.632685][T11459] dump_header+0x177/0x1152 [ 1891.637206][T11459] ? ___ratelimit+0xf8/0x595 [ 1891.641811][T11459] ? trace_hardirqs_on+0x67/0x240 [ 1891.646849][T11459] ? mark_oom_victim.cold+0x18/0x18 [ 1891.652062][T11459] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1891.657879][T11459] ? ___ratelimit+0x60/0x595 [ 1891.662490][T11459] ? do_raw_spin_unlock+0x57/0x270 [ 1891.667615][T11459] oom_kill_process.cold+0x10/0x15 [ 1891.672743][T11459] out_of_memory+0x79a/0x12c0 [ 1891.677475][T11459] ? lock_downgrade+0x920/0x920 [ 1891.682957][T11459] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1891.689214][T11459] ? oom_killer_disable+0x280/0x280 [ 1891.694433][T11459] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1891.699996][T11459] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1891.705672][T11459] ? do_raw_spin_unlock+0x57/0x270 [ 1891.710805][T11459] ? _raw_spin_unlock+0x2d/0x50 [ 1891.715676][T11459] try_charge+0xf4b/0x1440 [ 1891.720116][T11459] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1891.725671][T11459] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1891.730147][ T26] audit: type=1400 audit(1564373965.479:1231): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5544DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=11564 comm="syz-executor.1" [ 1891.731222][T11459] ? __kasan_check_read+0x11/0x20 [ 1891.731245][T11459] ? lock_downgrade+0x920/0x920 [ 1891.731269][T11459] ? percpu_ref_tryget_live+0x111/0x290 [ 1891.769629][T11459] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1891.785440][T11459] ? memcg_kmem_put_cache+0x50/0x50 [ 1891.790648][T11459] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1891.796203][T11459] __memcg_kmem_charge+0x13a/0x3a0 [ 1891.801319][T11459] __alloc_pages_nodemask+0x4f4/0x900 04:19:25 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf0") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:19:25 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5644df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1891.806698][T11459] ? __lockdep_free_key_range+0x120/0x120 [ 1891.812431][T11459] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1891.818162][T11459] ? __pte_alloc+0x1b5/0x310 [ 1891.822775][T11459] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1891.829028][T11459] ? copy_page_range+0x10c2/0x2120 [ 1891.834152][T11459] ? __kasan_check_read+0x11/0x20 [ 1891.839188][T11459] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1891.845450][T11459] alloc_pages_current+0x107/0x210 [ 1891.850581][T11459] pte_alloc_one+0x1b/0x1a0 [ 1891.855099][T11459] __pte_alloc+0x20/0x310 [ 1891.861216][T11459] copy_page_range+0x1610/0x2120 [ 1891.866156][T11459] ? perf_trace_lock+0xeb/0x4c0 [ 1891.866188][T11459] ? __pmd_alloc+0x460/0x460 [ 1891.866209][T11459] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1891.881186][T11459] ? __rb_insert_augmented+0x20c/0xd90 [ 1891.886666][T11459] ? validate_mm_rb+0xa3/0xc0 [ 1891.891367][T11459] ? __vma_link_rb+0x275/0x370 [ 1891.896152][T11459] ? __kasan_check_write+0x14/0x20 [ 1891.901271][T11459] dup_mm+0xa67/0x1430 [ 1891.901300][T11459] ? vm_area_dup+0x170/0x170 [ 1891.901322][T11459] ? debug_mutex_init+0x2d/0x5a [ 1891.914820][T11459] copy_process+0x28b7/0x6b00 [ 1891.919516][T11459] ? perf_trace_lock+0xeb/0x4c0 [ 1891.924386][T11459] ? __cleanup_sighand+0x60/0x60 [ 1891.929340][T11459] ? __kasan_check_read+0x11/0x20 [ 1891.934379][T11459] ? do_raw_spin_unlock+0x57/0x270 [ 1891.939566][T11459] _do_fork+0x146/0xfa0 [ 1891.943732][T11459] ? copy_init_mm+0x20/0x20 [ 1891.948270][T11459] ? __kasan_check_read+0x11/0x20 [ 1891.953306][T11459] ? _copy_to_user+0x118/0x160 [ 1891.958080][T11459] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1891.964343][T11459] ? put_timespec64+0xda/0x140 [ 1891.969132][T11459] __x64_sys_clone+0x18d/0x250 [ 1891.973910][T11459] ? __ia32_sys_vfork+0xc0/0xc0 [ 1891.978780][T11459] ? trace_hardirqs_off_caller+0x65/0x230 [ 1891.984522][T11459] ? trace_hardirqs_on+0x67/0x240 [ 1891.989562][T11459] do_syscall_64+0xfa/0x760 [ 1891.994093][T11459] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1892.000082][T11459] RIP: 0033:0x459829 [ 1892.003985][T11459] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1892.008613][ T26] audit: type=1400 audit(1564373965.779:1232): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5644DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=11602 comm="syz-executor.1" [ 1892.023725][T11459] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1892.023739][T11459] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1892.023746][T11459] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1892.023754][T11459] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1892.023768][T11459] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1892.023777][T11459] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff 04:19:25 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1892.063810][T11459] memory: usage 307200kB, limit 307200kB, failcnt 101187 [ 1892.116940][T11459] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1892.129077][T11459] Memory cgroup stats for /syz0: [ 1892.129200][T11459] anon 82866176 [ 1892.129200][T11459] file 139264 [ 1892.129200][T11459] kernel_stack 36372480 [ 1892.129200][T11459] slab 44945408 [ 1892.129200][T11459] sock 4096 [ 1892.129200][T11459] shmem 0 [ 1892.129200][T11459] file_mapped 0 [ 1892.129200][T11459] file_dirty 0 [ 1892.129200][T11459] file_writeback 0 [ 1892.129200][T11459] anon_thp 0 [ 1892.129200][T11459] inactive_anon 0 [ 1892.129200][T11459] active_anon 82796544 [ 1892.129200][T11459] inactive_file 32768 [ 1892.129200][T11459] active_file 0 [ 1892.129200][T11459] unevictable 0 [ 1892.129200][T11459] slab_reclaimable 5541888 [ 1892.129200][T11459] slab_unreclaimable 39403520 [ 1892.129200][T11459] pgfault 153879 [ 1892.129200][T11459] pgmajfault 0 [ 1892.129200][T11459] workingset_refault 495 [ 1892.129200][T11459] workingset_activate 396 04:19:26 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47b") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:19:26 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5744df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:26 executing program 3: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320263a09d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='io.stat\x00', 0x0, 0x0) write$P9_RLERRORu(r1, &(0x7f0000000140)={0x29, 0x7, 0x2, {{0x1c, '/proc/thread-self/attr/exec\x00'}, 0x7b10}}, 0x29) [ 1892.129200][T11459] workingset_nodereclaim 0 [ 1892.129200][T11459] pgrefill 21266 [ 1892.129200][T11459] pgscan 21422 [ 1892.129200][T11459] pgsteal 1297 04:19:26 executing program 3 (fault-call:1 fault-nth:0): r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1892.285596][ T26] audit: type=1400 audit(1564373966.069:1233): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5744DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=11687 comm="syz-executor.1" 04:19:26 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5844df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1892.407232][ T26] audit: type=1400 audit(1564373966.109:1234): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=263A09D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=11689 comm="syz-executor.3" [ 1892.459895][T11804] FAULT_INJECTION: forcing a failure. [ 1892.459895][T11804] name failslab, interval 1, probability 0, space 0, times 0 [ 1892.527759][ T26] audit: type=1400 audit(1564373966.269:1235): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5844DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=11806 comm="syz-executor.1" [ 1892.550110][T11459] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=11416,uid=0 [ 1892.574514][T11804] CPU: 0 PID: 11804 Comm: syz-executor.3 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1892.585723][T11804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1892.595795][T11804] Call Trace: [ 1892.599104][T11804] dump_stack+0x172/0x1f0 [ 1892.603456][T11804] should_fail.cold+0xa/0x15 [ 1892.608060][T11804] ? release_sock+0x156/0x1c0 [ 1892.612291][T11459] Memory cgroup out of memory: Killed process 11416 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1892.612760][T11804] ? fault_create_debugfs_attr+0x180/0x180 [ 1892.632978][T11804] ? page_to_nid.part.0+0x20/0x20 [ 1892.638025][T11804] ? ___might_sleep+0x163/0x280 [ 1892.642901][T11804] __should_failslab+0x121/0x190 [ 1892.647859][T11804] should_failslab+0x9/0x14 [ 1892.652386][T11804] kmem_cache_alloc_node+0x268/0x740 [ 1892.657687][T11804] __alloc_skb+0xd5/0x5e0 [ 1892.662030][T11804] ? netdev_alloc_frag+0x1b0/0x1b0 [ 1892.667154][T11804] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1892.673403][T11804] ? netlink_autobind.isra.0+0x228/0x310 [ 1892.679037][T11804] ? security_socket_getpeersec_dgram+0x8d/0xc0 [ 1892.685295][T11804] netlink_sendmsg+0x972/0xd60 [ 1892.690078][T11804] ? netlink_unicast+0x710/0x710 [ 1892.695028][T11804] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 1892.700584][T11804] ? apparmor_socket_sendmsg+0x2a/0x30 [ 1892.706049][T11804] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1892.712309][T11804] ? security_socket_sendmsg+0x8d/0xc0 [ 1892.714405][T11459] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1892.717778][T11804] ? netlink_unicast+0x710/0x710 [ 1892.717796][T11804] sock_sendmsg+0xd7/0x130 [ 1892.717825][T11804] sock_write_iter+0x27c/0x3e0 [ 1892.740424][T11804] ? sock_sendmsg+0x130/0x130 [ 1892.745127][T11804] ? aa_path_link+0x340/0x340 [ 1892.749827][T11804] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1892.756169][T11804] ? iov_iter_init+0xee/0x210 [ 1892.760858][T11804] new_sync_write+0x4d3/0x770 [ 1892.763933][T11459] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1892.765542][T11804] ? new_sync_read+0x800/0x800 [ 1892.765556][T11804] ? __fget+0xa3/0x560 [ 1892.765576][T11804] ? common_file_perm+0x238/0x720 [ 1892.765596][T11804] ? __fget+0x384/0x560 [ 1892.795636][T11804] ? apparmor_file_permission+0x25/0x30 [ 1892.801189][T11804] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1892.807442][T11804] ? security_file_permission+0x8f/0x380 [ 1892.813094][T11804] __vfs_write+0xe1/0x110 [ 1892.817432][T11804] vfs_write+0x268/0x5d0 [ 1892.821688][T11804] ksys_write+0x14f/0x290 [ 1892.826022][T11804] ? __ia32_sys_read+0xb0/0xb0 [ 1892.830796][T11804] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1892.836872][T11804] __x64_sys_write+0x73/0xb0 [ 1892.841555][T11804] do_syscall_64+0xfa/0x760 [ 1892.848498][T11804] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1892.854568][T11804] RIP: 0033:0x459829 [ 1892.858471][T11804] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1892.878079][T11804] RSP: 002b:00007f28d99f8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1892.886514][T11804] RAX: ffffffffffffffda RBX: 00007f28d99f8c90 RCX: 0000000000459829 [ 1892.894488][T11804] RDX: 00000000000000fc RSI: 0000000020000800 RDI: 0000000000000003 [ 1892.902460][T11804] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1892.910436][T11804] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f28d99f96d4 [ 1892.918408][T11804] R13: 00000000004c5d9f R14: 00000000004e0070 R15: 0000000000000004 [ 1892.926514][T11459] CPU: 1 PID: 11459 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1892.935641][T11459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1892.945710][T11459] Call Trace: [ 1892.949036][T11459] dump_stack+0x172/0x1f0 [ 1892.953430][T11459] dump_header+0x177/0x1152 [ 1892.957964][T11459] ? ___ratelimit+0xf8/0x595 [ 1892.962574][T11459] ? trace_hardirqs_on+0x67/0x240 [ 1892.969115][T11459] ? mark_oom_victim.cold+0x18/0x18 [ 1892.974328][T11459] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1892.980148][T11459] ? ___ratelimit+0x60/0x595 [ 1892.984746][T11459] ? do_raw_spin_unlock+0x57/0x270 [ 1892.989886][T11459] oom_kill_process.cold+0x10/0x15 [ 1892.995016][T11459] out_of_memory+0x79a/0x12c0 [ 1892.999717][T11459] ? lock_downgrade+0x920/0x920 [ 1893.004584][T11459] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1893.010840][T11459] ? oom_killer_disable+0x280/0x280 [ 1893.016059][T11459] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1893.021619][T11459] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1893.027283][T11459] ? do_raw_spin_unlock+0x57/0x270 [ 1893.032408][T11459] ? _raw_spin_unlock+0x2d/0x50 [ 1893.037275][T11459] try_charge+0xf4b/0x1440 [ 1893.041713][T11459] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1893.047280][T11459] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1893.052838][T11459] ? __kasan_check_read+0x11/0x20 [ 1893.057880][T11459] ? lock_downgrade+0x920/0x920 [ 1893.062743][T11459] ? percpu_ref_tryget_live+0x111/0x290 [ 1893.068306][T11459] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1893.073780][T11459] ? memcg_kmem_put_cache+0x50/0x50 [ 1893.078994][T11459] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1893.084552][T11459] __memcg_kmem_charge+0x13a/0x3a0 [ 1893.089681][T11459] __alloc_pages_nodemask+0x4f4/0x900 [ 1893.095077][T11459] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1893.100821][T11459] ? percpu_ref_put_many+0xb6/0x190 [ 1893.106059][T11459] ? trace_hardirqs_on+0x67/0x240 [ 1893.111542][T11459] ? __kasan_check_read+0x11/0x20 [ 1893.116592][T11459] copy_process+0x3f8/0x6b00 [ 1893.121196][T11459] ? perf_trace_lock+0xeb/0x4c0 [ 1893.126168][T11459] ? __cleanup_sighand+0x60/0x60 [ 1893.131133][T11459] _do_fork+0x146/0xfa0 [ 1893.135303][T11459] ? copy_init_mm+0x20/0x20 [ 1893.139820][T11459] ? __kasan_check_read+0x11/0x20 [ 1893.144849][T11459] ? _copy_to_user+0x118/0x160 [ 1893.149657][T11459] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1893.155908][T11459] ? put_timespec64+0xda/0x140 [ 1893.160681][T11459] __x64_sys_clone+0x18d/0x250 [ 1893.165449][T11459] ? __ia32_sys_vfork+0xc0/0xc0 [ 1893.165469][T11459] ? trace_hardirqs_off_caller+0x65/0x230 [ 1893.165482][T11459] ? trace_hardirqs_on+0x67/0x240 [ 1893.165499][T11459] do_syscall_64+0xfa/0x760 [ 1893.165519][T11459] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1893.165538][T11459] RIP: 0033:0x459829 [ 1893.181187][T11459] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1893.195597][T11459] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1893.195612][T11459] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1893.195628][T11459] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1893.239662][T11459] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1893.247640][T11459] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1893.247648][T11459] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1893.249134][T11459] memory: usage 307192kB, limit 307200kB, failcnt 101225 [ 1893.272576][T11459] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1893.284317][T11459] Memory cgroup stats for /syz0: [ 1893.284514][T11459] anon 82866176 [ 1893.284514][T11459] file 139264 [ 1893.284514][T11459] kernel_stack 36372480 [ 1893.284514][T11459] slab 44945408 [ 1893.284514][T11459] sock 4096 [ 1893.284514][T11459] shmem 0 [ 1893.284514][T11459] file_mapped 0 [ 1893.284514][T11459] file_dirty 0 [ 1893.284514][T11459] file_writeback 0 [ 1893.284514][T11459] anon_thp 0 [ 1893.284514][T11459] inactive_anon 0 [ 1893.284514][T11459] active_anon 82796544 [ 1893.284514][T11459] inactive_file 32768 [ 1893.284514][T11459] active_file 0 [ 1893.284514][T11459] unevictable 0 [ 1893.284514][T11459] slab_reclaimable 5541888 [ 1893.284514][T11459] slab_unreclaimable 39403520 [ 1893.284514][T11459] pgfault 153945 [ 1893.284514][T11459] pgmajfault 0 [ 1893.284514][T11459] workingset_refault 495 [ 1893.284514][T11459] workingset_activate 396 [ 1893.284514][T11459] workingset_nodereclaim 0 [ 1893.284514][T11459] pgrefill 21266 [ 1893.284514][T11459] pgscan 21422 [ 1893.284514][T11459] pgsteal 1297 [ 1893.378828][T11459] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=832,uid=0 [ 1893.394490][T11459] Memory cgroup out of memory: Killed process 832 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1893.413507][T11458] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1893.427484][T11458] CPU: 0 PID: 11458 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1893.436609][T11458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1893.446657][T11458] Call Trace: [ 1893.449946][T11458] dump_stack+0x172/0x1f0 [ 1893.454362][T11458] dump_header+0x177/0x1152 [ 1893.458866][T11458] ? ___ratelimit+0xf8/0x595 [ 1893.463465][T11458] ? trace_hardirqs_on+0x67/0x240 [ 1893.468574][T11458] ? mark_oom_victim.cold+0x18/0x18 [ 1893.473771][T11458] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1893.479667][T11458] ? ___ratelimit+0x60/0x595 [ 1893.484258][T11458] ? do_raw_spin_unlock+0x57/0x270 [ 1893.489379][T11458] oom_kill_process.cold+0x10/0x15 [ 1893.494488][T11458] out_of_memory+0x79a/0x12c0 [ 1893.499161][T11458] ? lock_downgrade+0x920/0x920 [ 1893.504015][T11458] ? oom_killer_disable+0x280/0x280 [ 1893.509227][T11458] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1893.514770][T11458] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1893.520407][T11458] ? do_raw_spin_unlock+0x57/0x270 [ 1893.525518][T11458] ? _raw_spin_unlock+0x2d/0x50 [ 1893.530365][T11458] try_charge+0xa2d/0x1440 [ 1893.534779][T11458] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1893.540321][T11458] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1893.545866][T11458] ? __kasan_check_read+0x11/0x20 [ 1893.550902][T11458] ? lock_downgrade+0x920/0x920 [ 1893.555754][T11458] ? percpu_ref_tryget_live+0x111/0x290 [ 1893.561307][T11458] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1893.566767][T11458] ? memcg_kmem_put_cache+0x50/0x50 [ 1893.571971][T11458] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1893.577521][T11458] __memcg_kmem_charge+0x13a/0x3a0 [ 1893.582641][T11458] __alloc_pages_nodemask+0x4f4/0x900 [ 1893.588136][T11458] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1893.593860][T11458] ? percpu_ref_put_many+0xb6/0x190 [ 1893.599756][T11458] ? trace_hardirqs_on+0x67/0x240 [ 1893.604777][T11458] ? __kasan_check_read+0x11/0x20 [ 1893.609802][T11458] copy_process+0x3f8/0x6b00 [ 1893.614404][T11458] ? __kasan_check_read+0x11/0x20 [ 1893.619429][T11458] ? record_times+0x1e/0x2b0 [ 1893.624020][T11458] ? lock_downgrade+0x920/0x920 [ 1893.628879][T11458] ? __cleanup_sighand+0x60/0x60 [ 1893.633810][T11458] ? perf_trace_lock+0xeb/0x4c0 [ 1893.638660][T11458] ? __lockdep_free_key_range+0x120/0x120 [ 1893.644380][T11458] ? set_task_reclaim_state+0x56/0xb0 [ 1893.649770][T11458] _do_fork+0x146/0xfa0 [ 1893.653928][T11458] ? copy_init_mm+0x20/0x20 [ 1893.658429][T11458] ? lock_downgrade+0x920/0x920 [ 1893.663369][T11458] ? percpu_ref_tryget_live+0x290/0x290 [ 1893.669000][T11458] ? cgroup_file_notify+0x140/0x1b0 [ 1893.674195][T11458] ? blkcg_maybe_throttle_current+0x5fe/0x1030 [ 1893.680352][T11458] __x64_sys_clone+0x18d/0x250 [ 1893.685116][T11458] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1893.691369][T11458] ? __ia32_sys_vfork+0xc0/0xc0 [ 1893.696218][T11458] ? trace_hardirqs_off_caller+0x65/0x230 [ 1893.702024][T11458] ? trace_hardirqs_on+0x67/0x240 [ 1893.707052][T11458] do_syscall_64+0xfa/0x760 [ 1893.711556][T11458] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1893.717444][T11458] RIP: 0033:0x45c1f9 [ 1893.721340][T11458] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1893.740948][T11458] RSP: 002b:00007ffd41fb7008 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1893.749380][T11458] RAX: ffffffffffffffda RBX: 00007f35763d8700 RCX: 000000000045c1f9 [ 1893.757353][T11458] RDX: 00007f35763d89d0 RSI: 00007f35763d7db0 RDI: 00000000003d0f00 [ 1893.765320][T11458] RBP: 00007ffd41fb7220 R08: 00007f35763d8700 R09: 00007f35763d8700 [ 1893.773293][T11458] R10: 00007f35763d89d0 R11: 0000000000000202 R12: 0000000000000000 [ 1893.781268][T11458] R13: 00007ffd41fb70bf R14: 00007f35763d89c0 R15: 000000000075c07c [ 1893.792037][T11458] memory: usage 307132kB, limit 307200kB, failcnt 101230 [ 1893.799932][T11458] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1893.807331][T11458] Memory cgroup stats for /syz0: [ 1893.807440][T11458] anon 82866176 [ 1893.807440][T11458] file 139264 [ 1893.807440][T11458] kernel_stack 36438016 [ 1893.807440][T11458] slab 44945408 [ 1893.807440][T11458] sock 4096 [ 1893.807440][T11458] shmem 0 [ 1893.807440][T11458] file_mapped 0 [ 1893.807440][T11458] file_dirty 0 [ 1893.807440][T11458] file_writeback 0 [ 1893.807440][T11458] anon_thp 0 [ 1893.807440][T11458] inactive_anon 0 [ 1893.807440][T11458] active_anon 82931712 [ 1893.807440][T11458] inactive_file 32768 [ 1893.807440][T11458] active_file 0 [ 1893.807440][T11458] unevictable 0 [ 1893.807440][T11458] slab_reclaimable 5541888 [ 1893.807440][T11458] slab_unreclaimable 39403520 [ 1893.807440][T11458] pgfault 153945 [ 1893.807440][T11458] pgmajfault 0 [ 1893.807440][T11458] workingset_refault 495 [ 1893.807440][T11458] workingset_activate 396 [ 1893.807440][T11458] workingset_nodereclaim 0 [ 1893.807440][T11458] pgrefill 21266 [ 1893.807440][T11458] pgscan 21422 [ 1893.807440][T11458] pgsteal 1297 [ 1893.902944][T11458] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=11458,uid=0 [ 1893.918479][T11458] Memory cgroup out of memory: Killed process 11458 (syz-executor.0) total-vm:72840kB, anon-rss:172kB, file-rss:35792kB, shmem-rss:0kB, UID:0 04:19:27 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x11000000, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:19:27 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) 04:19:27 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5d44df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:27 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(0xffffffffffffffff) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:19:27 executing program 2 (fault-call:2 fault-nth:0): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 04:19:27 executing program 3 (fault-call:1 fault-nth:1): r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1893.934387][ T1057] oom_reaper: reaped process 11458 (syz-executor.0), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1894.001504][T11821] FAULT_INJECTION: forcing a failure. [ 1894.001504][T11821] name failslab, interval 1, probability 0, space 0, times 0 [ 1894.014791][T11823] FAULT_INJECTION: forcing a failure. [ 1894.014791][T11823] name failslab, interval 1, probability 0, space 0, times 0 [ 1894.050822][T11821] CPU: 1 PID: 11821 Comm: syz-executor.3 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1894.060067][T11821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1894.070132][T11821] Call Trace: [ 1894.073434][T11821] dump_stack+0x172/0x1f0 [ 1894.077787][T11821] should_fail.cold+0xa/0x15 [ 1894.082566][T11821] ? __kasan_check_read+0x11/0x20 [ 1894.087610][T11821] ? fault_create_debugfs_attr+0x180/0x180 [ 1894.093425][T11821] ? page_to_nid.part.0+0x20/0x20 [ 1894.098465][T11821] ? ___might_sleep+0x163/0x280 [ 1894.103333][T11821] __should_failslab+0x121/0x190 [ 1894.108284][T11821] should_failslab+0x9/0x14 [ 1894.112802][T11821] kmem_cache_alloc_node_trace+0x274/0x750 [ 1894.118614][T11821] ? kasan_unpoison_shadow+0x35/0x50 [ 1894.123909][T11821] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1894.129728][T11821] __kmalloc_node_track_caller+0x3d/0x70 [ 1894.135382][T11821] __kmalloc_reserve.isra.0+0x40/0xf0 [ 1894.140761][T11821] __alloc_skb+0x10b/0x5e0 [ 1894.145346][T11821] ? netdev_alloc_frag+0x1b0/0x1b0 [ 1894.150592][T11821] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1894.156840][T11821] ? netlink_autobind.isra.0+0x228/0x310 [ 1894.162485][T11821] ? security_socket_getpeersec_dgram+0x8d/0xc0 [ 1894.168737][T11821] netlink_sendmsg+0x972/0xd60 [ 1894.173521][T11821] ? netlink_unicast+0x710/0x710 [ 1894.178466][T11821] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 1894.184027][T11821] ? apparmor_socket_sendmsg+0x2a/0x30 [ 1894.189509][T11821] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1894.195789][T11821] ? security_socket_sendmsg+0x8d/0xc0 [ 1894.201431][T11821] ? netlink_unicast+0x710/0x710 [ 1894.206386][T11821] sock_sendmsg+0xd7/0x130 [ 1894.210813][T11821] sock_write_iter+0x27c/0x3e0 [ 1894.215586][T11821] ? sock_sendmsg+0x130/0x130 [ 1894.220276][T11821] ? aa_path_link+0x340/0x340 [ 1894.224966][T11821] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1894.231222][T11821] ? iov_iter_init+0xee/0x210 [ 1894.235914][T11821] new_sync_write+0x4d3/0x770 [ 1894.240618][T11821] ? new_sync_read+0x800/0x800 [ 1894.245388][T11821] ? __fget+0xa3/0x560 [ 1894.249469][T11821] ? common_file_perm+0x238/0x720 [ 1894.254506][T11821] ? __fget+0x384/0x560 [ 1894.258678][T11821] ? apparmor_file_permission+0x25/0x30 [ 1894.264243][T11821] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1894.270501][T11821] ? security_file_permission+0x8f/0x380 [ 1894.276145][T11821] __vfs_write+0xe1/0x110 [ 1894.280484][T11821] vfs_write+0x268/0x5d0 [ 1894.284734][T11821] ksys_write+0x14f/0x290 [ 1894.289074][T11821] ? __ia32_sys_read+0xb0/0xb0 [ 1894.293845][T11821] ? switch_fpu_return+0x1fa/0x4f0 [ 1894.298974][T11821] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1894.305058][T11821] __x64_sys_write+0x73/0xb0 [ 1894.309659][T11821] do_syscall_64+0xfa/0x760 [ 1894.314171][T11821] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1894.320077][T11821] RIP: 0033:0x459829 [ 1894.323978][T11821] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1894.343587][T11821] RSP: 002b:00007f28d99f8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1894.352012][T11821] RAX: ffffffffffffffda RBX: 00007f28d99f8c90 RCX: 0000000000459829 [ 1894.359987][T11821] RDX: 00000000000000fc RSI: 0000000020000800 RDI: 0000000000000003 [ 1894.367967][T11821] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1894.375942][T11821] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f28d99f96d4 [ 1894.383923][T11821] R13: 00000000004c5d9f R14: 00000000004e0070 R15: 0000000000000004 [ 1894.391925][T11823] CPU: 0 PID: 11823 Comm: syz-executor.2 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1894.401053][T11823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1894.411120][T11823] Call Trace: [ 1894.412426][T11829] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1894.414424][T11823] dump_stack+0x172/0x1f0 [ 1894.414445][T11823] should_fail.cold+0xa/0x15 [ 1894.414464][T11823] ? fault_create_debugfs_attr+0x180/0x180 [ 1894.414487][T11823] ? ___might_sleep+0x163/0x280 [ 1894.446083][T11823] __should_failslab+0x121/0x190 [ 1894.451034][T11823] should_failslab+0x9/0x14 [ 1894.455536][T11823] __kmalloc+0x2e0/0x770 [ 1894.459779][T11823] ? mark_held_locks+0xf0/0xf0 [ 1894.464547][T11823] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1894.470786][T11823] ? debug_smp_processor_id+0x3c/0x214 [ 1894.476251][T11823] ? tomoyo_realpath_from_path+0xcd/0x7b0 [ 1894.481984][T11823] tomoyo_realpath_from_path+0xcd/0x7b0 [ 1894.487533][T11823] ? tomoyo_path_number_perm+0x193/0x520 [ 1894.493175][T11823] tomoyo_path_number_perm+0x1dd/0x520 [ 1894.498634][T11823] ? tomoyo_path_number_perm+0x193/0x520 [ 1894.504285][T11823] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1894.510096][T11823] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1894.516357][T11823] ? __kasan_check_read+0x11/0x20 [ 1894.521405][T11823] ? __fget+0x384/0x560 [ 1894.525576][T11823] ? ksys_dup3+0x3e0/0x3e0 [ 1894.529995][T11823] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1894.536598][T11823] ? fput_many+0x12c/0x1a0 [ 1894.541022][T11823] tomoyo_file_ioctl+0x23/0x30 [ 1894.545806][T11823] security_file_ioctl+0x77/0xc0 [ 1894.550767][T11823] ksys_ioctl+0x57/0xd0 [ 1894.554931][T11823] __x64_sys_ioctl+0x73/0xb0 [ 1894.559529][T11823] do_syscall_64+0xfa/0x760 [ 1894.564044][T11823] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1894.569935][T11823] RIP: 0033:0x459829 [ 1894.573832][T11823] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1894.593446][T11823] RSP: 002b:00007fb829cadc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1894.601865][T11823] RAX: ffffffffffffffda RBX: 00007fb829cadc90 RCX: 0000000000459829 [ 1894.609926][T11823] RDX: 0000000000000000 RSI: 00000000400455c8 RDI: 0000000000000003 [ 1894.617896][T11823] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1894.625870][T11823] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb829cae6d4 [ 1894.633845][T11823] R13: 00000000004c250e R14: 00000000004d5930 R15: 0000000000000004 [ 1894.641845][T11829] CPU: 1 PID: 11829 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1894.651228][T11829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1894.661377][T11829] Call Trace: [ 1894.664681][T11829] dump_stack+0x172/0x1f0 [ 1894.669021][T11829] dump_header+0x177/0x1152 [ 1894.673543][T11829] ? ___ratelimit+0xf8/0x595 [ 1894.678149][T11829] ? trace_hardirqs_on+0x67/0x240 [ 1894.683192][T11829] ? mark_oom_victim.cold+0x18/0x18 [ 1894.688402][T11829] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1894.694217][T11829] ? ___ratelimit+0x60/0x595 [ 1894.698818][T11829] ? do_raw_spin_unlock+0x57/0x270 [ 1894.700748][T11823] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1894.703936][T11829] oom_kill_process.cold+0x10/0x15 [ 1894.703955][T11829] out_of_memory+0x79a/0x12c0 [ 1894.703971][T11829] ? lock_downgrade+0x920/0x920 [ 1894.703994][T11829] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1894.731489][T11829] ? oom_killer_disable+0x280/0x280 [ 1894.731515][T11829] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1894.731537][T11829] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1894.742266][T11829] ? do_raw_spin_unlock+0x57/0x270 [ 1894.742283][T11829] ? _raw_spin_unlock+0x2d/0x50 [ 1894.742303][T11829] try_charge+0xf4b/0x1440 [ 1894.753041][T11829] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1894.753057][T11829] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1894.753079][T11829] ? __kasan_check_read+0x11/0x20 [ 1894.767952][T11829] ? lock_downgrade+0x920/0x920 [ 1894.767970][T11829] ? percpu_ref_tryget_live+0x111/0x290 [ 1894.767987][T11829] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1894.768001][T11829] ? memcg_kmem_put_cache+0x50/0x50 [ 1894.768016][T11829] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1894.768029][T11829] __memcg_kmem_charge+0x13a/0x3a0 [ 1894.768046][T11829] __alloc_pages_nodemask+0x4f4/0x900 [ 1894.768068][T11829] ? stack_trace_consume_entry+0x190/0x190 [ 1894.783448][T11829] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1894.783464][T11829] ? debug_smp_processor_id+0x3c/0x214 [ 1894.783484][T11829] ? save_stack+0x5c/0x90 [ 1894.794469][T11829] ? save_stack+0x23/0x90 [ 1894.794485][T11829] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1894.794504][T11829] ? kasan_slab_alloc+0xf/0x20 04:19:28 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) 04:19:28 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5959df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:28 executing program 3 (fault-call:1 fault-nth:2): r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1894.794517][T11829] ? kmem_cache_alloc+0x121/0x710 [ 1894.794533][T11829] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1894.794558][T11829] alloc_pages_current+0x107/0x210 [ 1894.794576][T11829] get_zeroed_page+0x14/0x50 [ 1894.794591][T11829] __pud_alloc+0x3b/0x250 [ 1894.794612][T11829] pud_alloc+0xde/0x150 [ 1894.805357][T11829] copy_page_range+0x383/0x2120 [ 1894.823118][T10516] Bluetooth: hci0: Frame reassembly failed (-84) [ 1894.827304][T11829] ? percpu_ref_put_many+0x94/0x190 [ 1894.827326][T11829] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1894.827344][T11829] ? anon_vma_fork+0x371/0x4a0 [ 1894.827367][T11829] ? lock_downgrade+0x920/0x920 [ 1894.843864][T10516] Bluetooth: hci0: Frame reassembly failed (-84) [ 1894.847262][T11829] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1894.847281][T11829] ? __pmd_alloc+0x460/0x460 [ 1894.847294][T11829] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1894.847311][T11829] ? validate_mm_rb+0xa3/0xc0 [ 1894.847326][T11829] ? __vma_link_rb+0x275/0x370 [ 1894.847347][T11829] dup_mm+0xa67/0x1430 [ 1894.907092][T11829] ? vm_area_dup+0x170/0x170 [ 1894.916678][T11829] ? debug_mutex_init+0x2d/0x5a [ 1894.916696][T11829] copy_process+0x28b7/0x6b00 [ 1894.916710][T11829] ? perf_trace_lock+0xeb/0x4c0 [ 1894.916732][T11829] ? __cleanup_sighand+0x60/0x60 [ 1894.916758][T11829] _do_fork+0x146/0xfa0 [ 1894.916782][T11829] ? copy_init_mm+0x20/0x20 [ 1894.916803][T11829] ? __kasan_check_read+0x11/0x20 [ 1894.961938][T11829] ? _copy_to_user+0x118/0x160 [ 1894.961960][T11829] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1894.961974][T11829] ? put_timespec64+0xda/0x140 [ 1894.961999][T11829] __x64_sys_clone+0x18d/0x250 [ 1895.011652][T11829] ? __ia32_sys_vfork+0xc0/0xc0 [ 1895.011675][T11829] ? trace_hardirqs_off_caller+0x65/0x230 [ 1895.011694][T11829] ? trace_hardirqs_on+0x67/0x240 [ 1895.027267][T11829] do_syscall_64+0xfa/0x760 [ 1895.031796][T11829] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1895.037694][T11829] RIP: 0033:0x459829 [ 1895.041595][T11829] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1895.061430][T11829] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1895.069849][T11829] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1895.077829][T11829] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1895.085921][T11829] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1895.093902][T11829] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1895.101885][T11829] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff 04:19:28 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d595ddf8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:28 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(0xffffffffffffffff) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1895.161305][T12009] FAULT_INJECTION: forcing a failure. [ 1895.161305][T12009] name failslab, interval 1, probability 0, space 0, times 0 [ 1895.194464][T12009] CPU: 1 PID: 12009 Comm: syz-executor.3 Not tainted 5.3.0-rc1-next-20190726 #53 04:19:29 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1895.203613][T12009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1895.213670][T12009] Call Trace: [ 1895.217508][T12009] dump_stack+0x172/0x1f0 [ 1895.221859][T12009] should_fail.cold+0xa/0x15 [ 1895.226552][T12009] ? fault_create_debugfs_attr+0x180/0x180 [ 1895.232394][T12009] ? __lockdep_free_key_range+0x120/0x120 [ 1895.238130][T12009] __should_failslab+0x121/0x190 [ 1895.243078][T12009] should_failslab+0x9/0x14 [ 1895.247606][T12009] kmem_cache_alloc+0x47/0x710 [ 1895.252382][T12009] ? lock_acquire+0x190/0x410 [ 1895.257062][T12009] ? netlink_deliver_tap+0x146/0xbf0 [ 1895.262356][T12009] skb_clone+0x154/0x3d0 [ 1895.266611][T12009] netlink_deliver_tap+0x94d/0xbf0 [ 1895.271735][T12009] netlink_unicast+0x5a2/0x710 [ 1895.276524][T12009] ? netlink_attachskb+0x7c0/0x7c0 [ 1895.281649][T12009] ? _copy_from_iter_full+0x25d/0x8a0 [ 1895.287024][T12009] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1895.287042][T12009] ? __check_object_size+0x3d/0x43c [ 1895.287061][T12009] netlink_sendmsg+0x8a5/0xd60 [ 1895.287081][T12009] ? netlink_unicast+0x710/0x710 [ 1895.287096][T12009] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 1895.287118][T12009] ? apparmor_socket_sendmsg+0x2a/0x30 [ 1895.302780][T12009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1895.302797][T12009] ? security_socket_sendmsg+0x8d/0xc0 [ 1895.302818][T12009] ? netlink_unicast+0x710/0x710 [ 1895.335350][T12009] sock_sendmsg+0xd7/0x130 [ 1895.339784][T12009] sock_write_iter+0x27c/0x3e0 [ 1895.344557][T12009] ? sock_sendmsg+0x130/0x130 [ 1895.349251][T12009] ? aa_path_link+0x340/0x340 [ 1895.353940][T12009] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1895.360363][T12009] ? iov_iter_init+0xee/0x210 [ 1895.365053][T12009] new_sync_write+0x4d3/0x770 [ 1895.369739][T12009] ? new_sync_read+0x800/0x800 [ 1895.374516][T12009] ? __fget+0xa3/0x560 [ 1895.378598][T12009] ? common_file_perm+0x238/0x720 [ 1895.382424][T11829] memory: usage 307200kB, limit 307200kB, failcnt 101248 [ 1895.383625][T12009] ? __fget+0x384/0x560 [ 1895.383646][T12009] ? apparmor_file_permission+0x25/0x30 [ 1895.383665][T12009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1895.383690][T12009] ? security_file_permission+0x8f/0x380 [ 1895.393564][T11829] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1895.394863][T12009] __vfs_write+0xe1/0x110 [ 1895.394883][T12009] vfs_write+0x268/0x5d0 [ 1895.394902][T12009] ksys_write+0x14f/0x290 [ 1895.394919][T12009] ? __ia32_sys_read+0xb0/0xb0 [ 1895.394938][T12009] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1895.394957][T12009] __x64_sys_write+0x73/0xb0 [ 1895.394979][T12009] do_syscall_64+0xfa/0x760 [ 1895.407589][T11829] Memory cgroup stats for /syz0: [ 1895.407868][T11829] anon 82866176 [ 1895.407868][T11829] file 139264 [ 1895.407868][T11829] kernel_stack 36438016 [ 1895.407868][T11829] slab 44945408 [ 1895.407868][T11829] sock 4096 [ 1895.407868][T11829] shmem 0 [ 1895.407868][T11829] file_mapped 0 [ 1895.407868][T11829] file_dirty 0 [ 1895.407868][T11829] file_writeback 0 [ 1895.407868][T11829] anon_thp 0 [ 1895.407868][T11829] inactive_anon 0 [ 1895.407868][T11829] active_anon 82931712 [ 1895.407868][T11829] inactive_file 32768 [ 1895.407868][T11829] active_file 0 [ 1895.407868][T11829] unevictable 0 [ 1895.407868][T11829] slab_reclaimable 5541888 [ 1895.407868][T11829] slab_unreclaimable 39403520 [ 1895.407868][T11829] pgfault 153978 [ 1895.407868][T11829] pgmajfault 0 [ 1895.407868][T11829] workingset_refault 495 [ 1895.407868][T11829] workingset_activate 396 [ 1895.407868][T11829] workingset_nodereclaim 0 [ 1895.407868][T11829] pgrefill 21266 [ 1895.407868][T11829] pgscan 21422 [ 1895.407868][T11829] pgsteal 1297 [ 1895.412386][T12009] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1895.412399][T12009] RIP: 0033:0x459829 [ 1895.412415][T12009] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1895.412430][T12009] RSP: 002b:00007f28d99f8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1895.423625][T11829] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=11814,uid=0 [ 1895.427822][T12009] RAX: ffffffffffffffda RBX: 00007f28d99f8c90 RCX: 0000000000459829 [ 1895.427831][T12009] RDX: 00000000000000fc RSI: 0000000020000800 RDI: 0000000000000003 [ 1895.427838][T12009] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1895.427846][T12009] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f28d99f96d4 [ 1895.427854][T12009] R13: 00000000004c5d9f R14: 00000000004e0070 R15: 0000000000000004 [ 1895.560746][T11829] Memory cgroup out of memory: Killed process 11814 (syz-executor.0) total-vm:72840kB, anon-rss:180kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1895.621318][ T1057] oom_reaper: reaped process 11814 (syz-executor.0), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1895.684909][T11829] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1895.719007][T11829] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1895.731637][T11829] CPU: 1 PID: 11829 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1895.740752][T11829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1895.750821][T11829] Call Trace: [ 1895.754113][T11829] dump_stack+0x172/0x1f0 [ 1895.758442][T11829] dump_header+0x177/0x1152 [ 1895.762943][T11829] ? ___ratelimit+0xf8/0x595 [ 1895.767550][T11829] ? trace_hardirqs_on+0x67/0x240 [ 1895.772572][T11829] ? mark_oom_victim.cold+0x18/0x18 [ 1895.777784][T11829] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1895.783584][T11829] ? ___ratelimit+0x60/0x595 [ 1895.788184][T11829] ? do_raw_spin_unlock+0x57/0x270 [ 1895.793290][T11829] oom_kill_process.cold+0x10/0x15 [ 1895.798413][T11829] out_of_memory+0x79a/0x12c0 [ 1895.803105][T11829] ? lock_downgrade+0x920/0x920 [ 1895.807971][T11829] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1895.814198][T11829] ? oom_killer_disable+0x280/0x280 [ 1895.819413][T11829] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1895.824973][T11829] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1895.830607][T11829] ? do_raw_spin_unlock+0x57/0x270 [ 1895.835724][T11829] ? _raw_spin_unlock+0x2d/0x50 [ 1895.840571][T11829] try_charge+0xf4b/0x1440 [ 1895.844984][T11829] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1895.850535][T11829] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1895.856082][T11829] ? __kasan_check_read+0x11/0x20 [ 1895.863221][T11829] ? lock_downgrade+0x920/0x920 [ 1895.868071][T11829] ? percpu_ref_tryget_live+0x111/0x290 [ 1895.873607][T11829] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1895.879050][T11829] ? memcg_kmem_put_cache+0x50/0x50 [ 1895.884237][T11829] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1895.889774][T11829] __memcg_kmem_charge+0x13a/0x3a0 [ 1895.894886][T11829] __alloc_pages_nodemask+0x4f4/0x900 [ 1895.900437][T11829] ? __lockdep_free_key_range+0x120/0x120 [ 1895.906184][T11829] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1895.911912][T11829] ? __pte_alloc+0x1b5/0x310 [ 1895.916514][T11829] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1895.922758][T11829] ? copy_page_range+0x10c2/0x2120 [ 1895.927886][T11829] ? __kasan_check_read+0x11/0x20 [ 1895.932924][T11829] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1895.939171][T11829] alloc_pages_current+0x107/0x210 [ 1895.944442][T11829] pte_alloc_one+0x1b/0x1a0 [ 1895.948968][T11829] __pte_alloc+0x20/0x310 [ 1895.953297][T11829] copy_page_range+0x1610/0x2120 [ 1895.958231][T11829] ? perf_trace_lock+0xeb/0x4c0 [ 1895.963123][T11829] ? __pmd_alloc+0x460/0x460 [ 1895.967719][T11829] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1895.973275][T11829] ? __rb_insert_augmented+0x20c/0xd90 [ 1895.978721][T11829] ? validate_mm_rb+0xa3/0xc0 [ 1895.983417][T11829] ? __vma_link_rb+0x275/0x370 [ 1895.988193][T11829] ? __kasan_check_write+0x14/0x20 [ 1895.993306][T11829] dup_mm+0xa67/0x1430 [ 1895.997389][T11829] ? vm_area_dup+0x170/0x170 [ 1896.001999][T11829] ? debug_mutex_init+0x2d/0x5a [ 1896.006869][T11829] copy_process+0x28b7/0x6b00 [ 1896.011565][T11829] ? perf_trace_lock+0xeb/0x4c0 [ 1896.016455][T11829] ? __cleanup_sighand+0x60/0x60 [ 1896.021413][T11829] _do_fork+0x146/0xfa0 [ 1896.025579][T11829] ? copy_init_mm+0x20/0x20 [ 1896.030089][T11829] ? __kasan_check_read+0x11/0x20 [ 1896.035117][T11829] ? _copy_to_user+0x118/0x160 [ 1896.035137][T11829] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1896.035150][T11829] ? put_timespec64+0xda/0x140 [ 1896.035170][T11829] __x64_sys_clone+0x18d/0x250 [ 1896.035186][T11829] ? __ia32_sys_vfork+0xc0/0xc0 [ 1896.035214][T11829] ? trace_hardirqs_off_caller+0x65/0x230 [ 1896.066274][T11829] ? trace_hardirqs_on+0x67/0x240 [ 1896.071308][T11829] do_syscall_64+0xfa/0x760 [ 1896.075852][T11829] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1896.081744][T11829] RIP: 0033:0x459829 [ 1896.085687][T11829] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1896.105300][T11829] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1896.113710][T11829] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1896.121700][T11829] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1896.129661][T11829] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1896.137625][T11829] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1896.145620][T11829] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1896.154720][T11829] memory: usage 307196kB, limit 307200kB, failcnt 101296 [ 1896.161935][T11829] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1896.168837][T11829] Memory cgroup stats for /syz0: [ 1896.168961][T11829] anon 82731008 [ 1896.168961][T11829] file 139264 [ 1896.168961][T11829] kernel_stack 36372480 [ 1896.168961][T11829] slab 44945408 [ 1896.168961][T11829] sock 4096 [ 1896.168961][T11829] shmem 0 [ 1896.168961][T11829] file_mapped 0 [ 1896.168961][T11829] file_dirty 0 [ 1896.168961][T11829] file_writeback 0 [ 1896.168961][T11829] anon_thp 0 [ 1896.168961][T11829] inactive_anon 0 [ 1896.168961][T11829] active_anon 82796544 [ 1896.168961][T11829] inactive_file 32768 [ 1896.168961][T11829] active_file 0 [ 1896.168961][T11829] unevictable 0 [ 1896.168961][T11829] slab_reclaimable 5541888 [ 1896.168961][T11829] slab_unreclaimable 39403520 [ 1896.168961][T11829] pgfault 154011 [ 1896.168961][T11829] pgmajfault 0 [ 1896.168961][T11829] workingset_refault 495 [ 1896.168961][T11829] workingset_activate 396 [ 1896.168961][T11829] workingset_nodereclaim 0 [ 1896.168961][T11829] pgrefill 21266 [ 1896.168961][T11829] pgscan 21422 [ 1896.168961][T11829] pgsteal 1297 [ 1896.262185][T11829] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=464,uid=0 [ 1896.277526][T11829] Memory cgroup out of memory: Killed process 464 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1896.293727][ T1057] oom_reaper: reaped process 464 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1896.307335][T11827] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1896.318525][T11827] CPU: 1 PID: 11827 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1896.327728][T11827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1896.337814][T11827] Call Trace: [ 1896.341091][T11827] dump_stack+0x172/0x1f0 [ 1896.345417][T11827] dump_header+0x177/0x1152 [ 1896.349915][T11827] ? ___ratelimit+0xf8/0x595 [ 1896.354576][T11827] ? trace_hardirqs_on+0x67/0x240 [ 1896.359618][T11827] ? mark_oom_victim.cold+0x18/0x18 [ 1896.364819][T11827] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1896.370645][T11827] ? ___ratelimit+0x60/0x595 [ 1896.375216][T11827] ? do_raw_spin_unlock+0x57/0x270 [ 1896.380325][T11827] oom_kill_process.cold+0x10/0x15 [ 1896.385431][T11827] out_of_memory+0x79a/0x12c0 [ 1896.390102][T11827] ? lock_downgrade+0x920/0x920 [ 1896.394935][T11827] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1896.401153][T11827] ? oom_killer_disable+0x280/0x280 [ 1896.406354][T11827] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1896.411900][T11827] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1896.417520][T11827] ? do_raw_spin_unlock+0x57/0x270 [ 1896.422614][T11827] ? _raw_spin_unlock+0x2d/0x50 [ 1896.427456][T11827] try_charge+0xf4b/0x1440 [ 1896.431864][T11827] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1896.437390][T11827] ? percpu_ref_tryget_live+0x111/0x290 [ 1896.442932][T11827] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1896.448478][T11827] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1896.454029][T11827] mem_cgroup_try_charge+0x136/0x590 [ 1896.459302][T11827] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1896.465021][T11827] wp_page_copy+0x421/0x15e0 [ 1896.469607][T11827] ? page_trans_huge_mapcount+0x166/0x450 [ 1896.475307][T11827] ? pmd_pfn+0x1d0/0x1d0 [ 1896.479530][T11827] ? lock_downgrade+0x920/0x920 [ 1896.484367][T11827] ? swp_swapcount+0x540/0x540 [ 1896.489114][T11827] ? psi_memstall_leave+0x12e/0x180 [ 1896.494301][T11827] ? __kasan_check_read+0x11/0x20 [ 1896.499331][T11827] ? do_raw_spin_unlock+0x57/0x270 [ 1896.504440][T11827] do_wp_page+0x499/0x14d0 [ 1896.508855][T11827] ? finish_mkwrite_fault+0x570/0x570 [ 1896.514255][T11827] __handle_mm_fault+0x22f7/0x3f20 [ 1896.519385][T11827] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1896.524927][T11827] ? __kasan_check_read+0x11/0x20 [ 1896.529950][T11827] ? trace_hardirqs_on+0x67/0x240 [ 1896.534960][T11827] handle_mm_fault+0x1b5/0x6b0 [ 1896.539738][T11827] __do_page_fault+0x536/0xdd0 [ 1896.544534][T11827] do_page_fault+0x38/0x590 [ 1896.549032][T11827] page_fault+0x39/0x40 [ 1896.553167][T11827] RIP: 0033:0x40c516 [ 1896.557045][T11827] Code: e8 af 54 ff ff 0f 1f 80 00 00 00 00 80 3d 01 3b 55 00 00 75 06 80 7b 20 00 74 2e 8b 05 f7 3a 55 00 c6 43 21 00 8d 70 ff 85 f6 <89> 35 e8 3a 55 00 78 5e 48 8b 44 24 08 64 48 33 04 25 28 00 00 00 [ 1896.576719][T11827] RSP: 002b:00007ffd41fb7110 EFLAGS: 00010246 [ 1896.582802][T11827] RAX: 0000000000000001 RBX: 000000000075bf20 RCX: 0000000000000001 [ 1896.590771][T11827] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000075bf20 [ 1896.598729][T11827] RBP: 000000000000002d R08: ffffffffffffffff R09: ffffffffffffffff [ 1896.606871][T11827] R10: 00007ffd41fb7210 R11: 0000000000000246 R12: 000000000075bf20 [ 1896.614875][T11827] R13: 00000000001cecfb R14: 00000000001ced28 R15: 000000000075bf2c [ 1896.624908][T11827] memory: usage 307036kB, limit 307200kB, failcnt 101323 [ 1896.631959][T11827] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1896.638858][T11827] Memory cgroup stats for /syz0: [ 1896.638974][T11827] anon 82731008 [ 1896.638974][T11827] file 139264 [ 1896.638974][T11827] kernel_stack 36372480 [ 1896.638974][T11827] slab 44945408 [ 1896.638974][T11827] sock 4096 [ 1896.638974][T11827] shmem 0 [ 1896.638974][T11827] file_mapped 0 [ 1896.638974][T11827] file_dirty 0 [ 1896.638974][T11827] file_writeback 0 [ 1896.638974][T11827] anon_thp 0 [ 1896.638974][T11827] inactive_anon 0 [ 1896.638974][T11827] active_anon 82796544 [ 1896.638974][T11827] inactive_file 32768 [ 1896.638974][T11827] active_file 0 [ 1896.638974][T11827] unevictable 0 [ 1896.638974][T11827] slab_reclaimable 5541888 [ 1896.638974][T11827] slab_unreclaimable 39403520 [ 1896.638974][T11827] pgfault 154011 [ 1896.638974][T11827] pgmajfault 0 [ 1896.638974][T11827] workingset_refault 495 [ 1896.638974][T11827] workingset_activate 396 [ 1896.638974][T11827] workingset_nodereclaim 0 [ 1896.638974][T11827] pgrefill 21266 [ 1896.638974][T11827] pgscan 21422 [ 1896.638974][T11827] pgsteal 1297 04:19:30 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x40000000, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:19:30 executing program 3 (fault-call:1 fault-nth:3): r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:19:30 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) 04:19:30 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f096497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1896.732434][T11827] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=12174,uid=0 [ 1896.748407][T11827] Memory cgroup out of memory: Killed process 12174 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1896.765020][ T1057] oom_reaper: reaped process 12174 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1896.765330][T11829] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1896.827385][T12180] FAULT_INJECTION: forcing a failure. [ 1896.827385][T12180] name failslab, interval 1, probability 0, space 0, times 0 [ 1896.840331][T12180] CPU: 1 PID: 12180 Comm: syz-executor.3 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1896.844621][T18929] Bluetooth: hci0: command 0x1003 tx timeout [ 1896.849458][T12180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1896.849465][T12180] Call Trace: [ 1896.849494][T12180] dump_stack+0x172/0x1f0 [ 1896.849522][T12180] should_fail.cold+0xa/0x15 [ 1896.866841][T11933] Bluetooth: hci0: sending frame failed (-49) [ 1896.876882][T12180] ? fault_create_debugfs_attr+0x180/0x180 [ 1896.876898][T12180] ? page_to_nid.part.0+0x20/0x20 [ 1896.876915][T12180] ? ___might_sleep+0x163/0x280 [ 1896.876933][T12180] __should_failslab+0x121/0x190 [ 1896.876950][T12180] should_failslab+0x9/0x14 [ 1896.876964][T12180] kmem_cache_alloc_trace+0x2d3/0x790 [ 1896.876982][T12180] ? __sanitizer_cov_trace_switch+0x49/0x80 [ 1896.877006][T12180] ip6addrlbl_add+0xae/0xbc0 [ 1896.934076][T12180] ? __sanitizer_cov_trace_cmp4+0x16/0x20 [ 1896.939826][T12180] ip6addrlbl_newdel+0x823/0x9e0 [ 1896.944790][T12180] ? addrlbl_ifindex_exists+0x170/0x170 [ 1896.947325][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 1896.947344][ T26] audit: type=1400 audit(1564373970.729:1237): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F096497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=12177 comm="syz-executor.1" [ 1896.950358][T12180] ? rtnetlink_rcv_msg+0x1ea/0xb00 [ 1896.950374][T12180] ? __netlink_ns_capable+0x104/0x140 [ 1896.950397][T12180] ? addrlbl_ifindex_exists+0x170/0x170 [ 1896.997703][T12183] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1897.001731][T12180] rtnetlink_rcv_msg+0x838/0xb00 [ 1897.001748][T12180] ? rtnetlink_rcv_msg+0x838/0xb00 [ 1897.001779][T12180] ? rtnetlink_put_metrics+0x580/0x580 [ 1897.031288][T12180] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 1897.036588][T12180] ? __copy_skb_header+0x280/0x550 [ 1897.036703][T12183] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1897.041729][T12180] netlink_rcv_skb+0x177/0x450 [ 1897.041749][T12180] ? rtnetlink_put_metrics+0x580/0x580 [ 1897.041776][T12180] ? netlink_ack+0xb30/0xb30 [ 1897.068662][T12180] ? netlink_deliver_tap+0x254/0xbf0 [ 1897.073988][T12180] rtnetlink_rcv+0x1d/0x30 [ 1897.078411][T12180] netlink_unicast+0x531/0x710 [ 1897.083183][T12180] ? netlink_attachskb+0x7c0/0x7c0 [ 1897.088306][T12180] ? _copy_from_iter_full+0x25d/0x8a0 [ 1897.093700][T12180] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1897.099465][T12180] ? __check_object_size+0x3d/0x43c [ 1897.104687][T12180] netlink_sendmsg+0x8a5/0xd60 [ 1897.109468][T12180] ? netlink_unicast+0x710/0x710 [ 1897.114431][T12180] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 1897.120026][T12180] ? apparmor_socket_sendmsg+0x2a/0x30 [ 1897.125502][T12180] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1897.131754][T12180] ? security_socket_sendmsg+0x8d/0xc0 [ 1897.137232][T12180] ? netlink_unicast+0x710/0x710 [ 1897.142177][T12180] sock_sendmsg+0xd7/0x130 [ 1897.146605][T12180] sock_write_iter+0x27c/0x3e0 [ 1897.151381][T12180] ? sock_sendmsg+0x130/0x130 [ 1897.156078][T12180] ? aa_path_link+0x340/0x340 [ 1897.160762][T12180] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1897.167020][T12180] ? iov_iter_init+0xee/0x210 [ 1897.171706][T12180] new_sync_write+0x4d3/0x770 [ 1897.176387][T12180] ? new_sync_read+0x800/0x800 [ 1897.181190][T12180] ? __fget+0xa3/0x560 [ 1897.185272][T12180] ? common_file_perm+0x238/0x720 [ 1897.190301][T12180] ? __fget+0x384/0x560 [ 1897.194462][T12180] ? apparmor_file_permission+0x25/0x30 [ 1897.200015][T12180] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1897.206269][T12180] ? security_file_permission+0x8f/0x380 [ 1897.211910][T12180] __vfs_write+0xe1/0x110 [ 1897.216250][T12180] vfs_write+0x268/0x5d0 [ 1897.220504][T12180] ksys_write+0x14f/0x290 [ 1897.224843][T12180] ? __ia32_sys_read+0xb0/0xb0 [ 1897.229615][T12180] ? switch_fpu_return+0x1fa/0x4f0 [ 1897.234735][T12180] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1897.240817][T12180] __x64_sys_write+0x73/0xb0 [ 1897.245422][T12180] do_syscall_64+0xfa/0x760 [ 1897.249960][T12180] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1897.255852][T12180] RIP: 0033:0x459829 [ 1897.259749][T12180] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1897.279386][T12180] RSP: 002b:00007f28d99f8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1897.287806][T12180] RAX: ffffffffffffffda RBX: 00007f28d99f8c90 RCX: 0000000000459829 [ 1897.295791][T12180] RDX: 00000000000000fc RSI: 0000000020000800 RDI: 0000000000000003 [ 1897.304028][T12180] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1897.312010][T12180] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f28d99f96d4 [ 1897.319986][T12180] R13: 00000000004c5d9f R14: 00000000004e0070 R15: 0000000000000004 [ 1897.329763][T12183] CPU: 0 PID: 12183 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1897.338886][T12183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1897.348946][T12183] Call Trace: [ 1897.352248][T12183] dump_stack+0x172/0x1f0 [ 1897.356594][T12183] dump_header+0x177/0x1152 [ 1897.361113][T12183] ? ___ratelimit+0xf8/0x595 [ 1897.365709][T12183] ? trace_hardirqs_on+0x67/0x240 [ 1897.365726][T12183] ? mark_oom_victim.cold+0x18/0x18 [ 1897.365748][T12183] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1897.375960][T12183] ? ___ratelimit+0x60/0x595 [ 1897.375974][T12183] ? do_raw_spin_unlock+0x57/0x270 [ 1897.375992][T12183] oom_kill_process.cold+0x10/0x15 [ 1897.376012][T12183] out_of_memory+0x79a/0x12c0 [ 1897.401343][T12183] ? lock_downgrade+0x920/0x920 [ 1897.406402][T12183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1897.406419][T12183] ? oom_killer_disable+0x280/0x280 [ 1897.406443][T12183] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1897.423531][T12183] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1897.429177][T12183] ? do_raw_spin_unlock+0x57/0x270 [ 1897.434312][T12183] ? _raw_spin_unlock+0x2d/0x50 [ 1897.439178][T12183] try_charge+0xf4b/0x1440 [ 1897.443617][T12183] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1897.449170][T12183] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1897.454725][T12183] ? __kasan_check_read+0x11/0x20 [ 1897.459833][T12183] ? lock_downgrade+0x920/0x920 [ 1897.464670][T12183] ? percpu_ref_tryget_live+0x111/0x290 [ 1897.470201][T12183] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1897.475641][T12183] ? memcg_kmem_put_cache+0x50/0x50 [ 1897.480822][T12183] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1897.486349][T12183] __memcg_kmem_charge+0x13a/0x3a0 [ 1897.491445][T12183] __alloc_pages_nodemask+0x4f4/0x900 [ 1897.497015][T12183] ? __lockdep_free_key_range+0x120/0x120 [ 1897.502729][T12183] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1897.508460][T12183] ? copy_page_range+0x10c2/0x2120 [ 1897.513552][T12183] ? __kasan_check_read+0x11/0x20 [ 1897.518560][T12183] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1897.524787][T12183] alloc_pages_current+0x107/0x210 [ 1897.529884][T12183] pte_alloc_one+0x1b/0x1a0 [ 1897.534368][T12183] __pte_alloc+0x20/0x310 [ 1897.538681][T12183] copy_page_range+0x1610/0x2120 [ 1897.543602][T12183] ? perf_trace_lock+0xeb/0x4c0 [ 1897.548467][T12183] ? __pmd_alloc+0x460/0x460 [ 1897.553063][T12183] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1897.558720][T12183] ? __rb_insert_augmented+0x20c/0xd90 [ 1897.564161][T12183] ? validate_mm_rb+0xa3/0xc0 [ 1897.568837][T12183] ? __vma_link_rb+0x275/0x370 [ 1897.573583][T12183] ? __kasan_check_write+0x14/0x20 [ 1897.578683][T12183] dup_mm+0xa67/0x1430 [ 1897.582763][T12183] ? vm_area_dup+0x170/0x170 [ 1897.587532][T12183] ? debug_mutex_init+0x2d/0x5a [ 1897.592368][T12183] copy_process+0x28b7/0x6b00 [ 1897.597034][T12183] ? perf_trace_lock+0xeb/0x4c0 [ 1897.601975][T12183] ? __cleanup_sighand+0x60/0x60 [ 1897.606902][T12183] _do_fork+0x146/0xfa0 [ 1897.611062][T12183] ? copy_init_mm+0x20/0x20 [ 1897.615575][T12183] ? __kasan_check_read+0x11/0x20 [ 1897.620583][T12183] ? _copy_to_user+0x118/0x160 [ 1897.625363][T12183] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1897.631595][T12183] ? put_timespec64+0xda/0x140 [ 1897.636348][T12183] __x64_sys_clone+0x18d/0x250 [ 1897.641099][T12183] ? __ia32_sys_vfork+0xc0/0xc0 [ 1897.645944][T12183] ? trace_hardirqs_off_caller+0x65/0x230 [ 1897.651665][T12183] ? trace_hardirqs_on+0x67/0x240 [ 1897.656681][T12183] do_syscall_64+0xfa/0x760 [ 1897.661170][T12183] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1897.667040][T12183] RIP: 0033:0x459829 [ 1897.671087][T12183] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1897.690694][T12183] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1897.699100][T12183] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1897.707051][T12183] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1897.715028][T12183] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1897.722988][T12183] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1897.730962][T12183] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1897.742538][T12183] memory: usage 307196kB, limit 307200kB, failcnt 101358 [ 1897.750123][T12183] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1897.757955][T12183] Memory cgroup stats for /syz0: [ 1897.758053][T12183] anon 82731008 [ 1897.758053][T12183] file 139264 [ 1897.758053][T12183] kernel_stack 36438016 [ 1897.758053][T12183] slab 44945408 [ 1897.758053][T12183] sock 4096 [ 1897.758053][T12183] shmem 0 [ 1897.758053][T12183] file_mapped 0 [ 1897.758053][T12183] file_dirty 0 [ 1897.758053][T12183] file_writeback 0 [ 1897.758053][T12183] anon_thp 0 [ 1897.758053][T12183] inactive_anon 0 [ 1897.758053][T12183] active_anon 82796544 [ 1897.758053][T12183] inactive_file 32768 [ 1897.758053][T12183] active_file 0 [ 1897.758053][T12183] unevictable 0 [ 1897.758053][T12183] slab_reclaimable 5541888 [ 1897.758053][T12183] slab_unreclaimable 39403520 [ 1897.758053][T12183] pgfault 154110 [ 1897.758053][T12183] pgmajfault 0 [ 1897.758053][T12183] workingset_refault 495 [ 1897.758053][T12183] workingset_activate 396 [ 1897.758053][T12183] workingset_nodereclaim 0 [ 1897.758053][T12183] pgrefill 21266 [ 1897.758053][T12183] pgscan 21422 [ 1897.758053][T12183] pgsteal 1297 [ 1897.853918][T12183] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=349,uid=0 [ 1897.870963][T12183] Memory cgroup out of memory: Killed process 349 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1897.886307][ T1057] oom_reaper: reaped process 349 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1897.903118][T12182] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1897.913438][T12182] CPU: 0 PID: 12182 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1897.922571][T12182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1897.932713][T12182] Call Trace: [ 1897.936008][T12182] dump_stack+0x172/0x1f0 [ 1897.940611][T12182] dump_header+0x177/0x1152 [ 1897.945114][T12182] ? ___ratelimit+0xf8/0x595 [ 1897.949705][T12182] ? trace_hardirqs_on+0x67/0x240 [ 1897.954733][T12182] ? mark_oom_victim.cold+0x18/0x18 [ 1897.960029][T12182] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1897.965845][T12182] ? ___ratelimit+0x60/0x595 [ 1897.970448][T12182] ? do_raw_spin_unlock+0x57/0x270 [ 1897.975561][T12182] oom_kill_process.cold+0x10/0x15 [ 1897.980723][T12182] out_of_memory+0x79a/0x12c0 [ 1897.985504][T12182] ? lock_downgrade+0x920/0x920 [ 1897.990369][T12182] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1897.996625][T12182] ? oom_killer_disable+0x280/0x280 [ 1898.001833][T12182] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1898.007379][T12182] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1898.013036][T12182] ? do_raw_spin_unlock+0x57/0x270 [ 1898.018154][T12182] ? _raw_spin_unlock+0x2d/0x50 [ 1898.023024][T12182] try_charge+0xf4b/0x1440 [ 1898.027458][T12182] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1898.033008][T12182] ? percpu_ref_tryget_live+0x111/0x290 [ 1898.038556][T12182] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1898.044020][T12182] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1898.049572][T12182] mem_cgroup_try_charge+0x136/0x590 [ 1898.054865][T12182] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1898.060502][T12182] wp_page_copy+0x421/0x15e0 [ 1898.065088][T12182] ? page_trans_huge_mapcount+0x166/0x450 [ 1898.070815][T12182] ? pmd_pfn+0x1d0/0x1d0 [ 1898.075061][T12182] ? lock_downgrade+0x920/0x920 [ 1898.079911][T12182] ? swp_swapcount+0x540/0x540 [ 1898.084699][T12182] ? __kasan_check_read+0x11/0x20 [ 1898.089730][T12182] ? do_raw_spin_unlock+0x57/0x270 [ 1898.094846][T12182] do_wp_page+0x499/0x14d0 [ 1898.099271][T12182] ? finish_mkwrite_fault+0x570/0x570 [ 1898.104657][T12182] __handle_mm_fault+0x22f7/0x3f20 [ 1898.109777][T12182] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1898.115324][T12182] ? __kasan_check_read+0x11/0x20 [ 1898.120531][T12182] ? trace_hardirqs_on+0x67/0x240 [ 1898.125556][T12182] handle_mm_fault+0x1b5/0x6b0 [ 1898.130343][T12182] __do_page_fault+0x536/0xdd0 [ 1898.135111][T12182] do_page_fault+0x38/0x590 [ 1898.139614][T12182] page_fault+0x39/0x40 [ 1898.143762][T12182] RIP: 0033:0x415003 [ 1898.147654][T12182] Code: e9 4c 89 e2 ff 74 24 48 4c 8b 4c 24 10 89 ee 4c 8b 44 24 18 48 89 df e8 cb f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 48 f7 d8 <64> 89 04 25 d4 ff ff ff 48 83 c8 ff c3 48 81 ec 98 00 00 00 31 ff [ 1898.167272][T12182] RSP: 002b:00007ffd41fb7138 EFLAGS: 00010213 [ 1898.173340][T12182] RAX: 000000000000006e RBX: 00000000000003e8 RCX: 0000000000459829 [ 1898.181318][T12182] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf2c [ 1898.189309][T12182] RBP: 000000000000002d R08: ffffffffffffffff R09: ffffffffffffffff [ 1898.197282][T12182] R10: 00007ffd41fb7210 R11: 0000000000000246 R12: 000000000075bf20 [ 1898.205250][T12182] R13: 00000000001cf225 R14: 00000000001cf252 R15: 000000000075bf2c [ 1898.215509][T12182] memory: usage 307164kB, limit 307200kB, failcnt 101384 [ 1898.222571][T12182] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1898.229481][T12182] Memory cgroup stats for /syz0: [ 1898.229597][T12182] anon 82731008 [ 1898.229597][T12182] file 139264 [ 1898.229597][T12182] kernel_stack 36438016 [ 1898.229597][T12182] slab 44945408 [ 1898.229597][T12182] sock 4096 [ 1898.229597][T12182] shmem 0 [ 1898.229597][T12182] file_mapped 0 [ 1898.229597][T12182] file_dirty 0 [ 1898.229597][T12182] file_writeback 0 [ 1898.229597][T12182] anon_thp 0 [ 1898.229597][T12182] inactive_anon 0 [ 1898.229597][T12182] active_anon 82796544 [ 1898.229597][T12182] inactive_file 32768 [ 1898.229597][T12182] active_file 0 [ 1898.229597][T12182] unevictable 0 [ 1898.229597][T12182] slab_reclaimable 5541888 [ 1898.229597][T12182] slab_unreclaimable 39403520 [ 1898.229597][T12182] pgfault 154143 [ 1898.229597][T12182] pgmajfault 0 [ 1898.229597][T12182] workingset_refault 495 [ 1898.229597][T12182] workingset_activate 396 [ 1898.229597][T12182] workingset_nodereclaim 0 [ 1898.229597][T12182] pgrefill 21266 [ 1898.229597][T12182] pgscan 21422 [ 1898.229597][T12182] pgsteal 1297 [ 1898.322927][T12182] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=335,uid=0 [ 1898.338395][T12182] Memory cgroup out of memory: Killed process 335 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1898.353664][ T1057] oom_reaper: reaped process 335 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1898.364723][T12299] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1898.934770][T18929] Bluetooth: hci0: command 0x1001 tx timeout [ 1898.940891][T11933] Bluetooth: hci0: sending frame failed (-49) [ 1901.004566][ T22] Bluetooth: hci0: command 0x1009 tx timeout 04:19:39 executing program 2 (fault-call:2 fault-nth:1): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) 04:19:39 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(0xffffffffffffffff) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:19:39 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) 04:19:39 executing program 3 (fault-call:1 fault-nth:4): r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:19:39 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f596497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:39 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x48000000, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:19:39 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f342297da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1905.388672][T12307] FAULT_INJECTION: forcing a failure. [ 1905.388672][T12307] name failslab, interval 1, probability 0, space 0, times 0 [ 1905.404551][ T26] audit: type=1400 audit(1564373979.169:1238): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F596497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=12303 comm="syz-executor.1" [ 1905.460410][T12307] CPU: 0 PID: 12307 Comm: syz-executor.3 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1905.469569][T12307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1905.479307][T12310] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1905.479728][T12307] Call Trace: [ 1905.491634][T12307] dump_stack+0x172/0x1f0 [ 1905.495974][T12307] should_fail.cold+0xa/0x15 [ 1905.500599][T12307] ? fault_create_debugfs_attr+0x180/0x180 [ 1905.506416][T12307] ? page_to_nid.part.0+0x20/0x20 [ 1905.511454][T12307] ? ___might_sleep+0x163/0x280 [ 1905.516354][T12307] __should_failslab+0x121/0x190 [ 1905.521319][T12307] should_failslab+0x9/0x14 [ 1905.525836][T12307] kmem_cache_alloc_node+0x268/0x740 [ 1905.531142][T12307] ? addrlbl_ifindex_exists+0x170/0x170 [ 1905.536702][T12307] __alloc_skb+0xd5/0x5e0 [ 1905.541132][T12307] ? netdev_alloc_frag+0x1b0/0x1b0 [ 1905.546260][T12307] ? addrlbl_ifindex_exists+0x170/0x170 [ 1905.551853][T12307] ? rtnetlink_rcv_msg+0x838/0xb00 [ 1905.556978][T12307] netlink_ack+0x25c/0xb30 [ 1905.561415][T12307] ? netlink_sendmsg+0xd60/0xd60 [ 1905.566367][T12307] ? __copy_skb_header+0x280/0x550 [ 1905.571498][T12307] netlink_rcv_skb+0x376/0x450 [ 1905.576293][T12307] ? rtnetlink_put_metrics+0x580/0x580 [ 1905.581267][T12308] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1905.581763][T12307] ? netlink_ack+0xb30/0xb30 [ 1905.581783][T12307] ? netlink_deliver_tap+0x254/0xbf0 [ 1905.581805][T12307] rtnetlink_rcv+0x1d/0x30 [ 1905.581830][T12307] netlink_unicast+0x531/0x710 [ 1905.611086][T12307] ? netlink_attachskb+0x7c0/0x7c0 [ 1905.616211][T12307] ? _copy_from_iter_full+0x25d/0x8a0 [ 1905.621595][T12307] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1905.627333][T12307] ? __check_object_size+0x3d/0x43c [ 1905.632553][T12307] netlink_sendmsg+0x8a5/0xd60 [ 1905.637334][T12307] ? netlink_unicast+0x710/0x710 [ 1905.642298][T12307] ? aa_sock_msg_perm.isra.0+0xba/0x170 [ 1905.647864][T12307] ? apparmor_socket_sendmsg+0x2a/0x30 [ 1905.653336][T12307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1905.655051][ T26] audit: type=1400 audit(1564373979.379:1239): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F342297DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=12414 comm="syz-executor.1" [ 1905.659594][T12307] ? security_socket_sendmsg+0x8d/0xc0 [ 1905.659611][T12307] ? netlink_unicast+0x710/0x710 [ 1905.659628][T12307] sock_sendmsg+0xd7/0x130 [ 1905.659651][T12307] sock_write_iter+0x27c/0x3e0 [ 1905.698612][T12307] ? sock_sendmsg+0x130/0x130 [ 1905.707958][T12307] ? aa_path_link+0x340/0x340 [ 1905.707975][T12307] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1905.707989][T12307] ? iov_iter_init+0xee/0x210 [ 1905.708006][T12307] new_sync_write+0x4d3/0x770 [ 1905.708028][T12307] ? new_sync_read+0x800/0x800 [ 1905.742414][T12307] ? __fget+0xa3/0x560 [ 1905.746494][T12307] ? common_file_perm+0x238/0x720 [ 1905.751528][T12307] ? __fget+0x384/0x560 [ 1905.755689][T12307] ? apparmor_file_permission+0x25/0x30 [ 1905.761245][T12307] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1905.767502][T12307] ? security_file_permission+0x8f/0x380 [ 1905.773155][T12307] __vfs_write+0xe1/0x110 [ 1905.777492][T12307] vfs_write+0x268/0x5d0 [ 1905.781741][T12307] ksys_write+0x14f/0x290 [ 1905.786073][T12307] ? __ia32_sys_read+0xb0/0xb0 [ 1905.790846][T12307] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1905.796923][T12307] __x64_sys_write+0x73/0xb0 [ 1905.801535][T12307] do_syscall_64+0xfa/0x760 [ 1905.806050][T12307] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1905.811941][T12307] RIP: 0033:0x459829 [ 1905.815840][T12307] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1905.835546][T12307] RSP: 002b:00007f28d99f8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1905.843974][T12307] RAX: ffffffffffffffda RBX: 00007f28d99f8c90 RCX: 0000000000459829 [ 1905.851962][T12307] RDX: 00000000000000fc RSI: 0000000020000800 RDI: 0000000000000003 04:19:39 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f342397da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:39 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) 04:19:39 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x0) [ 1905.862439][T12307] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1905.870428][T12307] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f28d99f96d4 [ 1905.878410][T12307] R13: 00000000004c5d9f R14: 00000000004e0070 R15: 0000000000000004 [ 1905.886457][T12308] CPU: 1 PID: 12308 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1905.895584][T12308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1905.905649][T12308] Call Trace: [ 1905.908954][T12308] dump_stack+0x172/0x1f0 [ 1905.913303][T12308] dump_header+0x177/0x1152 [ 1905.917820][T12308] ? ___ratelimit+0xf8/0x595 [ 1905.922432][T12308] ? trace_hardirqs_on+0x67/0x240 [ 1905.927643][T12308] ? mark_oom_victim.cold+0x18/0x18 [ 1905.927661][T12308] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1905.927683][T12308] ? ___ratelimit+0x60/0x595 [ 1905.938700][T12308] ? do_raw_spin_unlock+0x57/0x270 [ 1905.938720][T12308] oom_kill_process.cold+0x10/0x15 [ 1905.938735][T12308] out_of_memory+0x79a/0x12c0 [ 1905.938749][T12308] ? lock_downgrade+0x920/0x920 [ 1905.938767][T12308] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1905.938788][T12308] ? oom_killer_disable+0x280/0x280 [ 1905.948518][T12308] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1905.948535][T12308] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1905.948557][T12308] ? do_raw_spin_unlock+0x57/0x270 [ 1905.958340][T12308] ? _raw_spin_unlock+0x2d/0x50 [ 1905.958356][T12308] try_charge+0xf4b/0x1440 [ 1905.958374][T12308] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1905.958390][T12308] ? percpu_ref_tryget_live+0x111/0x290 04:19:39 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f342597da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1905.958403][T12308] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1905.958423][T12308] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1905.969523][T12308] mem_cgroup_try_charge+0x136/0x590 [ 1905.969541][T12308] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1905.969557][T12308] wp_page_copy+0x421/0x15e0 [ 1905.969570][T12308] ? page_trans_huge_mapcount+0x166/0x450 [ 1905.969591][T12308] ? pmd_pfn+0x1d0/0x1d0 [ 1905.980349][T12308] ? lock_downgrade+0x920/0x920 [ 1905.980367][T12308] ? swp_swapcount+0x540/0x540 [ 1905.980380][T12308] ? psi_memstall_leave+0x12e/0x180 [ 1905.980396][T12308] ? __kasan_check_read+0x11/0x20 [ 1905.980417][T12308] ? do_raw_spin_unlock+0x57/0x270 [ 1905.991181][T12308] do_wp_page+0x499/0x14d0 [ 1905.991202][T12308] ? finish_mkwrite_fault+0x570/0x570 [ 1905.991223][T12308] __handle_mm_fault+0x22f7/0x3f20 [ 1905.991251][T12308] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1906.093353][T12308] ? __kasan_check_read+0x11/0x20 [ 1906.098407][T12308] ? trace_hardirqs_on+0x67/0x240 [ 1906.103463][T12308] handle_mm_fault+0x1b5/0x6b0 [ 1906.108253][T12308] __do_page_fault+0x536/0xdd0 04:19:39 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f342a97da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1906.113044][T12308] do_page_fault+0x38/0x590 [ 1906.117571][T12308] page_fault+0x39/0x40 [ 1906.121732][T12308] RIP: 0033:0x41119a [ 1906.125646][T12308] Code: 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 c7 45 18 01 00 00 00 49 89 85 10 05 00 00 48 8b 05 ce 50 66 00 00 01 00 00 00 c7 05 da 50 66 00 01 00 00 00 41 c7 85 1c 06 00 [ 1906.145260][T12308] RSP: 002b:00007ffd41fb7050 EFLAGS: 00010206 [ 1906.151337][T12308] RAX: 0000000000a76748 RBX: 0000000000020000 RCX: 000000000045987a 04:19:39 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r1) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r1, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r1, 0x0, 0x80000001, 0x0) [ 1906.159323][T12308] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1906.167306][T12308] RBP: 00007ffd41fb7130 R08: ffffffffffffffff R09: 0000000000000000 [ 1906.175295][T12308] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd41fb7220 [ 1906.183283][T12308] R13: 00007f35763f9700 R14: 0000000000000001 R15: 000000000075bfd4 [ 1906.200993][T12308] memory: usage 307200kB, limit 307200kB, failcnt 101430 04:19:40 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1906.201459][ T26] audit: type=1400 audit(1564373979.669:1240): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F342397DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=12436 comm="syz-executor.1" [ 1906.215433][T12308] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 04:19:40 executing program 3 (fault-call:1 fault-nth:5): r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:19:40 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f342b97da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1906.392299][ T26] audit: type=1400 audit(1564373979.669:1241): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F342597DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=12441 comm="syz-executor.1" [ 1906.417103][T12308] Memory cgroup stats for /syz0: [ 1906.417214][T12308] anon 82866176 [ 1906.417214][T12308] file 139264 [ 1906.417214][T12308] kernel_stack 36438016 [ 1906.417214][T12308] slab 44945408 [ 1906.417214][T12308] sock 4096 [ 1906.417214][T12308] shmem 0 [ 1906.417214][T12308] file_mapped 0 [ 1906.417214][T12308] file_dirty 0 [ 1906.417214][T12308] file_writeback 0 [ 1906.417214][T12308] anon_thp 0 [ 1906.417214][T12308] inactive_anon 0 [ 1906.417214][T12308] active_anon 82931712 [ 1906.417214][T12308] inactive_file 32768 [ 1906.417214][T12308] active_file 0 [ 1906.417214][T12308] unevictable 0 [ 1906.417214][T12308] slab_reclaimable 5541888 [ 1906.417214][T12308] slab_unreclaimable 39403520 04:19:40 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f342d97da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1906.417214][T12308] pgfault 154242 [ 1906.417214][T12308] pgmajfault 0 [ 1906.417214][T12308] workingset_refault 495 [ 1906.417214][T12308] workingset_activate 396 [ 1906.417214][T12308] workingset_nodereclaim 0 [ 1906.417214][T12308] pgrefill 21266 [ 1906.417214][T12308] pgscan 21422 [ 1906.417214][T12308] pgsteal 1297 [ 1906.492334][ T26] audit: type=1400 audit(1564373980.059:1242): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F342A97DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=12548 comm="syz-executor.1" [ 1906.555437][ T26] audit: type=1400 audit(1564373980.249:1243): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F342B97DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=12564 comm="syz-executor.1" [ 1906.620371][ T26] audit: type=1400 audit(1564373980.389:1244): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F342D97DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=12672 comm="syz-executor.1" [ 1906.637848][T12308] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=12298,uid=0 [ 1906.697252][T12308] Memory cgroup out of memory: Killed process 12298 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1906.720615][T12310] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1906.731853][T12310] CPU: 0 PID: 12310 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1906.741092][T12310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1906.751150][T12310] Call Trace: [ 1906.754449][T12310] dump_stack+0x172/0x1f0 [ 1906.758856][T12310] dump_header+0x177/0x1152 [ 1906.763350][T12310] ? ___ratelimit+0xf8/0x595 [ 1906.767938][T12310] ? trace_hardirqs_on+0x67/0x240 [ 1906.772969][T12310] ? mark_oom_victim.cold+0x18/0x18 [ 1906.778254][T12310] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1906.784049][T12310] ? ___ratelimit+0x60/0x595 [ 1906.788644][T12310] ? do_raw_spin_unlock+0x57/0x270 [ 1906.793758][T12310] oom_kill_process.cold+0x10/0x15 [ 1906.798875][T12310] out_of_memory+0x79a/0x12c0 [ 1906.803566][T12310] ? lock_downgrade+0x920/0x920 [ 1906.808416][T12310] ? oom_killer_disable+0x280/0x280 [ 1906.813700][T12310] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1906.819233][T12310] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1906.824865][T12310] ? do_raw_spin_unlock+0x57/0x270 [ 1906.829964][T12310] ? _raw_spin_unlock+0x2d/0x50 [ 1906.834817][T12310] try_charge+0xa2d/0x1440 [ 1906.839241][T12310] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1906.844775][T12310] ? percpu_ref_tryget_live+0x111/0x290 [ 1906.850337][T12310] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1906.869021][T12310] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1906.874577][T12310] mem_cgroup_try_charge+0x136/0x590 [ 1906.879888][T12310] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1906.885704][T12310] wp_page_copy+0x421/0x15e0 [ 1906.890342][T12310] ? page_trans_huge_mapcount+0x166/0x450 [ 1906.896081][T12310] ? pmd_pfn+0x1d0/0x1d0 [ 1906.900335][T12310] ? lock_downgrade+0x920/0x920 [ 1906.905187][T12310] ? swp_swapcount+0x540/0x540 [ 1906.909962][T12310] ? __kasan_check_read+0x11/0x20 [ 1906.915009][T12310] ? do_raw_spin_unlock+0x57/0x270 [ 1906.920129][T12310] do_wp_page+0x499/0x14d0 [ 1906.924560][T12310] ? finish_mkwrite_fault+0x570/0x570 [ 1906.929928][T12310] __handle_mm_fault+0x22f7/0x3f20 [ 1906.935050][T12310] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1906.940599][T12310] ? __kasan_check_read+0x11/0x20 [ 1906.945660][T12310] ? trace_hardirqs_on+0x67/0x240 [ 1906.950719][T12310] handle_mm_fault+0x1b5/0x6b0 [ 1906.955495][T12310] __do_page_fault+0x536/0xdd0 [ 1906.960278][T12310] do_page_fault+0x38/0x590 [ 1906.964792][T12310] page_fault+0x39/0x40 [ 1906.970240][T12310] RIP: 0033:0x404e59 [ 1906.974149][T12310] Code: 66 00 39 45 24 0f 84 a6 01 00 00 80 3d 47 b6 66 00 00 74 0e 48 8b 85 90 00 00 00 48 c7 00 00 00 00 00 e8 ca f2 00 00 49 89 c4 00 00 00 00 00 49 8b 46 10 48 85 c0 0f 84 3c 01 00 00 48 83 ec [ 1906.994003][T12310] RSP: 002b:00007f3576419c90 EFLAGS: 00010207 [ 1907.000069][T12310] RAX: 00007f357641a6d4 RBX: 0000000000000003 RCX: 0000000000000003 [ 1907.008055][T12310] RDX: 000000000019d8a1 RSI: 0000000000000088 RDI: 00000000004be16e [ 1907.016039][T12310] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1907.024015][T12310] R10: 0000000000001e59 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1907.031985][T12310] R13: 00000000004c8569 R14: 00000000004df080 R15: 00000000ffffffff [ 1907.043408][T12310] memory: usage 307080kB, limit 307200kB, failcnt 101430 [ 1907.050688][T12310] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1907.058361][T12310] Memory cgroup stats for /syz0: [ 1907.058487][T12310] anon 82866176 [ 1907.058487][T12310] file 139264 [ 1907.058487][T12310] kernel_stack 36438016 [ 1907.058487][T12310] slab 44945408 [ 1907.058487][T12310] sock 4096 [ 1907.058487][T12310] shmem 0 [ 1907.058487][T12310] file_mapped 0 [ 1907.058487][T12310] file_dirty 0 [ 1907.058487][T12310] file_writeback 0 [ 1907.058487][T12310] anon_thp 0 [ 1907.058487][T12310] inactive_anon 0 [ 1907.058487][T12310] active_anon 82796544 [ 1907.058487][T12310] inactive_file 32768 [ 1907.058487][T12310] active_file 0 [ 1907.058487][T12310] unevictable 0 [ 1907.058487][T12310] slab_reclaimable 5541888 [ 1907.058487][T12310] slab_unreclaimable 39403520 [ 1907.058487][T12310] pgfault 154242 [ 1907.058487][T12310] pgmajfault 0 [ 1907.058487][T12310] workingset_refault 495 [ 1907.058487][T12310] workingset_activate 396 [ 1907.058487][T12310] workingset_nodereclaim 0 [ 1907.058487][T12310] pgrefill 21266 [ 1907.058487][T12310] pgscan 21422 [ 1907.058487][T12310] pgsteal 1297 [ 1907.163341][T12310] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=32673,uid=0 [ 1907.179348][T12310] Memory cgroup out of memory: Killed process 32673 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 04:19:41 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x88000000, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:19:41 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:19:41 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f342e97da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:41 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) [ 1907.210231][T12429] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1907.222874][T12677] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1907.231477][T12429] CPU: 1 PID: 12429 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1907.240606][T12429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1907.250670][T12429] Call Trace: [ 1907.253972][T12429] dump_stack+0x172/0x1f0 [ 1907.258313][T12429] dump_header+0x177/0x1152 [ 1907.262829][T12429] ? ___ratelimit+0xf8/0x595 [ 1907.267500][T12429] ? trace_hardirqs_on+0x67/0x240 [ 1907.272535][T12429] ? mark_oom_victim.cold+0x18/0x18 [ 1907.277741][T12429] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1907.283572][T12429] ? ___ratelimit+0x60/0x595 [ 1907.288164][T12429] ? do_raw_spin_unlock+0x57/0x270 [ 1907.293282][T12429] oom_kill_process.cold+0x10/0x15 [ 1907.298410][T12429] out_of_memory+0x79a/0x12c0 [ 1907.303098][T12429] ? lock_downgrade+0x920/0x920 [ 1907.307958][T12429] ? oom_killer_disable+0x280/0x280 [ 1907.313167][T12429] ? __kasan_check_read+0x11/0x20 [ 1907.318215][T12429] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1907.323860][T12429] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1907.329507][T12429] ? do_raw_spin_unlock+0x57/0x270 [ 1907.334634][T12429] ? _raw_spin_unlock+0x2d/0x50 [ 1907.339494][T12429] try_charge+0xa2d/0x1440 [ 1907.343926][T12429] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1907.349485][T12429] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1907.355032][T12429] ? __kasan_check_read+0x11/0x20 [ 1907.355054][T12429] ? lock_downgrade+0x920/0x920 [ 1907.355069][T12429] ? percpu_ref_tryget_live+0x111/0x290 [ 1907.355089][T12429] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1907.370479][T12429] ? memcg_kmem_put_cache+0x50/0x50 [ 1907.370496][T12429] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1907.370517][T12429] __memcg_kmem_charge+0x13a/0x3a0 [ 1907.391815][T12429] __alloc_pages_nodemask+0x4f4/0x900 [ 1907.397197][T12429] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1907.397212][T12429] ? record_times+0x1e/0x2b0 [ 1907.397231][T12429] ? lock_downgrade+0x920/0x920 [ 1907.397246][T12429] ? rwlock_bug.part.0+0x90/0x90 [ 1907.397268][T12429] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1907.407568][T12429] ? debug_smp_processor_id+0x3c/0x214 [ 1907.407583][T12429] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1907.407601][T12429] alloc_pages_current+0x107/0x210 [ 1907.407620][T12429] pte_alloc_one+0x1b/0x1a0 [ 1907.407638][T12429] __handle_mm_fault+0x34dd/0x3f20 [ 1907.407658][T12429] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1907.447073][ T26] audit: type=1400 audit(1564373981.019:1245): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F342E97DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=12680 comm="syz-executor.1" [ 1907.450145][T12429] ? __kasan_check_read+0x11/0x20 [ 1907.450181][T12429] ? trace_hardirqs_on+0x67/0x240 [ 1907.450203][T12429] handle_mm_fault+0x1b5/0x6b0 [ 1907.503890][T12429] __do_page_fault+0x536/0xdd0 [ 1907.508654][T12429] ? page_fault+0x16/0x40 [ 1907.512977][T12429] do_page_fault+0x38/0x590 [ 1907.517475][T12429] page_fault+0x39/0x40 [ 1907.521619][T12429] RIP: 0033:0x459829 [ 1907.525591][T12429] Code: Bad RIP value. [ 1907.529654][T12429] RSP: 002b:00007f3576419c78 EFLAGS: 00010246 [ 1907.535708][T12429] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000459829 [ 1907.543669][T12429] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1907.551627][T12429] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1907.559587][T12429] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1907.567548][T12429] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1907.577435][T12429] memory: usage 306764kB, limit 307200kB, failcnt 101430 [ 1907.584961][T12429] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1907.591990][T12429] Memory cgroup stats for /syz0: [ 1907.592100][T12429] anon 82722816 [ 1907.592100][T12429] file 139264 [ 1907.592100][T12429] kernel_stack 36306944 [ 1907.592100][T12429] slab 44945408 [ 1907.592100][T12429] sock 4096 [ 1907.592100][T12429] shmem 0 [ 1907.592100][T12429] file_mapped 0 [ 1907.592100][T12429] file_dirty 0 [ 1907.592100][T12429] file_writeback 0 [ 1907.592100][T12429] anon_thp 0 [ 1907.592100][T12429] inactive_anon 0 [ 1907.592100][T12429] active_anon 82796544 [ 1907.592100][T12429] inactive_file 32768 [ 1907.592100][T12429] active_file 61440 [ 1907.592100][T12429] unevictable 0 [ 1907.592100][T12429] slab_reclaimable 5541888 [ 1907.592100][T12429] slab_unreclaimable 39403520 [ 1907.592100][T12429] pgfault 154275 [ 1907.592100][T12429] pgmajfault 0 [ 1907.592100][T12429] workingset_refault 495 [ 1907.592100][T12429] workingset_activate 396 [ 1907.592100][T12429] workingset_nodereclaim 0 [ 1907.592100][T12429] pgrefill 21299 [ 1907.592100][T12429] pgscan 21458 [ 1907.592100][T12429] pgsteal 1297 [ 1907.624657][T12687] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1907.687980][T12429] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=12308,uid=0 [ 1907.742887][T12679] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1907.761206][T12679] CPU: 0 PID: 12679 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1907.770359][T12679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1907.780605][T12679] Call Trace: [ 1907.783909][T12679] dump_stack+0x172/0x1f0 [ 1907.788252][T12679] dump_header+0x177/0x1152 [ 1907.792786][T12679] ? ___ratelimit+0xf8/0x595 [ 1907.797396][T12679] ? trace_hardirqs_on+0x67/0x240 [ 1907.802420][T12679] ? mark_oom_victim.cold+0x18/0x18 [ 1907.807613][T12679] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1907.813411][T12679] ? ___ratelimit+0x60/0x595 [ 1907.818005][T12679] ? do_raw_spin_unlock+0x57/0x270 [ 1907.823122][T12679] oom_kill_process.cold+0x10/0x15 [ 1907.828232][T12679] out_of_memory+0x79a/0x12c0 [ 1907.832914][T12679] ? lock_downgrade+0x920/0x920 [ 1907.837776][T12679] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1907.844021][T12679] ? oom_killer_disable+0x280/0x280 [ 1907.849244][T12679] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1907.854798][T12679] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1907.860416][T12679] ? do_raw_spin_unlock+0x57/0x270 [ 1907.865510][T12679] ? _raw_spin_unlock+0x2d/0x50 [ 1907.871852][T12679] try_charge+0xf4b/0x1440 [ 1907.876279][T12679] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1907.881832][T12679] ? percpu_ref_tryget_live+0x111/0x290 [ 1907.887364][T12679] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1907.892816][T12679] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1907.898385][T12679] mem_cgroup_try_charge+0x136/0x590 [ 1907.903687][T12679] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1907.909321][T12679] wp_page_copy+0x421/0x15e0 [ 1907.913928][T12679] ? page_trans_huge_mapcount+0x166/0x450 [ 1907.919646][T12679] ? pmd_pfn+0x1d0/0x1d0 [ 1907.923885][T12679] ? lock_downgrade+0x920/0x920 [ 1907.928764][T12679] ? swp_swapcount+0x540/0x540 [ 1907.933545][T12679] ? psi_memstall_leave+0x12e/0x180 [ 1907.938753][T12679] ? __kasan_check_read+0x11/0x20 [ 1907.943781][T12679] ? do_raw_spin_unlock+0x57/0x270 [ 1907.948878][T12679] do_wp_page+0x499/0x14d0 [ 1907.953301][T12679] ? finish_mkwrite_fault+0x570/0x570 [ 1907.958696][T12679] __handle_mm_fault+0x22f7/0x3f20 [ 1907.963829][T12679] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1907.969363][T12679] ? __kasan_check_read+0x11/0x20 [ 1907.974403][T12679] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1907.980652][T12679] ? sync_mm_rss+0xa4/0x1c0 [ 1907.985250][T12679] handle_mm_fault+0x1b5/0x6b0 [ 1907.990033][T12679] __do_page_fault+0x536/0xdd0 [ 1907.995488][T12679] do_page_fault+0x38/0x590 [ 1908.000067][T12679] page_fault+0x39/0x40 [ 1908.004237][T12679] RIP: 0033:0x411240 [ 1908.008188][T12679] Code: ff ff 48 83 c8 01 48 89 05 8d f2 65 00 48 8b 05 66 3c 30 00 49 c7 85 c8 02 00 00 90 4e 71 00 49 89 85 c0 02 00 00 4c 89 70 08 <4c> 89 35 49 3c 30 00 48 c7 05 5e f2 65 00 00 00 00 00 f0 ff 0d 5f [ 1908.027787][T12679] RSP: 002b:00007ffd41fb7050 EFLAGS: 00010202 [ 1908.033839][T12679] RAX: 00007f357641a9c0 RBX: 0000000000020000 RCX: 00000000ffffffe0 [ 1908.041808][T12679] RDX: 0000000000000040 RSI: 0000000000000001 RDI: 00007f35763f96a0 [ 1908.049763][T12679] RBP: 00007ffd41fb7130 R08: 0000000000716800 R09: 0000000000716800 [ 1908.057715][T12679] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd41fb7220 [ 1908.065678][T12679] R13: 00007f35763f9700 R14: 00007f35763f99c0 R15: 000000000075bfd4 [ 1908.073960][T18929] Bluetooth: hci0: command 0x1003 tx timeout [ 1908.079350][T12679] memory: usage 307200kB, limit 307200kB, failcnt 101499 [ 1908.082593][T11933] Bluetooth: hci0: sending frame failed (-49) [ 1908.093142][T12679] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1908.102257][T12679] Memory cgroup stats for /syz0: [ 1908.102378][T12679] anon 82722816 [ 1908.102378][T12679] file 139264 [ 1908.102378][T12679] kernel_stack 36438016 [ 1908.102378][T12679] slab 44945408 [ 1908.102378][T12679] sock 4096 [ 1908.102378][T12679] shmem 0 [ 1908.102378][T12679] file_mapped 0 [ 1908.102378][T12679] file_dirty 0 [ 1908.102378][T12679] file_writeback 0 [ 1908.102378][T12679] anon_thp 0 [ 1908.102378][T12679] inactive_anon 0 [ 1908.102378][T12679] active_anon 82796544 [ 1908.102378][T12679] inactive_file 32768 [ 1908.102378][T12679] active_file 61440 [ 1908.102378][T12679] unevictable 0 [ 1908.102378][T12679] slab_reclaimable 5541888 [ 1908.102378][T12679] slab_unreclaimable 39403520 [ 1908.102378][T12679] pgfault 154341 [ 1908.102378][T12679] pgmajfault 0 [ 1908.102378][T12679] workingset_refault 495 [ 1908.102378][T12679] workingset_activate 396 [ 1908.102378][T12679] workingset_nodereclaim 0 [ 1908.102378][T12679] pgrefill 21464 [ 1908.102378][T12679] pgscan 21821 [ 1908.102378][T12679] pgsteal 1297 [ 1908.196534][T12679] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=12679,uid=0 [ 1908.212043][T12679] Memory cgroup out of memory: Killed process 12679 (syz-executor.0) total-vm:72708kB, anon-rss:168kB, file-rss:35788kB, shmem-rss:0kB, UID:0 [ 1908.227736][ T1057] oom_reaper: reaped process 12679 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 1910.124558][T18929] Bluetooth: hci0: command 0x1001 tx timeout [ 1910.130686][T11933] Bluetooth: hci0: sending frame failed (-49) [ 1912.204577][T12305] Bluetooth: hci0: command 0x1009 tx timeout 04:19:50 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x2, 0x0) 04:19:50 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f343097da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:50 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r1) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r1, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r1, 0x0, 0x80000001, 0x0) 04:19:50 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="0f00000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:19:50 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) 04:19:50 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0xfeffff07, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:19:50 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="1000000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1916.280649][ T26] audit: type=1400 audit(1564373990.059:1246): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F343097DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=12806 comm="syz-executor.1" 04:19:50 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f345897da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1916.357492][T12811] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1916.399792][T12811] CPU: 0 PID: 12811 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1916.408941][T12811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1916.419011][T12811] Call Trace: [ 1916.422323][T12811] dump_stack+0x172/0x1f0 [ 1916.426671][T12811] dump_header+0x177/0x1152 [ 1916.431183][T12811] ? ___ratelimit+0xf8/0x595 [ 1916.435786][T12811] ? trace_hardirqs_on+0x67/0x240 [ 1916.440833][T12811] ? mark_oom_victim.cold+0x18/0x18 [ 1916.446046][T12811] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1916.451861][T12811] ? ___ratelimit+0x60/0x595 [ 1916.456456][T12811] ? do_raw_spin_unlock+0x57/0x270 [ 1916.461583][T12811] oom_kill_process.cold+0x10/0x15 [ 1916.466703][T12811] out_of_memory+0x79a/0x12c0 [ 1916.466720][T12811] ? lock_downgrade+0x920/0x920 [ 1916.466738][T12811] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1916.466753][T12811] ? oom_killer_disable+0x280/0x280 [ 1916.466776][T12811] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1916.466791][T12811] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1916.466809][T12811] ? do_raw_spin_unlock+0x57/0x270 [ 1916.466824][T12811] ? _raw_spin_unlock+0x2d/0x50 [ 1916.466838][T12811] try_charge+0xf4b/0x1440 [ 1916.466858][T12811] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1916.466872][T12811] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1916.466886][T12811] ? __kasan_check_read+0x11/0x20 [ 1916.466904][T12811] ? lock_downgrade+0x920/0x920 [ 1916.466918][T12811] ? percpu_ref_tryget_live+0x111/0x290 [ 1916.466935][T12811] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1916.466992][T12811] ? memcg_kmem_put_cache+0x50/0x50 [ 1916.482849][T12811] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1916.482876][T12811] __memcg_kmem_charge+0x13a/0x3a0 [ 1916.509464][T12811] __alloc_pages_nodemask+0x4f4/0x900 [ 1916.509492][T12811] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1916.519733][T12811] ? percpu_ref_put_many+0xb6/0x190 [ 1916.519755][T12811] ? trace_hardirqs_on+0x67/0x240 [ 1916.519777][T12811] copy_process+0x3f8/0x6b00 [ 1916.588193][T12811] ? perf_trace_lock+0xeb/0x4c0 [ 1916.593070][T12811] ? __cleanup_sighand+0x60/0x60 [ 1916.598104][T12811] ? __kasan_check_read+0x11/0x20 [ 1916.598119][T12811] ? do_raw_spin_unlock+0x57/0x270 [ 1916.598140][T12811] _do_fork+0x146/0xfa0 [ 1916.608442][T12811] ? copy_init_mm+0x20/0x20 [ 1916.608462][T12811] ? __kasan_check_read+0x11/0x20 [ 1916.608484][T12811] ? _copy_to_user+0x118/0x160 [ 1916.627032][T12811] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1916.633371][T12811] ? put_timespec64+0xda/0x140 [ 1916.638145][T12811] __x64_sys_clone+0x18d/0x250 [ 1916.642922][T12811] ? __ia32_sys_vfork+0xc0/0xc0 [ 1916.647818][T12811] ? trace_hardirqs_off_caller+0x65/0x230 [ 1916.653732][T12811] ? trace_hardirqs_on+0x67/0x240 [ 1916.658774][T12811] do_syscall_64+0xfa/0x760 [ 1916.663304][T12811] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1916.669205][T12811] RIP: 0033:0x459829 [ 1916.673110][T12811] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1916.692721][T12811] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 04:19:50 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="1b00000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:19:50 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) 04:19:50 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x10, 0x0) 04:19:50 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x2405, 0x0) [ 1916.701738][T12811] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1916.709716][T12811] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1916.717694][T12811] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1916.725670][T12811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1916.725679][T12811] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff 04:19:50 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346397da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1916.732516][ T26] audit: type=1400 audit(1564373990.179:1247): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F345897DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=12859 comm="syz-executor.1" 04:19:50 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="c002000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1916.795357][T12811] memory: usage 307196kB, limit 307200kB, failcnt 101536 [ 1916.802917][T12811] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1916.810996][T12811] Memory cgroup stats for /syz0: [ 1916.811117][T12811] anon 82857984 [ 1916.811117][T12811] file 4096 [ 1916.811117][T12811] kernel_stack 36438016 [ 1916.811117][T12811] slab 44945408 [ 1916.811117][T12811] sock 4096 [ 1916.811117][T12811] shmem 0 [ 1916.811117][T12811] file_mapped 0 [ 1916.811117][T12811] file_dirty 0 [ 1916.811117][T12811] file_writeback 0 [ 1916.811117][T12811] anon_thp 0 [ 1916.811117][T12811] inactive_anon 0 [ 1916.811117][T12811] active_anon 82931712 [ 1916.811117][T12811] inactive_file 32768 [ 1916.811117][T12811] active_file 61440 [ 1916.811117][T12811] unevictable 0 [ 1916.811117][T12811] slab_reclaimable 5541888 [ 1916.811117][T12811] slab_unreclaimable 39403520 [ 1916.811117][T12811] pgfault 154374 [ 1916.811117][T12811] pgmajfault 0 [ 1916.811117][T12811] workingset_refault 495 [ 1916.811117][T12811] workingset_activate 396 [ 1916.811117][T12811] workingset_nodereclaim 0 [ 1916.811117][T12811] pgrefill 21596 [ 1916.811117][T12811] pgscan 21986 [ 1916.811117][T12811] pgsteal 1330 [ 1916.925045][T12811] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=12689,uid=0 [ 1916.962298][ T26] audit: type=1400 audit(1564373990.739:1248): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346397DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=12942 comm="syz-executor.1" [ 1916.979469][T12811] Memory cgroup out of memory: Killed process 12689 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 04:19:50 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r1) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r1, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r1, 0x0, 0x80000001, 0x0) 04:19:50 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x3b72, 0x0) 04:19:50 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="c00e000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1917.251658][T12805] syz-executor.0 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=1000 [ 1917.263814][T12805] CPU: 1 PID: 12805 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1917.272926][T12805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1917.283054][T12805] Call Trace: [ 1917.286442][T12805] dump_stack+0x172/0x1f0 [ 1917.290896][T12805] dump_header+0x177/0x1152 [ 1917.295411][T12805] ? ___ratelimit+0xf8/0x595 [ 1917.299997][T12805] ? trace_hardirqs_on+0x67/0x240 [ 1917.305013][T12805] ? mark_oom_victim.cold+0x18/0x18 [ 1917.310435][T12805] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1917.316223][T12805] ? ___ratelimit+0x60/0x595 [ 1917.320803][T12805] ? do_raw_spin_unlock+0x57/0x270 [ 1917.325911][T12805] oom_kill_process.cold+0x10/0x15 [ 1917.331050][T12805] out_of_memory+0x79a/0x12c0 [ 1917.335736][T12805] ? lock_downgrade+0x920/0x920 [ 1917.340610][T12805] ? oom_killer_disable+0x280/0x280 [ 1917.345809][T12805] ? __kasan_check_read+0x11/0x20 [ 1917.350964][T12805] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1917.356504][T12805] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1917.362228][T12805] ? do_raw_spin_unlock+0x57/0x270 [ 1917.367337][T12805] ? _raw_spin_unlock+0x2d/0x50 [ 1917.372180][T12805] try_charge+0xa2d/0x1440 [ 1917.376601][T12805] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1917.382136][T12805] ? cache_grow_begin+0x122/0xd20 [ 1917.387154][T12805] ? __kasan_check_read+0x11/0x20 [ 1917.392185][T12805] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1917.397697][T12805] ? memcg_kmem_put_cache+0x50/0x50 [ 1917.402882][T12805] ? cache_grow_begin+0x709/0xd20 [ 1917.407891][T12805] cache_grow_begin+0x627/0xd20 [ 1917.412727][T12805] ? __sanitizer_cov_trace_cmp8+0x11/0x20 [ 1917.418470][T12805] ? mempolicy_slab_node+0x139/0x390 [ 1917.423774][T12805] fallback_alloc+0x1fd/0x2d0 [ 1917.428499][T12805] ____cache_alloc_node+0x1bc/0x1d0 [ 1917.433705][T12805] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1917.439958][T12805] kmem_cache_alloc_node+0xe3/0x740 [ 1917.445156][T12805] ? trace_hardirqs_on+0x67/0x240 [ 1917.450178][T12805] copy_process+0x46d1/0x6b00 [ 1917.454848][T12805] ? __kasan_check_read+0x11/0x20 [ 1917.459872][T12805] ? record_times+0x1e/0x2b0 [ 1917.464459][T12805] ? lock_downgrade+0x920/0x920 [ 1917.469310][T12805] ? __cleanup_sighand+0x60/0x60 [ 1917.474232][T12805] ? perf_trace_lock+0xeb/0x4c0 [ 1917.479078][T12805] ? __lockdep_free_key_range+0x120/0x120 [ 1917.484818][T12805] ? set_task_reclaim_state+0x56/0xb0 [ 1917.490195][T12805] _do_fork+0x146/0xfa0 [ 1917.494360][T12805] ? copy_init_mm+0x20/0x20 [ 1917.498848][T12805] ? lock_downgrade+0x920/0x920 [ 1917.503697][T12805] ? percpu_ref_tryget_live+0x290/0x290 [ 1917.509242][T12805] ? cgroup_file_notify+0x140/0x1b0 [ 1917.514436][T12805] ? blkcg_maybe_throttle_current+0x5fe/0x1030 [ 1917.520614][T12805] __x64_sys_clone+0x18d/0x250 [ 1917.525386][T12805] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1917.531629][T12805] ? __ia32_sys_vfork+0xc0/0xc0 [ 1917.536553][T12805] ? trace_hardirqs_off_caller+0x65/0x230 [ 1917.542264][T12805] ? trace_hardirqs_on+0x67/0x240 [ 1917.547289][T12805] do_syscall_64+0xfa/0x760 [ 1917.551787][T12805] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1917.557661][T12805] RIP: 0033:0x45c1f9 [ 1917.561538][T12805] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1917.581150][T12805] RSP: 002b:00007ffd41fb7008 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1917.589573][T12805] RAX: ffffffffffffffda RBX: 00007f35763f9700 RCX: 000000000045c1f9 [ 1917.597574][T12805] RDX: 00007f35763f99d0 RSI: 00007f35763f8db0 RDI: 00000000003d0f00 [ 1917.605742][T12805] RBP: 00007ffd41fb7220 R08: 00007f35763f9700 R09: 00007f35763f9700 [ 1917.613730][T12805] R10: 00007f35763f99d0 R11: 0000000000000202 R12: 0000000000000000 [ 1917.621703][T12805] R13: 00007ffd41fb70bf R14: 00007f35763f99c0 R15: 000000000075bfd4 [ 1917.632159][T12805] memory: usage 307132kB, limit 307200kB, failcnt 101540 [ 1917.640514][T12805] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1917.648300][T12805] Memory cgroup stats for /syz0: [ 1917.648411][T12805] anon 82857984 [ 1917.648411][T12805] file 4096 [ 1917.648411][T12805] kernel_stack 36372480 [ 1917.648411][T12805] slab 44945408 [ 1917.648411][T12805] sock 4096 [ 1917.648411][T12805] shmem 0 [ 1917.648411][T12805] file_mapped 0 [ 1917.648411][T12805] file_dirty 0 [ 1917.648411][T12805] file_writeback 0 [ 1917.648411][T12805] anon_thp 0 [ 1917.648411][T12805] inactive_anon 0 [ 1917.648411][T12805] active_anon 82931712 [ 1917.648411][T12805] inactive_file 32768 [ 1917.648411][T12805] active_file 61440 [ 1917.648411][T12805] unevictable 0 [ 1917.648411][T12805] slab_reclaimable 5541888 [ 1917.648411][T12805] slab_unreclaimable 39403520 [ 1917.648411][T12805] pgfault 154374 [ 1917.648411][T12805] pgmajfault 0 [ 1917.648411][T12805] workingset_refault 495 [ 1917.648411][T12805] workingset_activate 396 [ 1917.648411][T12805] workingset_nodereclaim 0 [ 1917.648411][T12805] pgrefill 21596 [ 1917.648411][T12805] pgscan 21986 [ 1917.648411][T12805] pgsteal 1330 [ 1917.742530][T12805] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=12429,uid=0 [ 1917.758172][T12805] Memory cgroup out of memory: Killed process 12429 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1917.773735][ T1057] oom_reaper: reaped process 12429 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1917.790117][T12811] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1917.813080][T12811] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1917.827498][T12811] CPU: 0 PID: 12811 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1917.836708][T12811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1917.846756][T12811] Call Trace: [ 1917.850056][T12811] dump_stack+0x172/0x1f0 [ 1917.854490][T12811] dump_header+0x177/0x1152 [ 1917.861255][T12811] ? ___ratelimit+0xf8/0x595 [ 1917.865859][T12811] ? trace_hardirqs_on+0x67/0x240 [ 1917.870877][T12811] ? mark_oom_victim.cold+0x18/0x18 [ 1917.876064][T12811] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1917.881853][T12811] ? ___ratelimit+0x60/0x595 [ 1917.886427][T12811] ? do_raw_spin_unlock+0x57/0x270 [ 1917.891635][T12811] oom_kill_process.cold+0x10/0x15 [ 1917.896754][T12811] out_of_memory+0x79a/0x12c0 [ 1917.901703][T12811] ? lock_downgrade+0x920/0x920 [ 1917.906547][T12811] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1917.912866][T12811] ? oom_killer_disable+0x280/0x280 [ 1917.918175][T12811] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1917.923729][T12811] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1917.929359][T12811] ? do_raw_spin_unlock+0x57/0x270 [ 1917.934464][T12811] ? _raw_spin_unlock+0x2d/0x50 [ 1917.939304][T12811] try_charge+0xf4b/0x1440 [ 1917.943721][T12811] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1917.949270][T12811] ? percpu_ref_tryget_live+0x111/0x290 [ 1917.954834][T12811] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1917.960357][T12811] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1917.965927][T12811] mem_cgroup_try_charge+0x136/0x590 [ 1917.971237][T12811] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1917.976899][T12811] wp_page_copy+0x421/0x15e0 [ 1917.981500][T12811] ? page_trans_huge_mapcount+0x166/0x450 [ 1917.987231][T12811] ? pmd_pfn+0x1d0/0x1d0 [ 1917.987250][T12811] ? lock_downgrade+0x920/0x920 [ 1917.987267][T12811] ? swp_swapcount+0x540/0x540 [ 1917.987293][T12811] ? __kasan_check_read+0x11/0x20 [ 1918.006948][T12811] ? do_raw_spin_unlock+0x57/0x270 [ 1918.012078][T12811] do_wp_page+0x499/0x14d0 [ 1918.016514][T12811] ? finish_mkwrite_fault+0x570/0x570 [ 1918.022162][T12811] __handle_mm_fault+0x22f7/0x3f20 [ 1918.027288][T12811] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1918.032850][T12811] ? __kasan_check_read+0x11/0x20 [ 1918.037875][T12811] ? trace_hardirqs_on+0x67/0x240 [ 1918.042889][T12811] handle_mm_fault+0x1b5/0x6b0 [ 1918.047664][T12811] __do_page_fault+0x536/0xdd0 [ 1918.052498][T12811] do_page_fault+0x38/0x590 [ 1918.057028][T12811] page_fault+0x39/0x40 [ 1918.061168][T12811] RIP: 0033:0x404e59 [ 1918.065046][T12811] Code: 66 00 39 45 24 0f 84 a6 01 00 00 80 3d 47 b6 66 00 00 74 0e 48 8b 85 90 00 00 00 48 c7 00 00 00 00 00 e8 ca f2 00 00 49 89 c4 00 00 00 00 00 49 8b 46 10 48 85 c0 0f 84 3c 01 00 00 48 83 ec [ 1918.084654][T12811] RSP: 002b:00007f3576419c90 EFLAGS: 00010207 [ 1918.090703][T12811] RAX: 00007f357641a6d4 RBX: 0000000000000003 RCX: 0000000000000003 [ 1918.098656][T12811] RDX: 00000000001a086d RSI: 0000000000000088 RDI: 00000000004be16e [ 1918.106629][T12811] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1918.114583][T12811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1918.122541][T12811] R13: 00000000004c8569 R14: 00000000004df080 R15: 00000000ffffffff [ 1918.130796][T12811] memory: usage 307196kB, limit 307200kB, failcnt 101571 [ 1918.142075][T12811] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1918.148978][T12811] Memory cgroup stats for /syz0: [ 1918.149107][T12811] anon 82857984 [ 1918.149107][T12811] file 4096 [ 1918.149107][T12811] kernel_stack 36438016 [ 1918.149107][T12811] slab 44945408 [ 1918.149107][T12811] sock 4096 [ 1918.149107][T12811] shmem 0 [ 1918.149107][T12811] file_mapped 0 [ 1918.149107][T12811] file_dirty 0 [ 1918.149107][T12811] file_writeback 0 [ 1918.149107][T12811] anon_thp 0 [ 1918.149107][T12811] inactive_anon 0 [ 1918.149107][T12811] active_anon 82931712 [ 1918.149107][T12811] inactive_file 32768 [ 1918.149107][T12811] active_file 61440 [ 1918.149107][T12811] unevictable 0 [ 1918.149107][T12811] slab_reclaimable 5541888 [ 1918.149107][T12811] slab_unreclaimable 39403520 [ 1918.149107][T12811] pgfault 154407 [ 1918.149107][T12811] pgmajfault 0 [ 1918.149107][T12811] workingset_refault 495 [ 1918.149107][T12811] workingset_activate 396 [ 1918.149107][T12811] workingset_nodereclaim 0 [ 1918.149107][T12811] pgrefill 21596 [ 1918.149107][T12811] pgscan 21986 [ 1918.149107][T12811] pgsteal 1330 [ 1918.244248][T12811] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=13072,uid=0 [ 1918.259972][T12811] Memory cgroup out of memory: Killed process 13072 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1918.278192][ T1057] oom_reaper: reaped process 13072 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1918.281525][T12811] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1918.299673][T12811] CPU: 0 PID: 12811 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1918.308786][T12811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1918.318849][T12811] Call Trace: [ 1918.322140][T12811] dump_stack+0x172/0x1f0 [ 1918.326457][T12811] dump_header+0x177/0x1152 [ 1918.330979][T12811] ? ___ratelimit+0xf8/0x595 [ 1918.335555][T12811] ? trace_hardirqs_on+0x67/0x240 [ 1918.340562][T12811] ? mark_oom_victim.cold+0x18/0x18 [ 1918.345742][T12811] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1918.351534][T12811] ? ___ratelimit+0x60/0x595 [ 1918.356104][T12811] ? do_raw_spin_unlock+0x57/0x270 [ 1918.361237][T12811] oom_kill_process.cold+0x10/0x15 [ 1918.366340][T12811] out_of_memory+0x79a/0x12c0 [ 1918.371005][T12811] ? lock_downgrade+0x920/0x920 [ 1918.375844][T12811] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1918.382072][T12811] ? oom_killer_disable+0x280/0x280 [ 1918.387256][T12811] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1918.392819][T12811] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1918.398466][T12811] ? do_raw_spin_unlock+0x57/0x270 [ 1918.403562][T12811] ? _raw_spin_unlock+0x2d/0x50 [ 1918.408403][T12811] try_charge+0xf4b/0x1440 [ 1918.412823][T12811] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1918.418356][T12811] ? percpu_ref_tryget_live+0x111/0x290 [ 1918.423889][T12811] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1918.429346][T12811] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1918.434917][T12811] mem_cgroup_try_charge+0x136/0x590 [ 1918.440192][T12811] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1918.445819][T12811] wp_page_copy+0x421/0x15e0 [ 1918.450398][T12811] ? page_trans_huge_mapcount+0x166/0x450 [ 1918.456636][T12811] ? pmd_pfn+0x1d0/0x1d0 [ 1918.460873][T12811] ? lock_downgrade+0x920/0x920 [ 1918.465722][T12811] ? swp_swapcount+0x540/0x540 [ 1918.470476][T12811] ? __kasan_check_read+0x11/0x20 [ 1918.475484][T12811] ? do_raw_spin_unlock+0x57/0x270 [ 1918.480581][T12811] do_wp_page+0x499/0x14d0 [ 1918.485014][T12811] ? finish_mkwrite_fault+0x570/0x570 [ 1918.490396][T12811] __handle_mm_fault+0x22f7/0x3f20 [ 1918.495595][T12811] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1918.501159][T12811] ? __kasan_check_read+0x11/0x20 [ 1918.506176][T12811] ? trace_hardirqs_on+0x67/0x240 [ 1918.511188][T12811] handle_mm_fault+0x1b5/0x6b0 [ 1918.515937][T12811] __do_page_fault+0x536/0xdd0 [ 1918.520692][T12811] do_page_fault+0x38/0x590 [ 1918.525195][T12811] page_fault+0x39/0x40 [ 1918.529376][T12811] RIP: 0033:0x404e59 [ 1918.533257][T12811] Code: 66 00 39 45 24 0f 84 a6 01 00 00 80 3d 47 b6 66 00 00 74 0e 48 8b 85 90 00 00 00 48 c7 00 00 00 00 00 e8 ca f2 00 00 49 89 c4 00 00 00 00 00 49 8b 46 10 48 85 c0 0f 84 3c 01 00 00 48 83 ec [ 1918.552870][T12811] RSP: 002b:00007f3576419c90 EFLAGS: 00010207 [ 1918.558931][T12811] RAX: 00007f357641a6d4 RBX: 0000000000000003 RCX: 0000000000000003 [ 1918.566897][T12811] RDX: 00000000001a086d RSI: 0000000000000088 RDI: 00000000004be16e [ 1918.574850][T12811] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1918.582806][T12811] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1918.590851][T12811] R13: 00000000004c8569 R14: 00000000004df080 R15: 00000000ffffffff [ 1918.598968][T12811] memory: usage 307016kB, limit 307200kB, failcnt 101577 [ 1918.606853][T12811] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1918.613701][T12811] Memory cgroup stats for /syz0: [ 1918.613777][T12811] anon 82857984 [ 1918.613777][T12811] file 4096 [ 1918.613777][T12811] kernel_stack 36438016 [ 1918.613777][T12811] slab 44945408 [ 1918.613777][T12811] sock 4096 [ 1918.613777][T12811] shmem 0 [ 1918.613777][T12811] file_mapped 0 [ 1918.613777][T12811] file_dirty 0 [ 1918.613777][T12811] file_writeback 0 [ 1918.613777][T12811] anon_thp 0 [ 1918.613777][T12811] inactive_anon 0 [ 1918.613777][T12811] active_anon 82931712 [ 1918.613777][T12811] inactive_file 32768 [ 1918.613777][T12811] active_file 61440 [ 1918.613777][T12811] unevictable 0 [ 1918.613777][T12811] slab_reclaimable 5541888 [ 1918.613777][T12811] slab_unreclaimable 39403520 [ 1918.613777][T12811] pgfault 154407 [ 1918.613777][T12811] pgmajfault 0 [ 1918.613777][T12811] workingset_refault 495 [ 1918.613777][T12811] workingset_activate 396 [ 1918.613777][T12811] workingset_nodereclaim 0 [ 1918.613777][T12811] pgrefill 21596 [ 1918.613777][T12811] pgscan 21986 [ 1918.613777][T12811] pgsteal 1330 [ 1918.707611][T12811] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=32312,uid=0 [ 1918.723216][T12811] Memory cgroup out of memory: Killed process 32312 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1918.739247][ T1057] oom_reaper: reaped process 32312 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1918.743493][T12805] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1918.760599][T12805] CPU: 0 PID: 12805 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1918.769738][T12805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1918.779783][T12805] Call Trace: [ 1918.783064][T12805] dump_stack+0x172/0x1f0 [ 1918.787392][T12805] dump_header+0x177/0x1152 [ 1918.791880][T12805] ? ___ratelimit+0xf8/0x595 [ 1918.796653][T12805] ? trace_hardirqs_on+0x67/0x240 [ 1918.801667][T12805] ? mark_oom_victim.cold+0x18/0x18 [ 1918.806878][T12805] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1918.812684][T12805] ? ___ratelimit+0x60/0x595 [ 1918.817263][T12805] ? do_raw_spin_unlock+0x57/0x270 [ 1918.822394][T12805] oom_kill_process.cold+0x10/0x15 [ 1918.827504][T12805] out_of_memory+0x79a/0x12c0 [ 1918.832181][T12805] ? lock_downgrade+0x920/0x920 [ 1918.846325][T12805] ? oom_killer_disable+0x280/0x280 [ 1918.851524][T12805] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1918.857158][T12805] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1918.862806][T12805] ? do_raw_spin_unlock+0x57/0x270 [ 1918.867925][T12805] ? _raw_spin_unlock+0x2d/0x50 [ 1918.872782][T12805] try_charge+0xa2d/0x1440 [ 1918.877201][T12805] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1918.882738][T12805] ? percpu_ref_tryget_live+0x111/0x290 [ 1918.888269][T12805] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1918.893750][T12805] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1918.899430][T12805] mem_cgroup_try_charge+0x136/0x590 [ 1918.904708][T12805] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1918.910327][T12805] wp_page_copy+0x421/0x15e0 [ 1918.914900][T12805] ? page_trans_huge_mapcount+0x166/0x450 [ 1918.920605][T12805] ? pmd_pfn+0x1d0/0x1d0 [ 1918.924919][T12805] ? lock_downgrade+0x920/0x920 [ 1918.929800][T12805] ? swp_swapcount+0x540/0x540 [ 1918.934676][T12805] ? __kasan_check_read+0x11/0x20 [ 1918.939692][T12805] ? do_raw_spin_unlock+0x57/0x270 [ 1918.944801][T12805] do_wp_page+0x499/0x14d0 [ 1918.949215][T12805] ? finish_mkwrite_fault+0x570/0x570 [ 1918.954586][T12805] __handle_mm_fault+0x22f7/0x3f20 [ 1918.959726][T12805] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1918.966572][T12805] ? __kasan_check_read+0x11/0x20 [ 1918.971630][T12805] ? trace_hardirqs_on+0x67/0x240 [ 1918.976644][T12805] handle_mm_fault+0x1b5/0x6b0 [ 1918.981424][T12805] __do_page_fault+0x536/0xdd0 [ 1918.986180][T12805] do_page_fault+0x38/0x590 [ 1918.990677][T12805] page_fault+0x39/0x40 [ 1918.994814][T12805] RIP: 0033:0x40d085 [ 1918.998695][T12805] Code: ff 48 81 fe 00 00 96 00 0f 83 cf f9 ff ff 48 8d 45 20 48 89 44 24 78 48 b8 ff ff ff ff ff ff ff 7f 48 23 45 18 48 89 44 24 38 <64> f0 83 04 25 d0 ff ff ff 01 48 8b 7c 24 08 e8 e7 4a 01 00 85 c0 [ 1919.018330][T12805] RSP: 002b:00007ffd41fb7140 EFLAGS: 00010202 [ 1919.024384][T12805] RAX: 0000000000000020 RBX: 0000000000000000 RCX: 0000000000000073 [ 1919.032345][T12805] RDX: 0000000000000000 RSI: 0000000000760108 RDI: 00000000004c5d8e [ 1919.040304][T12805] RBP: 00000000007600f0 R08: 000000000000ffff R09: 0000000000000000 [ 1919.048260][T12805] R10: 0000000000439400 R11: 0000000000000012 R12: 00000000004c5d8e [ 1919.056236][T12805] R13: 000000000000012c R14: 00000000007600f8 R15: fffffffffffffffe [ 1919.064713][T12805] memory: usage 306780kB, limit 307200kB, failcnt 101577 [ 1919.071748][T12805] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1919.078729][T12805] Memory cgroup stats for /syz0: [ 1919.078821][T12805] anon 82857984 [ 1919.078821][T12805] file 4096 [ 1919.078821][T12805] kernel_stack 36372480 [ 1919.078821][T12805] slab 44945408 [ 1919.078821][T12805] sock 4096 [ 1919.078821][T12805] shmem 0 [ 1919.078821][T12805] file_mapped 0 [ 1919.078821][T12805] file_dirty 0 [ 1919.078821][T12805] file_writeback 0 [ 1919.078821][T12805] anon_thp 0 [ 1919.078821][T12805] inactive_anon 0 [ 1919.078821][T12805] active_anon 82931712 [ 1919.078821][T12805] inactive_file 32768 [ 1919.078821][T12805] active_file 61440 [ 1919.078821][T12805] unevictable 0 [ 1919.078821][T12805] slab_reclaimable 5541888 [ 1919.078821][T12805] slab_unreclaimable 39403520 [ 1919.078821][T12805] pgfault 154407 [ 1919.078821][T12805] pgmajfault 0 [ 1919.078821][T12805] workingset_refault 495 [ 1919.078821][T12805] workingset_activate 396 [ 1919.078821][T12805] workingset_nodereclaim 0 [ 1919.078821][T12805] pgrefill 21596 [ 1919.078821][T12805] pgscan 21986 [ 1919.078821][T12805] pgsteal 1330 [ 1919.172846][T12805] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=32141,uid=0 [ 1919.188382][T12805] Memory cgroup out of memory: Killed process 32141 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1919.203894][ T1057] oom_reaper: reaped process 32141 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:19:53 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x20000000000000, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:19:53 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346997da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:53 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) 04:19:53 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="effd000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:19:53 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4b32, 0x0) 04:19:53 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1919.204386][T12811] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:19:53 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346c97da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1919.290654][ T26] audit: type=1400 audit(1564373993.069:1249): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346997DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=13079 comm="syz-executor.1" 04:19:53 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="e03f030048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:19:53 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4c00, 0x0) 04:19:53 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346f97da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1919.428508][ T26] audit: type=1400 audit(1564373993.209:1250): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346C97DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=13094 comm="syz-executor.1" [ 1919.454181][T13088] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:19:53 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) 04:19:53 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x100000000000000, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:19:53 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc08002048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:19:53 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f347097da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1919.551209][ T26] audit: type=1400 audit(1564373993.309:1251): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346F97DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=13180 comm="syz-executor.1" 04:19:53 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="effdffff48000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:19:53 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4c01, 0x0) 04:19:53 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f347397da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1919.777665][ T26] audit: type=1400 audit(1564373993.499:1252): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F347097DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=13219 comm="syz-executor.1" [ 1919.882886][T13222] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1919.898403][ T26] audit: type=1400 audit(1564373993.679:1253): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F347397DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=13332 comm="syz-executor.1" [ 1919.969544][T13222] CPU: 0 PID: 13222 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1919.978775][T13222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1919.978781][T13222] Call Trace: [ 1919.978805][T13222] dump_stack+0x172/0x1f0 [ 1919.978824][T13222] dump_header+0x177/0x1152 [ 1919.978839][T13222] ? ___ratelimit+0xf8/0x595 [ 1919.978854][T13222] ? trace_hardirqs_on+0x67/0x240 [ 1919.978870][T13222] ? mark_oom_victim.cold+0x18/0x18 [ 1919.978887][T13222] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1919.978908][T13222] ? ___ratelimit+0x60/0x595 [ 1920.005828][T13222] ? do_raw_spin_unlock+0x57/0x270 [ 1920.005850][T13222] oom_kill_process.cold+0x10/0x15 [ 1920.005870][T13222] out_of_memory+0x79a/0x12c0 [ 1920.041326][T13222] ? lock_downgrade+0x920/0x920 [ 1920.046180][T13222] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1920.052440][T13222] ? oom_killer_disable+0x280/0x280 [ 1920.057641][T13222] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1920.063181][T13222] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1920.068814][T13222] ? do_raw_spin_unlock+0x57/0x270 [ 1920.073924][T13222] ? _raw_spin_unlock+0x2d/0x50 [ 1920.078766][T13222] try_charge+0xf4b/0x1440 [ 1920.083332][T13222] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1920.089135][T13222] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1920.094673][T13222] ? __kasan_check_read+0x11/0x20 [ 1920.099686][T13222] ? lock_downgrade+0x920/0x920 [ 1920.104546][T13222] ? percpu_ref_tryget_live+0x111/0x290 [ 1920.110085][T13222] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1920.115546][T13222] ? memcg_kmem_put_cache+0x50/0x50 [ 1920.120750][T13222] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1920.126442][T13222] __memcg_kmem_charge+0x13a/0x3a0 [ 1920.131553][T13222] __alloc_pages_nodemask+0x4f4/0x900 [ 1920.136946][T13222] ? __lockdep_free_key_range+0x120/0x120 [ 1920.142669][T13222] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1920.148380][T13222] ? copy_page_range+0x10c2/0x2120 [ 1920.153481][T13222] ? __kasan_check_read+0x11/0x20 [ 1920.158499][T13222] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1920.164731][T13222] alloc_pages_current+0x107/0x210 [ 1920.169846][T13222] pte_alloc_one+0x1b/0x1a0 [ 1920.174365][T13222] __pte_alloc+0x20/0x310 [ 1920.178680][T13222] copy_page_range+0x1610/0x2120 [ 1920.183630][T13222] ? perf_trace_lock+0xeb/0x4c0 [ 1920.188490][T13222] ? __pmd_alloc+0x460/0x460 [ 1920.193084][T13222] ? lock_downgrade+0x920/0x920 [ 1920.197925][T13222] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1920.203631][T13222] ? vma_compute_subtree_gap+0x158/0x230 [ 1920.209265][T13222] ? validate_mm_rb+0xa3/0xc0 [ 1920.213941][T13222] ? __vma_link_rb+0x275/0x370 [ 1920.218691][T13222] ? __kasan_check_write+0x14/0x20 [ 1920.223801][T13222] dup_mm+0xa67/0x1430 [ 1920.227869][T13222] ? vm_area_dup+0x170/0x170 [ 1920.232452][T13222] ? debug_mutex_init+0x2d/0x5a [ 1920.237307][T13222] copy_process+0x28b7/0x6b00 [ 1920.241972][T13222] ? perf_trace_lock+0xeb/0x4c0 [ 1920.246830][T13222] ? __cleanup_sighand+0x60/0x60 [ 1920.251752][T13222] ? __kasan_check_read+0x11/0x20 [ 1920.256764][T13222] ? do_raw_spin_unlock+0x57/0x270 [ 1920.261862][T13222] _do_fork+0x146/0xfa0 [ 1920.266018][T13222] ? copy_init_mm+0x20/0x20 [ 1920.270531][T13222] ? __kasan_check_read+0x11/0x20 [ 1920.275561][T13222] ? _copy_to_user+0x118/0x160 [ 1920.280311][T13222] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1920.286537][T13222] ? put_timespec64+0xda/0x140 [ 1920.291310][T13222] __x64_sys_clone+0x18d/0x250 [ 1920.296063][T13222] ? __ia32_sys_vfork+0xc0/0xc0 [ 1920.300986][T13222] ? trace_hardirqs_off_caller+0x65/0x230 [ 1920.306686][T13222] ? trace_hardirqs_on+0x67/0x240 [ 1920.311694][T13222] do_syscall_64+0xfa/0x760 [ 1920.316197][T13222] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1920.322091][T13222] RIP: 0033:0x459829 [ 1920.325967][T13222] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1920.345556][T13222] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1920.353955][T13222] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1920.362087][T13222] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1920.370139][T13222] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1920.378123][T13222] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1920.386098][T13222] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff 04:19:54 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:19:54 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc0000000f000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:19:54 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1, 0x0, 0x0, 0x0}, 0x0) 04:19:54 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f347597da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:54 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5403, 0x0) [ 1920.418204][T13222] memory: usage 307200kB, limit 307200kB, failcnt 101603 [ 1920.445755][T13222] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1920.452636][T13222] Memory cgroup stats for /syz0: [ 1920.452749][T13222] anon 82857984 [ 1920.452749][T13222] file 4096 [ 1920.452749][T13222] kernel_stack 36372480 [ 1920.452749][T13222] slab 44945408 [ 1920.452749][T13222] sock 4096 [ 1920.452749][T13222] shmem 0 [ 1920.452749][T13222] file_mapped 0 [ 1920.452749][T13222] file_dirty 0 [ 1920.452749][T13222] file_writeback 0 [ 1920.452749][T13222] anon_thp 0 [ 1920.452749][T13222] inactive_anon 0 [ 1920.452749][T13222] active_anon 82796544 [ 1920.452749][T13222] inactive_file 32768 [ 1920.452749][T13222] active_file 61440 [ 1920.452749][T13222] unevictable 0 [ 1920.452749][T13222] slab_reclaimable 5541888 [ 1920.452749][T13222] slab_unreclaimable 39403520 [ 1920.452749][T13222] pgfault 154572 [ 1920.452749][T13222] pgmajfault 0 [ 1920.452749][T13222] workingset_refault 495 [ 1920.452749][T13222] workingset_activate 396 [ 1920.452749][T13222] workingset_nodereclaim 0 [ 1920.452749][T13222] pgrefill 21763 [ 1920.452749][T13222] pgscan 22152 [ 1920.452749][T13222] pgsteal 1330 [ 1920.506044][ T26] audit: type=1400 audit(1564373994.239:1254): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F347597DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=13345 comm="syz-executor.1" 04:19:54 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5409, 0x0) [ 1920.641665][T13222] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=13186,uid=0 [ 1920.718253][T13222] Memory cgroup out of memory: Killed process 13186 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1920.768980][ T1057] oom_reaper: reaped process 13186 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1920.816541][T13222] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1920.833924][T13222] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1920.846427][T13222] CPU: 0 PID: 13222 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1920.855545][T13222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1920.865608][T13222] Call Trace: [ 1920.870735][T13222] dump_stack+0x172/0x1f0 [ 1920.882119][T13222] dump_header+0x177/0x1152 [ 1920.886630][T13222] ? ___ratelimit+0xf8/0x595 [ 1920.891216][T13222] ? trace_hardirqs_on+0x67/0x240 [ 1920.896252][T13222] ? mark_oom_victim.cold+0x18/0x18 [ 1920.901465][T13222] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1920.907330][T13222] ? ___ratelimit+0x60/0x595 [ 1920.911915][T13222] ? do_raw_spin_unlock+0x57/0x270 [ 1920.917013][T13222] oom_kill_process.cold+0x10/0x15 [ 1920.922114][T13222] out_of_memory+0x79a/0x12c0 [ 1920.926792][T13222] ? lock_downgrade+0x920/0x920 [ 1920.931649][T13222] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1920.937876][T13222] ? oom_killer_disable+0x280/0x280 [ 1920.943068][T13222] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1920.948606][T13222] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1920.954320][T13222] ? do_raw_spin_unlock+0x57/0x270 [ 1920.959422][T13222] ? _raw_spin_unlock+0x2d/0x50 [ 1920.964269][T13222] try_charge+0xf4b/0x1440 [ 1920.969734][T13222] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1920.975268][T13222] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1920.980835][T13222] ? __kasan_check_read+0x11/0x20 [ 1920.985859][T13222] ? lock_downgrade+0x920/0x920 [ 1920.990701][T13222] ? percpu_ref_tryget_live+0x111/0x290 [ 1920.996258][T13222] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1921.001720][T13222] ? memcg_kmem_put_cache+0x50/0x50 [ 1921.006903][T13222] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1921.012433][T13222] __memcg_kmem_charge+0x13a/0x3a0 [ 1921.017530][T13222] __alloc_pages_nodemask+0x4f4/0x900 [ 1921.022882][T13222] ? save_stack+0x5c/0x90 [ 1921.027202][T13222] ? save_stack+0x23/0x90 [ 1921.031525][T13222] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1921.037226][T13222] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1921.043021][T13222] ? kasan_slab_alloc+0xf/0x20 [ 1921.047788][T13222] ? kmem_cache_alloc+0x121/0x710 [ 1921.052805][T13222] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1921.059027][T13222] ? debug_smp_processor_id+0x3c/0x214 [ 1921.064505][T13222] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1921.070740][T13222] alloc_pages_current+0x107/0x210 [ 1921.075850][T13222] pte_alloc_one+0x1b/0x1a0 [ 1921.080366][T13222] __pte_alloc+0x20/0x310 [ 1921.084698][T13222] copy_page_range+0x1610/0x2120 [ 1921.089619][T13222] ? percpu_ref_put_many+0x94/0x190 [ 1921.094814][T13222] ? lock_downgrade+0x920/0x920 [ 1921.099653][T13222] ? __pmd_alloc+0x460/0x460 [ 1921.104271][T13222] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1921.109994][T13222] ? validate_mm_rb+0xa3/0xc0 [ 1921.114665][T13222] ? __vma_link_rb+0x275/0x370 [ 1921.119419][T13222] dup_mm+0xa67/0x1430 [ 1921.123477][T13222] ? vm_area_dup+0x170/0x170 [ 1921.128053][T13222] ? debug_mutex_init+0x2d/0x5a [ 1921.132890][T13222] copy_process+0x28b7/0x6b00 [ 1921.137560][T13222] ? perf_trace_lock+0xeb/0x4c0 [ 1921.142439][T13222] ? __cleanup_sighand+0x60/0x60 [ 1921.147372][T13222] _do_fork+0x146/0xfa0 [ 1921.151512][T13222] ? copy_init_mm+0x20/0x20 [ 1921.156018][T13222] ? __kasan_check_read+0x11/0x20 [ 1921.161050][T13222] ? _copy_to_user+0x118/0x160 [ 1921.165813][T13222] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1921.172035][T13222] ? put_timespec64+0xda/0x140 [ 1921.176796][T13222] __x64_sys_clone+0x18d/0x250 [ 1921.181557][T13222] ? __ia32_sys_vfork+0xc0/0xc0 [ 1921.186422][T13222] ? trace_hardirqs_off_caller+0x65/0x230 [ 1921.192135][T13222] ? trace_hardirqs_on+0x67/0x240 [ 1921.197145][T13222] do_syscall_64+0xfa/0x760 [ 1921.201650][T13222] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1921.207536][T13222] RIP: 0033:0x459829 [ 1921.211413][T13222] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1921.231015][T13222] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1921.239464][T13222] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1921.247420][T13222] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1921.255378][T13222] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1921.263356][T13222] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1921.271333][T13222] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1921.279856][T13222] memory: usage 307196kB, limit 307200kB, failcnt 101642 [ 1921.286977][T13222] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1921.293821][T13222] Memory cgroup stats for /syz0: [ 1921.293945][T13222] anon 82993152 [ 1921.293945][T13222] file 4096 [ 1921.293945][T13222] kernel_stack 36438016 [ 1921.293945][T13222] slab 44945408 [ 1921.293945][T13222] sock 4096 [ 1921.293945][T13222] shmem 0 [ 1921.293945][T13222] file_mapped 0 [ 1921.293945][T13222] file_dirty 0 [ 1921.293945][T13222] file_writeback 0 [ 1921.293945][T13222] anon_thp 0 [ 1921.293945][T13222] inactive_anon 0 [ 1921.293945][T13222] active_anon 82931712 [ 1921.293945][T13222] inactive_file 32768 [ 1921.293945][T13222] active_file 61440 [ 1921.293945][T13222] unevictable 0 [ 1921.293945][T13222] slab_reclaimable 5541888 [ 1921.293945][T13222] slab_unreclaimable 39403520 [ 1921.293945][T13222] pgfault 154605 [ 1921.293945][T13222] pgmajfault 0 04:19:55 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x200000000000000, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:19:55 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f347897da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:55 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc02000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:19:55 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x2) [ 1921.293945][T13222] workingset_refault 495 [ 1921.293945][T13222] workingset_activate 396 [ 1921.293945][T13222] workingset_nodereclaim 0 [ 1921.293945][T13222] pgrefill 21763 [ 1921.293945][T13222] pgscan 22152 [ 1921.293945][T13222] pgsteal 1330 [ 1921.387942][T13222] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=13221,uid=0 [ 1921.403482][T13222] Memory cgroup out of memory: Killed process 13221 (syz-executor.0) total-vm:72708kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB, UID:0 04:19:55 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540b, 0x0) 04:19:55 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, 0x0, 0x0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:19:55 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc03000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1921.483427][ T26] audit: type=1400 audit(1564373995.259:1255): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F347897DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=13483 comm="syz-executor.1" 04:19:55 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b459ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:55 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540c, 0x0) 04:19:55 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x3) 04:19:55 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc04000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1921.707250][T13603] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1921.723105][ T26] audit: type=1400 audit(1564373995.489:1256): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B459AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=13606 comm="syz-executor.1" [ 1921.781655][T13603] CPU: 0 PID: 13603 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1921.790801][T13603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1921.800858][T13603] Call Trace: [ 1921.804167][T13603] dump_stack+0x172/0x1f0 [ 1921.808508][T13603] dump_header+0x177/0x1152 [ 1921.813019][T13603] ? ___ratelimit+0xf8/0x595 [ 1921.817626][T13603] ? trace_hardirqs_on+0x67/0x240 [ 1921.822661][T13603] ? mark_oom_victim.cold+0x18/0x18 [ 1921.827870][T13603] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1921.834033][T13603] ? ___ratelimit+0x60/0x595 [ 1921.838646][T13603] ? do_raw_spin_unlock+0x57/0x270 [ 1921.843792][T13603] oom_kill_process.cold+0x10/0x15 [ 1921.848917][T13603] out_of_memory+0x79a/0x12c0 [ 1921.850663][ T26] audit: type=1400 audit(1564373995.559:1257): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B45DAD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=13616 comm="syz-executor.1" [ 1921.853605][T13603] ? lock_downgrade+0x920/0x920 [ 1921.853627][T13603] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1921.853644][T13603] ? oom_killer_disable+0x280/0x280 [ 1921.853674][T13603] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1921.911212][T13603] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1921.916874][T13603] ? do_raw_spin_unlock+0x57/0x270 [ 1921.922007][T13603] ? _raw_spin_unlock+0x2d/0x50 [ 1921.926869][T13603] try_charge+0xf4b/0x1440 04:19:55 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b45dad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1921.931322][T13603] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1921.936960][T13603] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1921.942521][T13603] ? __kasan_check_read+0x11/0x20 [ 1921.947559][T13603] ? lock_downgrade+0x920/0x920 [ 1921.952422][T13603] ? percpu_ref_tryget_live+0x111/0x290 [ 1921.957982][T13603] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1921.963457][T13603] ? memcg_kmem_put_cache+0x50/0x50 [ 1921.968668][T13603] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1921.974242][T13603] __memcg_kmem_charge+0x13a/0x3a0 [ 1921.979453][T13603] __alloc_pages_nodemask+0x4f4/0x900 [ 1921.984838][T13603] ? __lockdep_free_key_range+0x120/0x120 [ 1921.990586][T13603] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1921.996323][T13603] ? __pte_alloc+0x1b5/0x310 [ 1922.000923][T13603] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1922.007166][T13603] ? copy_page_range+0x10c2/0x2120 [ 1922.012325][T13603] ? __kasan_check_read+0x11/0x20 [ 1922.017357][T13603] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1922.023614][T13603] alloc_pages_current+0x107/0x210 [ 1922.028730][T13603] pte_alloc_one+0x1b/0x1a0 [ 1922.033230][T13603] __pte_alloc+0x20/0x310 [ 1922.037578][T13603] copy_page_range+0x1610/0x2120 [ 1922.042511][T13603] ? perf_trace_lock+0xeb/0x4c0 [ 1922.047387][T13603] ? __pmd_alloc+0x460/0x460 [ 1922.052060][T13603] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1922.057607][T13603] ? __rb_insert_augmented+0x20c/0xd90 [ 1922.063059][T13603] ? validate_mm_rb+0xa3/0xc0 [ 1922.067719][T13603] ? __vma_link_rb+0x275/0x370 [ 1922.072478][T13603] ? __kasan_check_write+0x14/0x20 [ 1922.077595][T13603] dup_mm+0xa67/0x1430 [ 1922.081654][T13603] ? vm_area_dup+0x170/0x170 [ 1922.086236][T13603] ? debug_mutex_init+0x2d/0x5a [ 1922.091091][T13603] copy_process+0x28b7/0x6b00 [ 1922.095773][T13603] ? perf_trace_lock+0xeb/0x4c0 [ 1922.100623][T13603] ? __cleanup_sighand+0x60/0x60 [ 1922.105567][T13603] ? __kasan_check_read+0x11/0x20 [ 1922.110592][T13603] ? do_raw_spin_unlock+0x57/0x270 [ 1922.115806][T13603] _do_fork+0x146/0xfa0 [ 1922.119951][T13603] ? copy_init_mm+0x20/0x20 [ 1922.124451][T13603] ? __kasan_check_read+0x11/0x20 [ 1922.129465][T13603] ? _copy_to_user+0x118/0x160 [ 1922.134219][T13603] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1922.140454][T13603] ? put_timespec64+0xda/0x140 [ 1922.145222][T13603] __x64_sys_clone+0x18d/0x250 [ 1922.149972][T13603] ? __ia32_sys_vfork+0xc0/0xc0 [ 1922.154831][T13603] ? trace_hardirqs_off_caller+0x65/0x230 [ 1922.160560][T13603] ? trace_hardirqs_on+0x67/0x240 [ 1922.165584][T13603] do_syscall_64+0xfa/0x760 [ 1922.170081][T13603] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1922.175980][T13603] RIP: 0033:0x459829 [ 1922.179866][T13603] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1922.199460][T13603] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1922.207858][T13603] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1922.215847][T13603] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1922.223839][T13603] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1922.231806][T13603] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1922.239773][T13603] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1922.256683][T13603] memory: usage 307200kB, limit 307200kB, failcnt 101667 [ 1922.264458][T13603] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1922.284564][T13603] Memory cgroup stats for /syz0: [ 1922.284680][T13603] anon 82993152 [ 1922.284680][T13603] file 4096 [ 1922.284680][T13603] kernel_stack 36438016 [ 1922.284680][T13603] slab 44945408 [ 1922.284680][T13603] sock 4096 [ 1922.284680][T13603] shmem 0 [ 1922.284680][T13603] file_mapped 0 [ 1922.284680][T13603] file_dirty 0 [ 1922.284680][T13603] file_writeback 0 [ 1922.284680][T13603] anon_thp 0 [ 1922.284680][T13603] inactive_anon 0 [ 1922.284680][T13603] active_anon 82931712 [ 1922.284680][T13603] inactive_file 32768 [ 1922.284680][T13603] active_file 61440 [ 1922.284680][T13603] unevictable 0 [ 1922.284680][T13603] slab_reclaimable 5541888 [ 1922.284680][T13603] slab_unreclaimable 39403520 [ 1922.284680][T13603] pgfault 154671 [ 1922.284680][T13603] pgmajfault 0 [ 1922.284680][T13603] workingset_refault 495 [ 1922.284680][T13603] workingset_activate 396 [ 1922.284680][T13603] workingset_nodereclaim 0 [ 1922.284680][T13603] pgrefill 21862 [ 1922.284680][T13603] pgscan 22218 [ 1922.284680][T13603] pgsteal 1330 [ 1922.391228][T13603] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=31957,uid=0 [ 1922.406807][T13603] Memory cgroup out of memory: Killed process 31957 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1922.422356][ T1057] oom_reaper: reaped process 31957 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1922.448290][T13588] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1922.473444][T13588] CPU: 0 PID: 13588 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1922.482587][T13588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1922.492647][T13588] Call Trace: [ 1922.496120][T13588] dump_stack+0x172/0x1f0 [ 1922.500457][T13588] dump_header+0x177/0x1152 [ 1922.504968][T13588] ? ___ratelimit+0xf8/0x595 [ 1922.509672][T13588] ? trace_hardirqs_on+0x67/0x240 [ 1922.514748][T13588] ? mark_oom_victim.cold+0x18/0x18 [ 1922.519969][T13588] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1922.525789][T13588] ? ___ratelimit+0x60/0x595 [ 1922.530376][T13588] ? do_raw_spin_unlock+0x57/0x270 [ 1922.535474][T13588] oom_kill_process.cold+0x10/0x15 [ 1922.540570][T13588] out_of_memory+0x79a/0x12c0 [ 1922.545233][T13588] ? lock_downgrade+0x920/0x920 [ 1922.550070][T13588] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1922.556305][T13588] ? oom_killer_disable+0x280/0x280 [ 1922.561498][T13588] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1922.567058][T13588] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1922.572696][T13588] ? do_raw_spin_unlock+0x57/0x270 [ 1922.577841][T13588] ? _raw_spin_unlock+0x2d/0x50 [ 1922.582814][T13588] try_charge+0xf4b/0x1440 [ 1922.587245][T13588] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1922.592808][T13588] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1922.598427][T13588] ? __kasan_check_read+0x11/0x20 [ 1922.603549][T13588] ? lock_downgrade+0x920/0x920 [ 1922.608387][T13588] ? percpu_ref_tryget_live+0x111/0x290 [ 1922.613924][T13588] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1922.619478][T13588] ? memcg_kmem_put_cache+0x50/0x50 [ 1922.624690][T13588] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1922.630237][T13588] __memcg_kmem_charge+0x13a/0x3a0 [ 1922.635440][T13588] __alloc_pages_nodemask+0x4f4/0x900 [ 1922.640827][T13588] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1922.646636][T13588] ? vm_mmap_pgoff+0x1d4/0x230 [ 1922.651387][T13588] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1922.657100][T13588] ? do_huge_pmd_anonymous_page+0xc53/0x19d0 [ 1922.663170][T13588] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1922.669416][T13588] alloc_pages_current+0x107/0x210 [ 1922.674614][T13588] pte_alloc_one+0x1b/0x1a0 [ 1922.679104][T13588] __pte_alloc+0x20/0x310 [ 1922.683423][T13588] __handle_mm_fault+0x3414/0x3f20 [ 1922.688532][T13588] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1922.694068][T13588] ? __kasan_check_read+0x11/0x20 [ 1922.699153][T13588] ? trace_hardirqs_on+0x67/0x240 [ 1922.704171][T13588] handle_mm_fault+0x1b5/0x6b0 [ 1922.708928][T13588] __do_page_fault+0x536/0xdd0 [ 1922.713700][T13588] do_page_fault+0x38/0x590 [ 1922.718375][T13588] page_fault+0x39/0x40 [ 1922.722530][T13588] RIP: 0033:0x41116f [ 1922.726412][T13588] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1922.746028][T13588] RSP: 002b:00007ffd41fb7050 EFLAGS: 00010206 [ 1922.752088][T13588] RAX: 00007f35763d9000 RBX: 0000000000020000 RCX: 000000000045987a [ 1922.760059][T13588] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1922.768132][T13588] RBP: 00007ffd41fb7130 R08: ffffffffffffffff R09: 0000000000000000 [ 1922.776177][T13588] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd41fb7220 [ 1922.784337][T13588] R13: 00007f35763f9700 R14: 0000000000000001 R15: 000000000075bfd4 [ 1922.793295][T13588] memory: usage 307036kB, limit 307200kB, failcnt 101708 [ 1922.800391][T13588] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1922.807450][T13588] Memory cgroup stats for /syz0: [ 1922.807573][T13588] anon 82993152 [ 1922.807573][T13588] file 4096 [ 1922.807573][T13588] kernel_stack 36438016 [ 1922.807573][T13588] slab 44945408 [ 1922.807573][T13588] sock 4096 [ 1922.807573][T13588] shmem 0 [ 1922.807573][T13588] file_mapped 0 [ 1922.807573][T13588] file_dirty 0 [ 1922.807573][T13588] file_writeback 0 [ 1922.807573][T13588] anon_thp 0 [ 1922.807573][T13588] inactive_anon 0 [ 1922.807573][T13588] active_anon 82931712 [ 1922.807573][T13588] inactive_file 32768 [ 1922.807573][T13588] active_file 61440 [ 1922.807573][T13588] unevictable 0 [ 1922.807573][T13588] slab_reclaimable 5541888 [ 1922.807573][T13588] slab_unreclaimable 39403520 [ 1922.807573][T13588] pgfault 154671 [ 1922.807573][T13588] pgmajfault 0 [ 1922.807573][T13588] workingset_refault 495 [ 1922.807573][T13588] workingset_activate 396 [ 1922.807573][T13588] workingset_nodereclaim 0 [ 1922.807573][T13588] pgrefill 21862 [ 1922.807573][T13588] pgscan 22218 [ 1922.807573][T13588] pgsteal 1330 [ 1922.913709][T13588] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=31481,uid=0 [ 1922.929208][T13588] Memory cgroup out of memory: Killed process 31481 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1922.944682][ T1057] oom_reaper: reaped process 31481 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1922.953322][T13603] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1922.971003][T13603] CPU: 0 PID: 13603 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1922.980125][T13603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1922.990168][T13603] Call Trace: [ 1922.993541][T13603] dump_stack+0x172/0x1f0 [ 1922.997907][T13603] dump_header+0x177/0x1152 [ 1923.002396][T13603] ? ___ratelimit+0xf8/0x595 [ 1923.007078][T13603] ? trace_hardirqs_on+0x67/0x240 [ 1923.012174][T13603] ? mark_oom_victim.cold+0x18/0x18 [ 1923.017357][T13603] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1923.023154][T13603] ? ___ratelimit+0x60/0x595 [ 1923.027729][T13603] ? do_raw_spin_unlock+0x57/0x270 [ 1923.032823][T13603] oom_kill_process.cold+0x10/0x15 [ 1923.037935][T13603] out_of_memory+0x79a/0x12c0 [ 1923.042600][T13603] ? lock_downgrade+0x920/0x920 [ 1923.047470][T13603] ? oom_killer_disable+0x280/0x280 [ 1923.052665][T13603] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1923.058288][T13603] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1923.063899][T13603] ? do_raw_spin_unlock+0x57/0x270 [ 1923.068994][T13603] ? _raw_spin_unlock+0x2d/0x50 [ 1923.073827][T13603] try_charge+0xa2d/0x1440 [ 1923.078260][T13603] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1923.083835][T13603] ? percpu_ref_tryget_live+0x111/0x290 [ 1923.089393][T13603] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1923.094835][T13603] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1923.100366][T13603] mem_cgroup_try_charge+0x136/0x590 [ 1923.105636][T13603] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1923.111267][T13603] wp_page_copy+0x421/0x15e0 [ 1923.115860][T13603] ? page_trans_huge_mapcount+0x166/0x450 [ 1923.121570][T13603] ? pmd_pfn+0x1d0/0x1d0 [ 1923.125804][T13603] ? lock_downgrade+0x920/0x920 [ 1923.130641][T13603] ? swp_swapcount+0x540/0x540 [ 1923.135403][T13603] ? __kasan_check_read+0x11/0x20 [ 1923.140417][T13603] ? do_raw_spin_unlock+0x57/0x270 [ 1923.145512][T13603] do_wp_page+0x499/0x14d0 [ 1923.149915][T13603] ? finish_mkwrite_fault+0x570/0x570 [ 1923.155285][T13603] __handle_mm_fault+0x22f7/0x3f20 [ 1923.160387][T13603] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1923.165940][T13603] ? __kasan_check_read+0x11/0x20 [ 1923.170963][T13603] ? trace_hardirqs_on+0x67/0x240 [ 1923.175977][T13603] handle_mm_fault+0x1b5/0x6b0 [ 1923.180730][T13603] __do_page_fault+0x536/0xdd0 [ 1923.185480][T13603] do_page_fault+0x38/0x590 [ 1923.189962][T13603] page_fault+0x39/0x40 [ 1923.194097][T13603] RIP: 0033:0x404f08 [ 1923.197988][T13603] Code: 85 02 00 00 80 3d 8f b5 66 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 7c b5 66 00 39 45 24 0f 84 e7 01 00 00 44 8b a5 80 00 00 00 b3 d5 ff ff 48 2b 05 fc 30 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 1923.217582][T13603] RSP: 002b:00007f3576419c90 EFLAGS: 00010246 [ 1923.223652][T13603] RAX: 00007f357841b000 RBX: 0000000000001e6f RCX: 0000000000459829 [ 1923.231620][T13603] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 [ 1923.239602][T13603] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1923.247566][T13603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1923.255696][T13603] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1923.263830][T13603] memory: usage 306928kB, limit 307200kB, failcnt 101708 [ 1923.270886][T13603] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1923.277747][T13603] Memory cgroup stats for /syz0: [ 1923.277861][T13603] anon 82993152 [ 1923.277861][T13603] file 4096 [ 1923.277861][T13603] kernel_stack 36438016 [ 1923.277861][T13603] slab 44945408 [ 1923.277861][T13603] sock 4096 [ 1923.277861][T13603] shmem 0 [ 1923.277861][T13603] file_mapped 0 [ 1923.277861][T13603] file_dirty 0 [ 1923.277861][T13603] file_writeback 0 [ 1923.277861][T13603] anon_thp 0 [ 1923.277861][T13603] inactive_anon 0 [ 1923.277861][T13603] active_anon 82931712 [ 1923.277861][T13603] inactive_file 32768 [ 1923.277861][T13603] active_file 61440 [ 1923.277861][T13603] unevictable 0 [ 1923.277861][T13603] slab_reclaimable 5541888 [ 1923.277861][T13603] slab_unreclaimable 39403520 [ 1923.277861][T13603] pgfault 154671 [ 1923.277861][T13603] pgmajfault 0 [ 1923.277861][T13603] workingset_refault 495 [ 1923.277861][T13603] workingset_activate 396 [ 1923.277861][T13603] workingset_nodereclaim 0 [ 1923.277861][T13603] pgrefill 21862 [ 1923.277861][T13603] pgscan 22218 [ 1923.277861][T13603] pgsteal 1330 [ 1923.371678][T13603] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=31232,uid=0 [ 1923.387212][T13603] Memory cgroup out of memory: Killed process 31232 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1923.402718][ T1057] oom_reaper: reaped process 31232 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1923.410826][T13729] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1923.419182][T13603] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1923.441234][T13729] CPU: 1 PID: 13729 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 04:19:57 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x600000000000000, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:19:57 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad258a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:57 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x4) 04:19:57 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540d, 0x0) 04:19:57 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc05000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:19:57 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x0, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1923.450376][T13729] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1923.460432][T13729] Call Trace: [ 1923.463777][T13729] dump_stack+0x172/0x1f0 [ 1923.468133][T13729] dump_header+0x177/0x1152 [ 1923.472650][T13729] ? ___ratelimit+0xf8/0x595 [ 1923.477244][T13729] ? trace_hardirqs_on+0x67/0x240 [ 1923.482280][T13729] ? mark_oom_victim.cold+0x18/0x18 [ 1923.487484][T13729] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1923.493303][T13729] ? ___ratelimit+0x60/0x595 [ 1923.497911][T13729] ? do_raw_spin_unlock+0x57/0x270 04:19:57 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a59cb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1923.503035][T13729] oom_kill_process.cold+0x10/0x15 [ 1923.508163][T13729] out_of_memory+0x79a/0x12c0 [ 1923.512852][T13729] ? lock_downgrade+0x920/0x920 [ 1923.517720][T13729] ? oom_killer_disable+0x280/0x280 [ 1923.522931][T13729] ? __kasan_check_read+0x11/0x20 [ 1923.524524][ T26] audit: type=1400 audit(1564373997.269:1258): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD258A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=13736 comm="syz-executor.1" [ 1923.527979][T13729] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1923.527997][T13729] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1923.528016][T13729] ? do_raw_spin_unlock+0x57/0x270 [ 1923.528039][T13729] ? _raw_spin_unlock+0x2d/0x50 [ 1923.582473][T13729] try_charge+0xa2d/0x1440 [ 1923.586907][T13729] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1923.592467][T13729] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1923.598018][T13729] ? __kasan_check_read+0x11/0x20 04:19:57 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb597375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1923.603059][T13729] ? lock_downgrade+0x920/0x920 [ 1923.607943][T13729] ? percpu_ref_tryget_live+0x111/0x290 [ 1923.609911][ T26] audit: type=1400 audit(1564373997.369:1259): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A59CB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=13742 comm="syz-executor.1" [ 1923.613508][T13729] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1923.613523][T13729] ? memcg_kmem_put_cache+0x50/0x50 [ 1923.613540][T13729] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1923.613555][T13729] __memcg_kmem_charge+0x13a/0x3a0 [ 1923.613576][T13729] __alloc_pages_nodemask+0x4f4/0x900 [ 1923.673828][T13729] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1923.679574][T13729] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1923.685828][T13729] ? debug_smp_processor_id+0x3c/0x214 [ 1923.691294][T13729] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1923.697550][T13729] alloc_pages_current+0x107/0x210 [ 1923.702672][T13729] pte_alloc_one+0x1b/0x1a0 [ 1923.707184][T13729] __handle_mm_fault+0x34dd/0x3f20 [ 1923.712309][T13729] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1923.717865][T13729] ? __kasan_check_read+0x11/0x20 [ 1923.719928][ T26] audit: type=1400 audit(1564373997.469:1260): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB597375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=13787 comm="syz-executor.1" [ 1923.722915][T13729] ? trace_hardirqs_on+0x67/0x240 [ 1923.722939][T13729] handle_mm_fault+0x1b5/0x6b0 [ 1923.722966][T13729] __do_page_fault+0x536/0xdd0 [ 1923.770827][T13729] ? page_fault+0x16/0x40 [ 1923.775177][T13729] do_page_fault+0x38/0x590 [ 1923.779697][T13729] page_fault+0x39/0x40 [ 1923.783858][T13729] RIP: 0033:0x459829 [ 1923.787759][T13729] Code: Bad RIP value. [ 1923.791828][T13729] RSP: 002b:00007f3576419c78 EFLAGS: 00010246 04:19:57 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb122275b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:57 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127322b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:57 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x5) [ 1923.797900][T13729] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000459829 [ 1923.803915][ T26] audit: type=1400 audit(1564373997.559:1261): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB122275B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=13856 comm="syz-executor.1" [ 1923.805877][T13729] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1923.805886][T13729] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1923.805893][T13729] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1923.805901][T13729] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1923.834262][T13729] memory: usage 306628kB, limit 307200kB, failcnt 101709 04:19:57 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540e, 0x0) [ 1923.903507][T13729] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1923.939025][T13729] Memory cgroup stats for /syz0: [ 1923.940275][T13729] anon 82853888 [ 1923.940275][T13729] file 4096 [ 1923.940275][T13729] kernel_stack 36372480 [ 1923.940275][T13729] slab 44945408 [ 1923.940275][T13729] sock 4096 [ 1923.940275][T13729] shmem 0 [ 1923.940275][T13729] file_mapped 0 [ 1923.940275][T13729] file_dirty 0 [ 1923.940275][T13729] file_writeback 0 [ 1923.940275][T13729] anon_thp 0 [ 1923.940275][T13729] inactive_anon 0 [ 1923.940275][T13729] active_anon 82796544 [ 1923.940275][T13729] inactive_file 32768 [ 1923.940275][T13729] active_file 61440 [ 1923.940275][T13729] unevictable 0 [ 1923.940275][T13729] slab_reclaimable 5541888 [ 1923.940275][T13729] slab_unreclaimable 39403520 [ 1923.940275][T13729] pgfault 154737 [ 1923.940275][T13729] pgmajfault 0 [ 1923.940275][T13729] workingset_refault 495 [ 1923.940275][T13729] workingset_activate 396 [ 1923.940275][T13729] workingset_nodereclaim 0 [ 1923.940275][T13729] pgrefill 21862 [ 1923.940275][T13729] pgscan 22218 [ 1923.940275][T13729] pgsteal 1330 [ 1924.042096][ T26] audit: type=1400 audit(1564373997.819:1262): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127322B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=13861 comm="syz-executor.1" [ 1924.173125][T13729] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=31178,uid=0 [ 1924.223925][T13729] Memory cgroup out of memory: Killed process 31178 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1924.264349][T13872] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1924.309909][T13872] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1924.331635][T13872] CPU: 1 PID: 13872 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1924.340790][T13872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1924.350852][T13872] Call Trace: [ 1924.354155][T13872] dump_stack+0x172/0x1f0 [ 1924.358501][T13872] dump_header+0x177/0x1152 [ 1924.363008][T13872] ? ___ratelimit+0xf8/0x595 [ 1924.364837][T13988] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1924.367602][T13872] ? trace_hardirqs_on+0x67/0x240 [ 1924.367619][T13872] ? mark_oom_victim.cold+0x18/0x18 [ 1924.367644][T13872] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1924.392145][T13872] ? ___ratelimit+0x60/0x595 [ 1924.396723][T13872] ? do_raw_spin_unlock+0x57/0x270 [ 1924.401830][T13872] oom_kill_process.cold+0x10/0x15 [ 1924.406932][T13872] out_of_memory+0x79a/0x12c0 [ 1924.411596][T13872] ? lock_downgrade+0x920/0x920 [ 1924.416571][T13872] ? oom_killer_disable+0x280/0x280 [ 1924.421786][T13872] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1924.427382][T13872] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1924.433011][T13872] ? do_raw_spin_unlock+0x57/0x270 [ 1924.438161][T13872] ? _raw_spin_unlock+0x2d/0x50 [ 1924.443005][T13872] try_charge+0xf4b/0x1440 [ 1924.447415][T13872] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1924.453031][T13872] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1924.458562][T13872] ? __kasan_check_read+0x11/0x20 [ 1924.463571][T13872] ? lock_downgrade+0x920/0x920 [ 1924.468415][T13872] ? percpu_ref_tryget_live+0x111/0x290 [ 1924.473959][T13872] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1924.479399][T13872] ? memcg_kmem_put_cache+0x50/0x50 [ 1924.484578][T13872] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1924.490107][T13872] __memcg_kmem_charge+0x13a/0x3a0 [ 1924.495230][T13872] __alloc_pages_nodemask+0x4f4/0x900 [ 1924.500591][T13872] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1924.506296][T13872] ? debug_smp_processor_id+0x3c/0x214 [ 1924.511774][T13872] ? percpu_ref_put_many+0x94/0x190 [ 1924.517001][T13872] ? __kasan_check_read+0x11/0x20 [ 1924.522048][T13872] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1924.528286][T13872] alloc_pages_current+0x107/0x210 [ 1924.533395][T13872] __get_free_pages+0xc/0x40 [ 1924.537972][T13872] pgd_alloc+0x8b/0x3f0 [ 1924.542128][T13872] ? pgd_page_get_mm+0x40/0x40 [ 1924.546877][T13872] ? lockdep_init_map+0x1be/0x6d0 [ 1924.551887][T13872] ? lockdep_init_map+0x1be/0x6d0 [ 1924.556907][T13872] mm_init+0x590/0x9b0 [ 1924.560985][T13872] dup_mm+0xde/0x1430 [ 1924.564962][T13872] ? copy_process+0x23a1/0x6b00 [ 1924.569797][T13872] ? __kasan_check_read+0x11/0x20 [ 1924.575020][T13872] ? lock_downgrade+0x920/0x920 [ 1924.579869][T13872] ? vm_area_dup+0x170/0x170 [ 1924.584470][T13872] ? debug_mutex_init+0x2d/0x5a [ 1924.589321][T13872] copy_process+0x28b7/0x6b00 [ 1924.593995][T13872] ? perf_trace_lock+0xeb/0x4c0 [ 1924.598849][T13872] ? __cleanup_sighand+0x60/0x60 [ 1924.603829][T13872] _do_fork+0x146/0xfa0 [ 1924.607968][T13872] ? copy_init_mm+0x20/0x20 [ 1924.612456][T13872] ? __kasan_check_read+0x11/0x20 [ 1924.617467][T13872] ? _copy_to_user+0x118/0x160 [ 1924.622218][T13872] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1924.628450][T13872] ? put_timespec64+0xda/0x140 [ 1924.633209][T13872] __x64_sys_clone+0x18d/0x250 [ 1924.637965][T13872] ? __ia32_sys_vfork+0xc0/0xc0 [ 1924.642812][T13872] ? trace_hardirqs_off_caller+0x65/0x230 [ 1924.648515][T13872] ? trace_hardirqs_on+0x67/0x240 [ 1924.653526][T13872] do_syscall_64+0xfa/0x760 [ 1924.658053][T13872] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1924.663938][T13872] RIP: 0033:0x459829 [ 1924.667844][T13872] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1924.687455][T13872] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1924.695857][T13872] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1924.703842][T13872] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1924.711801][T13872] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1924.719755][T13872] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1924.727716][T13872] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1924.737902][T13872] memory: usage 307064kB, limit 307200kB, failcnt 101763 [ 1924.745007][T13872] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1924.751848][T13872] Memory cgroup stats for /syz0: [ 1924.751918][T13872] anon 82989056 [ 1924.751918][T13872] file 4096 [ 1924.751918][T13872] kernel_stack 36438016 [ 1924.751918][T13872] slab 44945408 [ 1924.751918][T13872] sock 4096 [ 1924.751918][T13872] shmem 0 [ 1924.751918][T13872] file_mapped 0 [ 1924.751918][T13872] file_dirty 0 [ 1924.751918][T13872] file_writeback 0 [ 1924.751918][T13872] anon_thp 0 [ 1924.751918][T13872] inactive_anon 0 [ 1924.751918][T13872] active_anon 82796544 [ 1924.751918][T13872] inactive_file 32768 [ 1924.751918][T13872] active_file 61440 [ 1924.751918][T13872] unevictable 0 [ 1924.751918][T13872] slab_reclaimable 5541888 [ 1924.751918][T13872] slab_unreclaimable 39403520 [ 1924.751918][T13872] pgfault 154803 [ 1924.751918][T13872] pgmajfault 0 [ 1924.751918][T13872] workingset_refault 495 [ 1924.751918][T13872] workingset_activate 396 [ 1924.751918][T13872] workingset_nodereclaim 0 [ 1924.751918][T13872] pgrefill 22027 [ 1924.751918][T13872] pgscan 22416 [ 1924.751918][T13872] pgsteal 1330 [ 1924.845942][T13872] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=13732,uid=0 04:19:58 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x800000000000000, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:19:58 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc06000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:19:58 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127323b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:19:58 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x540f, 0x0) 04:19:58 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x6) 04:19:58 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x0, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1924.861482][T13872] Memory cgroup out of memory: Killed process 13732 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1924.879905][ T1057] oom_reaper: reaped process 13732 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:19:58 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127325b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1924.931518][ T26] audit: type=1400 audit(1564373998.709:1263): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127323B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=13990 comm="syz-executor.1" 04:19:58 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc08000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:19:58 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5410, 0x0) 04:19:58 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc09000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:19:58 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x7) [ 1925.107834][ T26] audit: type=1400 audit(1564373998.879:1264): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127325B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=14050 comm="syz-executor.1" 04:19:58 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb12732ab2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1925.336942][T14088] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1925.373397][T14088] CPU: 0 PID: 14088 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1925.382549][T14088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1925.392793][T14088] Call Trace: [ 1925.396097][T14088] dump_stack+0x172/0x1f0 [ 1925.400444][T14088] dump_header+0x177/0x1152 [ 1925.405046][T14088] ? ___ratelimit+0xf8/0x595 [ 1925.409640][T14088] ? trace_hardirqs_on+0x67/0x240 [ 1925.414778][T14088] ? mark_oom_victim.cold+0x18/0x18 [ 1925.420060][T14088] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1925.425855][T14088] ? ___ratelimit+0x60/0x595 [ 1925.430605][T14088] ? do_raw_spin_unlock+0x57/0x270 [ 1925.435820][T14088] oom_kill_process.cold+0x10/0x15 [ 1925.440938][T14088] out_of_memory+0x79a/0x12c0 [ 1925.445617][T14088] ? lock_downgrade+0x920/0x920 [ 1925.450524][T14088] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1925.456752][T14088] ? oom_killer_disable+0x280/0x280 [ 1925.462312][T14088] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1925.467863][T14088] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1925.473510][T14088] ? do_raw_spin_unlock+0x57/0x270 [ 1925.478621][T14088] ? _raw_spin_unlock+0x2d/0x50 [ 1925.483454][T14088] try_charge+0xf4b/0x1440 [ 1925.487858][T14088] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1925.493405][T14088] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1925.498933][T14088] ? __kasan_check_read+0x11/0x20 [ 1925.503945][T14088] ? lock_downgrade+0x920/0x920 [ 1925.508776][T14088] ? percpu_ref_tryget_live+0x111/0x290 [ 1925.514327][T14088] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1925.519856][T14088] ? memcg_kmem_put_cache+0x50/0x50 [ 1925.525125][T14088] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1925.530660][T14088] __memcg_kmem_charge+0x13a/0x3a0 [ 1925.535757][T14088] __alloc_pages_nodemask+0x4f4/0x900 [ 1925.541121][T14088] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1925.546828][T14088] ? __pmd_alloc+0x377/0x460 [ 1925.551436][T14088] ? __kasan_check_read+0x11/0x20 [ 1925.556461][T14088] ? lock_downgrade+0x920/0x920 [ 1925.561306][T14088] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1925.567538][T14088] alloc_pages_current+0x107/0x210 [ 1925.572662][T14088] pte_alloc_one+0x1b/0x1a0 [ 1925.577167][T14088] __pte_alloc+0x20/0x310 [ 1925.581486][T14088] copy_page_range+0x1610/0x2120 [ 1925.586425][T14088] ? percpu_ref_put_many+0x94/0x190 [ 1925.591632][T14088] ? lock_downgrade+0x920/0x920 [ 1925.596489][T14088] ? __pmd_alloc+0x460/0x460 [ 1925.601069][T14088] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1925.606774][T14088] ? validate_mm_rb+0xa3/0xc0 [ 1925.611452][T14088] ? __vma_link_rb+0x275/0x370 [ 1925.616202][T14088] dup_mm+0xa67/0x1430 [ 1925.620260][T14088] ? vm_area_dup+0x170/0x170 [ 1925.624866][T14088] ? debug_mutex_init+0x2d/0x5a [ 1925.629705][T14088] copy_process+0x28b7/0x6b00 [ 1925.634409][T14088] ? perf_trace_lock+0xeb/0x4c0 [ 1925.639364][T14088] ? __cleanup_sighand+0x60/0x60 [ 1925.644297][T14088] _do_fork+0x146/0xfa0 [ 1925.648439][T14088] ? copy_init_mm+0x20/0x20 [ 1925.653746][T14088] ? __kasan_check_read+0x11/0x20 [ 1925.659218][T14088] ? _copy_to_user+0x118/0x160 [ 1925.663989][T14088] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1925.670217][T14088] ? put_timespec64+0xda/0x140 [ 1925.674987][T14088] __x64_sys_clone+0x18d/0x250 [ 1925.679752][T14088] ? __ia32_sys_vfork+0xc0/0xc0 [ 1925.684626][T14088] ? trace_hardirqs_off_caller+0x65/0x230 [ 1925.690343][T14088] ? trace_hardirqs_on+0x67/0x240 [ 1925.695353][T14088] do_syscall_64+0xfa/0x760 [ 1925.699845][T14088] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1925.705739][T14088] RIP: 0033:0x459829 [ 1925.714325][T14088] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1925.733992][T14088] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1925.742405][T14088] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1925.750380][T14088] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1925.750388][T14088] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1925.750396][T14088] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1925.750403][T14088] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1925.753414][T14088] memory: usage 307200kB, limit 307200kB, failcnt 101790 [ 1925.790569][T14088] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1925.798279][T14088] Memory cgroup stats for /syz0: [ 1925.798562][T14088] anon 82845696 [ 1925.798562][T14088] file 4096 [ 1925.798562][T14088] kernel_stack 36438016 [ 1925.798562][T14088] slab 44945408 [ 1925.798562][T14088] sock 4096 [ 1925.798562][T14088] shmem 0 [ 1925.798562][T14088] file_mapped 0 [ 1925.798562][T14088] file_dirty 0 [ 1925.798562][T14088] file_writeback 0 [ 1925.798562][T14088] anon_thp 0 [ 1925.798562][T14088] inactive_anon 0 [ 1925.798562][T14088] active_anon 82931712 [ 1925.798562][T14088] inactive_file 32768 [ 1925.798562][T14088] active_file 61440 [ 1925.798562][T14088] unevictable 0 [ 1925.798562][T14088] slab_reclaimable 5541888 [ 1925.798562][T14088] slab_unreclaimable 39403520 [ 1925.798562][T14088] pgfault 154869 [ 1925.798562][T14088] pgmajfault 0 [ 1925.798562][T14088] workingset_refault 495 [ 1925.798562][T14088] workingset_activate 396 [ 1925.798562][T14088] workingset_nodereclaim 0 [ 1925.798562][T14088] pgrefill 22093 [ 1925.798562][T14088] pgscan 22483 [ 1925.798562][T14088] pgsteal 1330 [ 1925.907939][T14088] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=30324,uid=0 [ 1925.928390][T14088] Memory cgroup out of memory: Killed process 30324 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1925.943733][ T1057] oom_reaper: reaped process 30324 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1925.972081][T14026] syz-executor.0 invoked oom-killer: gfp_mask=0x40cc0(GFP_KERNEL|__GFP_COMP), order=1, oom_score_adj=1000 [ 1925.983621][T14026] CPU: 0 PID: 14026 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1925.992739][T14026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1926.002793][T14026] Call Trace: [ 1926.006276][T14026] dump_stack+0x172/0x1f0 [ 1926.010601][T14026] dump_header+0x177/0x1152 [ 1926.015100][T14026] ? ___ratelimit+0xf8/0x595 [ 1926.019676][T14026] ? trace_hardirqs_on+0x67/0x240 [ 1926.024690][T14026] ? mark_oom_victim.cold+0x18/0x18 [ 1926.029878][T14026] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1926.035851][T14026] ? ___ratelimit+0x60/0x595 [ 1926.040601][T14026] ? do_raw_spin_unlock+0x57/0x270 [ 1926.045696][T14026] oom_kill_process.cold+0x10/0x15 [ 1926.050798][T14026] out_of_memory+0x79a/0x12c0 [ 1926.055468][T14026] ? lock_downgrade+0x920/0x920 [ 1926.060321][T14026] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1926.066657][T14026] ? oom_killer_disable+0x280/0x280 [ 1926.071867][T14026] ? __kasan_check_read+0x11/0x20 [ 1926.076893][T14026] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1926.082429][T14026] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1926.088051][T14026] ? do_raw_spin_unlock+0x57/0x270 [ 1926.093150][T14026] ? _raw_spin_unlock+0x2d/0x50 [ 1926.098102][T14026] try_charge+0xf4b/0x1440 [ 1926.102509][T14026] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1926.108048][T14026] ? cache_grow_begin+0x122/0xd20 [ 1926.113063][T14026] ? __kasan_check_read+0x11/0x20 [ 1926.118251][T14026] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1926.123726][T14026] ? memcg_kmem_put_cache+0x50/0x50 [ 1926.129919][T14026] ? cache_grow_begin+0x709/0xd20 [ 1926.134966][T14026] cache_grow_begin+0x627/0xd20 [ 1926.139809][T14026] ? __sanitizer_cov_trace_cmp8+0x11/0x20 [ 1926.145544][T14026] ? mempolicy_slab_node+0x139/0x390 [ 1926.150831][T14026] fallback_alloc+0x1fd/0x2d0 [ 1926.155523][T14026] ____cache_alloc_node+0x1bc/0x1d0 [ 1926.160742][T14026] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1926.168983][T14026] kmem_cache_alloc_node+0xe3/0x740 [ 1926.174175][T14026] ? trace_hardirqs_on+0x67/0x240 [ 1926.179467][T14026] copy_process+0x46d1/0x6b00 [ 1926.184128][T14026] ? __kasan_check_read+0x11/0x20 [ 1926.189147][T14026] ? record_times+0x1e/0x2b0 [ 1926.193766][T14026] ? lock_downgrade+0x920/0x920 [ 1926.198620][T14026] ? __cleanup_sighand+0x60/0x60 [ 1926.203550][T14026] ? perf_trace_lock+0xeb/0x4c0 [ 1926.208492][T14026] ? __lockdep_free_key_range+0x120/0x120 [ 1926.214232][T14026] ? set_task_reclaim_state+0x56/0xb0 [ 1926.219683][T14026] _do_fork+0x146/0xfa0 [ 1926.223836][T14026] ? copy_init_mm+0x20/0x20 [ 1926.228332][T14026] ? lock_downgrade+0x920/0x920 [ 1926.233185][T14026] ? percpu_ref_tryget_live+0x290/0x290 [ 1926.238755][T14026] ? cgroup_file_notify+0x140/0x1b0 [ 1926.243942][T14026] ? blkcg_maybe_throttle_current+0x5fe/0x1030 [ 1926.250093][T14026] __x64_sys_clone+0x18d/0x250 [ 1926.254885][T14026] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1926.261116][T14026] ? __ia32_sys_vfork+0xc0/0xc0 [ 1926.265956][T14026] ? trace_hardirqs_off_caller+0x65/0x230 [ 1926.271656][T14026] ? trace_hardirqs_on+0x67/0x240 [ 1926.276694][T14026] do_syscall_64+0xfa/0x760 [ 1926.281206][T14026] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1926.287096][T14026] RIP: 0033:0x45c1f9 [ 1926.290980][T14026] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1926.310656][T14026] RSP: 002b:00007ffd41fb7008 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1926.319049][T14026] RAX: ffffffffffffffda RBX: 00007f35763d8700 RCX: 000000000045c1f9 [ 1926.326999][T14026] RDX: 00007f35763d89d0 RSI: 00007f35763d7db0 RDI: 00000000003d0f00 [ 1926.335097][T14026] RBP: 00007ffd41fb7220 R08: 00007f35763d8700 R09: 00007f35763d8700 [ 1926.343077][T14026] R10: 00007f35763d89d0 R11: 0000000000000202 R12: 0000000000000000 [ 1926.351045][T14026] R13: 00007ffd41fb70bf R14: 00007f35763d89c0 R15: 000000000075c07c [ 1926.359193][T14026] memory: usage 307036kB, limit 307200kB, failcnt 101827 [ 1926.366279][T14026] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1926.373124][T14026] Memory cgroup stats for /syz0: [ 1926.373202][T14026] anon 82845696 [ 1926.373202][T14026] file 4096 [ 1926.373202][T14026] kernel_stack 36438016 [ 1926.373202][T14026] slab 44945408 [ 1926.373202][T14026] sock 4096 [ 1926.373202][T14026] shmem 0 [ 1926.373202][T14026] file_mapped 0 [ 1926.373202][T14026] file_dirty 0 [ 1926.373202][T14026] file_writeback 0 [ 1926.373202][T14026] anon_thp 0 [ 1926.373202][T14026] inactive_anon 0 [ 1926.373202][T14026] active_anon 82796544 [ 1926.373202][T14026] inactive_file 32768 [ 1926.373202][T14026] active_file 61440 [ 1926.373202][T14026] unevictable 0 [ 1926.373202][T14026] slab_reclaimable 5541888 [ 1926.373202][T14026] slab_unreclaimable 39403520 [ 1926.373202][T14026] pgfault 154869 [ 1926.373202][T14026] pgmajfault 0 [ 1926.373202][T14026] workingset_refault 495 [ 1926.373202][T14026] workingset_activate 396 [ 1926.373202][T14026] workingset_nodereclaim 0 [ 1926.373202][T14026] pgrefill 22093 [ 1926.373202][T14026] pgscan 22483 [ 1926.373202][T14026] pgsteal 1330 [ 1926.466779][T14026] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14026,uid=0 04:20:00 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x1100000000000000, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:00 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc0a000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:00 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5412, 0x0) 04:20:00 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb12732bb2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:00 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x0, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:20:00 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x8) [ 1926.482303][T14026] Memory cgroup out of memory: Killed process 14026 (syz-executor.0) total-vm:72840kB, anon-rss:172kB, file-rss:35784kB, shmem-rss:0kB, UID:0 [ 1926.497876][ T1057] oom_reaper: reaped process 14026 (syz-executor.0), now anon-rss:0kB, file-rss:34824kB, shmem-rss:0kB [ 1926.501481][T14245] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1926.521112][T14245] CPU: 0 PID: 14245 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1926.530256][T14245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1926.540319][T14245] Call Trace: [ 1926.543617][T14245] dump_stack+0x172/0x1f0 [ 1926.547967][T14245] dump_header+0x177/0x1152 [ 1926.552478][T14245] ? ___ratelimit+0xf8/0x595 [ 1926.557078][T14245] ? trace_hardirqs_on+0x67/0x240 [ 1926.562115][T14245] ? mark_oom_victim.cold+0x18/0x18 [ 1926.567331][T14245] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1926.573157][T14245] ? ___ratelimit+0x60/0x595 [ 1926.577757][T14245] ? do_raw_spin_unlock+0x57/0x270 [ 1926.582918][T14245] oom_kill_process.cold+0x10/0x15 [ 1926.588054][T14245] out_of_memory+0x79a/0x12c0 [ 1926.592920][T14245] ? lock_downgrade+0x920/0x920 [ 1926.597794][T14245] ? oom_killer_disable+0x280/0x280 [ 1926.603006][T14245] ? __kasan_check_read+0x11/0x20 [ 1926.608057][T14245] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1926.613619][T14245] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1926.619264][T14245] ? do_raw_spin_unlock+0x57/0x270 [ 1926.624388][T14245] ? _raw_spin_unlock+0x2d/0x50 [ 1926.629271][T14245] try_charge+0xa2d/0x1440 [ 1926.633915][T14245] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 04:20:00 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc0b000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1926.639473][T14245] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1926.645027][T14245] ? __kasan_check_read+0x11/0x20 [ 1926.650064][T14245] ? lock_downgrade+0x920/0x920 [ 1926.654918][T14245] ? percpu_ref_tryget_live+0x111/0x290 [ 1926.660508][T14245] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1926.665978][T14245] ? memcg_kmem_put_cache+0x50/0x50 [ 1926.671197][T14245] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1926.676767][T14245] __memcg_kmem_charge+0x13a/0x3a0 [ 1926.681892][T14245] __alloc_pages_nodemask+0x4f4/0x900 [ 1926.687279][T14245] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1926.693019][T14245] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1926.699270][T14245] ? debug_smp_processor_id+0x3c/0x214 [ 1926.699290][T14245] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1926.699307][T14245] alloc_pages_current+0x107/0x210 [ 1926.699324][T14245] pte_alloc_one+0x1b/0x1a0 [ 1926.699347][T14245] __handle_mm_fault+0x34dd/0x3f20 [ 1926.726029][T14245] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1926.731583][T14245] ? __kasan_check_read+0x11/0x20 [ 1926.736634][T14245] ? trace_hardirqs_on+0x67/0x240 04:20:00 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5413, 0x0) [ 1926.741687][T14245] handle_mm_fault+0x1b5/0x6b0 [ 1926.746470][T14245] __do_page_fault+0x536/0xdd0 [ 1926.751243][T14245] ? page_fault+0x16/0x40 [ 1926.755588][T14245] do_page_fault+0x38/0x590 [ 1926.760100][T14245] page_fault+0x39/0x40 [ 1926.764259][T14245] RIP: 0033:0x459829 [ 1926.768170][T14245] Code: Bad RIP value. [ 1926.772236][T14245] RSP: 002b:00007f3576419c78 EFLAGS: 00010246 [ 1926.778303][T14245] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000459829 04:20:00 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc0c000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1926.786270][T14245] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1926.794255][T14245] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1926.802238][T14245] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1926.810211][T14245] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff 04:20:00 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc0e000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:00 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb12732db2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1926.849444][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 1926.849465][ T26] audit: type=1400 audit(1564374000.629:1266): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB12732BB2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=14261 comm="syz-executor.1" 04:20:00 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc0f000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1926.990880][T14245] memory: usage 307196kB, limit 307200kB, failcnt 101866 [ 1927.036859][ T26] audit: type=1400 audit(1564374000.819:1267): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB12732DB2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=14280 comm="syz-executor.1" [ 1927.058567][T14245] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1927.084360][T14245] Memory cgroup stats for /syz0: [ 1927.086260][T14245] anon 82845696 [ 1927.086260][T14245] file 4096 [ 1927.086260][T14245] kernel_stack 36372480 [ 1927.086260][T14245] slab 44945408 [ 1927.086260][T14245] sock 4096 [ 1927.086260][T14245] shmem 0 [ 1927.086260][T14245] file_mapped 0 [ 1927.086260][T14245] file_dirty 0 [ 1927.086260][T14245] file_writeback 0 [ 1927.086260][T14245] anon_thp 0 [ 1927.086260][T14245] inactive_anon 0 [ 1927.086260][T14245] active_anon 82796544 [ 1927.086260][T14245] inactive_file 32768 [ 1927.086260][T14245] active_file 61440 [ 1927.086260][T14245] unevictable 0 [ 1927.086260][T14245] slab_reclaimable 5541888 [ 1927.086260][T14245] slab_unreclaimable 39403520 [ 1927.086260][T14245] pgfault 154935 [ 1927.086260][T14245] pgmajfault 0 [ 1927.086260][T14245] workingset_refault 495 [ 1927.086260][T14245] workingset_activate 396 [ 1927.086260][T14245] workingset_nodereclaim 0 [ 1927.086260][T14245] pgrefill 22225 [ 1927.086260][T14245] pgscan 22615 [ 1927.086260][T14245] pgsteal 1330 [ 1927.194990][T14245] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14245,uid=0 [ 1927.212045][T14245] Memory cgroup out of memory: Killed process 14245 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1927.227980][ T1057] oom_reaper: reaped process 14245 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1927.259992][T14251] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1927.300277][T14251] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1927.312598][T14251] CPU: 1 PID: 14251 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1927.321727][T14251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1927.331927][T14251] Call Trace: [ 1927.335246][T14251] dump_stack+0x172/0x1f0 [ 1927.339590][T14251] dump_header+0x177/0x1152 [ 1927.344144][T14251] ? ___ratelimit+0xf8/0x595 [ 1927.348744][T14251] ? trace_hardirqs_on+0x67/0x240 [ 1927.353790][T14251] ? mark_oom_victim.cold+0x18/0x18 [ 1927.359002][T14251] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1927.364823][T14251] ? ___ratelimit+0x60/0x595 [ 1927.369426][T14251] ? do_raw_spin_unlock+0x57/0x270 [ 1927.374547][T14251] oom_kill_process.cold+0x10/0x15 [ 1927.379682][T14251] out_of_memory+0x79a/0x12c0 [ 1927.384575][T14251] ? lock_downgrade+0x920/0x920 [ 1927.389442][T14251] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1927.395693][T14251] ? oom_killer_disable+0x280/0x280 [ 1927.400942][T14251] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1927.406616][T14251] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1927.412253][T14251] ? do_raw_spin_unlock+0x57/0x270 [ 1927.417452][T14251] ? _raw_spin_unlock+0x2d/0x50 [ 1927.422440][T14251] try_charge+0xf4b/0x1440 [ 1927.426888][T14251] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1927.432451][T14251] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1927.438019][T14251] ? __kasan_check_read+0x11/0x20 [ 1927.443051][T14251] ? lock_downgrade+0x920/0x920 [ 1927.447914][T14251] ? percpu_ref_tryget_live+0x111/0x290 [ 1927.453458][T14251] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1927.458936][T14251] ? memcg_kmem_put_cache+0x50/0x50 [ 1927.464150][T14251] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1927.469687][T14251] __memcg_kmem_charge+0x13a/0x3a0 [ 1927.475611][T14251] __alloc_pages_nodemask+0x4f4/0x900 [ 1927.481003][T14251] ? save_stack+0x5c/0x90 [ 1927.485323][T14251] ? save_stack+0x23/0x90 [ 1927.489661][T14251] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1927.495758][T14251] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1927.501573][T14251] ? kasan_slab_alloc+0xf/0x20 [ 1927.506420][T14251] ? kmem_cache_alloc+0x121/0x710 [ 1927.511550][T14251] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1927.518406][T14251] ? debug_smp_processor_id+0x3c/0x214 [ 1927.523886][T14251] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1927.530141][T14251] alloc_pages_current+0x107/0x210 [ 1927.535267][T14251] pte_alloc_one+0x1b/0x1a0 [ 1927.540579][T14251] __pte_alloc+0x20/0x310 [ 1927.544908][T14251] copy_page_range+0x1610/0x2120 [ 1927.549879][T14251] ? percpu_ref_put_many+0x94/0x190 [ 1927.555118][T14251] ? lock_downgrade+0x920/0x920 [ 1927.559974][T14251] ? __pmd_alloc+0x460/0x460 [ 1927.564583][T14251] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1927.570128][T14251] ? validate_mm_rb+0xa3/0xc0 [ 1927.574922][T14251] ? __vma_link_rb+0x275/0x370 [ 1927.579691][T14251] dup_mm+0xa67/0x1430 [ 1927.583755][T14251] ? vm_area_dup+0x170/0x170 [ 1927.588705][T14251] ? debug_mutex_init+0x2d/0x5a [ 1927.593576][T14251] copy_process+0x28b7/0x6b00 [ 1927.598285][T14251] ? perf_trace_lock+0xeb/0x4c0 [ 1927.603295][T14251] ? __cleanup_sighand+0x60/0x60 [ 1927.608345][T14251] _do_fork+0x146/0xfa0 [ 1927.612512][T14251] ? copy_init_mm+0x20/0x20 [ 1927.617331][T14251] ? __kasan_check_read+0x11/0x20 [ 1927.622449][T14251] ? _copy_to_user+0x118/0x160 [ 1927.627207][T14251] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1927.633496][T14251] ? put_timespec64+0xda/0x140 [ 1927.638362][T14251] __x64_sys_clone+0x18d/0x250 [ 1927.643179][T14251] ? __ia32_sys_vfork+0xc0/0xc0 [ 1927.648139][T14251] ? trace_hardirqs_off_caller+0x65/0x230 [ 1927.653882][T14251] ? trace_hardirqs_on+0x67/0x240 [ 1927.658909][T14251] do_syscall_64+0xfa/0x760 [ 1927.663557][T14251] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1927.669553][T14251] RIP: 0033:0x459829 [ 1927.673462][T14251] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1927.693324][T14251] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1927.701769][T14251] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1927.709755][T14251] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1927.717762][T14251] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1927.725768][T14251] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1927.733828][T14251] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1927.745238][T14251] memory: usage 307032kB, limit 307200kB, failcnt 101895 [ 1927.752360][T14251] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1927.759890][T14251] Memory cgroup stats for /syz0: [ 1927.760013][T14251] anon 82845696 [ 1927.760013][T14251] file 4096 [ 1927.760013][T14251] kernel_stack 36438016 [ 1927.760013][T14251] slab 44945408 [ 1927.760013][T14251] sock 4096 [ 1927.760013][T14251] shmem 0 [ 1927.760013][T14251] file_mapped 0 [ 1927.760013][T14251] file_dirty 0 [ 1927.760013][T14251] file_writeback 0 [ 1927.760013][T14251] anon_thp 0 [ 1927.760013][T14251] inactive_anon 0 [ 1927.760013][T14251] active_anon 82796544 [ 1927.760013][T14251] inactive_file 32768 [ 1927.760013][T14251] active_file 61440 [ 1927.760013][T14251] unevictable 0 [ 1927.760013][T14251] slab_reclaimable 5541888 [ 1927.760013][T14251] slab_unreclaimable 39403520 [ 1927.760013][T14251] pgfault 154968 [ 1927.760013][T14251] pgmajfault 0 [ 1927.760013][T14251] workingset_refault 495 [ 1927.760013][T14251] workingset_activate 396 [ 1927.760013][T14251] workingset_nodereclaim 0 [ 1927.760013][T14251] pgrefill 22225 [ 1927.760013][T14251] pgscan 22615 [ 1927.760013][T14251] pgsteal 1330 [ 1927.856114][T14251] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=29394,uid=0 [ 1927.874287][T14251] Memory cgroup out of memory: Killed process 29394 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 04:20:01 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x4000000000000000, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:01 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5414, 0x0) 04:20:01 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc10000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:01 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb12732eb2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:01 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x9) 04:20:01 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1927.920302][T14398] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1927.975383][ T26] audit: type=1400 audit(1564374001.759:1268): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB12732EB2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=14404 comm="syz-executor.1" 04:20:01 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc11000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:01 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5415, 0x0) 04:20:01 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127330b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:01 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:20:02 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc12000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1928.196837][ T26] audit: type=1400 audit(1564374001.979:1269): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127330B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=14434 comm="syz-executor.1" 04:20:02 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127358b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1928.269134][T14415] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1928.325108][T14415] CPU: 0 PID: 14415 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1928.334360][T14415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1928.344428][T14415] Call Trace: [ 1928.347733][T14415] dump_stack+0x172/0x1f0 [ 1928.352084][T14415] dump_header+0x177/0x1152 [ 1928.357068][T14415] ? ___ratelimit+0xf8/0x595 [ 1928.362025][T14415] ? trace_hardirqs_on+0x67/0x240 [ 1928.367069][T14415] ? mark_oom_victim.cold+0x18/0x18 [ 1928.372297][T14415] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1928.378204][T14415] ? ___ratelimit+0x60/0x595 [ 1928.382903][T14415] ? do_raw_spin_unlock+0x57/0x270 [ 1928.386998][ T26] audit: type=1400 audit(1564374002.109:1270): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127358B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=14535 comm="syz-executor.1" [ 1928.388032][T14415] oom_kill_process.cold+0x10/0x15 [ 1928.388053][T14415] out_of_memory+0x79a/0x12c0 [ 1928.426618][T14415] ? lock_downgrade+0x920/0x920 [ 1928.436133][T14415] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1928.436149][T14415] ? oom_killer_disable+0x280/0x280 [ 1928.436169][T14415] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1928.436184][T14415] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1928.436207][T14415] ? do_raw_spin_unlock+0x57/0x270 [ 1928.465326][T14415] ? _raw_spin_unlock+0x2d/0x50 [ 1928.470196][T14415] try_charge+0xf4b/0x1440 [ 1928.474635][T14415] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1928.480199][T14415] ? percpu_ref_tryget_live+0x111/0x290 [ 1928.485755][T14415] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1928.491240][T14415] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1928.496892][T14415] mem_cgroup_try_charge+0x136/0x590 [ 1928.502201][T14415] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1928.507855][T14415] wp_page_copy+0x421/0x15e0 [ 1928.507872][T14415] ? lock_downgrade+0x920/0x920 [ 1928.507897][T14415] ? pmd_pfn+0x1d0/0x1d0 [ 1928.517428][T14415] ? lock_downgrade+0x920/0x920 [ 1928.526501][T14415] ? vm_normal_page+0x15d/0x3c0 [ 1928.531460][T14415] ? __pte_alloc_kernel+0x210/0x210 [ 1928.536671][T14415] ? psi_memstall_leave+0x12e/0x180 [ 1928.541902][T14415] ? __kasan_check_read+0x11/0x20 [ 1928.547028][T14415] ? do_raw_spin_unlock+0x57/0x270 [ 1928.552151][T14415] do_wp_page+0x499/0x14d0 [ 1928.556588][T14415] ? do_raw_spin_lock+0x12a/0x2e0 [ 1928.556603][T14415] ? rwlock_bug.part.0+0x90/0x90 [ 1928.556617][T14415] ? finish_mkwrite_fault+0x570/0x570 [ 1928.556631][T14415] ? add_mm_counter_fast.part.0+0x40/0x40 [ 1928.556652][T14415] __handle_mm_fault+0x22f7/0x3f20 [ 1928.566610][T14415] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1928.566623][T14415] ? __kasan_check_read+0x11/0x20 [ 1928.566644][T14415] ? trace_hardirqs_on+0x67/0x240 [ 1928.566668][T14415] handle_mm_fault+0x1b5/0x6b0 [ 1928.603459][T14415] __do_page_fault+0x536/0xdd0 [ 1928.608226][T14415] do_page_fault+0x38/0x590 [ 1928.612810][T14415] page_fault+0x39/0x40 [ 1928.617075][T14415] RIP: 0033:0x40e9c8 [ 1928.620971][T14415] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 35 ee 4b 00 31 c0 e8 63 33 ff ff 31 ff e8 ac 2f ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 9e 1a 66 00 [ 1928.640573][T14415] RSP: 002b:00007ffd41fb7070 EFLAGS: 00010246 [ 1928.646652][T14415] RAX: 00000000b58b8596 RBX: 00000000abc3cbe7 RCX: 0000001b33220000 [ 1928.654643][T14415] RDX: 0000000000000000 RSI: 0000000000000596 RDI: ffffffffb58b8596 [ 1928.662609][T14415] RBP: 0000000000000002 R08: 00000000b58b8596 R09: 00000000b58b859a [ 1928.671502][T14415] R10: 00007ffd41fb7210 R11: 0000000000000246 R12: 000000000075bfa8 [ 1928.679492][T14415] R13: 0000000080000000 R14: 00007f357841b008 R15: 0000000000000002 [ 1928.689367][T14415] memory: usage 307200kB, limit 307200kB, failcnt 101933 [ 1928.696990][T14415] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1928.703963][T14415] Memory cgroup stats for /syz0: [ 1928.704072][T14415] anon 82845696 [ 1928.704072][T14415] file 4096 [ 1928.704072][T14415] kernel_stack 36372480 [ 1928.704072][T14415] slab 44945408 [ 1928.704072][T14415] sock 4096 [ 1928.704072][T14415] shmem 0 [ 1928.704072][T14415] file_mapped 0 [ 1928.704072][T14415] file_dirty 0 [ 1928.704072][T14415] file_writeback 0 [ 1928.704072][T14415] anon_thp 0 [ 1928.704072][T14415] inactive_anon 0 [ 1928.704072][T14415] active_anon 82796544 [ 1928.704072][T14415] inactive_file 32768 [ 1928.704072][T14415] active_file 61440 [ 1928.704072][T14415] unevictable 0 [ 1928.704072][T14415] slab_reclaimable 5541888 [ 1928.704072][T14415] slab_unreclaimable 39403520 [ 1928.704072][T14415] pgfault 155034 [ 1928.704072][T14415] pgmajfault 0 [ 1928.704072][T14415] workingset_refault 495 [ 1928.704072][T14415] workingset_activate 396 [ 1928.704072][T14415] workingset_nodereclaim 0 [ 1928.704072][T14415] pgrefill 22357 [ 1928.704072][T14415] pgscan 22747 [ 1928.704072][T14415] pgsteal 1330 [ 1928.797926][T14415] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14397,uid=0 [ 1928.798024][T14415] Memory cgroup out of memory: Killed process 14397 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1928.822153][T14466] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1928.867026][T14415] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1928.877829][T14415] CPU: 0 PID: 14415 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1928.886936][T14415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1928.896994][T14415] Call Trace: [ 1928.900276][T14415] dump_stack+0x172/0x1f0 [ 1928.904621][T14415] dump_header+0x177/0x1152 [ 1928.909327][T14415] ? ___ratelimit+0xf8/0x595 [ 1928.913921][T14415] ? trace_hardirqs_on+0x67/0x240 [ 1928.918941][T14415] ? mark_oom_victim.cold+0x18/0x18 [ 1928.924231][T14415] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1928.930045][T14415] ? ___ratelimit+0x60/0x595 [ 1928.934625][T14415] ? do_raw_spin_unlock+0x57/0x270 [ 1928.939757][T14415] oom_kill_process.cold+0x10/0x15 [ 1928.944866][T14415] out_of_memory+0x79a/0x12c0 [ 1928.949564][T14415] ? lock_downgrade+0x920/0x920 [ 1928.954415][T14415] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1928.960762][T14415] ? oom_killer_disable+0x280/0x280 [ 1928.965959][T14415] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1928.971497][T14415] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1928.977124][T14415] ? do_raw_spin_unlock+0x57/0x270 [ 1928.982326][T14415] ? _raw_spin_unlock+0x2d/0x50 [ 1928.987326][T14415] try_charge+0xf4b/0x1440 [ 1928.992978][T14415] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1928.998524][T14415] ? percpu_ref_tryget_live+0x111/0x290 [ 1929.004054][T14415] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1929.009525][T14415] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1929.015266][T14415] mem_cgroup_try_charge+0x136/0x590 [ 1929.020662][T14415] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1929.026322][T14415] wp_page_copy+0x421/0x15e0 [ 1929.030895][T14415] ? page_trans_huge_mapcount+0x166/0x450 [ 1929.036598][T14415] ? pmd_pfn+0x1d0/0x1d0 [ 1929.040824][T14415] ? lock_downgrade+0x920/0x920 [ 1929.045658][T14415] ? swp_swapcount+0x540/0x540 [ 1929.050427][T14415] ? psi_memstall_leave+0x12e/0x180 [ 1929.055632][T14415] ? __kasan_check_read+0x11/0x20 [ 1929.060641][T14415] ? do_raw_spin_unlock+0x57/0x270 [ 1929.065743][T14415] do_wp_page+0x499/0x14d0 [ 1929.070145][T14415] ? finish_mkwrite_fault+0x570/0x570 [ 1929.075502][T14415] __handle_mm_fault+0x22f7/0x3f20 [ 1929.080596][T14415] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1929.086122][T14415] ? __kasan_check_read+0x11/0x20 [ 1929.091132][T14415] ? trace_hardirqs_on+0x67/0x240 [ 1929.096169][T14415] handle_mm_fault+0x1b5/0x6b0 [ 1929.100943][T14415] __do_page_fault+0x536/0xdd0 [ 1929.105699][T14415] do_page_fault+0x38/0x590 [ 1929.110195][T14415] page_fault+0x39/0x40 [ 1929.114350][T14415] RIP: 0033:0x410a3c [ 1929.118248][T14415] Code: 66 00 48 f7 d0 49 21 c5 4b 8d 8c 28 00 08 00 00 4c 89 ad 70 ff ff ff 48 21 c8 48 39 c3 0f 82 1b 04 00 00 be 01 00 00 00 31 c0 0f b1 35 74 fa 65 00 74 1a 48 8d 3d 6b fa 65 00 48 81 ec 80 00 [ 1929.137855][T14415] RSP: 002b:00007ffd41fb7050 EFLAGS: 00010246 [ 1929.143906][T14415] RAX: 0000000000000000 RBX: 0000000000020000 RCX: 0000000000003a3f [ 1929.151883][T14415] RDX: 0000000000001000 RSI: 0000000000000001 RDI: 00007ffd41fb7208 [ 1929.159844][T14415] RBP: 00007ffd41fb7130 R08: 000000000000223f R09: ffffffffffffffff [ 1929.167924][T14415] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd41fb7220 [ 1929.175882][T14415] R13: 0000000000001000 R14: 0000000000000001 R15: 000000000075bfd4 [ 1929.186172][T14415] memory: usage 307200kB, limit 307200kB, failcnt 101994 [ 1929.193215][T14415] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1929.200141][T14415] Memory cgroup stats for /syz0: [ 1929.200250][T14415] anon 82845696 [ 1929.200250][T14415] file 4096 [ 1929.200250][T14415] kernel_stack 36372480 [ 1929.200250][T14415] slab 44945408 [ 1929.200250][T14415] sock 4096 [ 1929.200250][T14415] shmem 0 [ 1929.200250][T14415] file_mapped 0 [ 1929.200250][T14415] file_dirty 0 [ 1929.200250][T14415] file_writeback 0 [ 1929.200250][T14415] anon_thp 0 [ 1929.200250][T14415] inactive_anon 0 [ 1929.200250][T14415] active_anon 82796544 [ 1929.200250][T14415] inactive_file 32768 [ 1929.200250][T14415] active_file 61440 [ 1929.200250][T14415] unevictable 0 [ 1929.200250][T14415] slab_reclaimable 5541888 [ 1929.200250][T14415] slab_unreclaimable 39403520 [ 1929.200250][T14415] pgfault 155067 [ 1929.200250][T14415] pgmajfault 0 [ 1929.200250][T14415] workingset_refault 495 [ 1929.200250][T14415] workingset_activate 396 [ 1929.200250][T14415] workingset_nodereclaim 0 [ 1929.200250][T14415] pgrefill 22357 [ 1929.200250][T14415] pgscan 22747 [ 1929.200250][T14415] pgsteal 1330 [ 1929.294000][T14415] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=29332,uid=0 [ 1929.309902][T14415] Memory cgroup out of memory: Killed process 29332 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1929.325890][ T1057] oom_reaper: reaped process 29332 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1929.333101][T14547] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1929.354095][T14547] CPU: 1 PID: 14547 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1929.363424][T14547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1929.374362][T14547] Call Trace: 04:20:03 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x4800000000000000, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:03 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xa) 04:20:03 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc13000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:03 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127363b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:03 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5416, 0x0) 04:20:03 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1929.377670][T14547] dump_stack+0x172/0x1f0 [ 1929.382014][T14547] dump_header+0x177/0x1152 [ 1929.386533][T14547] ? ___ratelimit+0xf8/0x595 [ 1929.391193][T14547] ? trace_hardirqs_on+0x67/0x240 [ 1929.396338][T14547] ? mark_oom_victim.cold+0x18/0x18 [ 1929.401900][T14547] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1929.407733][T14547] ? ___ratelimit+0x60/0x595 [ 1929.412339][T14547] ? do_raw_spin_unlock+0x57/0x270 [ 1929.417468][T14547] oom_kill_process.cold+0x10/0x15 [ 1929.422605][T14547] out_of_memory+0x79a/0x12c0 [ 1929.427382][T14547] ? lock_downgrade+0x920/0x920 [ 1929.432336][T14547] ? oom_killer_disable+0x280/0x280 [ 1929.437544][T14547] ? __kasan_check_read+0x11/0x20 [ 1929.442588][T14547] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1929.448155][T14547] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1929.453924][T14547] ? do_raw_spin_unlock+0x57/0x270 [ 1929.459057][T14547] ? _raw_spin_unlock+0x2d/0x50 [ 1929.463954][T14547] try_charge+0xa2d/0x1440 [ 1929.468395][T14547] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1929.473955][T14547] ? get_mem_cgroup_from_mm+0x139/0x320 04:20:03 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127364b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1929.479514][T14547] ? __kasan_check_read+0x11/0x20 [ 1929.484738][T14547] ? lock_downgrade+0x920/0x920 [ 1929.489606][T14547] ? percpu_ref_tryget_live+0x111/0x290 [ 1929.495180][T14547] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1929.500745][T14547] ? memcg_kmem_put_cache+0x50/0x50 [ 1929.506014][T14547] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1929.511664][T14547] __memcg_kmem_charge+0x13a/0x3a0 [ 1929.516796][T14547] __alloc_pages_nodemask+0x4f4/0x900 04:20:03 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xe) 04:20:03 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, 0x0, 0x0) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1929.516813][ T26] audit: type=1400 audit(1564374003.249:1271): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127363B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=14560 comm="syz-executor.1" [ 1929.555518][T14547] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1929.561256][T14547] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1929.567592][T14547] ? debug_smp_processor_id+0x3c/0x214 [ 1929.573064][T14547] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 04:20:03 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc14000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1929.579323][T14547] alloc_pages_current+0x107/0x210 [ 1929.584453][T14547] pte_alloc_one+0x1b/0x1a0 [ 1929.588970][T14547] __handle_mm_fault+0x34dd/0x3f20 [ 1929.594094][T14547] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1929.599647][T14547] ? __kasan_check_read+0x11/0x20 [ 1929.604694][T14547] ? trace_hardirqs_on+0x67/0x240 [ 1929.609730][T14547] handle_mm_fault+0x1b5/0x6b0 [ 1929.614508][T14547] __do_page_fault+0x536/0xdd0 [ 1929.619284][T14547] ? page_fault+0x16/0x40 [ 1929.623665][T14547] do_page_fault+0x38/0x590 [ 1929.628177][T14547] page_fault+0x39/0x40 [ 1929.632335][T14547] RIP: 0033:0x459829 [ 1929.636303][T14547] Code: Bad RIP value. [ 1929.640375][T14547] RSP: 002b:00007f3576419c78 EFLAGS: 00010246 [ 1929.646443][T14547] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000459829 [ 1929.654422][T14547] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1929.662395][T14547] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1929.670373][T14547] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 04:20:03 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5418, 0x0) [ 1929.678360][T14547] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1929.727311][T14547] memory: usage 306756kB, limit 307200kB, failcnt 102004 04:20:03 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, 0x0, 0x0) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1929.764621][ T26] audit: type=1400 audit(1564374003.549:1272): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127364B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=14668 comm="syz-executor.1" [ 1929.823899][T14547] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1929.866393][T14547] Memory cgroup stats for /syz0: [ 1929.866505][T14547] anon 82845696 [ 1929.866505][T14547] file 4096 [ 1929.866505][T14547] kernel_stack 36306944 [ 1929.866505][T14547] slab 44945408 [ 1929.866505][T14547] sock 4096 [ 1929.866505][T14547] shmem 0 [ 1929.866505][T14547] file_mapped 0 [ 1929.866505][T14547] file_dirty 0 [ 1929.866505][T14547] file_writeback 0 [ 1929.866505][T14547] anon_thp 0 [ 1929.866505][T14547] inactive_anon 0 [ 1929.866505][T14547] active_anon 82661376 [ 1929.866505][T14547] inactive_file 32768 [ 1929.866505][T14547] active_file 61440 [ 1929.866505][T14547] unevictable 0 [ 1929.866505][T14547] slab_reclaimable 5541888 [ 1929.866505][T14547] slab_unreclaimable 39403520 [ 1929.866505][T14547] pgfault 155067 [ 1929.866505][T14547] pgmajfault 0 [ 1929.866505][T14547] workingset_refault 495 [ 1929.866505][T14547] workingset_activate 396 [ 1929.866505][T14547] workingset_nodereclaim 0 [ 1929.866505][T14547] pgrefill 22357 [ 1929.866505][T14547] pgscan 22747 [ 1929.866505][T14547] pgsteal 1330 [ 1929.979083][T14547] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14547,uid=0 [ 1930.048216][T14547] Memory cgroup out of memory: Killed process 14547 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1930.108761][ T1057] oom_reaper: reaped process 14547 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1930.140562][T14802] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1930.151083][T14802] CPU: 1 PID: 14802 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1930.160321][T14802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1930.170381][T14802] Call Trace: [ 1930.173674][T14802] dump_stack+0x172/0x1f0 [ 1930.178101][T14802] dump_header+0x177/0x1152 [ 1930.182603][T14802] ? ___ratelimit+0xf8/0x595 [ 1930.187181][T14802] ? trace_hardirqs_on+0x67/0x240 [ 1930.192199][T14802] ? mark_oom_victim.cold+0x18/0x18 [ 1930.197383][T14802] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1930.203172][T14802] ? ___ratelimit+0x60/0x595 [ 1930.207753][T14802] ? do_raw_spin_unlock+0x57/0x270 [ 1930.212880][T14802] oom_kill_process.cold+0x10/0x15 [ 1930.217993][T14802] out_of_memory+0x79a/0x12c0 [ 1930.222674][T14802] ? lock_downgrade+0x920/0x920 [ 1930.227519][T14802] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1930.233827][T14802] ? oom_killer_disable+0x280/0x280 [ 1930.239018][T14802] ? __kasan_check_read+0x11/0x20 [ 1930.244050][T14802] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1930.249612][T14802] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1930.255239][T14802] ? do_raw_spin_unlock+0x57/0x270 [ 1930.260341][T14802] ? _raw_spin_unlock+0x2d/0x50 [ 1930.265184][T14802] try_charge+0xf4b/0x1440 [ 1930.269597][T14802] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1930.275151][T14802] ? percpu_ref_tryget_live+0x111/0x290 [ 1930.280695][T14802] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1930.286367][T14802] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1930.291913][T14802] mem_cgroup_try_charge+0x136/0x590 [ 1930.297191][T14802] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1930.302839][T14802] __handle_mm_fault+0x1e3a/0x3f20 [ 1930.307937][T14802] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1930.313490][T14802] ? __kasan_check_read+0x11/0x20 [ 1930.318507][T14802] ? trace_hardirqs_on+0x67/0x240 [ 1930.323521][T14802] handle_mm_fault+0x1b5/0x6b0 [ 1930.328277][T14802] __do_page_fault+0x536/0xdd0 [ 1930.333037][T14802] do_page_fault+0x38/0x590 [ 1930.337553][T14802] page_fault+0x39/0x40 [ 1930.341699][T14802] RIP: 0033:0x45c1dd [ 1930.345679][T14802] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 30 8e fb ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 1930.365288][T14802] RSP: 002b:00007ffd41fb7008 EFLAGS: 00010202 [ 1930.371353][T14802] RAX: ffffffffffffffea RBX: 00007f35763f9700 RCX: 00007f35763f9700 [ 1930.379318][T14802] RDX: 00000000003d0f00 RSI: 00007f35763f8db0 RDI: 0000000000410560 [ 1930.387288][T14802] RBP: 00007ffd41fb7220 R08: 00007f35763f99d0 R09: 00007f35763f9700 [ 1930.395266][T14802] R10: 00007f35763f8dc0 R11: 0000000000000246 R12: 0000000000000000 [ 1930.403241][T14802] R13: 00007ffd41fb70bf R14: 00007f35763f99c0 R15: 000000000075bfd4 [ 1930.412685][T14802] memory: usage 307040kB, limit 307200kB, failcnt 102072 [ 1930.419772][T14802] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1930.426739][T14802] Memory cgroup stats for /syz0: [ 1930.426873][T14802] anon 82833408 [ 1930.426873][T14802] file 4096 [ 1930.426873][T14802] kernel_stack 36372480 [ 1930.426873][T14802] slab 44945408 [ 1930.426873][T14802] sock 4096 [ 1930.426873][T14802] shmem 0 [ 1930.426873][T14802] file_mapped 0 [ 1930.426873][T14802] file_dirty 0 [ 1930.426873][T14802] file_writeback 0 [ 1930.426873][T14802] anon_thp 0 [ 1930.426873][T14802] inactive_anon 0 [ 1930.426873][T14802] active_anon 82796544 [ 1930.426873][T14802] inactive_file 32768 [ 1930.426873][T14802] active_file 61440 [ 1930.426873][T14802] unevictable 0 [ 1930.426873][T14802] slab_reclaimable 5541888 [ 1930.426873][T14802] slab_unreclaimable 39403520 [ 1930.426873][T14802] pgfault 155166 [ 1930.426873][T14802] pgmajfault 0 [ 1930.426873][T14802] workingset_refault 495 [ 1930.426873][T14802] workingset_activate 396 [ 1930.426873][T14802] workingset_nodereclaim 0 [ 1930.426873][T14802] pgrefill 22621 [ 1930.426873][T14802] pgscan 22978 [ 1930.426873][T14802] pgsteal 1330 [ 1930.520488][T14802] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=31131,uid=0 [ 1930.536989][T14802] Memory cgroup out of memory: Killed process 31131 (syz-executor.0) total-vm:72708kB, anon-rss:160kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1930.554937][ T1057] oom_reaper: reaped process 31131 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1930.556103][T14806] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1930.578296][T14806] CPU: 1 PID: 14806 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1930.587504][T14806] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1930.597570][T14806] Call Trace: [ 1930.600871][T14806] dump_stack+0x172/0x1f0 [ 1930.605559][T14806] dump_header+0x177/0x1152 [ 1930.610069][T14806] ? ___ratelimit+0xf8/0x595 [ 1930.614830][T14806] ? trace_hardirqs_on+0x67/0x240 [ 1930.620246][T14806] ? mark_oom_victim.cold+0x18/0x18 [ 1930.625451][T14806] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1930.631261][T14806] ? ___ratelimit+0x60/0x595 [ 1930.635853][T14806] ? do_raw_spin_unlock+0x57/0x270 [ 1930.640970][T14806] oom_kill_process.cold+0x10/0x15 [ 1930.646085][T14806] out_of_memory+0x79a/0x12c0 [ 1930.650764][T14806] ? lock_downgrade+0x920/0x920 [ 1930.655718][T14806] ? oom_killer_disable+0x280/0x280 [ 1930.660930][T14806] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1930.666487][T14806] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1930.672129][T14806] ? do_raw_spin_unlock+0x57/0x270 [ 1930.677252][T14806] ? _raw_spin_unlock+0x2d/0x50 [ 1930.682127][T14806] try_charge+0xa2d/0x1440 [ 1930.686576][T14806] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1930.692144][T14806] ? percpu_ref_tryget_live+0x111/0x290 [ 1930.697701][T14806] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1930.703257][T14806] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1930.708832][T14806] mem_cgroup_try_charge+0x136/0x590 [ 1930.714120][T14806] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1930.719761][T14806] wp_page_copy+0x421/0x15e0 [ 1930.724362][T14806] ? page_trans_huge_mapcount+0x166/0x450 [ 1930.730089][T14806] ? pmd_pfn+0x1d0/0x1d0 [ 1930.734348][T14806] ? lock_downgrade+0x920/0x920 [ 1930.739201][T14806] ? swp_swapcount+0x540/0x540 [ 1930.743966][T14806] ? __kasan_check_read+0x11/0x20 [ 1930.748999][T14806] ? do_raw_spin_unlock+0x57/0x270 [ 1930.754131][T14806] do_wp_page+0x499/0x14d0 [ 1930.758558][T14806] ? finish_mkwrite_fault+0x570/0x570 [ 1930.763945][T14806] __handle_mm_fault+0x22f7/0x3f20 [ 1930.769068][T14806] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1930.774610][T14806] ? __kasan_check_read+0x11/0x20 [ 1930.779644][T14806] ? trace_hardirqs_on+0x67/0x240 [ 1930.784679][T14806] handle_mm_fault+0x1b5/0x6b0 [ 1930.789450][T14806] __do_page_fault+0x536/0xdd0 [ 1930.794228][T14806] do_page_fault+0x38/0x590 [ 1930.798749][T14806] page_fault+0x39/0x40 [ 1930.802930][T14806] RIP: 0033:0x404f08 [ 1930.807000][T14806] Code: 85 02 00 00 80 3d 8f b5 66 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 7c b5 66 00 39 45 24 0f 84 e7 01 00 00 44 8b a5 80 00 00 00 b3 d5 ff ff 48 2b 05 fc 30 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 1930.826714][T14806] RSP: 002b:00007f3576419c90 EFLAGS: 00010246 [ 1930.832789][T14806] RAX: 00007f357841b000 RBX: 0000000000001e8a RCX: 0000000000459829 [ 1930.840759][T14806] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 [ 1930.848732][T14806] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1930.856704][T14806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1930.864677][T14806] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1930.875615][T14806] memory: usage 307024kB, limit 307200kB, failcnt 102072 [ 1930.887332][T14806] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1930.895212][T14806] Memory cgroup stats for /syz0: [ 1930.895344][T14806] anon 82694144 [ 1930.895344][T14806] file 4096 [ 1930.895344][T14806] kernel_stack 36372480 [ 1930.895344][T14806] slab 44945408 [ 1930.895344][T14806] sock 4096 [ 1930.895344][T14806] shmem 0 [ 1930.895344][T14806] file_mapped 0 [ 1930.895344][T14806] file_dirty 0 [ 1930.895344][T14806] file_writeback 0 [ 1930.895344][T14806] anon_thp 0 [ 1930.895344][T14806] inactive_anon 0 [ 1930.895344][T14806] active_anon 82661376 [ 1930.895344][T14806] inactive_file 32768 [ 1930.895344][T14806] active_file 61440 [ 1930.895344][T14806] unevictable 0 [ 1930.895344][T14806] slab_reclaimable 5541888 [ 1930.895344][T14806] slab_unreclaimable 39403520 [ 1930.895344][T14806] pgfault 155166 [ 1930.895344][T14806] pgmajfault 0 [ 1930.895344][T14806] workingset_refault 495 [ 1930.895344][T14806] workingset_activate 396 [ 1930.895344][T14806] workingset_nodereclaim 0 [ 1930.895344][T14806] pgrefill 22654 [ 1930.895344][T14806] pgscan 23011 [ 1930.895344][T14806] pgsteal 1330 [ 1930.901517][T14809] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1930.991815][T14806] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=22925,uid=0 [ 1931.015457][T14806] Memory cgroup out of memory: Killed process 22925 (syz-executor.0) total-vm:72840kB, anon-rss:148kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1931.030956][ T1057] oom_reaper: reaped process 22925 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1931.043607][T14808] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1931.045862][T14809] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1931.056394][T14808] CPU: 1 PID: 14808 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1931.073384][T14808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1931.083530][T14808] Call Trace: [ 1931.086854][T14808] dump_stack+0x172/0x1f0 [ 1931.091187][T14808] dump_header+0x177/0x1152 [ 1931.095699][T14808] ? ___ratelimit+0xf8/0x595 [ 1931.100286][T14808] ? trace_hardirqs_on+0x67/0x240 [ 1931.105316][T14808] ? mark_oom_victim.cold+0x18/0x18 [ 1931.110509][T14808] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1931.116300][T14808] ? ___ratelimit+0x60/0x595 [ 1931.120870][T14808] ? do_raw_spin_unlock+0x57/0x270 [ 1931.125981][T14808] oom_kill_process.cold+0x10/0x15 [ 1931.131088][T14808] out_of_memory+0x79a/0x12c0 [ 1931.135831][T14808] ? lock_downgrade+0x920/0x920 [ 1931.140668][T14808] ? oom_killer_disable+0x280/0x280 [ 1931.145860][T14808] ? __kasan_check_read+0x11/0x20 [ 1931.151017][T14808] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1931.156725][T14808] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1931.162345][T14808] ? do_raw_spin_unlock+0x57/0x270 [ 1931.167456][T14808] ? _raw_spin_unlock+0x2d/0x50 [ 1931.172303][T14808] try_charge+0xa2d/0x1440 [ 1931.176707][T14808] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1931.182240][T14808] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1931.187816][T14808] ? __kasan_check_read+0x11/0x20 [ 1931.192837][T14808] ? lock_downgrade+0x920/0x920 [ 1931.197668][T14808] ? percpu_ref_tryget_live+0x111/0x290 [ 1931.203208][T14808] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1931.208692][T14808] ? memcg_kmem_put_cache+0x50/0x50 [ 1931.213883][T14808] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1931.219421][T14808] __memcg_kmem_charge+0x13a/0x3a0 [ 1931.224535][T14808] __alloc_pages_nodemask+0x4f4/0x900 [ 1931.229909][T14808] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1931.235616][T14808] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1931.241852][T14808] ? debug_smp_processor_id+0x3c/0x214 [ 1931.247302][T14808] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1931.253540][T14808] alloc_pages_current+0x107/0x210 [ 1931.258634][T14808] pte_alloc_one+0x1b/0x1a0 [ 1931.263115][T14808] __handle_mm_fault+0x34dd/0x3f20 [ 1931.268214][T14808] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1931.273768][T14808] ? __kasan_check_read+0x11/0x20 [ 1931.278826][T14808] ? trace_hardirqs_on+0x67/0x240 [ 1931.283830][T14808] handle_mm_fault+0x1b5/0x6b0 [ 1931.288598][T14808] __do_page_fault+0x536/0xdd0 [ 1931.293356][T14808] ? page_fault+0x16/0x40 [ 1931.297675][T14808] do_page_fault+0x38/0x590 [ 1931.302160][T14808] page_fault+0x39/0x40 [ 1931.306396][T14808] RIP: 0033:0x459829 [ 1931.310287][T14808] Code: Bad RIP value. [ 1931.314325][T14808] RSP: 002b:00007f3576419c78 EFLAGS: 00010246 [ 1931.320370][T14808] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000459829 [ 1931.328408][T14808] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1931.336365][T14808] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1931.344448][T14808] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1931.352449][T14808] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff 04:20:05 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x8800000000000000, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:05 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127369b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:05 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc60000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:05 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xf) 04:20:05 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541d, 0x0) 04:20:05 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, 0x0, 0x0) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1931.361304][T14808] memory: usage 306708kB, limit 307200kB, failcnt 102073 [ 1931.397200][T14808] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1931.427362][ T26] audit: type=1400 audit(1564374005.209:1273): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127369B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=14811 comm="syz-executor.1" [ 1931.442286][T14808] Memory cgroup stats for /syz0: [ 1931.442567][T14808] anon 82694144 [ 1931.442567][T14808] file 4096 [ 1931.442567][T14808] kernel_stack 36306944 [ 1931.442567][T14808] slab 44945408 [ 1931.442567][T14808] sock 4096 [ 1931.442567][T14808] shmem 0 [ 1931.442567][T14808] file_mapped 0 [ 1931.442567][T14808] file_dirty 0 [ 1931.442567][T14808] file_writeback 0 [ 1931.442567][T14808] anon_thp 0 [ 1931.442567][T14808] inactive_anon 0 [ 1931.442567][T14808] active_anon 82796544 [ 1931.442567][T14808] inactive_file 32768 [ 1931.442567][T14808] active_file 61440 [ 1931.442567][T14808] unevictable 0 [ 1931.442567][T14808] slab_reclaimable 5541888 [ 1931.442567][T14808] slab_unreclaimable 39403520 [ 1931.442567][T14808] pgfault 155166 [ 1931.442567][T14808] pgmajfault 0 [ 1931.442567][T14808] workingset_refault 495 [ 1931.442567][T14808] workingset_activate 396 [ 1931.442567][T14808] workingset_nodereclaim 0 [ 1931.442567][T14808] pgrefill 22654 [ 1931.442567][T14808] pgscan 23044 [ 1931.442567][T14808] pgsteal 1330 04:20:05 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fcf0000048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:05 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541e, 0x0) 04:20:05 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb12736cb2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1931.619266][T14808] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14802,uid=0 04:20:05 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x10) 04:20:05 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4), 0x0) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1931.835983][ T26] audit: type=1400 audit(1564374005.619:1274): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB12736CB2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=14937 comm="syz-executor.1" 04:20:05 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb12736fb2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1932.032026][ T26] audit: type=1400 audit(1564374005.759:1275): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB12736FB2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=14951 comm="syz-executor.1" [ 1932.167905][T15066] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1932.334008][T15062] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1932.348604][T15062] CPU: 0 PID: 15062 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1932.357743][T15062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1932.367974][T15062] Call Trace: [ 1932.371367][T15062] dump_stack+0x172/0x1f0 [ 1932.375685][T15062] dump_header+0x177/0x1152 [ 1932.380521][T15062] ? ___ratelimit+0xf8/0x595 [ 1932.385094][T15062] ? trace_hardirqs_on+0x67/0x240 [ 1932.390099][T15062] ? mark_oom_victim.cold+0x18/0x18 [ 1932.395278][T15062] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1932.401075][T15062] ? ___ratelimit+0x60/0x595 [ 1932.405692][T15062] ? do_raw_spin_unlock+0x57/0x270 [ 1932.410798][T15062] oom_kill_process.cold+0x10/0x15 [ 1932.415896][T15062] out_of_memory+0x79a/0x12c0 [ 1932.420553][T15062] ? lock_downgrade+0x920/0x920 [ 1932.425395][T15062] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1932.431754][T15062] ? oom_killer_disable+0x280/0x280 [ 1932.437041][T15062] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1932.442576][T15062] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1932.448230][T15062] ? do_raw_spin_unlock+0x57/0x270 [ 1932.453330][T15062] ? _raw_spin_unlock+0x2d/0x50 [ 1932.458167][T15062] try_charge+0xf4b/0x1440 [ 1932.462573][T15062] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1932.468122][T15062] ? percpu_ref_tryget_live+0x111/0x290 [ 1932.473663][T15062] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1932.479111][T15062] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1932.484658][T15062] mem_cgroup_try_charge+0x136/0x590 [ 1932.489945][T15062] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1932.495594][T15062] wp_page_copy+0x421/0x15e0 [ 1932.500180][T15062] ? page_trans_huge_mapcount+0x166/0x450 [ 1932.506247][T15062] ? pmd_pfn+0x1d0/0x1d0 [ 1932.510492][T15062] ? lock_downgrade+0x920/0x920 [ 1932.515336][T15062] ? swp_swapcount+0x540/0x540 [ 1932.520085][T15062] ? psi_memstall_leave+0x12e/0x180 [ 1932.525291][T15062] ? __kasan_check_read+0x11/0x20 [ 1932.530331][T15062] ? do_raw_spin_unlock+0x57/0x270 [ 1932.535439][T15062] do_wp_page+0x499/0x14d0 [ 1932.539840][T15062] ? finish_mkwrite_fault+0x570/0x570 [ 1932.545204][T15062] __handle_mm_fault+0x22f7/0x3f20 [ 1932.550313][T15062] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1932.555847][T15062] ? __kasan_check_read+0x11/0x20 [ 1932.560889][T15062] ? trace_hardirqs_on+0x67/0x240 [ 1932.565912][T15062] handle_mm_fault+0x1b5/0x6b0 [ 1932.570664][T15062] __do_page_fault+0x536/0xdd0 [ 1932.575437][T15062] do_page_fault+0x38/0x590 [ 1932.579923][T15062] page_fault+0x39/0x40 [ 1932.584058][T15062] RIP: 0033:0x40e9c8 [ 1932.587937][T15062] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 35 ee 4b 00 31 c0 e8 63 33 ff ff 31 ff e8 ac 2f ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 9e 1a 66 00 [ 1932.607547][T15062] RSP: 002b:00007ffd41fb7070 EFLAGS: 00010246 [ 1932.613706][T15062] RAX: 000000008a947777 RBX: 0000000002cd4b6f RCX: 0000001b33220000 [ 1932.621842][T15062] RDX: 0000000000000000 RSI: 0000000000001777 RDI: ffffffff8a947777 [ 1932.629796][T15062] RBP: 000000000000000e R08: 000000008a947777 R09: 000000008a94777b [ 1932.637759][T15062] R10: 00007ffd41fb7210 R11: 0000000000000000 R12: 000000000075bfa8 [ 1932.645727][T15062] R13: 0000000080000000 R14: 00007f357841b008 R15: 000000000000001d [ 1932.654786][T15062] memory: usage 307200kB, limit 307200kB, failcnt 102112 [ 1932.661832][T15062] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1932.668733][T15062] Memory cgroup stats for /syz0: [ 1932.668853][T15062] anon 82694144 [ 1932.668853][T15062] file 4096 [ 1932.668853][T15062] kernel_stack 36372480 [ 1932.668853][T15062] slab 44945408 [ 1932.668853][T15062] sock 4096 [ 1932.668853][T15062] shmem 0 [ 1932.668853][T15062] file_mapped 0 [ 1932.668853][T15062] file_dirty 0 [ 1932.668853][T15062] file_writeback 0 [ 1932.668853][T15062] anon_thp 0 [ 1932.668853][T15062] inactive_anon 0 [ 1932.668853][T15062] active_anon 82796544 [ 1932.668853][T15062] inactive_file 32768 [ 1932.668853][T15062] active_file 61440 [ 1932.668853][T15062] unevictable 0 [ 1932.668853][T15062] slab_reclaimable 5541888 [ 1932.668853][T15062] slab_unreclaimable 39403520 [ 1932.668853][T15062] pgfault 155265 [ 1932.668853][T15062] pgmajfault 0 [ 1932.668853][T15062] workingset_refault 495 [ 1932.668853][T15062] workingset_activate 396 [ 1932.668853][T15062] workingset_nodereclaim 0 [ 1932.668853][T15062] pgrefill 22853 [ 1932.668853][T15062] pgscan 23242 [ 1932.668853][T15062] pgsteal 1330 [ 1932.762399][T15062] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15067,uid=0 [ 1932.777901][T15062] Memory cgroup out of memory: Killed process 15067 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1932.794017][ T1057] oom_reaper: reaped process 15067 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1932.808205][T15063] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1932.824327][T15063] CPU: 1 PID: 15063 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1932.833442][T15063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1932.843563][T15063] Call Trace: [ 1932.846856][T15063] dump_stack+0x172/0x1f0 [ 1932.851272][T15063] dump_header+0x177/0x1152 [ 1932.855779][T15063] ? ___ratelimit+0xf8/0x595 [ 1932.860413][T15063] ? trace_hardirqs_on+0x67/0x240 [ 1932.865428][T15063] ? mark_oom_victim.cold+0x18/0x18 [ 1932.870619][T15063] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1932.889386][T15063] ? ___ratelimit+0x60/0x595 [ 1932.894069][T15063] ? do_raw_spin_unlock+0x57/0x270 [ 1932.899198][T15063] oom_kill_process.cold+0x10/0x15 [ 1932.904335][T15063] out_of_memory+0x79a/0x12c0 [ 1932.909034][T15063] ? lock_downgrade+0x920/0x920 [ 1932.913875][T15063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1932.920121][T15063] ? oom_killer_disable+0x280/0x280 [ 1932.925346][T15063] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1932.930892][T15063] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1932.936562][T15063] ? do_raw_spin_unlock+0x57/0x270 [ 1932.941699][T15063] ? _raw_spin_unlock+0x2d/0x50 [ 1932.946545][T15063] try_charge+0xf4b/0x1440 [ 1932.951049][T15063] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1932.956605][T15063] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1932.962141][T15063] ? __kasan_check_read+0x11/0x20 [ 1932.967190][T15063] ? lock_downgrade+0x920/0x920 [ 1932.972036][T15063] ? percpu_ref_tryget_live+0x111/0x290 [ 1932.977581][T15063] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1932.983026][T15063] ? memcg_kmem_put_cache+0x50/0x50 [ 1932.988217][T15063] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1932.993755][T15063] __memcg_kmem_charge+0x13a/0x3a0 [ 1932.998876][T15063] __alloc_pages_nodemask+0x4f4/0x900 [ 1933.004241][T15063] ? save_stack+0x5c/0x90 [ 1933.008556][T15063] ? save_stack+0x23/0x90 [ 1933.012959][T15063] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1933.018687][T15063] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1933.024516][T15063] ? kasan_slab_alloc+0xf/0x20 [ 1933.029439][T15063] ? kmem_cache_alloc+0x121/0x710 [ 1933.034464][T15063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1933.040711][T15063] ? debug_smp_processor_id+0x3c/0x214 [ 1933.046195][T15063] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1933.052460][T15063] alloc_pages_current+0x107/0x210 [ 1933.057569][T15063] pte_alloc_one+0x1b/0x1a0 [ 1933.062070][T15063] __pte_alloc+0x20/0x310 [ 1933.066389][T15063] copy_page_range+0x1610/0x2120 [ 1933.071323][T15063] ? percpu_ref_put_many+0x94/0x190 [ 1933.076527][T15063] ? lock_downgrade+0x920/0x920 [ 1933.081385][T15063] ? __pmd_alloc+0x460/0x460 [ 1933.085970][T15063] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1933.091512][T15063] ? validate_mm_rb+0xa3/0xc0 [ 1933.096220][T15063] ? __vma_link_rb+0x275/0x370 [ 1933.100979][T15063] dup_mm+0xa67/0x1430 [ 1933.105043][T15063] ? vm_area_dup+0x170/0x170 [ 1933.109624][T15063] ? debug_mutex_init+0x2d/0x5a [ 1933.114484][T15063] copy_process+0x28b7/0x6b00 [ 1933.119182][T15063] ? __cleanup_sighand+0x60/0x60 [ 1933.124123][T15063] ? __lockdep_free_key_range+0x120/0x120 [ 1933.129849][T15063] _do_fork+0x146/0xfa0 [ 1933.134082][T15063] ? copy_init_mm+0x20/0x20 [ 1933.138608][T15063] ? __kasan_check_write+0x14/0x20 [ 1933.143722][T15063] ? up_read+0x159/0x570 [ 1933.147994][T15063] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1933.154243][T15063] __x64_sys_clone+0x18d/0x250 [ 1933.159006][T15063] ? perf_swevent_put_recursion_context+0x1f/0xa0 [ 1933.165417][T15063] ? __ia32_sys_vfork+0xc0/0xc0 [ 1933.170287][T15063] ? __perf_sw_event+0x7a/0xa0 [ 1933.175063][T15063] ? trace_hardirqs_off_caller+0x65/0x230 [ 1933.181151][T15063] ? trace_hardirqs_on+0x67/0x240 [ 1933.186170][T15063] do_syscall_64+0xfa/0x760 [ 1933.190670][T15063] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1933.196553][T15063] RIP: 0033:0x459829 [ 1933.200435][T15063] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1933.220112][T15063] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1933.228521][T15063] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1933.236575][T15063] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1933.244538][T15063] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1933.252501][T15063] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1933.260470][T15063] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1933.272387][T15063] memory: usage 307032kB, limit 307200kB, failcnt 102125 [ 1933.279488][T15063] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1933.287737][T15063] Memory cgroup stats for /syz0: [ 1933.287865][T15063] anon 82694144 [ 1933.287865][T15063] file 4096 [ 1933.287865][T15063] kernel_stack 36438016 [ 1933.287865][T15063] slab 44945408 [ 1933.287865][T15063] sock 4096 [ 1933.287865][T15063] shmem 0 [ 1933.287865][T15063] file_mapped 0 [ 1933.287865][T15063] file_dirty 0 [ 1933.287865][T15063] file_writeback 0 [ 1933.287865][T15063] anon_thp 0 [ 1933.287865][T15063] inactive_anon 0 [ 1933.287865][T15063] active_anon 82796544 [ 1933.287865][T15063] inactive_file 32768 [ 1933.287865][T15063] active_file 61440 [ 1933.287865][T15063] unevictable 0 [ 1933.287865][T15063] slab_reclaimable 5541888 [ 1933.287865][T15063] slab_unreclaimable 39403520 [ 1933.287865][T15063] pgfault 155298 [ 1933.287865][T15063] pgmajfault 0 [ 1933.287865][T15063] workingset_refault 495 [ 1933.287865][T15063] workingset_activate 396 [ 1933.287865][T15063] workingset_nodereclaim 0 [ 1933.287865][T15063] pgrefill 22919 [ 1933.287865][T15063] pgscan 23275 [ 1933.287865][T15063] pgsteal 1330 04:20:07 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0xfeffff0700000000, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:07 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00030048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:07 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x541f, 0x0) 04:20:07 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4), 0x0) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:20:07 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127370b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:07 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x6b) [ 1933.382208][T15063] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15062,uid=0 [ 1933.398169][T15063] Memory cgroup out of memory: Killed process 15062 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:35788kB, shmem-rss:0kB, UID:0 04:20:07 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127373b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1933.463307][ T26] audit: type=1400 audit(1564374007.239:1276): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127370B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=15073 comm="syz-executor.1" 04:20:07 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00050048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:07 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4), 0x0) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:20:07 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5420, 0x0) [ 1933.618027][ T26] audit: type=1400 audit(1564374007.379:1277): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127373B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=15083 comm="syz-executor.1" [ 1933.647566][T15082] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:07 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127378b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:07 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc6c050048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1933.828525][T15082] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1933.855860][ T26] audit: type=1400 audit(1564374007.599:1278): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127378B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=15201 comm="syz-executor.1" [ 1933.865383][T15082] CPU: 1 PID: 15082 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1933.900846][T15082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1933.900852][T15082] Call Trace: [ 1933.900877][T15082] dump_stack+0x172/0x1f0 [ 1933.900901][T15082] dump_header+0x177/0x1152 [ 1933.923109][T15082] ? ___ratelimit+0xf8/0x595 [ 1933.927715][T15082] ? trace_hardirqs_on+0x67/0x240 [ 1933.932753][T15082] ? mark_oom_victim.cold+0x18/0x18 [ 1933.937963][T15082] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1933.937989][T15082] ? ___ratelimit+0x60/0x595 [ 1933.949176][T15082] ? do_raw_spin_unlock+0x57/0x270 [ 1933.954328][T15082] oom_kill_process.cold+0x10/0x15 [ 1933.959467][T15082] out_of_memory+0x79a/0x12c0 [ 1933.964160][T15082] ? lock_downgrade+0x920/0x920 [ 1933.969050][T15082] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1933.975309][T15082] ? oom_killer_disable+0x280/0x280 [ 1933.975332][T15082] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1933.975348][T15082] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1933.975367][T15082] ? do_raw_spin_unlock+0x57/0x270 [ 1933.975381][T15082] ? _raw_spin_unlock+0x2d/0x50 [ 1933.975394][T15082] try_charge+0xf4b/0x1440 [ 1933.975412][T15082] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1933.975427][T15082] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1933.975449][T15082] ? __kasan_check_read+0x11/0x20 [ 1933.991927][T15082] ? lock_downgrade+0x920/0x920 [ 1934.028056][T15082] ? percpu_ref_tryget_live+0x111/0x290 [ 1934.033634][T15082] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1934.039629][T15082] ? memcg_kmem_put_cache+0x50/0x50 [ 1934.045054][T15082] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1934.050614][T15082] __memcg_kmem_charge+0x13a/0x3a0 [ 1934.055745][T15082] __alloc_pages_nodemask+0x4f4/0x900 [ 1934.061179][T15082] ? stack_trace_consume_entry+0x190/0x190 [ 1934.066988][T15082] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1934.072881][T15082] ? debug_smp_processor_id+0x3c/0x214 [ 1934.078425][T15082] ? save_stack+0x5c/0x90 [ 1934.082742][T15082] ? save_stack+0x23/0x90 [ 1934.087076][T15082] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1934.092997][T15082] ? kasan_slab_alloc+0xf/0x20 [ 1934.097771][T15082] ? kmem_cache_alloc+0x121/0x710 [ 1934.102810][T15082] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1934.109064][T15082] alloc_pages_current+0x107/0x210 [ 1934.114170][T15082] get_zeroed_page+0x14/0x50 [ 1934.118763][T15082] __pud_alloc+0x3b/0x250 [ 1934.123106][T15082] pud_alloc+0xde/0x150 [ 1934.127259][T15082] copy_page_range+0x383/0x2120 [ 1934.132105][T15082] ? perf_trace_lock+0xeb/0x4c0 [ 1934.136964][T15082] ? __lockdep_free_key_range+0x120/0x120 [ 1934.142690][T15082] ? mark_held_locks+0xf0/0xf0 [ 1934.147444][T15082] ? anon_vma_fork+0x371/0x4a0 [ 1934.152204][T15082] ? dup_mm+0x7cd/0x1430 [ 1934.156457][T15082] ? __kasan_check_read+0x11/0x20 [ 1934.161513][T15082] ? __pmd_alloc+0x460/0x460 [ 1934.166120][T15082] ? lock_downgrade+0x920/0x920 [ 1934.170985][T15082] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1934.176691][T15082] ? validate_mm_rb+0xa3/0xc0 [ 1934.181375][T15082] ? __vma_link_rb+0x275/0x370 [ 1934.186123][T15082] ? __kasan_check_write+0x14/0x20 [ 1934.191237][T15082] dup_mm+0xa67/0x1430 [ 1934.195301][T15082] ? vm_area_dup+0x170/0x170 [ 1934.199876][T15082] ? debug_mutex_init+0x2d/0x5a [ 1934.204715][T15082] copy_process+0x28b7/0x6b00 [ 1934.210017][T15082] ? perf_trace_lock+0xeb/0x4c0 [ 1934.214876][T15082] ? __cleanup_sighand+0x60/0x60 [ 1934.219899][T15082] _do_fork+0x146/0xfa0 [ 1934.224067][T15082] ? copy_init_mm+0x20/0x20 [ 1934.228573][T15082] ? __kasan_check_read+0x11/0x20 [ 1934.233590][T15082] ? _copy_to_user+0x118/0x160 [ 1934.238378][T15082] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1934.244619][T15082] ? put_timespec64+0xda/0x140 [ 1934.249371][T15082] __x64_sys_clone+0x18d/0x250 [ 1934.254121][T15082] ? __ia32_sys_vfork+0xc0/0xc0 [ 1934.258962][T15082] ? trace_hardirqs_off_caller+0x65/0x230 [ 1934.264690][T15082] ? trace_hardirqs_on+0x67/0x240 [ 1934.269708][T15082] do_syscall_64+0xfa/0x760 [ 1934.274206][T15082] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1934.280087][T15082] RIP: 0033:0x459829 [ 1934.283966][T15082] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1934.303565][T15082] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1934.311988][T15082] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1934.319951][T15082] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1934.328027][T15082] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1934.335989][T15082] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1934.344190][T15082] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1934.354620][T15082] memory: usage 307200kB, limit 307200kB, failcnt 102139 [ 1934.362253][T15082] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1934.369761][T15082] Memory cgroup stats for /syz0: [ 1934.369885][T15082] anon 82829312 [ 1934.369885][T15082] file 4096 [ 1934.369885][T15082] kernel_stack 36372480 [ 1934.369885][T15082] slab 44945408 [ 1934.369885][T15082] sock 4096 [ 1934.369885][T15082] shmem 0 [ 1934.369885][T15082] file_mapped 0 [ 1934.369885][T15082] file_dirty 0 [ 1934.369885][T15082] file_writeback 0 [ 1934.369885][T15082] anon_thp 0 [ 1934.369885][T15082] inactive_anon 0 [ 1934.369885][T15082] active_anon 82796544 [ 1934.369885][T15082] inactive_file 32768 [ 1934.369885][T15082] active_file 61440 [ 1934.369885][T15082] unevictable 0 [ 1934.369885][T15082] slab_reclaimable 5541888 [ 1934.369885][T15082] slab_unreclaimable 39403520 [ 1934.369885][T15082] pgfault 155331 [ 1934.369885][T15082] pgmajfault 0 [ 1934.369885][T15082] workingset_refault 495 [ 1934.369885][T15082] workingset_activate 396 [ 1934.369885][T15082] workingset_nodereclaim 0 [ 1934.369885][T15082] pgrefill 22919 [ 1934.369885][T15082] pgscan 23308 [ 1934.369885][T15082] pgsteal 1330 [ 1934.463659][T15082] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14810,uid=0 [ 1934.479607][T15082] Memory cgroup out of memory: Killed process 14810 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1934.495294][ T1057] oom_reaper: reaped process 14810 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1934.513642][T15082] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1934.526713][T15082] CPU: 1 PID: 15082 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1934.535854][T15082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1934.545908][T15082] Call Trace: [ 1934.549205][T15082] dump_stack+0x172/0x1f0 [ 1934.553548][T15082] dump_header+0x177/0x1152 [ 1934.558052][T15082] ? ___ratelimit+0xf8/0x595 [ 1934.562631][T15082] ? trace_hardirqs_on+0x67/0x240 [ 1934.567665][T15082] ? mark_oom_victim.cold+0x18/0x18 [ 1934.572867][T15082] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1934.578683][T15082] ? ___ratelimit+0x60/0x595 [ 1934.583261][T15082] ? do_raw_spin_unlock+0x57/0x270 [ 1934.588541][T15082] oom_kill_process.cold+0x10/0x15 [ 1934.593647][T15082] out_of_memory+0x79a/0x12c0 [ 1934.598927][T15082] ? lock_downgrade+0x920/0x920 [ 1934.603778][T15082] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1934.610107][T15082] ? oom_killer_disable+0x280/0x280 [ 1934.615330][T15082] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1934.620872][T15082] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1934.626515][T15082] ? do_raw_spin_unlock+0x57/0x270 [ 1934.631869][T15082] ? _raw_spin_unlock+0x2d/0x50 [ 1934.636710][T15082] try_charge+0xf4b/0x1440 [ 1934.641235][T15082] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1934.646790][T15082] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1934.653105][T15082] ? __kasan_check_read+0x11/0x20 [ 1934.658310][T15082] ? lock_downgrade+0x920/0x920 [ 1934.663523][T15082] ? percpu_ref_tryget_live+0x111/0x290 [ 1934.669267][T15082] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1934.674908][T15082] ? memcg_kmem_put_cache+0x50/0x50 [ 1934.680098][T15082] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1934.685652][T15082] __memcg_kmem_charge+0x13a/0x3a0 [ 1934.690766][T15082] __alloc_pages_nodemask+0x4f4/0x900 [ 1934.696134][T15082] ? __lockdep_free_key_range+0x120/0x120 [ 1934.701853][T15082] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1934.707573][T15082] ? __pte_alloc+0x1b5/0x310 [ 1934.712164][T15082] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1934.718416][T15082] ? copy_page_range+0x10c2/0x2120 [ 1934.723604][T15082] ? __kasan_check_read+0x11/0x20 [ 1934.728617][T15082] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1934.735012][T15082] alloc_pages_current+0x107/0x210 [ 1934.740233][T15082] pte_alloc_one+0x1b/0x1a0 [ 1934.744736][T15082] __pte_alloc+0x20/0x310 [ 1934.749065][T15082] copy_page_range+0x1610/0x2120 [ 1934.761951][T15082] ? perf_trace_lock+0xeb/0x4c0 [ 1934.766840][T15082] ? __pmd_alloc+0x460/0x460 [ 1934.771440][T15082] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1934.776979][T15082] ? __rb_insert_augmented+0x20c/0xd90 [ 1934.782448][T15082] ? validate_mm_rb+0xa3/0xc0 [ 1934.787132][T15082] ? __vma_link_rb+0x275/0x370 [ 1934.791916][T15082] ? __kasan_check_write+0x14/0x20 [ 1934.797107][T15082] dup_mm+0xa67/0x1430 [ 1934.801174][T15082] ? vm_area_dup+0x170/0x170 [ 1934.805856][T15082] ? debug_mutex_init+0x2d/0x5a [ 1934.810900][T15082] copy_process+0x28b7/0x6b00 [ 1934.815666][T15082] ? perf_trace_lock+0xeb/0x4c0 [ 1934.820512][T15082] ? __cleanup_sighand+0x60/0x60 [ 1934.826177][T15082] _do_fork+0x146/0xfa0 [ 1934.830338][T15082] ? copy_init_mm+0x20/0x20 [ 1934.834835][T15082] ? __kasan_check_read+0x11/0x20 [ 1934.852083][T15082] ? _copy_to_user+0x118/0x160 [ 1934.856836][T15082] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1934.863095][T15082] ? put_timespec64+0xda/0x140 [ 1934.867867][T15082] __x64_sys_clone+0x18d/0x250 [ 1934.872638][T15082] ? __ia32_sys_vfork+0xc0/0xc0 [ 1934.877501][T15082] ? trace_hardirqs_off_caller+0x65/0x230 [ 1934.883215][T15082] ? trace_hardirqs_on+0x67/0x240 [ 1934.888238][T15082] do_syscall_64+0xfa/0x760 [ 1934.892739][T15082] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1934.898629][T15082] RIP: 0033:0x459829 [ 1934.902518][T15082] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1934.922174][T15082] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1934.930581][T15082] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1934.938562][T15082] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1934.946630][T15082] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1934.955731][T15082] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1934.963710][T15082] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1934.975353][T15082] memory: usage 307032kB, limit 307200kB, failcnt 102172 [ 1934.982401][T15082] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1934.989524][T15082] Memory cgroup stats for /syz0: [ 1934.989623][T15082] anon 82829312 [ 1934.989623][T15082] file 4096 [ 1934.989623][T15082] kernel_stack 36372480 [ 1934.989623][T15082] slab 44945408 [ 1934.989623][T15082] sock 4096 [ 1934.989623][T15082] shmem 0 [ 1934.989623][T15082] file_mapped 0 [ 1934.989623][T15082] file_dirty 0 [ 1934.989623][T15082] file_writeback 0 [ 1934.989623][T15082] anon_thp 0 [ 1934.989623][T15082] inactive_anon 0 [ 1934.989623][T15082] active_anon 82796544 [ 1934.989623][T15082] inactive_file 32768 [ 1934.989623][T15082] active_file 61440 [ 1934.989623][T15082] unevictable 0 [ 1934.989623][T15082] slab_reclaimable 5541888 [ 1934.989623][T15082] slab_unreclaimable 39403520 [ 1934.989623][T15082] pgfault 155331 [ 1934.989623][T15082] pgmajfault 0 [ 1934.989623][T15082] workingset_refault 495 [ 1934.989623][T15082] workingset_activate 396 [ 1934.989623][T15082] workingset_nodereclaim 0 [ 1934.989623][T15082] pgrefill 22919 [ 1934.989623][T15082] pgscan 23308 [ 1934.989623][T15082] pgsteal 1330 [ 1935.084916][T15082] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=4453,uid=0 [ 1935.101006][T15082] Memory cgroup out of memory: Killed process 4453 (syz-executor.0) total-vm:72708kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1935.116465][ T1057] oom_reaper: reaped process 4453 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:20:08 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0xffffffff00000000, 0x0, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:08 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xe0) 04:20:08 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5421, 0x0) 04:20:08 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc020e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:08 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x0, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:20:08 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00060048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1935.135710][T15213] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1935.190527][ T26] audit: type=1400 audit(1564374008.969:1279): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC020E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=15217 comm="syz-executor.1" 04:20:09 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5422, 0x0) 04:20:09 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00090048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:09 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc090e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:09 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x0, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1935.437150][T15226] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1935.462310][ T26] audit: type=1400 audit(1564374009.239:1280): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC090E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=15305 comm="syz-executor.1" [ 1935.487221][T15226] CPU: 1 PID: 15226 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1935.505521][T15226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1935.515587][T15226] Call Trace: [ 1935.518894][T15226] dump_stack+0x172/0x1f0 [ 1935.523237][T15226] dump_header+0x177/0x1152 [ 1935.527820][T15226] ? ___ratelimit+0xf8/0x595 [ 1935.532422][T15226] ? trace_hardirqs_on+0x67/0x240 04:20:09 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc590e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1935.537483][T15226] ? mark_oom_victim.cold+0x18/0x18 [ 1935.542693][T15226] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1935.548517][T15226] ? ___ratelimit+0x60/0x595 [ 1935.553124][T15226] ? do_raw_spin_unlock+0x57/0x270 [ 1935.558264][T15226] oom_kill_process.cold+0x10/0x15 [ 1935.563576][T15226] out_of_memory+0x79a/0x12c0 [ 1935.568265][T15226] ? lock_downgrade+0x920/0x920 [ 1935.573129][T15226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1935.579416][T15226] ? oom_killer_disable+0x280/0x280 [ 1935.584622][T15226] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1935.590616][T15226] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1935.596248][T15226] ? do_raw_spin_unlock+0x57/0x270 [ 1935.601519][T15226] ? _raw_spin_unlock+0x2d/0x50 [ 1935.606470][T15226] try_charge+0xf4b/0x1440 [ 1935.611352][T15226] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1935.617195][T15226] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1935.623048][T15226] ? __kasan_check_read+0x11/0x20 [ 1935.628092][T15226] ? lock_downgrade+0x920/0x920 [ 1935.632938][T15226] ? percpu_ref_tryget_live+0x111/0x290 [ 1935.638475][T15226] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1935.645147][T15226] ? memcg_kmem_put_cache+0x50/0x50 [ 1935.650429][T15226] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1935.655976][T15226] __memcg_kmem_charge+0x13a/0x3a0 [ 1935.661088][T15226] __alloc_pages_nodemask+0x4f4/0x900 [ 1935.666562][T15226] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1935.672275][T15226] ? percpu_ref_put_many+0xb6/0x190 [ 1935.677484][T15226] ? trace_hardirqs_on+0x67/0x240 [ 1935.682501][T15226] ? __kasan_check_read+0x11/0x20 [ 1935.687534][T15226] copy_process+0x3f8/0x6b00 [ 1935.692141][T15226] ? __kasan_check_read+0x11/0x20 [ 1935.697188][T15226] ? record_times+0x1e/0x2b0 [ 1935.701775][T15226] ? lock_downgrade+0x920/0x920 [ 1935.706634][T15226] ? __cleanup_sighand+0x60/0x60 [ 1935.711567][T15226] ? perf_trace_lock+0xeb/0x4c0 [ 1935.716426][T15226] ? __lockdep_free_key_range+0x120/0x120 [ 1935.722158][T15226] ? set_task_reclaim_state+0x56/0xb0 [ 1935.727530][T15226] _do_fork+0x146/0xfa0 [ 1935.731686][T15226] ? copy_init_mm+0x20/0x20 [ 1935.736187][T15226] ? lock_downgrade+0x920/0x920 [ 1935.741124][T15226] ? percpu_ref_tryget_live+0x290/0x290 [ 1935.746682][T15226] ? cgroup_file_notify+0x140/0x1b0 [ 1935.751872][T15226] ? blkcg_maybe_throttle_current+0x5fe/0x1030 [ 1935.758018][T15226] __x64_sys_clone+0x18d/0x250 [ 1935.762791][T15226] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1935.769022][T15226] ? __ia32_sys_vfork+0xc0/0xc0 [ 1935.773887][T15226] ? trace_hardirqs_off_caller+0x65/0x230 [ 1935.779624][T15226] ? trace_hardirqs_on+0x67/0x240 [ 1935.784649][T15226] do_syscall_64+0xfa/0x760 [ 1935.789145][T15226] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1935.795030][T15226] RIP: 0033:0x45c1f9 [ 1935.798940][T15226] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1935.818548][T15226] RSP: 002b:00007ffd41fb7008 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1935.827037][T15226] RAX: ffffffffffffffda RBX: 00007f35763f9700 RCX: 000000000045c1f9 [ 1935.834999][T15226] RDX: 00007f35763f99d0 RSI: 00007f35763f8db0 RDI: 00000000003d0f00 [ 1935.842986][T15226] RBP: 00007ffd41fb7220 R08: 00007f35763f9700 R09: 00007f35763f9700 [ 1935.851130][T15226] R10: 00007f35763f99d0 R11: 0000000000000202 R12: 0000000000000000 [ 1935.861209][T15226] R13: 00007ffd41fb70bf R14: 00007f35763f99c0 R15: 000000000075bfd4 04:20:09 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc000a0048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1935.893429][T15226] memory: usage 307172kB, limit 307200kB, failcnt 102210 [ 1935.911255][T15226] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1935.918658][T15226] Memory cgroup stats for /syz0: [ 1935.918752][T15226] anon 82694144 [ 1935.918752][T15226] file 4096 [ 1935.918752][T15226] kernel_stack 36372480 [ 1935.918752][T15226] slab 45080576 [ 1935.918752][T15226] sock 4096 [ 1935.918752][T15226] shmem 0 [ 1935.918752][T15226] file_mapped 0 [ 1935.918752][T15226] file_dirty 0 [ 1935.918752][T15226] file_writeback 0 [ 1935.918752][T15226] anon_thp 0 [ 1935.918752][T15226] inactive_anon 0 [ 1935.918752][T15226] active_anon 82796544 [ 1935.918752][T15226] inactive_file 32768 [ 1935.918752][T15226] active_file 61440 [ 1935.918752][T15226] unevictable 0 [ 1935.918752][T15226] slab_reclaimable 5677056 [ 1935.918752][T15226] slab_unreclaimable 39403520 [ 1935.918752][T15226] pgfault 155430 [ 1935.918752][T15226] pgmajfault 0 [ 1935.918752][T15226] workingset_refault 495 [ 1935.918752][T15226] workingset_activate 396 [ 1935.918752][T15226] workingset_nodereclaim 0 [ 1935.918752][T15226] pgrefill 22985 [ 1935.918752][T15226] pgscan 23341 [ 1935.918752][T15226] pgsteal 1330 [ 1936.069962][T15226] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15214,uid=0 [ 1936.087109][T15226] Memory cgroup out of memory: Killed process 15214 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1936.123442][T15227] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1936.170982][T15227] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1936.181394][T15227] CPU: 1 PID: 15227 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1936.190501][T15227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1936.200580][T15227] Call Trace: [ 1936.204213][T15227] dump_stack+0x172/0x1f0 [ 1936.208623][T15227] dump_header+0x177/0x1152 [ 1936.213181][T15227] ? ___ratelimit+0xf8/0x595 [ 1936.217759][T15227] ? trace_hardirqs_on+0x67/0x240 [ 1936.222793][T15227] ? mark_oom_victim.cold+0x18/0x18 [ 1936.227985][T15227] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1936.233865][T15227] ? ___ratelimit+0x60/0x595 [ 1936.238450][T15227] ? do_raw_spin_unlock+0x57/0x270 [ 1936.243554][T15227] oom_kill_process.cold+0x10/0x15 [ 1936.248657][T15227] out_of_memory+0x79a/0x12c0 [ 1936.253348][T15227] ? lock_downgrade+0x920/0x920 [ 1936.258413][T15227] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1936.264682][T15227] ? oom_killer_disable+0x280/0x280 [ 1936.269886][T15227] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1936.275459][T15227] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1936.281315][T15227] ? do_raw_spin_unlock+0x57/0x270 [ 1936.286420][T15227] ? _raw_spin_unlock+0x2d/0x50 [ 1936.291262][T15227] try_charge+0xf4b/0x1440 [ 1936.295671][T15227] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1936.301204][T15227] ? percpu_ref_tryget_live+0x111/0x290 [ 1936.306740][T15227] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1936.312191][T15227] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1936.317752][T15227] mem_cgroup_try_charge+0x136/0x590 [ 1936.323034][T15227] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1936.328676][T15227] wp_page_copy+0x421/0x15e0 [ 1936.333269][T15227] ? page_trans_huge_mapcount+0x166/0x450 [ 1936.338984][T15227] ? pmd_pfn+0x1d0/0x1d0 [ 1936.343229][T15227] ? lock_downgrade+0x920/0x920 [ 1936.348071][T15227] ? swp_swapcount+0x540/0x540 [ 1936.352841][T15227] ? __kasan_check_read+0x11/0x20 [ 1936.357857][T15227] ? do_raw_spin_unlock+0x57/0x270 [ 1936.362996][T15227] do_wp_page+0x499/0x14d0 [ 1936.367406][T15227] ? finish_mkwrite_fault+0x570/0x570 [ 1936.372804][T15227] __handle_mm_fault+0x22f7/0x3f20 [ 1936.377910][T15227] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1936.383455][T15227] ? __kasan_check_read+0x11/0x20 [ 1936.388512][T15227] ? trace_hardirqs_on+0x67/0x240 [ 1936.393536][T15227] handle_mm_fault+0x1b5/0x6b0 [ 1936.398295][T15227] __do_page_fault+0x536/0xdd0 [ 1936.403064][T15227] do_page_fault+0x38/0x590 [ 1936.407571][T15227] page_fault+0x39/0x40 [ 1936.411710][T15227] RIP: 0033:0x404e9e [ 1936.415619][T15227] Code: 48 8b 55 40 48 8b 75 38 48 8b 7d 30 ff 75 70 ff 75 68 ff 75 60 4c 8b 4d 58 4c 8b 45 50 ff d0 48 83 c4 20 48 89 c3 48 83 fb ff <48> 89 5d 78 41 8b 04 24 0f 85 d4 00 00 00 85 c0 0f 85 cc 00 00 00 [ 1936.435329][T15227] RSP: 002b:00007f3576419c90 EFLAGS: 00010217 [ 1936.441399][T15227] RAX: 0000000000000000 RBX: 0000000000001e9b RCX: 0000000000459829 [ 1936.449446][T15227] RDX: 0000000000404e56 RSI: 0000000000000000 RDI: 0000000000000000 [ 1936.457591][T15227] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1936.465913][T15227] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1936.473874][T15227] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1936.483907][T15227] memory: usage 307200kB, limit 307200kB, failcnt 102259 [ 1936.493738][T15227] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1936.500830][T15227] Memory cgroup stats for /syz0: [ 1936.500947][T15227] anon 82694144 [ 1936.500947][T15227] file 4096 [ 1936.500947][T15227] kernel_stack 36438016 [ 1936.500947][T15227] slab 45080576 [ 1936.500947][T15227] sock 4096 [ 1936.500947][T15227] shmem 0 [ 1936.500947][T15227] file_mapped 0 [ 1936.500947][T15227] file_dirty 0 [ 1936.500947][T15227] file_writeback 0 [ 1936.500947][T15227] anon_thp 0 [ 1936.500947][T15227] inactive_anon 0 [ 1936.500947][T15227] active_anon 82796544 [ 1936.500947][T15227] inactive_file 32768 [ 1936.500947][T15227] active_file 61440 [ 1936.500947][T15227] unevictable 0 [ 1936.500947][T15227] slab_reclaimable 5677056 [ 1936.500947][T15227] slab_unreclaimable 39403520 [ 1936.500947][T15227] pgfault 155463 [ 1936.500947][T15227] pgmajfault 0 [ 1936.500947][T15227] workingset_refault 495 [ 1936.500947][T15227] workingset_activate 396 [ 1936.500947][T15227] workingset_nodereclaim 0 [ 1936.500947][T15227] pgrefill 22985 [ 1936.500947][T15227] pgscan 23341 [ 1936.500947][T15227] pgsteal 1330 [ 1936.595103][T15227] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15365,uid=0 [ 1936.610738][T15227] Memory cgroup out of memory: Killed process 15365 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1936.628216][ T1057] oom_reaper: reaped process 15365 (syz-executor.0), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1936.639700][T15226] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1936.650206][T15226] CPU: 0 PID: 15226 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1936.659316][T15226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1936.669449][T15226] Call Trace: [ 1936.672745][T15226] dump_stack+0x172/0x1f0 [ 1936.677064][T15226] dump_header+0x177/0x1152 [ 1936.681559][T15226] ? ___ratelimit+0xf8/0x595 [ 1936.686150][T15226] ? trace_hardirqs_on+0x67/0x240 [ 1936.691200][T15226] ? mark_oom_victim.cold+0x18/0x18 [ 1936.696390][T15226] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1936.702188][T15226] ? ___ratelimit+0x60/0x595 [ 1936.707399][T15226] ? do_raw_spin_unlock+0x57/0x270 [ 1936.712535][T15226] oom_kill_process.cold+0x10/0x15 [ 1936.717662][T15226] out_of_memory+0x79a/0x12c0 [ 1936.722342][T15226] ? lock_downgrade+0x920/0x920 [ 1936.727197][T15226] ? oom_killer_disable+0x280/0x280 [ 1936.732401][T15226] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1936.737941][T15226] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1936.743594][T15226] ? do_raw_spin_unlock+0x57/0x270 [ 1936.748697][T15226] ? _raw_spin_unlock+0x2d/0x50 [ 1936.753546][T15226] try_charge+0xa2d/0x1440 [ 1936.757969][T15226] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1936.763508][T15226] ? percpu_ref_tryget_live+0x111/0x290 [ 1936.769046][T15226] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1936.774500][T15226] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1936.780144][T15226] mem_cgroup_try_charge+0x136/0x590 [ 1936.785434][T15226] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1936.791068][T15226] wp_page_copy+0x421/0x15e0 [ 1936.795641][T15226] ? page_trans_huge_mapcount+0x166/0x450 [ 1936.801382][T15226] ? pmd_pfn+0x1d0/0x1d0 [ 1936.805632][T15226] ? lock_downgrade+0x920/0x920 [ 1936.810493][T15226] ? swp_swapcount+0x540/0x540 [ 1936.815598][T15226] ? __kasan_check_read+0x11/0x20 [ 1936.820613][T15226] ? do_raw_spin_unlock+0x57/0x270 [ 1936.825728][T15226] do_wp_page+0x499/0x14d0 [ 1936.830160][T15226] ? finish_mkwrite_fault+0x570/0x570 [ 1936.835643][T15226] __handle_mm_fault+0x22f7/0x3f20 [ 1936.847433][T15226] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1936.853013][T15226] ? __kasan_check_read+0x11/0x20 [ 1936.858043][T15226] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1936.864305][T15226] ? sync_mm_rss+0xa4/0x1c0 [ 1936.868805][T15226] handle_mm_fault+0x1b5/0x6b0 [ 1936.873580][T15226] __do_page_fault+0x536/0xdd0 [ 1936.878700][T15226] do_page_fault+0x38/0x590 [ 1936.883542][T15226] page_fault+0x39/0x40 [ 1936.887699][T15226] RIP: 0033:0x415003 [ 1936.891587][T15226] Code: e9 4c 89 e2 ff 74 24 48 4c 8b 4c 24 10 89 ee 4c 8b 44 24 18 48 89 df e8 cb f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 48 f7 d8 <64> 89 04 25 d4 ff ff ff 48 83 c8 ff c3 48 81 ec 98 00 00 00 31 ff [ 1936.911212][T15226] RSP: 002b:00007ffd41fb7138 EFLAGS: 00010213 [ 1936.917333][T15226] RAX: 000000000000006e RBX: 00000000000003e8 RCX: 0000000000459829 [ 1936.925405][T15226] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf2c [ 1936.933373][T15226] RBP: 000000000000002d R08: ffffffffffffffff R09: ffffffffffffffff [ 1936.941355][T15226] R10: 00007ffd41fb7210 R11: 0000000000000246 R12: 000000000075bf20 [ 1936.949324][T15226] R13: 00000000001d8afe R14: 00000000001d8b2b R15: 000000000075bf2c [ 1936.957377][T15226] memory: usage 307032kB, limit 307200kB, failcnt 102271 [ 1936.964472][T15226] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1936.971347][T15226] Memory cgroup stats for /syz0: [ 1936.971464][T15226] anon 82694144 [ 1936.971464][T15226] file 4096 [ 1936.971464][T15226] kernel_stack 36438016 [ 1936.971464][T15226] slab 45080576 [ 1936.971464][T15226] sock 4096 [ 1936.971464][T15226] shmem 0 [ 1936.971464][T15226] file_mapped 0 [ 1936.971464][T15226] file_dirty 0 [ 1936.971464][T15226] file_writeback 0 [ 1936.971464][T15226] anon_thp 0 [ 1936.971464][T15226] inactive_anon 0 [ 1936.971464][T15226] active_anon 82796544 [ 1936.971464][T15226] inactive_file 32768 [ 1936.971464][T15226] active_file 61440 [ 1936.971464][T15226] unevictable 0 [ 1936.971464][T15226] slab_reclaimable 5677056 [ 1936.971464][T15226] slab_unreclaimable 39403520 [ 1936.971464][T15226] pgfault 155463 [ 1936.971464][T15226] pgmajfault 0 [ 1936.971464][T15226] workingset_refault 495 [ 1936.971464][T15226] workingset_activate 396 [ 1936.971464][T15226] workingset_nodereclaim 0 [ 1936.971464][T15226] pgrefill 22985 [ 1936.971464][T15226] pgscan 23341 [ 1936.971464][T15226] pgsteal 1330 04:20:10 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x2, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:10 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xec) 04:20:10 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x0, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:20:10 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5423, 0x0) 04:20:10 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc000b0048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:10 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc630e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1937.065112][T15226] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15226,uid=0 [ 1937.080626][T15226] Memory cgroup out of memory: Killed process 15226 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:35788kB, shmem-rss:0kB, UID:0 [ 1937.096271][ T1057] oom_reaper: reaped process 15226 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 1937.163206][ T26] audit: type=1400 audit(1564374010.939:1281): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC630E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=15373 comm="syz-executor.1" 04:20:11 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc000c0048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:11 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5424, 0x0) 04:20:11 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:20:11 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc03599a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:11 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xfc) [ 1937.400821][T15382] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1937.463497][ T26] audit: type=1400 audit(1564374011.239:1282): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC03599A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=15503 comm="syz-executor.1" [ 1937.478716][T15382] CPU: 1 PID: 15382 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1937.506421][T15382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1937.516479][T15382] Call Trace: [ 1937.519780][T15382] dump_stack+0x172/0x1f0 [ 1937.524133][T15382] dump_header+0x177/0x1152 [ 1937.528645][T15382] ? ___ratelimit+0xf8/0x595 [ 1937.528659][T15382] ? trace_hardirqs_on+0x67/0x240 [ 1937.528672][T15382] ? mark_oom_victim.cold+0x18/0x18 [ 1937.528686][T15382] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1937.528699][T15382] ? ___ratelimit+0x60/0x595 [ 1937.528719][T15382] ? do_raw_spin_unlock+0x57/0x270 [ 1937.559042][T15382] oom_kill_process.cold+0x10/0x15 [ 1937.564180][T15382] out_of_memory+0x79a/0x12c0 [ 1937.568881][T15382] ? lock_downgrade+0x920/0x920 [ 1937.573933][T15382] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1937.580185][T15382] ? oom_killer_disable+0x280/0x280 [ 1937.585450][T15382] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1937.585468][T15382] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1937.585493][T15382] ? do_raw_spin_unlock+0x57/0x270 [ 1937.602268][T15382] ? _raw_spin_unlock+0x2d/0x50 [ 1937.607132][T15382] try_charge+0xf4b/0x1440 04:20:11 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc000e0048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1937.611658][T15382] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1937.617422][T15382] ? percpu_ref_tryget_live+0x111/0x290 [ 1937.622971][T15382] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1937.628459][T15382] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1937.634014][T15382] mem_cgroup_try_charge+0x136/0x590 [ 1937.639310][T15382] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1937.644952][T15382] wp_page_copy+0x421/0x15e0 [ 1937.649546][T15382] ? page_trans_huge_mapcount+0x166/0x450 [ 1937.655279][T15382] ? pmd_pfn+0x1d0/0x1d0 [ 1937.659813][T15382] ? lock_downgrade+0x920/0x920 [ 1937.665304][T15382] ? swp_swapcount+0x540/0x540 [ 1937.670081][T15382] ? psi_memstall_leave+0x12e/0x180 [ 1937.675318][T15382] ? __kasan_check_read+0x11/0x20 [ 1937.680410][T15382] ? do_raw_spin_unlock+0x57/0x270 [ 1937.685595][T15382] do_wp_page+0x499/0x14d0 [ 1937.690550][T15382] ? finish_mkwrite_fault+0x570/0x570 [ 1937.695949][T15382] __handle_mm_fault+0x22f7/0x3f20 [ 1937.701086][T15382] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1937.706676][T15382] ? __kasan_check_read+0x11/0x20 [ 1937.711728][T15382] ? trace_hardirqs_on+0x67/0x240 [ 1937.717003][T15382] handle_mm_fault+0x1b5/0x6b0 [ 1937.721873][T15382] __do_page_fault+0x536/0xdd0 [ 1937.726665][T15382] do_page_fault+0x38/0x590 [ 1937.731198][T15382] page_fault+0x39/0x40 [ 1937.735649][T15382] RIP: 0033:0x432ff8 [ 1937.739634][T15382] Code: 00 0f 85 1f ff ff ff 49 c7 40 38 00 00 00 00 49 c7 40 40 00 00 00 00 e9 0a ff ff ff 66 0f 1f 44 00 00 48 89 ee bf 40 56 71 00 43 cd ff ff 48 85 c0 49 89 c0 0f 85 7b fe ff ff 0f 1f 80 00 00 [ 1937.759261][T15382] RSP: 002b:00007ffd41fb7000 EFLAGS: 00010246 [ 1937.765427][T15382] RAX: 0000000000000000 RBX: 0000000000715640 RCX: 000000000045987a [ 1937.773497][T15382] RDX: 0000000000000011 RSI: 0000000000000110 RDI: 0000000000715640 [ 1937.781479][T15382] RBP: 0000000000000110 R08: ffffffffffffffff R09: 0000000000000000 [ 1937.789555][T15382] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000205b0 [ 1937.798400][T15382] R13: 000055555710fa50 R14: 0000000000000001 R15: 000000000075bfd4 [ 1937.815563][T15382] memory: usage 307200kB, limit 307200kB, failcnt 102324 [ 1937.837671][T15382] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1937.845272][T15382] Memory cgroup stats for /syz0: [ 1937.845397][T15382] anon 82694144 [ 1937.845397][T15382] file 4096 [ 1937.845397][T15382] kernel_stack 36306944 [ 1937.845397][T15382] slab 45080576 [ 1937.845397][T15382] sock 4096 [ 1937.845397][T15382] shmem 0 [ 1937.845397][T15382] file_mapped 0 [ 1937.845397][T15382] file_dirty 0 [ 1937.845397][T15382] file_writeback 0 [ 1937.845397][T15382] anon_thp 0 [ 1937.845397][T15382] inactive_anon 0 [ 1937.845397][T15382] active_anon 82661376 [ 1937.845397][T15382] inactive_file 32768 [ 1937.845397][T15382] active_file 61440 [ 1937.845397][T15382] unevictable 0 [ 1937.845397][T15382] slab_reclaimable 5677056 [ 1937.845397][T15382] slab_unreclaimable 39403520 [ 1937.845397][T15382] pgfault 155529 [ 1937.845397][T15382] pgmajfault 0 [ 1937.845397][T15382] workingset_refault 495 [ 1937.845397][T15382] workingset_activate 396 [ 1937.845397][T15382] workingset_nodereclaim 0 [ 1937.845397][T15382] pgrefill 23117 [ 1937.845397][T15382] pgscan 23473 [ 1937.845397][T15382] pgsteal 1330 [ 1937.853026][T15382] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=21082,uid=0 [ 1937.958281][T15382] Memory cgroup out of memory: Killed process 21082 (syz-executor.0) total-vm:72840kB, anon-rss:148kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1937.986720][ T1057] oom_reaper: reaped process 21082 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1938.002491][T15387] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1938.037292][T15387] CPU: 0 PID: 15387 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1938.046559][T15387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1938.056712][T15387] Call Trace: [ 1938.060007][T15387] dump_stack+0x172/0x1f0 [ 1938.064324][T15387] dump_header+0x177/0x1152 [ 1938.068819][T15387] ? ___ratelimit+0xf8/0x595 [ 1938.073397][T15387] ? trace_hardirqs_on+0x67/0x240 [ 1938.078598][T15387] ? mark_oom_victim.cold+0x18/0x18 [ 1938.083916][T15387] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1938.089724][T15387] ? ___ratelimit+0x60/0x595 [ 1938.094316][T15387] ? do_raw_spin_unlock+0x57/0x270 [ 1938.099431][T15387] oom_kill_process.cold+0x10/0x15 [ 1938.104531][T15387] out_of_memory+0x79a/0x12c0 [ 1938.109201][T15387] ? lock_downgrade+0x920/0x920 [ 1938.114142][T15387] ? oom_killer_disable+0x280/0x280 [ 1938.119352][T15387] ? __kasan_check_read+0x11/0x20 [ 1938.124494][T15387] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1938.130090][T15387] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1938.135882][T15387] ? do_raw_spin_unlock+0x57/0x270 [ 1938.141008][T15387] ? _raw_spin_unlock+0x2d/0x50 [ 1938.145865][T15387] try_charge+0xa2d/0x1440 [ 1938.150274][T15387] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1938.155828][T15387] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1938.161375][T15387] ? __kasan_check_read+0x11/0x20 [ 1938.166412][T15387] ? lock_downgrade+0x920/0x920 [ 1938.171267][T15387] ? percpu_ref_tryget_live+0x111/0x290 [ 1938.176821][T15387] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1938.182293][T15387] ? memcg_kmem_put_cache+0x50/0x50 [ 1938.187485][T15387] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1938.193057][T15387] __memcg_kmem_charge+0x13a/0x3a0 [ 1938.198297][T15387] __alloc_pages_nodemask+0x4f4/0x900 [ 1938.203703][T15387] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1938.209602][T15387] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1938.215852][T15387] ? debug_smp_processor_id+0x3c/0x214 [ 1938.221323][T15387] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1938.227572][T15387] alloc_pages_current+0x107/0x210 [ 1938.232682][T15387] pte_alloc_one+0x1b/0x1a0 [ 1938.237201][T15387] __handle_mm_fault+0x34dd/0x3f20 [ 1938.242344][T15387] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1938.250919][T15387] ? __kasan_check_read+0x11/0x20 [ 1938.256051][T15387] ? trace_hardirqs_on+0x67/0x240 [ 1938.261113][T15387] handle_mm_fault+0x1b5/0x6b0 [ 1938.266200][T15387] __do_page_fault+0x536/0xdd0 [ 1938.270972][T15387] ? page_fault+0x16/0x40 [ 1938.275332][T15387] do_page_fault+0x38/0x590 [ 1938.279836][T15387] page_fault+0x39/0x40 [ 1938.283986][T15387] RIP: 0033:0x459829 [ 1938.287895][T15387] Code: Bad RIP value. [ 1938.291958][T15387] RSP: 002b:00007f3576419c78 EFLAGS: 00010246 [ 1938.298018][T15387] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000459829 [ 1938.306978][T15387] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1938.314956][T15387] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1938.322935][T15387] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1938.330983][T15387] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1938.339548][T15387] memory: usage 307032kB, limit 307200kB, failcnt 102348 [ 1938.347593][T15387] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1938.354579][T15387] Memory cgroup stats for /syz0: [ 1938.354700][T15387] anon 82554880 [ 1938.354700][T15387] file 4096 [ 1938.354700][T15387] kernel_stack 36372480 [ 1938.354700][T15387] slab 45080576 [ 1938.354700][T15387] sock 4096 [ 1938.354700][T15387] shmem 0 [ 1938.354700][T15387] file_mapped 0 [ 1938.354700][T15387] file_dirty 0 [ 1938.354700][T15387] file_writeback 0 [ 1938.354700][T15387] anon_thp 0 [ 1938.354700][T15387] inactive_anon 0 [ 1938.354700][T15387] active_anon 82661376 [ 1938.354700][T15387] inactive_file 32768 [ 1938.354700][T15387] active_file 61440 [ 1938.354700][T15387] unevictable 0 [ 1938.354700][T15387] slab_reclaimable 5677056 [ 1938.354700][T15387] slab_unreclaimable 39403520 [ 1938.354700][T15387] pgfault 155562 [ 1938.354700][T15387] pgmajfault 0 [ 1938.354700][T15387] workingset_refault 495 [ 1938.354700][T15387] workingset_activate 396 [ 1938.354700][T15387] workingset_nodereclaim 0 [ 1938.354700][T15387] pgrefill 23117 [ 1938.354700][T15387] pgscan 23473 [ 1938.354700][T15387] pgsteal 1330 [ 1938.449644][T15387] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2988,uid=0 [ 1938.465079][T15387] Memory cgroup out of memory: Killed process 2988 (syz-executor.0) total-vm:72708kB, anon-rss:152kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1938.480450][ T1057] oom_reaper: reaped process 2988 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1938.483857][T15382] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1938.502503][T15382] CPU: 0 PID: 15382 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1938.511638][T15382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1938.522043][T15382] Call Trace: [ 1938.525346][T15382] dump_stack+0x172/0x1f0 [ 1938.529684][T15382] dump_header+0x177/0x1152 [ 1938.534192][T15382] ? ___ratelimit+0xf8/0x595 [ 1938.538997][T15382] ? trace_hardirqs_on+0x67/0x240 [ 1938.544094][T15382] ? mark_oom_victim.cold+0x18/0x18 [ 1938.549297][T15382] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1938.555476][T15382] ? ___ratelimit+0x60/0x595 [ 1938.560082][T15382] ? do_raw_spin_unlock+0x57/0x270 [ 1938.565217][T15382] oom_kill_process.cold+0x10/0x15 [ 1938.570341][T15382] out_of_memory+0x79a/0x12c0 [ 1938.575033][T15382] ? lock_downgrade+0x920/0x920 [ 1938.579910][T15382] ? oom_killer_disable+0x280/0x280 [ 1938.585124][T15382] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1938.590761][T15382] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1938.596387][T15382] ? do_raw_spin_unlock+0x57/0x270 [ 1938.601492][T15382] ? _raw_spin_unlock+0x2d/0x50 [ 1938.606348][T15382] try_charge+0xf4b/0x1440 [ 1938.610981][T15382] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1938.616683][T15382] ? percpu_ref_tryget_live+0x111/0x290 [ 1938.622229][T15382] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1938.627684][T15382] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1938.633235][T15382] mem_cgroup_try_charge+0x136/0x590 [ 1938.638527][T15382] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1938.644194][T15382] wp_page_copy+0x421/0x15e0 [ 1938.648776][T15382] ? page_trans_huge_mapcount+0x166/0x450 [ 1938.654507][T15382] ? pmd_pfn+0x1d0/0x1d0 [ 1938.658785][T15382] ? lock_downgrade+0x920/0x920 [ 1938.663650][T15382] ? swp_swapcount+0x540/0x540 [ 1938.668424][T15382] ? psi_memstall_leave+0x12e/0x180 [ 1938.673618][T15382] ? __kasan_check_read+0x11/0x20 [ 1938.678974][T15382] ? do_raw_spin_unlock+0x57/0x270 [ 1938.684096][T15382] do_wp_page+0x499/0x14d0 [ 1938.688542][T15382] ? finish_mkwrite_fault+0x570/0x570 [ 1938.693944][T15382] __handle_mm_fault+0x22f7/0x3f20 [ 1938.699068][T15382] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1938.704620][T15382] ? __kasan_check_read+0x11/0x20 [ 1938.709673][T15382] ? trace_hardirqs_on+0x67/0x240 [ 1938.714723][T15382] handle_mm_fault+0x1b5/0x6b0 [ 1938.719684][T15382] __do_page_fault+0x536/0xdd0 [ 1938.724489][T15382] do_page_fault+0x38/0x590 [ 1938.729016][T15382] page_fault+0x39/0x40 [ 1938.733339][T15382] RIP: 0033:0x40c1d8 [ 1938.737231][T15382] Code: 00 00 49 8d be 88 00 00 00 48 89 ea 48 89 de 0f 85 dd 00 00 00 e8 38 2c 00 00 8b 05 32 be 32 00 48 8b 15 c3 42 66 00 83 c0 01 <89> 05 22 be 32 00 89 02 48 83 c4 08 5b 5d 41 5c 41 5d 41 5e 41 5f [ 1938.756835][T15382] RSP: 002b:00007ffd41fb70d0 EFLAGS: 00010202 [ 1938.762903][T15382] RAX: 0000000000000001 RBX: 0000001b32220014 RCX: 0000001b33220000 [ 1938.771006][T15382] RDX: 0000001b32220000 RSI: 0000000000000d6a RDI: ffffffff15a10d69 [ 1938.778993][T15382] RBP: 0000001b32220018 R08: 0000000015a10d69 R09: 0000000015a10d6d [ 1938.786981][T15382] R10: 00007ffd41fb7210 R11: 0000000000000246 R12: 0000001b3222001c [ 1938.794964][T15382] R13: 00000000001d9255 R14: 000000000075bfc8 R15: 000000000075bfd4 [ 1938.803812][T15382] memory: usage 306768kB, limit 307200kB, failcnt 102348 [ 1938.810885][T15382] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1938.817791][T15382] Memory cgroup stats for /syz0: [ 1938.817902][T15382] anon 82554880 [ 1938.817902][T15382] file 4096 [ 1938.817902][T15382] kernel_stack 36372480 [ 1938.817902][T15382] slab 45080576 [ 1938.817902][T15382] sock 4096 [ 1938.817902][T15382] shmem 0 [ 1938.817902][T15382] file_mapped 0 [ 1938.817902][T15382] file_dirty 0 [ 1938.817902][T15382] file_writeback 0 [ 1938.817902][T15382] anon_thp 0 [ 1938.817902][T15382] inactive_anon 0 [ 1938.817902][T15382] active_anon 82661376 [ 1938.817902][T15382] inactive_file 32768 [ 1938.817902][T15382] active_file 61440 [ 1938.817902][T15382] unevictable 0 [ 1938.817902][T15382] slab_reclaimable 5677056 [ 1938.817902][T15382] slab_unreclaimable 39403520 [ 1938.817902][T15382] pgfault 155562 [ 1938.817902][T15382] pgmajfault 0 [ 1938.817902][T15382] workingset_refault 495 [ 1938.817902][T15382] workingset_activate 396 [ 1938.817902][T15382] workingset_nodereclaim 0 [ 1938.817902][T15382] pgrefill 23117 [ 1938.817902][T15382] pgscan 23473 [ 1938.817902][T15382] pgsteal 1330 [ 1938.920925][T15382] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17241,uid=0 04:20:12 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc000f0048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:12 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5425, 0x0) 04:20:12 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x12c) 04:20:12 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x6, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:12 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a590514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:12 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1938.936540][T15382] Memory cgroup out of memory: Killed process 17241 (syz-executor.0) total-vm:72708kB, anon-rss:144kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1938.952043][ T1057] oom_reaper: reaped process 17241 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1938.963887][T15383] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1938.980903][T15622] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:12 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230214289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1939.035337][ T26] audit: type=1400 audit(1564374012.819:1283): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A590514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=15625 comm="syz-executor.1" 04:20:12 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:20:12 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00110048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:12 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5427, 0x0) 04:20:13 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230314289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1939.230344][ T26] audit: type=1400 audit(1564374012.969:1284): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230214289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=15640 comm="syz-executor.1" 04:20:13 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:20:13 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00120048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1939.327302][T15711] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:13 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x144) 04:20:13 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5428, 0x0) [ 1939.415888][ T26] audit: type=1400 audit(1564374013.199:1285): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230314289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=15762 comm="syz-executor.1" [ 1939.497165][T15648] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1939.588191][T15648] CPU: 1 PID: 15648 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1939.597350][T15648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1939.607598][T15648] Call Trace: [ 1939.607629][T15648] dump_stack+0x172/0x1f0 [ 1939.607646][T15648] dump_header+0x177/0x1152 [ 1939.607661][T15648] ? ___ratelimit+0xf8/0x595 [ 1939.607677][T15648] ? trace_hardirqs_on+0x67/0x240 [ 1939.607699][T15648] ? mark_oom_victim.cold+0x18/0x18 [ 1939.634690][T15648] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1939.640626][T15648] ? ___ratelimit+0x60/0x595 [ 1939.645226][T15648] ? do_raw_spin_unlock+0x57/0x270 [ 1939.650357][T15648] oom_kill_process.cold+0x10/0x15 [ 1939.655491][T15648] out_of_memory+0x79a/0x12c0 [ 1939.660185][T15648] ? lock_downgrade+0x920/0x920 [ 1939.665049][T15648] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1939.671305][T15648] ? oom_killer_disable+0x280/0x280 [ 1939.676526][T15648] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1939.682091][T15648] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1939.687753][T15648] ? do_raw_spin_unlock+0x57/0x270 [ 1939.692895][T15648] ? _raw_spin_unlock+0x2d/0x50 [ 1939.697762][T15648] try_charge+0xf4b/0x1440 [ 1939.702197][T15648] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1939.707754][T15648] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1939.713444][T15648] ? __kasan_check_read+0x11/0x20 [ 1939.718482][T15648] ? lock_downgrade+0x920/0x920 [ 1939.723343][T15648] ? percpu_ref_tryget_live+0x111/0x290 [ 1939.728899][T15648] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1939.728913][T15648] ? memcg_kmem_put_cache+0x50/0x50 [ 1939.728926][T15648] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1939.728940][T15648] __memcg_kmem_charge+0x13a/0x3a0 [ 1939.728958][T15648] __alloc_pages_nodemask+0x4f4/0x900 [ 1939.728979][T15648] ? __kasan_check_read+0x11/0x20 [ 1939.761054][T15648] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1939.766769][T15648] ? lock_downgrade+0x920/0x920 [ 1939.771621][T15648] ? __pud_alloc+0x62/0x250 [ 1939.776140][T15648] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1939.782373][T15648] alloc_pages_current+0x107/0x210 [ 1939.787482][T15648] __pmd_alloc+0x41/0x460 [ 1939.791813][T15648] ? pud_alloc+0xbd/0x150 [ 1939.796136][T15648] copy_page_range+0x1769/0x2120 [ 1939.801063][T15648] ? percpu_ref_put_many+0x94/0x190 [ 1939.806287][T15648] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1939.812563][T15648] ? lock_downgrade+0x920/0x920 [ 1939.817405][T15648] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1939.823553][T15648] ? __pmd_alloc+0x460/0x460 [ 1939.828150][T15648] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1939.833690][T15648] ? validate_mm_rb+0xa3/0xc0 [ 1939.838360][T15648] ? __vma_link_rb+0x275/0x370 [ 1939.843125][T15648] dup_mm+0xa67/0x1430 [ 1939.847197][T15648] ? vm_area_dup+0x170/0x170 [ 1939.851778][T15648] ? debug_mutex_init+0x2d/0x5a [ 1939.856634][T15648] copy_process+0x28b7/0x6b00 [ 1939.863271][T15648] ? perf_trace_lock+0xeb/0x4c0 [ 1939.868132][T15648] ? __cleanup_sighand+0x60/0x60 [ 1939.873070][T15648] _do_fork+0x146/0xfa0 [ 1939.877336][T15648] ? copy_init_mm+0x20/0x20 [ 1939.881839][T15648] ? __kasan_check_read+0x11/0x20 [ 1939.886860][T15648] ? _copy_to_user+0x118/0x160 [ 1939.891621][T15648] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1939.897876][T15648] ? put_timespec64+0xda/0x140 [ 1939.902666][T15648] __x64_sys_clone+0x18d/0x250 [ 1939.907428][T15648] ? __ia32_sys_vfork+0xc0/0xc0 [ 1939.912266][T15648] ? trace_hardirqs_off_caller+0x65/0x230 [ 1939.917981][T15648] ? trace_hardirqs_on+0x67/0x240 [ 1939.923009][T15648] do_syscall_64+0xfa/0x760 [ 1939.927513][T15648] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1939.933386][T15648] RIP: 0033:0x459829 [ 1939.937289][T15648] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1939.956977][T15648] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1939.965390][T15648] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1939.973367][T15648] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1939.981359][T15648] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1939.989348][T15648] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1939.997420][T15648] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1940.010091][T15648] memory: usage 307200kB, limit 307200kB, failcnt 102376 [ 1940.017736][T15648] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1940.025254][T15648] Memory cgroup stats for /syz0: [ 1940.025356][T15648] anon 82419712 [ 1940.025356][T15648] file 4096 [ 1940.025356][T15648] kernel_stack 36438016 [ 1940.025356][T15648] slab 45215744 [ 1940.025356][T15648] sock 4096 [ 1940.025356][T15648] shmem 0 [ 1940.025356][T15648] file_mapped 0 [ 1940.025356][T15648] file_dirty 0 [ 1940.025356][T15648] file_writeback 0 [ 1940.025356][T15648] anon_thp 0 [ 1940.025356][T15648] inactive_anon 0 [ 1940.025356][T15648] active_anon 82526208 [ 1940.025356][T15648] inactive_file 32768 [ 1940.025356][T15648] active_file 61440 [ 1940.025356][T15648] unevictable 0 [ 1940.025356][T15648] slab_reclaimable 5677056 [ 1940.025356][T15648] slab_unreclaimable 39538688 [ 1940.025356][T15648] pgfault 155661 [ 1940.025356][T15648] pgmajfault 0 [ 1940.025356][T15648] workingset_refault 495 [ 1940.025356][T15648] workingset_activate 396 [ 1940.025356][T15648] workingset_nodereclaim 0 [ 1940.025356][T15648] pgrefill 23183 [ 1940.025356][T15648] pgscan 23539 [ 1940.025356][T15648] pgsteal 1330 [ 1940.030858][T15648] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15624,uid=0 [ 1940.136574][T15648] Memory cgroup out of memory: Killed process 15624 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1940.155001][ T1057] oom_reaper: reaped process 15624 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1940.181424][T15638] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1940.192985][T15638] CPU: 1 PID: 15638 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1940.202112][T15638] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1940.212174][T15638] Call Trace: [ 1940.215460][T15638] dump_stack+0x172/0x1f0 [ 1940.219782][T15638] dump_header+0x177/0x1152 [ 1940.224295][T15638] ? ___ratelimit+0xf8/0x595 [ 1940.229137][T15638] ? trace_hardirqs_on+0x67/0x240 [ 1940.234158][T15638] ? mark_oom_victim.cold+0x18/0x18 [ 1940.239359][T15638] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1940.245157][T15638] ? ___ratelimit+0x60/0x595 [ 1940.249745][T15638] ? do_raw_spin_unlock+0x57/0x270 [ 1940.254850][T15638] oom_kill_process.cold+0x10/0x15 [ 1940.259972][T15638] out_of_memory+0x79a/0x12c0 [ 1940.264638][T15638] ? lock_downgrade+0x920/0x920 [ 1940.269562][T15638] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1940.275821][T15638] ? oom_killer_disable+0x280/0x280 [ 1940.281106][T15638] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1940.286637][T15638] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1940.292259][T15638] ? do_raw_spin_unlock+0x57/0x270 [ 1940.297396][T15638] ? _raw_spin_unlock+0x2d/0x50 [ 1940.302243][T15638] try_charge+0xf4b/0x1440 [ 1940.306646][T15638] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1940.312206][T15638] ? percpu_ref_tryget_live+0x111/0x290 [ 1940.317847][T15638] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1940.323312][T15638] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1940.328854][T15638] mem_cgroup_try_charge+0x136/0x590 [ 1940.334128][T15638] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1940.339818][T15638] wp_page_copy+0x421/0x15e0 [ 1940.344414][T15638] ? page_trans_huge_mapcount+0x166/0x450 [ 1940.350140][T15638] ? pmd_pfn+0x1d0/0x1d0 [ 1940.354369][T15638] ? lock_downgrade+0x920/0x920 [ 1940.359216][T15638] ? swp_swapcount+0x540/0x540 [ 1940.363971][T15638] ? psi_memstall_leave+0x12e/0x180 [ 1940.369173][T15638] ? __kasan_check_read+0x11/0x20 [ 1940.374190][T15638] ? do_raw_spin_unlock+0x57/0x270 [ 1940.379320][T15638] do_wp_page+0x499/0x14d0 [ 1940.383749][T15638] ? finish_mkwrite_fault+0x570/0x570 [ 1940.389118][T15638] __handle_mm_fault+0x22f7/0x3f20 [ 1940.394217][T15638] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1940.399769][T15638] ? __kasan_check_read+0x11/0x20 [ 1940.404824][T15638] ? trace_hardirqs_on+0x67/0x240 [ 1940.409870][T15638] handle_mm_fault+0x1b5/0x6b0 [ 1940.414710][T15638] __do_page_fault+0x536/0xdd0 [ 1940.419499][T15638] do_page_fault+0x38/0x590 [ 1940.423989][T15638] page_fault+0x39/0x40 [ 1940.428126][T15638] RIP: 0033:0x40cb10 [ 1940.432011][T15638] Code: 50 80 60 20 01 48 89 48 10 48 8b 4c 24 60 48 89 48 18 8b 4c 24 68 89 48 24 8b 4c 24 30 89 48 28 31 c0 48 8b 8c 04 20 01 00 00 <48> 89 8c 02 50 bf 75 00 48 83 c0 08 48 83 f8 48 75 e6 49 63 c6 0f [ 1940.451772][T15638] RSP: 002b:00007ffd41fb7140 EFLAGS: 00010287 [ 1940.457830][T15638] RAX: 0000000000000008 RBX: 0000000000000000 RCX: 0000000000000002 [ 1940.465814][T15638] RDX: 00000000000000a8 RSI: 0000000000000008 RDI: 000000000075bfd0 [ 1940.473774][T15638] RBP: 000000000075bfd4 R08: 00007ffd41fb7200 R09: 00000000007600f0 [ 1940.481738][T15638] R10: 0000000000439880 R11: 0000000000000011 R12: 000000000075bfc8 [ 1940.489715][T15638] R13: 0000000000000003 R14: 0000000000000001 R15: 000000000075bfd4 [ 1940.498483][T15638] memory: usage 307032kB, limit 307200kB, failcnt 102430 [ 1940.505583][T15638] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1940.512439][T15638] Memory cgroup stats for /syz0: [ 1940.512560][T15638] anon 82554880 [ 1940.512560][T15638] file 4096 [ 1940.512560][T15638] kernel_stack 36372480 [ 1940.512560][T15638] slab 45215744 [ 1940.512560][T15638] sock 4096 [ 1940.512560][T15638] shmem 0 [ 1940.512560][T15638] file_mapped 0 [ 1940.512560][T15638] file_dirty 0 [ 1940.512560][T15638] file_writeback 0 [ 1940.512560][T15638] anon_thp 0 [ 1940.512560][T15638] inactive_anon 0 [ 1940.512560][T15638] active_anon 82526208 [ 1940.512560][T15638] inactive_file 32768 [ 1940.512560][T15638] active_file 61440 [ 1940.512560][T15638] unevictable 0 [ 1940.512560][T15638] slab_reclaimable 5677056 [ 1940.512560][T15638] slab_unreclaimable 39538688 [ 1940.512560][T15638] pgfault 155661 [ 1940.512560][T15638] pgmajfault 0 [ 1940.512560][T15638] workingset_refault 495 [ 1940.512560][T15638] workingset_activate 396 [ 1940.512560][T15638] workingset_nodereclaim 0 [ 1940.512560][T15638] pgrefill 23183 [ 1940.512560][T15638] pgscan 23539 [ 1940.512560][T15638] pgsteal 1330 [ 1940.607752][T15638] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15638,uid=0 [ 1940.623260][T15638] Memory cgroup out of memory: Killed process 15638 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:35788kB, shmem-rss:0kB, UID:0 04:20:14 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x8, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:14 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230414289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:14 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:20:14 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5429, 0x0) 04:20:14 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x14c) 04:20:14 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00130048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1940.639486][ T1057] oom_reaper: reaped process 15638 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 04:20:14 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00140048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1940.718161][ T26] audit: type=1400 audit(1564374014.499:1286): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230414289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=15888 comm="syz-executor.1" 04:20:14 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230614289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:14 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5437, 0x0) 04:20:14 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:20:14 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc003f0048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:14 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x1a0) [ 1940.947568][ T26] audit: type=1400 audit(1564374014.729:1287): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230614289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=16004 comm="syz-executor.1" [ 1940.969167][T15999] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1941.114514][T15999] CPU: 1 PID: 15999 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1941.123657][T15999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1941.134256][T15999] Call Trace: [ 1941.134287][T15999] dump_stack+0x172/0x1f0 [ 1941.134305][T15999] dump_header+0x177/0x1152 [ 1941.134319][T15999] ? ___ratelimit+0xf8/0x595 [ 1941.134335][T15999] ? trace_hardirqs_on+0x67/0x240 [ 1941.134347][T15999] ? mark_oom_victim.cold+0x18/0x18 [ 1941.134362][T15999] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1941.134377][T15999] ? ___ratelimit+0x60/0x595 [ 1941.134391][T15999] ? do_raw_spin_unlock+0x57/0x270 [ 1941.134408][T15999] oom_kill_process.cold+0x10/0x15 [ 1941.134424][T15999] out_of_memory+0x79a/0x12c0 [ 1941.134441][T15999] ? lock_downgrade+0x920/0x920 [ 1941.134459][T15999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1941.134473][T15999] ? oom_killer_disable+0x280/0x280 [ 1941.134497][T15999] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1941.134513][T15999] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1941.134539][T15999] ? do_raw_spin_unlock+0x57/0x270 [ 1941.214468][T15999] ? _raw_spin_unlock+0x2d/0x50 [ 1941.214485][T15999] try_charge+0xf4b/0x1440 [ 1941.214507][T15999] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1941.228938][T15999] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1941.228955][T15999] ? __kasan_check_read+0x11/0x20 [ 1941.228978][T15999] ? lock_downgrade+0x920/0x920 [ 1941.250035][T15999] ? percpu_ref_tryget_live+0x111/0x290 [ 1941.256449][T15999] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1941.261924][T15999] ? memcg_kmem_put_cache+0x50/0x50 [ 1941.267137][T15999] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1941.272700][T15999] __memcg_kmem_charge+0x13a/0x3a0 [ 1941.277836][T15999] __alloc_pages_nodemask+0x4f4/0x900 [ 1941.283225][T15999] ? __lockdep_free_key_range+0x120/0x120 [ 1941.289051][T15999] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1941.294804][T15999] ? copy_page_range+0x10c2/0x2120 [ 1941.299925][T15999] ? __kasan_check_read+0x11/0x20 [ 1941.304962][T15999] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1941.311219][T15999] alloc_pages_current+0x107/0x210 [ 1941.316528][T15999] pte_alloc_one+0x1b/0x1a0 [ 1941.321869][T15999] __pte_alloc+0x20/0x310 [ 1941.326236][T15999] copy_page_range+0x1610/0x2120 [ 1941.331226][T15999] ? perf_trace_lock+0xeb/0x4c0 [ 1941.336116][T15999] ? __pmd_alloc+0x460/0x460 [ 1941.340715][T15999] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1941.347004][T15999] ? __rb_insert_augmented+0x20c/0xd90 [ 1941.352474][T15999] ? validate_mm_rb+0xa3/0xc0 [ 1941.357163][T15999] ? __vma_link_rb+0x275/0x370 [ 1941.361940][T15999] ? __kasan_check_write+0x14/0x20 [ 1941.367160][T15999] dup_mm+0xa67/0x1430 [ 1941.371341][T15999] ? vm_area_dup+0x170/0x170 [ 1941.375951][T15999] ? debug_mutex_init+0x2d/0x5a [ 1941.380813][T15999] copy_process+0x28b7/0x6b00 [ 1941.385482][T15999] ? perf_trace_lock+0xeb/0x4c0 [ 1941.390345][T15999] ? __cleanup_sighand+0x60/0x60 [ 1941.395301][T15999] ? __kasan_check_read+0x11/0x20 [ 1941.400321][T15999] ? do_raw_spin_unlock+0x57/0x270 [ 1941.405433][T15999] _do_fork+0x146/0xfa0 [ 1941.409576][T15999] ? copy_init_mm+0x20/0x20 [ 1941.414066][T15999] ? __kasan_check_read+0x11/0x20 [ 1941.419087][T15999] ? _copy_to_user+0x118/0x160 [ 1941.423880][T15999] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1941.430112][T15999] ? put_timespec64+0xda/0x140 [ 1941.434867][T15999] __x64_sys_clone+0x18d/0x250 [ 1941.439624][T15999] ? __ia32_sys_vfork+0xc0/0xc0 [ 1941.444467][T15999] ? trace_hardirqs_off_caller+0x65/0x230 [ 1941.450188][T15999] ? trace_hardirqs_on+0x67/0x240 [ 1941.455224][T15999] do_syscall_64+0xfa/0x760 [ 1941.460166][T15999] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1941.466049][T15999] RIP: 0033:0x459829 [ 1941.469936][T15999] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1941.490424][T15999] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1941.498871][T15999] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1941.506841][T15999] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1941.514844][T15999] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1941.522896][T15999] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1941.530893][T15999] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1941.540423][T15999] memory: usage 307200kB, limit 307200kB, failcnt 102455 [ 1941.550202][T15999] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1941.557177][T15999] Memory cgroup stats for /syz0: [ 1941.557291][T15999] anon 82554880 [ 1941.557291][T15999] file 4096 [ 1941.557291][T15999] kernel_stack 36372480 [ 1941.557291][T15999] slab 45215744 [ 1941.557291][T15999] sock 4096 [ 1941.557291][T15999] shmem 0 [ 1941.557291][T15999] file_mapped 0 [ 1941.557291][T15999] file_dirty 0 [ 1941.557291][T15999] file_writeback 0 [ 1941.557291][T15999] anon_thp 0 [ 1941.557291][T15999] inactive_anon 0 [ 1941.557291][T15999] active_anon 82526208 [ 1941.557291][T15999] inactive_file 32768 [ 1941.557291][T15999] active_file 61440 [ 1941.557291][T15999] unevictable 0 [ 1941.557291][T15999] slab_reclaimable 5677056 [ 1941.557291][T15999] slab_unreclaimable 39538688 [ 1941.557291][T15999] pgfault 155694 [ 1941.557291][T15999] pgmajfault 0 [ 1941.557291][T15999] workingset_refault 495 [ 1941.557291][T15999] workingset_activate 396 [ 1941.557291][T15999] workingset_nodereclaim 0 [ 1941.557291][T15999] pgrefill 23216 [ 1941.557291][T15999] pgscan 23539 [ 1941.557291][T15999] pgsteal 1330 [ 1941.656488][T15999] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15886,uid=0 [ 1941.672061][T15999] Memory cgroup out of memory: Killed process 15886 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1941.687782][ T1057] oom_reaper: reaped process 15886 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1941.710240][T15999] syz-executor.0 invoked oom-killer: gfp_mask=0x402cc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 1941.725167][T15999] CPU: 1 PID: 15999 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1941.734356][T15999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1941.744412][T15999] Call Trace: [ 1941.747744][T15999] dump_stack+0x172/0x1f0 [ 1941.752076][T15999] dump_header+0x177/0x1152 [ 1941.756565][T15999] ? ___ratelimit+0xf8/0x595 [ 1941.761158][T15999] ? trace_hardirqs_on+0x67/0x240 [ 1941.766181][T15999] ? mark_oom_victim.cold+0x18/0x18 [ 1941.771402][T15999] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1941.777193][T15999] ? ___ratelimit+0x60/0x595 [ 1941.781769][T15999] ? do_raw_spin_unlock+0x57/0x270 [ 1941.786886][T15999] oom_kill_process.cold+0x10/0x15 [ 1941.791989][T15999] out_of_memory+0x79a/0x12c0 [ 1941.796694][T15999] ? lock_downgrade+0x920/0x920 [ 1941.802041][T15999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1941.808288][T15999] ? oom_killer_disable+0x280/0x280 [ 1941.813474][T15999] ? __kasan_check_read+0x11/0x20 [ 1941.818818][T15999] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1941.824358][T15999] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1941.830023][T15999] ? do_raw_spin_unlock+0x57/0x270 [ 1941.835136][T15999] ? _raw_spin_unlock+0x2d/0x50 [ 1941.840132][T15999] try_charge+0xf4b/0x1440 [ 1941.844563][T15999] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1941.850192][T15999] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1941.855730][T15999] ? __kasan_check_read+0x11/0x20 [ 1941.862405][T15999] ? lock_downgrade+0x920/0x920 [ 1941.867249][T15999] ? percpu_ref_tryget_live+0x111/0x290 [ 1941.872828][T15999] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1941.878312][T15999] ? memcg_kmem_put_cache+0x50/0x50 [ 1941.883510][T15999] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1941.889226][T15999] __memcg_kmem_charge+0x13a/0x3a0 [ 1941.894335][T15999] __alloc_pages_nodemask+0x4f4/0x900 [ 1941.899724][T15999] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1941.905441][T15999] ? kasan_unpoison_shadow+0x35/0x50 [ 1941.910823][T15999] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1941.917061][T15999] alloc_pages_current+0x107/0x210 [ 1941.922206][T15999] __vmalloc_node_range+0x4a9/0x7d0 [ 1941.927403][T15999] __vmalloc+0x44/0x50 [ 1941.931483][T15999] ? do_replace+0x1d0/0x420 [ 1941.935994][T15999] do_replace+0x1d0/0x420 [ 1941.940441][T15999] ? compat_target_to_user+0x340/0x340 [ 1941.945919][T15999] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1941.952163][T15999] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1941.958403][T15999] ? ns_capable_common+0x93/0x100 [ 1941.963431][T15999] do_ebt_set_ctl+0xec/0x110 [ 1941.968036][T15999] nf_setsockopt+0x77/0xd0 [ 1941.972454][T15999] ip_setsockopt+0xdf/0x100 [ 1941.976946][T15999] udp_setsockopt+0x68/0xb0 [ 1941.981451][T15999] sock_common_setsockopt+0x94/0xd0 [ 1941.986640][T15999] __sys_setsockopt+0x261/0x4c0 [ 1941.991514][T15999] ? sock_create_kern+0x50/0x50 [ 1941.996373][T15999] ? __x64_sys_clock_gettime+0x16d/0x240 [ 1942.001994][T15999] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1942.008079][T15999] __x64_sys_setsockopt+0xbe/0x150 [ 1942.013189][T15999] do_syscall_64+0xfa/0x760 [ 1942.017693][T15999] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1942.023591][T15999] RIP: 0033:0x459829 [ 1942.027469][T15999] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1942.047059][T15999] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1942.055475][T15999] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1942.063437][T15999] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000003 [ 1942.071427][T15999] RBP: 000000000075bf20 R08: 0000000000000220 R09: 0000000000000000 [ 1942.079396][T15999] R10: 0000000020000080 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1942.087360][T15999] R13: 00000000004c792f R14: 00000000004dd280 R15: 00000000ffffffff [ 1942.095636][T15999] memory: usage 307032kB, limit 307200kB, failcnt 102497 [ 1942.102695][T15999] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1942.110106][T15999] Memory cgroup stats for /syz0: [ 1942.110224][T15999] anon 82554880 [ 1942.110224][T15999] file 4096 [ 1942.110224][T15999] kernel_stack 36306944 [ 1942.110224][T15999] slab 45215744 [ 1942.110224][T15999] sock 4096 [ 1942.110224][T15999] shmem 0 [ 1942.110224][T15999] file_mapped 0 [ 1942.110224][T15999] file_dirty 0 [ 1942.110224][T15999] file_writeback 0 [ 1942.110224][T15999] anon_thp 0 [ 1942.110224][T15999] inactive_anon 0 [ 1942.110224][T15999] active_anon 82526208 [ 1942.110224][T15999] inactive_file 32768 [ 1942.110224][T15999] active_file 61440 [ 1942.110224][T15999] unevictable 0 [ 1942.110224][T15999] slab_reclaimable 5677056 [ 1942.110224][T15999] slab_unreclaimable 39538688 [ 1942.110224][T15999] pgfault 155727 [ 1942.110224][T15999] pgmajfault 0 [ 1942.110224][T15999] workingset_refault 495 [ 1942.110224][T15999] workingset_activate 396 [ 1942.110224][T15999] workingset_nodereclaim 0 [ 1942.110224][T15999] pgrefill 23216 [ 1942.110224][T15999] pgscan 23539 [ 1942.110224][T15999] pgsteal 1330 [ 1942.204995][T15999] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=13069,uid=0 [ 1942.220695][T15999] Memory cgroup out of memory: Killed process 13069 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1942.250325][T15999] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:16 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x11, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:16 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230814289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:16 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:20:16 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00400048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:16 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5441, 0x0) 04:20:16 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x1f4) [ 1942.251682][T16145] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1942.260451][T16148] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1942.271687][T16145] CPU: 1 PID: 16145 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1942.288893][T16145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1942.298978][T16145] Call Trace: [ 1942.302288][T16145] dump_stack+0x172/0x1f0 [ 1942.306643][T16145] dump_header+0x177/0x1152 [ 1942.311158][T16145] ? ___ratelimit+0xf8/0x595 [ 1942.315756][T16145] ? trace_hardirqs_on+0x67/0x240 [ 1942.320835][T16145] ? mark_oom_victim.cold+0x18/0x18 [ 1942.326048][T16145] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1942.331963][T16145] ? ___ratelimit+0x60/0x595 [ 1942.336562][T16145] ? do_raw_spin_unlock+0x57/0x270 [ 1942.341695][T16145] oom_kill_process.cold+0x10/0x15 [ 1942.346819][T16145] out_of_memory+0x79a/0x12c0 [ 1942.346834][T16145] ? lock_downgrade+0x920/0x920 [ 1942.346854][T16145] ? oom_killer_disable+0x280/0x280 [ 1942.361666][T16145] ? __kasan_check_read+0x11/0x20 04:20:16 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5450, 0x0) [ 1942.366760][T16145] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1942.366777][T16145] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1942.366801][T16145] ? do_raw_spin_unlock+0x57/0x270 [ 1942.366818][T16145] ? _raw_spin_unlock+0x2d/0x50 [ 1942.366836][T16145] try_charge+0xa2d/0x1440 [ 1942.392394][T16145] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1942.397960][T16145] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1942.403522][T16145] ? __kasan_check_read+0x11/0x20 [ 1942.408560][T16145] ? lock_downgrade+0x920/0x920 [ 1942.413426][T16145] ? percpu_ref_tryget_live+0x111/0x290 [ 1942.419003][T16145] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1942.433681][T16145] ? memcg_kmem_put_cache+0x50/0x50 [ 1942.438889][T16145] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1942.438904][T16145] __memcg_kmem_charge+0x13a/0x3a0 [ 1942.438920][T16145] __alloc_pages_nodemask+0x4f4/0x900 [ 1942.438935][T16145] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1942.438961][T16145] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1942.466916][T16145] ? debug_smp_processor_id+0x3c/0x214 [ 1942.472388][T16145] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1942.478826][T16145] alloc_pages_current+0x107/0x210 [ 1942.483961][T16145] pte_alloc_one+0x1b/0x1a0 [ 1942.488483][T16145] __handle_mm_fault+0x34dd/0x3f20 [ 1942.493617][T16145] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1942.499212][T16145] ? __kasan_check_read+0x11/0x20 [ 1942.504267][T16145] ? trace_hardirqs_on+0x67/0x240 [ 1942.509322][T16145] handle_mm_fault+0x1b5/0x6b0 [ 1942.514108][T16145] __do_page_fault+0x536/0xdd0 04:20:16 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5451, 0x0) [ 1942.518890][T16145] ? page_fault+0x16/0x40 [ 1942.523238][T16145] do_page_fault+0x38/0x590 [ 1942.527797][T16145] page_fault+0x39/0x40 [ 1942.531960][T16145] RIP: 0033:0x459829 [ 1942.535865][T16145] Code: Bad RIP value. [ 1942.539937][T16145] RSP: 002b:00007f3576419c78 EFLAGS: 00010246 [ 1942.546010][T16145] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000459829 [ 1942.553997][T16145] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1942.561980][T16145] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1942.569957][T16145] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1942.577935][T16145] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1942.584481][ T26] audit: type=1400 audit(1564374016.059:1288): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230814289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=16164 comm="syz-executor.1" 04:20:16 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc65580048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:16 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230914289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1942.648754][T16145] memory: usage 307196kB, limit 307200kB, failcnt 102554 04:20:16 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1942.701198][T16145] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1942.734071][T16145] Memory cgroup stats for /syz0: [ 1942.734345][T16145] anon 82690048 [ 1942.734345][T16145] file 4096 [ 1942.734345][T16145] kernel_stack 36372480 [ 1942.734345][T16145] slab 45215744 [ 1942.734345][T16145] sock 4096 [ 1942.734345][T16145] shmem 0 [ 1942.734345][T16145] file_mapped 0 [ 1942.734345][T16145] file_dirty 0 [ 1942.734345][T16145] file_writeback 0 [ 1942.734345][T16145] anon_thp 0 [ 1942.734345][T16145] inactive_anon 0 [ 1942.734345][T16145] active_anon 82526208 [ 1942.734345][T16145] inactive_file 32768 [ 1942.734345][T16145] active_file 61440 [ 1942.734345][T16145] unevictable 0 [ 1942.734345][T16145] slab_reclaimable 5677056 [ 1942.734345][T16145] slab_unreclaimable 39538688 04:20:16 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5452, 0x0) [ 1942.734345][T16145] pgfault 155826 [ 1942.734345][T16145] pgmajfault 0 [ 1942.734345][T16145] workingset_refault 495 [ 1942.734345][T16145] workingset_activate 396 [ 1942.734345][T16145] workingset_nodereclaim 0 [ 1942.734345][T16145] pgrefill 23216 [ 1942.734345][T16145] pgscan 23539 [ 1942.734345][T16145] pgsteal 1330 [ 1942.851560][ T26] audit: type=1400 audit(1564374016.629:1289): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230914289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=16181 comm="syz-executor.1" [ 1942.950811][T16145] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15902,uid=0 [ 1942.999029][T16158] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1943.026284][T16158] CPU: 1 PID: 16158 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1943.035431][T16158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1943.045495][T16158] Call Trace: [ 1943.048810][T16158] dump_stack+0x172/0x1f0 [ 1943.053161][T16158] dump_header+0x177/0x1152 [ 1943.057689][T16158] ? ___ratelimit+0xf8/0x595 [ 1943.062296][T16158] ? trace_hardirqs_on+0x67/0x240 [ 1943.067333][T16158] ? mark_oom_victim.cold+0x18/0x18 [ 1943.072638][T16158] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1943.078461][T16158] ? ___ratelimit+0x60/0x595 [ 1943.083076][T16158] ? do_raw_spin_unlock+0x57/0x270 [ 1943.088203][T16158] oom_kill_process.cold+0x10/0x15 [ 1943.093328][T16158] out_of_memory+0x79a/0x12c0 [ 1943.098026][T16158] ? lock_downgrade+0x920/0x920 [ 1943.102902][T16158] ? oom_killer_disable+0x280/0x280 [ 1943.108120][T16158] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1943.113680][T16158] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1943.119315][T16158] ? do_raw_spin_unlock+0x57/0x270 [ 1943.124424][T16158] ? _raw_spin_unlock+0x2d/0x50 [ 1943.129495][T16158] try_charge+0xf4b/0x1440 [ 1943.133911][T16158] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1943.139450][T16158] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1943.145362][T16158] ? __kasan_check_read+0x11/0x20 [ 1943.150399][T16158] ? lock_downgrade+0x920/0x920 [ 1943.155258][T16158] ? percpu_ref_tryget_live+0x111/0x290 [ 1943.160808][T16158] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1943.166731][T16158] ? memcg_kmem_put_cache+0x50/0x50 [ 1943.171925][T16158] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1943.177680][T16158] __memcg_kmem_charge+0x13a/0x3a0 [ 1943.182787][T16158] __alloc_pages_nodemask+0x4f4/0x900 [ 1943.188182][T16158] ? __lockdep_free_key_range+0x120/0x120 [ 1943.194079][T16158] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1943.199836][T16158] ? copy_page_range+0x10c2/0x2120 [ 1943.204945][T16158] ? __kasan_check_read+0x11/0x20 [ 1943.209981][T16158] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1943.216334][T16158] alloc_pages_current+0x107/0x210 [ 1943.221442][T16158] pte_alloc_one+0x1b/0x1a0 [ 1943.225942][T16158] __pte_alloc+0x20/0x310 [ 1943.230465][T16158] copy_page_range+0x1610/0x2120 [ 1943.235401][T16158] ? perf_trace_lock+0xeb/0x4c0 [ 1943.240433][T16158] ? __pmd_alloc+0x460/0x460 [ 1943.245013][T16158] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1943.250935][T16158] ? __rb_insert_augmented+0x20c/0xd90 [ 1943.256381][T16158] ? validate_mm_rb+0xa3/0xc0 [ 1943.261043][T16158] ? __vma_link_rb+0x275/0x370 [ 1943.265793][T16158] ? __kasan_check_write+0x14/0x20 [ 1943.270910][T16158] dup_mm+0xa67/0x1430 [ 1943.274971][T16158] ? vm_area_dup+0x170/0x170 [ 1943.279570][T16158] ? debug_mutex_init+0x2d/0x5a [ 1943.284415][T16158] copy_process+0x28b7/0x6b00 [ 1943.289089][T16158] ? perf_trace_lock+0xeb/0x4c0 [ 1943.293931][T16158] ? __cleanup_sighand+0x60/0x60 [ 1943.298853][T16158] ? __kasan_check_read+0x11/0x20 [ 1943.303878][T16158] ? do_raw_spin_unlock+0x57/0x270 [ 1943.309007][T16158] _do_fork+0x146/0xfa0 [ 1943.313173][T16158] ? copy_init_mm+0x20/0x20 [ 1943.317670][T16158] ? __kasan_check_read+0x11/0x20 [ 1943.322765][T16158] ? _copy_to_user+0x118/0x160 [ 1943.327547][T16158] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1943.333822][T16158] ? put_timespec64+0xda/0x140 [ 1943.338586][T16158] __x64_sys_clone+0x18d/0x250 [ 1943.343340][T16158] ? __ia32_sys_vfork+0xc0/0xc0 [ 1943.348181][T16158] ? trace_hardirqs_off_caller+0x65/0x230 [ 1943.354173][T16158] ? trace_hardirqs_on+0x67/0x240 [ 1943.359183][T16158] do_syscall_64+0xfa/0x760 [ 1943.363697][T16158] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1943.369663][T16158] RIP: 0033:0x459829 [ 1943.373543][T16158] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1943.393138][T16158] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1943.401543][T16158] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1943.409504][T16158] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1943.417465][T16158] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1943.425424][T16158] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1943.433383][T16158] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1943.442472][T16158] memory: usage 307200kB, limit 307200kB, failcnt 102554 [ 1943.450104][T16158] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1943.457112][T16158] Memory cgroup stats for /syz0: [ 1943.457226][T16158] anon 82690048 [ 1943.457226][T16158] file 4096 [ 1943.457226][T16158] kernel_stack 36372480 [ 1943.457226][T16158] slab 45215744 [ 1943.457226][T16158] sock 4096 [ 1943.457226][T16158] shmem 0 [ 1943.457226][T16158] file_mapped 0 [ 1943.457226][T16158] file_dirty 0 [ 1943.457226][T16158] file_writeback 0 [ 1943.457226][T16158] anon_thp 0 [ 1943.457226][T16158] inactive_anon 0 [ 1943.457226][T16158] active_anon 82526208 [ 1943.457226][T16158] inactive_file 32768 [ 1943.457226][T16158] active_file 61440 [ 1943.457226][T16158] unevictable 0 [ 1943.457226][T16158] slab_reclaimable 5677056 [ 1943.457226][T16158] slab_unreclaimable 39538688 [ 1943.457226][T16158] pgfault 155826 [ 1943.457226][T16158] pgmajfault 0 [ 1943.457226][T16158] workingset_refault 495 [ 1943.457226][T16158] workingset_activate 396 [ 1943.457226][T16158] workingset_nodereclaim 0 [ 1943.457226][T16158] pgrefill 23216 [ 1943.457226][T16158] pgscan 23539 [ 1943.457226][T16158] pgsteal 1330 [ 1943.551000][T16158] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=16147,uid=0 [ 1943.567054][T16158] Memory cgroup out of memory: Killed process 16147 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1943.585674][ T1057] oom_reaper: reaped process 16147 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1943.589293][T16158] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1943.610205][T16158] CPU: 1 PID: 16158 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1943.619329][T16158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1943.629485][T16158] Call Trace: [ 1943.632785][T16158] dump_stack+0x172/0x1f0 [ 1943.637185][T16158] dump_header+0x177/0x1152 [ 1943.641696][T16158] ? ___ratelimit+0xf8/0x595 [ 1943.646298][T16158] ? trace_hardirqs_on+0x67/0x240 [ 1943.651321][T16158] ? mark_oom_victim.cold+0x18/0x18 [ 1943.656510][T16158] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1943.662333][T16158] ? ___ratelimit+0x60/0x595 [ 1943.666938][T16158] ? do_raw_spin_unlock+0x57/0x270 [ 1943.672100][T16158] oom_kill_process.cold+0x10/0x15 [ 1943.677710][T16158] out_of_memory+0x79a/0x12c0 [ 1943.682396][T16158] ? lock_downgrade+0x920/0x920 [ 1943.687256][T16158] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1943.693537][T16158] ? oom_killer_disable+0x280/0x280 [ 1943.698736][T16158] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1943.704374][T16158] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1943.710012][T16158] ? do_raw_spin_unlock+0x57/0x270 [ 1943.715116][T16158] ? _raw_spin_unlock+0x2d/0x50 [ 1943.720986][T16158] try_charge+0xf4b/0x1440 [ 1943.725418][T16158] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1943.730976][T16158] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1943.737073][T16158] ? __kasan_check_read+0x11/0x20 [ 1943.742161][T16158] ? lock_downgrade+0x920/0x920 [ 1943.747007][T16158] ? percpu_ref_tryget_live+0x111/0x290 [ 1943.752552][T16158] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1943.758023][T16158] ? memcg_kmem_put_cache+0x50/0x50 [ 1943.763242][T16158] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1943.768834][T16158] __memcg_kmem_charge+0x13a/0x3a0 [ 1943.773963][T16158] __alloc_pages_nodemask+0x4f4/0x900 [ 1943.779346][T16158] ? __lockdep_free_key_range+0x120/0x120 [ 1943.785054][T16158] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1943.790773][T16158] ? copy_page_range+0x10c2/0x2120 [ 1943.795896][T16158] ? __kasan_check_read+0x11/0x20 [ 1943.800942][T16158] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1943.808044][T16158] alloc_pages_current+0x107/0x210 [ 1943.813150][T16158] pte_alloc_one+0x1b/0x1a0 [ 1943.817697][T16158] __pte_alloc+0x20/0x310 [ 1943.822029][T16158] copy_page_range+0x1610/0x2120 [ 1943.827075][T16158] ? perf_trace_lock+0xeb/0x4c0 [ 1943.831938][T16158] ? __pmd_alloc+0x460/0x460 [ 1943.836512][T16158] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1943.842066][T16158] ? __rb_insert_augmented+0x20c/0xd90 [ 1943.847529][T16158] ? validate_mm_rb+0xa3/0xc0 [ 1943.852221][T16158] ? __vma_link_rb+0x275/0x370 [ 1943.856986][T16158] ? __kasan_check_write+0x14/0x20 [ 1943.863985][T16158] dup_mm+0xa67/0x1430 [ 1943.868052][T16158] ? vm_area_dup+0x170/0x170 [ 1943.872628][T16158] ? debug_mutex_init+0x2d/0x5a [ 1943.877481][T16158] copy_process+0x28b7/0x6b00 [ 1943.882193][T16158] ? perf_trace_lock+0xeb/0x4c0 [ 1943.887041][T16158] ? __cleanup_sighand+0x60/0x60 [ 1943.891970][T16158] ? __kasan_check_read+0x11/0x20 [ 1943.896992][T16158] ? do_raw_spin_unlock+0x57/0x270 [ 1943.902124][T16158] _do_fork+0x146/0xfa0 [ 1943.906284][T16158] ? copy_init_mm+0x20/0x20 [ 1943.910777][T16158] ? __kasan_check_read+0x11/0x20 [ 1943.915925][T16158] ? _copy_to_user+0x118/0x160 [ 1943.920704][T16158] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1943.926950][T16158] ? put_timespec64+0xda/0x140 [ 1943.931731][T16158] __x64_sys_clone+0x18d/0x250 [ 1943.936499][T16158] ? __ia32_sys_vfork+0xc0/0xc0 [ 1943.941347][T16158] ? trace_hardirqs_off_caller+0x65/0x230 [ 1943.947064][T16158] ? trace_hardirqs_on+0x67/0x240 [ 1943.952081][T16158] do_syscall_64+0xfa/0x760 [ 1943.956582][T16158] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1943.962482][T16158] RIP: 0033:0x459829 [ 1943.966380][T16158] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1943.986084][T16158] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1943.994503][T16158] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1944.002491][T16158] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1944.010450][T16158] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1944.018407][T16158] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1944.026364][T16158] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1944.041717][T16158] memory: usage 306928kB, limit 307200kB, failcnt 102560 [ 1944.048842][T16158] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1944.056688][T16158] Memory cgroup stats for /syz0: [ 1944.056818][T16158] anon 82690048 [ 1944.056818][T16158] file 4096 [ 1944.056818][T16158] kernel_stack 36372480 [ 1944.056818][T16158] slab 45215744 [ 1944.056818][T16158] sock 4096 [ 1944.056818][T16158] shmem 0 [ 1944.056818][T16158] file_mapped 0 [ 1944.056818][T16158] file_dirty 0 [ 1944.056818][T16158] file_writeback 0 [ 1944.056818][T16158] anon_thp 0 [ 1944.056818][T16158] inactive_anon 0 [ 1944.056818][T16158] active_anon 82526208 [ 1944.056818][T16158] inactive_file 32768 [ 1944.056818][T16158] active_file 61440 [ 1944.056818][T16158] unevictable 0 [ 1944.056818][T16158] slab_reclaimable 5677056 [ 1944.056818][T16158] slab_unreclaimable 39538688 [ 1944.056818][T16158] pgfault 155826 [ 1944.056818][T16158] pgmajfault 0 [ 1944.056818][T16158] workingset_refault 495 [ 1944.056818][T16158] workingset_activate 396 [ 1944.056818][T16158] workingset_nodereclaim 0 [ 1944.056818][T16158] pgrefill 23216 [ 1944.056818][T16158] pgscan 23539 [ 1944.056818][T16158] pgsteal 1330 [ 1944.151266][T16158] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=27166,uid=0 [ 1944.167285][T16158] Memory cgroup out of memory: Killed process 27166 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1944.182809][ T1057] oom_reaper: reaped process 27166 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:20:18 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x48, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:18 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00600048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:18 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x545d, 0x0) 04:20:18 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230a14289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:18 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x300) 04:20:18 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1944.200668][T16158] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1944.215283][T16301] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:18 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc58650048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1944.285056][ T26] audit: type=1400 audit(1564374018.059:1290): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230A14289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=16305 comm="syz-executor.1" 04:20:18 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230b14289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:18 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x5460, 0x0) 04:20:18 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1944.490234][ T26] audit: type=1400 audit(1564374018.269:1291): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230B14289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=16371 comm="syz-executor.1" [ 1944.522675][T16319] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 04:20:18 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc056c0048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:18 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230c14289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1944.591785][T16319] CPU: 0 PID: 16319 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1944.600935][T16319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1944.611009][T16319] Call Trace: [ 1944.614402][T16319] dump_stack+0x172/0x1f0 [ 1944.618754][T16319] dump_header+0x177/0x1152 [ 1944.623313][T16319] ? ___ratelimit+0xf8/0x595 [ 1944.627915][T16319] ? trace_hardirqs_on+0x67/0x240 [ 1944.632951][T16319] ? mark_oom_victim.cold+0x18/0x18 [ 1944.638248][T16319] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1944.644073][T16319] ? ___ratelimit+0x60/0x595 [ 1944.648679][T16319] ? do_raw_spin_unlock+0x57/0x270 [ 1944.653846][T16319] oom_kill_process.cold+0x10/0x15 [ 1944.658974][T16319] out_of_memory+0x79a/0x12c0 [ 1944.663668][T16319] ? lock_downgrade+0x920/0x920 [ 1944.668575][T16319] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1944.674830][T16319] ? oom_killer_disable+0x280/0x280 [ 1944.680056][T16319] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1944.685614][T16319] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1944.691260][T16319] ? do_raw_spin_unlock+0x57/0x270 [ 1944.696383][T16319] ? _raw_spin_unlock+0x2d/0x50 [ 1944.696400][T16319] try_charge+0xf4b/0x1440 [ 1944.696418][T16319] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1944.696431][T16319] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1944.696445][T16319] ? __kasan_check_read+0x11/0x20 [ 1944.696466][T16319] ? lock_downgrade+0x920/0x920 [ 1944.696489][T16319] ? percpu_ref_tryget_live+0x111/0x290 [ 1944.705761][T16319] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1944.737686][T16319] ? memcg_kmem_put_cache+0x50/0x50 [ 1944.742901][T16319] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1944.748721][T16319] __memcg_kmem_charge+0x13a/0x3a0 [ 1944.753841][T16319] __alloc_pages_nodemask+0x4f4/0x900 [ 1944.759234][T16319] ? __lockdep_free_key_range+0x120/0x120 [ 1944.764969][T16319] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1944.770705][T16319] ? __pte_alloc+0x1b5/0x310 [ 1944.775311][T16319] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1944.781565][T16319] ? copy_page_range+0x10c2/0x2120 [ 1944.786687][T16319] ? __kasan_check_read+0x11/0x20 [ 1944.791731][T16319] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1944.797983][T16319] alloc_pages_current+0x107/0x210 [ 1944.803205][T16319] pte_alloc_one+0x1b/0x1a0 [ 1944.807728][T16319] __pte_alloc+0x20/0x310 [ 1944.812070][T16319] copy_page_range+0x1610/0x2120 [ 1944.817023][T16319] ? perf_trace_lock+0xeb/0x4c0 [ 1944.821904][T16319] ? __pmd_alloc+0x460/0x460 [ 1944.826506][T16319] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1944.832077][T16319] ? __rb_insert_augmented+0x20c/0xd90 [ 1944.837549][T16319] ? validate_mm_rb+0xa3/0xc0 [ 1944.842229][T16319] ? __vma_link_rb+0x275/0x370 [ 1944.847259][T16319] ? __kasan_check_write+0x14/0x20 [ 1944.859922][T16319] dup_mm+0xa67/0x1430 [ 1944.863993][T16319] ? vm_area_dup+0x170/0x170 [ 1944.868575][T16319] ? debug_mutex_init+0x2d/0x5a [ 1944.873418][T16319] copy_process+0x28b7/0x6b00 [ 1944.878092][T16319] ? perf_trace_lock+0xeb/0x4c0 [ 1944.892843][T16319] ? __cleanup_sighand+0x60/0x60 [ 1944.897795][T16319] ? __kasan_check_read+0x11/0x20 [ 1944.902834][T16319] ? do_raw_spin_unlock+0x57/0x270 [ 1944.907940][T16319] _do_fork+0x146/0xfa0 [ 1944.912082][T16319] ? copy_init_mm+0x20/0x20 [ 1944.916614][T16319] ? __kasan_check_read+0x11/0x20 [ 1944.921637][T16319] ? _copy_to_user+0x118/0x160 [ 1944.926389][T16319] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1944.933592][T16319] ? put_timespec64+0xda/0x140 [ 1944.938526][T16319] __x64_sys_clone+0x18d/0x250 [ 1944.943283][T16319] ? __ia32_sys_vfork+0xc0/0xc0 [ 1944.948135][T16319] ? trace_hardirqs_off_caller+0x65/0x230 [ 1944.953860][T16319] ? trace_hardirqs_on+0x67/0x240 [ 1944.958878][T16319] do_syscall_64+0xfa/0x760 [ 1944.963375][T16319] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1944.970521][T16319] RIP: 0033:0x459829 [ 1944.974403][T16319] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1944.994020][T16319] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1945.002454][T16319] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1945.010430][T16319] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1945.018420][T16319] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1945.026416][T16319] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1945.034377][T16319] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1945.044447][T16319] memory: usage 307200kB, limit 307200kB, failcnt 102593 [ 1945.052256][T16319] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1945.060852][T16319] Memory cgroup stats for /syz0: [ 1945.060972][T16319] anon 82554880 [ 1945.060972][T16319] file 4096 [ 1945.060972][T16319] kernel_stack 36372480 [ 1945.060972][T16319] slab 45215744 [ 1945.060972][T16319] sock 4096 [ 1945.060972][T16319] shmem 0 [ 1945.060972][T16319] file_mapped 0 [ 1945.060972][T16319] file_dirty 0 [ 1945.060972][T16319] file_writeback 0 [ 1945.060972][T16319] anon_thp 0 [ 1945.060972][T16319] inactive_anon 0 [ 1945.060972][T16319] active_anon 82526208 [ 1945.060972][T16319] inactive_file 32768 [ 1945.060972][T16319] active_file 61440 [ 1945.060972][T16319] unevictable 0 [ 1945.060972][T16319] slab_reclaimable 5677056 [ 1945.060972][T16319] slab_unreclaimable 39538688 [ 1945.060972][T16319] pgfault 155925 [ 1945.060972][T16319] pgmajfault 0 [ 1945.060972][T16319] workingset_refault 495 [ 1945.060972][T16319] workingset_activate 396 [ 1945.060972][T16319] workingset_nodereclaim 0 [ 1945.060972][T16319] pgrefill 23216 [ 1945.060972][T16319] pgscan 23572 [ 1945.060972][T16319] pgsteal 1330 [ 1945.155437][T16319] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=16303,uid=0 [ 1945.170995][T16319] Memory cgroup out of memory: Killed process 16303 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1945.186535][ T1057] oom_reaper: reaped process 16303 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1945.214182][T16318] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1945.225281][T16318] CPU: 0 PID: 16318 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1945.234411][T16318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1945.244474][T16318] Call Trace: [ 1945.247779][T16318] dump_stack+0x172/0x1f0 [ 1945.252122][T16318] dump_header+0x177/0x1152 [ 1945.256625][T16318] ? ___ratelimit+0xf8/0x595 [ 1945.261213][T16318] ? trace_hardirqs_on+0x67/0x240 [ 1945.266254][T16318] ? mark_oom_victim.cold+0x18/0x18 [ 1945.271470][T16318] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1945.277306][T16318] ? ___ratelimit+0x60/0x595 [ 1945.281899][T16318] ? do_raw_spin_unlock+0x57/0x270 [ 1945.287021][T16318] oom_kill_process.cold+0x10/0x15 [ 1945.292144][T16318] out_of_memory+0x79a/0x12c0 [ 1945.296835][T16318] ? lock_downgrade+0x920/0x920 [ 1945.301719][T16318] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1945.307969][T16318] ? oom_killer_disable+0x280/0x280 [ 1945.313170][T16318] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1945.318720][T16318] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1945.324379][T16318] ? do_raw_spin_unlock+0x57/0x270 [ 1945.329512][T16318] ? _raw_spin_unlock+0x2d/0x50 [ 1945.334357][T16318] try_charge+0xf4b/0x1440 [ 1945.338769][T16318] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1945.344323][T16318] ? percpu_ref_tryget_live+0x111/0x290 [ 1945.349884][T16318] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1945.355354][T16318] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1945.360995][T16318] mem_cgroup_try_charge+0x136/0x590 [ 1945.366331][T16318] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1945.371983][T16318] wp_page_copy+0x421/0x15e0 [ 1945.376590][T16318] ? page_trans_huge_mapcount+0x166/0x450 [ 1945.382327][T16318] ? pmd_pfn+0x1d0/0x1d0 [ 1945.386574][T16318] ? lock_downgrade+0x920/0x920 [ 1945.391439][T16318] ? swp_swapcount+0x540/0x540 [ 1945.396214][T16318] ? psi_memstall_leave+0x12e/0x180 [ 1945.401530][T16318] ? __kasan_check_read+0x11/0x20 [ 1945.406559][T16318] ? do_raw_spin_unlock+0x57/0x270 [ 1945.406576][T16318] do_wp_page+0x499/0x14d0 [ 1945.406592][T16318] ? finish_mkwrite_fault+0x570/0x570 [ 1945.406612][T16318] __handle_mm_fault+0x22f7/0x3f20 [ 1945.406629][T16318] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1945.406641][T16318] ? __kasan_check_read+0x11/0x20 [ 1945.406664][T16318] ? trace_hardirqs_on+0x67/0x240 [ 1945.406684][T16318] handle_mm_fault+0x1b5/0x6b0 [ 1945.406705][T16318] __do_page_fault+0x536/0xdd0 [ 1945.451907][T16318] do_page_fault+0x38/0x590 [ 1945.456432][T16318] page_fault+0x39/0x40 [ 1945.460594][T16318] RIP: 0033:0x40cb3c [ 1945.464577][T16318] Code: 8c 02 50 bf 75 00 48 83 c0 08 48 83 f8 48 75 e6 49 63 c6 0f b6 4c 24 5b 48 69 c0 a8 00 00 00 88 88 c0 bf 75 00 e8 54 69 ff ff <83> 05 c1 34 55 00 01 80 7c 24 59 00 74 0b f6 44 24 18 01 0f 84 00 [ 1945.484186][T16318] RSP: 002b:00007ffd41fb7140 EFLAGS: 00010217 [ 1945.490261][T16318] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000459829 [ 1945.498275][T16318] RDX: 0000000000000000 RSI: 0000000000000081 RDI: 000000000075bfd0 [ 1945.506423][T16318] RBP: 000000000075bfd4 R08: 00007f35763f9700 R09: ffffffffffffffff [ 1945.514508][T16318] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000075bfc8 [ 1945.522479][T16318] R13: 0000000000000003 R14: 0000000000000001 R15: 000000000075bfd4 [ 1945.530692][T16318] memory: usage 307040kB, limit 307200kB, failcnt 102630 [ 1945.537769][T16318] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1945.544704][T16318] Memory cgroup stats for /syz0: [ 1945.544835][T16318] anon 82554880 [ 1945.544835][T16318] file 4096 [ 1945.544835][T16318] kernel_stack 36372480 [ 1945.544835][T16318] slab 45215744 [ 1945.544835][T16318] sock 4096 [ 1945.544835][T16318] shmem 0 [ 1945.544835][T16318] file_mapped 0 [ 1945.544835][T16318] file_dirty 0 [ 1945.544835][T16318] file_writeback 0 [ 1945.544835][T16318] anon_thp 0 [ 1945.544835][T16318] inactive_anon 0 [ 1945.544835][T16318] active_anon 82526208 [ 1945.544835][T16318] inactive_file 32768 [ 1945.544835][T16318] active_file 61440 [ 1945.544835][T16318] unevictable 0 [ 1945.544835][T16318] slab_reclaimable 5677056 [ 1945.544835][T16318] slab_unreclaimable 39538688 [ 1945.544835][T16318] pgfault 155925 [ 1945.544835][T16318] pgmajfault 0 [ 1945.544835][T16318] workingset_refault 495 [ 1945.544835][T16318] workingset_activate 396 [ 1945.544835][T16318] workingset_nodereclaim 0 [ 1945.544835][T16318] pgrefill 23216 [ 1945.544835][T16318] pgscan 23572 [ 1945.544835][T16318] pgsteal 1330 04:20:19 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x88, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:19 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00810048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:19 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x6364, 0x0) 04:20:19 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230d14289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:19 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x368) 04:20:19 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1945.639276][T16318] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=15742,uid=0 [ 1945.656819][T16318] Memory cgroup out of memory: Killed process 15742 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1945.678629][T16319] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1945.748906][ T26] audit: type=1400 audit(1564374019.529:1292): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230D14289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=16456 comm="syz-executor.1" 04:20:19 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230e14289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:19 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x700f, 0x0) 04:20:19 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00f00048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1945.914098][ T26] audit: type=1400 audit(1564374019.689:1293): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230E14289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=16469 comm="syz-executor.1" [ 1946.004702][T16468] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1946.020296][T16468] CPU: 1 PID: 16468 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1946.029452][T16468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1946.039534][T16468] Call Trace: [ 1946.042848][T16468] dump_stack+0x172/0x1f0 [ 1946.047198][T16468] dump_header+0x177/0x1152 [ 1946.051720][T16468] ? ___ratelimit+0xf8/0x595 [ 1946.056337][T16468] ? trace_hardirqs_on+0x67/0x240 [ 1946.061378][T16468] ? mark_oom_victim.cold+0x18/0x18 [ 1946.066591][T16468] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1946.072414][T16468] ? ___ratelimit+0x60/0x595 [ 1946.077020][T16468] ? do_raw_spin_unlock+0x57/0x270 [ 1946.082165][T16468] oom_kill_process.cold+0x10/0x15 [ 1946.087290][T16468] out_of_memory+0x79a/0x12c0 [ 1946.087307][T16468] ? lock_downgrade+0x920/0x920 [ 1946.087324][T16468] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 04:20:19 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000049000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:19 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc0000006b000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1946.087339][T16468] ? oom_killer_disable+0x280/0x280 [ 1946.087363][T16468] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1946.113886][T16468] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1946.119722][T16468] ? do_raw_spin_unlock+0x57/0x270 [ 1946.124849][T16468] ? _raw_spin_unlock+0x2d/0x50 [ 1946.129714][T16468] try_charge+0xf4b/0x1440 [ 1946.134148][T16468] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1946.139724][T16468] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1946.145290][T16468] ? __kasan_check_read+0x11/0x20 [ 1946.150427][T16468] ? lock_downgrade+0x920/0x920 04:20:19 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00020048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1946.155296][T16468] ? percpu_ref_tryget_live+0x111/0x290 [ 1946.160869][T16468] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1946.166347][T16468] ? memcg_kmem_put_cache+0x50/0x50 [ 1946.171571][T16468] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1946.177144][T16468] __memcg_kmem_charge+0x13a/0x3a0 [ 1946.182278][T16468] __alloc_pages_nodemask+0x4f4/0x900 [ 1946.187660][T16468] ? __lockdep_free_key_range+0x120/0x120 [ 1946.193412][T16468] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1946.199160][T16468] ? __pte_alloc+0x1b5/0x310 [ 1946.203775][T16468] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1946.210040][T16468] ? copy_page_range+0x10c2/0x2120 [ 1946.215164][T16468] ? __kasan_check_read+0x11/0x20 [ 1946.220212][T16468] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1946.226474][T16468] alloc_pages_current+0x107/0x210 [ 1946.231597][T16468] pte_alloc_one+0x1b/0x1a0 [ 1946.236099][T16468] __pte_alloc+0x20/0x310 [ 1946.240439][T16468] copy_page_range+0x1610/0x2120 [ 1946.245379][T16468] ? perf_trace_lock+0xeb/0x4c0 [ 1946.250248][T16468] ? __pmd_alloc+0x460/0x460 [ 1946.254827][T16468] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1946.260389][T16468] ? __rb_insert_augmented+0x20c/0xd90 [ 1946.265855][T16468] ? validate_mm_rb+0xa3/0xc0 [ 1946.270529][T16468] ? __vma_link_rb+0x275/0x370 [ 1946.275292][T16468] ? __kasan_check_write+0x14/0x20 [ 1946.280412][T16468] dup_mm+0xa67/0x1430 [ 1946.284516][T16468] ? vm_area_dup+0x170/0x170 [ 1946.289095][T16468] ? debug_mutex_init+0x2d/0x5a [ 1946.294059][T16468] copy_process+0x28b7/0x6b00 [ 1946.298728][T16468] ? perf_trace_lock+0xeb/0x4c0 [ 1946.303588][T16468] ? __cleanup_sighand+0x60/0x60 [ 1946.308538][T16468] ? __kasan_check_read+0x11/0x20 [ 1946.313571][T16468] ? do_raw_spin_unlock+0x57/0x270 [ 1946.318693][T16468] _do_fork+0x146/0xfa0 [ 1946.322858][T16468] ? copy_init_mm+0x20/0x20 [ 1946.327357][T16468] ? __kasan_check_read+0x11/0x20 [ 1946.332579][T16468] ? _copy_to_user+0x118/0x160 [ 1946.337343][T16468] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1946.343578][T16468] ? put_timespec64+0xda/0x140 [ 1946.348352][T16468] __x64_sys_clone+0x18d/0x250 [ 1946.353167][T16468] ? __ia32_sys_vfork+0xc0/0xc0 [ 1946.358033][T16468] ? trace_hardirqs_off_caller+0x65/0x230 [ 1946.363761][T16468] ? trace_hardirqs_on+0x67/0x240 [ 1946.368874][T16468] do_syscall_64+0xfa/0x760 [ 1946.373398][T16468] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1946.379288][T16468] RIP: 0033:0x459829 [ 1946.383180][T16468] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1946.402786][T16468] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1946.411224][T16468] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1946.419201][T16468] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1946.427179][T16468] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1946.435143][T16468] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1946.443122][T16468] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1946.495213][T16468] memory: usage 307200kB, limit 307200kB, failcnt 102668 [ 1946.502300][T16468] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1946.509231][T16468] Memory cgroup stats for /syz0: [ 1946.509347][T16468] anon 82690048 [ 1946.509347][T16468] file 4096 [ 1946.509347][T16468] kernel_stack 36306944 [ 1946.509347][T16468] slab 45215744 [ 1946.509347][T16468] sock 4096 [ 1946.509347][T16468] shmem 0 [ 1946.509347][T16468] file_mapped 0 [ 1946.509347][T16468] file_dirty 0 [ 1946.509347][T16468] file_writeback 0 [ 1946.509347][T16468] anon_thp 0 [ 1946.509347][T16468] inactive_anon 0 [ 1946.509347][T16468] active_anon 82526208 [ 1946.509347][T16468] inactive_file 32768 [ 1946.509347][T16468] active_file 61440 [ 1946.509347][T16468] unevictable 0 [ 1946.509347][T16468] slab_reclaimable 5677056 [ 1946.509347][T16468] slab_unreclaimable 39538688 [ 1946.509347][T16468] pgfault 155991 [ 1946.509347][T16468] pgmajfault 0 [ 1946.509347][T16468] workingset_refault 495 [ 1946.509347][T16468] workingset_activate 396 [ 1946.509347][T16468] workingset_nodereclaim 0 [ 1946.509347][T16468] pgrefill 23349 [ 1946.509347][T16468] pgscan 23704 [ 1946.509347][T16468] pgsteal 1330 [ 1946.604121][T16468] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=16452,uid=0 [ 1946.620001][T16468] Memory cgroup out of memory: Killed process 16452 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1946.655389][T16468] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1946.679597][T16468] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1946.692231][T16468] CPU: 0 PID: 16468 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1946.701361][T16468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1946.711408][T16468] Call Trace: [ 1946.714709][T16468] dump_stack+0x172/0x1f0 [ 1946.719045][T16468] dump_header+0x177/0x1152 [ 1946.723543][T16468] ? ___ratelimit+0xf8/0x595 [ 1946.728120][T16468] ? trace_hardirqs_on+0x67/0x240 [ 1946.733140][T16468] ? mark_oom_victim.cold+0x18/0x18 [ 1946.738420][T16468] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1946.744228][T16468] ? ___ratelimit+0x60/0x595 [ 1946.748811][T16468] ? do_raw_spin_unlock+0x57/0x270 [ 1946.753916][T16468] oom_kill_process.cold+0x10/0x15 [ 1946.759032][T16468] out_of_memory+0x79a/0x12c0 [ 1946.763702][T16468] ? lock_downgrade+0x920/0x920 [ 1946.768546][T16468] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1946.774778][T16468] ? oom_killer_disable+0x280/0x280 [ 1946.779971][T16468] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1946.785513][T16468] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1946.791151][T16468] ? do_raw_spin_unlock+0x57/0x270 [ 1946.796255][T16468] ? _raw_spin_unlock+0x2d/0x50 [ 1946.801095][T16468] try_charge+0xf4b/0x1440 [ 1946.805509][T16468] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1946.811044][T16468] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1946.816603][T16468] ? __kasan_check_read+0x11/0x20 [ 1946.821625][T16468] ? lock_downgrade+0x920/0x920 [ 1946.826496][T16468] ? percpu_ref_tryget_live+0x111/0x290 [ 1946.832066][T16468] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1946.837536][T16468] ? memcg_kmem_put_cache+0x50/0x50 [ 1946.842769][T16468] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1946.848323][T16468] __memcg_kmem_charge+0x13a/0x3a0 [ 1946.853425][T16468] __alloc_pages_nodemask+0x4f4/0x900 [ 1946.858795][T16468] ? __lockdep_free_key_range+0x120/0x120 [ 1946.864510][T16468] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1946.870268][T16468] ? __pte_alloc+0x1b5/0x310 [ 1946.874860][T16468] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1946.881100][T16468] ? copy_page_range+0x10c2/0x2120 [ 1946.886206][T16468] ? __kasan_check_read+0x11/0x20 [ 1946.891217][T16468] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1946.897456][T16468] alloc_pages_current+0x107/0x210 [ 1946.902568][T16468] pte_alloc_one+0x1b/0x1a0 [ 1946.907076][T16468] __pte_alloc+0x20/0x310 [ 1946.911409][T16468] copy_page_range+0x1610/0x2120 [ 1946.916372][T16468] ? perf_trace_lock+0xeb/0x4c0 [ 1946.921240][T16468] ? __pmd_alloc+0x460/0x460 [ 1946.925943][T16468] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1946.931623][T16468] ? __rb_insert_augmented+0x20c/0xd90 [ 1946.937097][T16468] ? validate_mm_rb+0xa3/0xc0 [ 1946.941791][T16468] ? __vma_link_rb+0x275/0x370 [ 1946.946593][T16468] ? __kasan_check_write+0x14/0x20 [ 1946.951734][T16468] dup_mm+0xa67/0x1430 [ 1946.955830][T16468] ? vm_area_dup+0x170/0x170 [ 1946.960548][T16468] ? debug_mutex_init+0x2d/0x5a [ 1946.967305][T16468] copy_process+0x28b7/0x6b00 [ 1946.971973][T16468] ? perf_trace_lock+0xeb/0x4c0 [ 1946.976821][T16468] ? __cleanup_sighand+0x60/0x60 [ 1946.981757][T16468] _do_fork+0x146/0xfa0 [ 1946.985906][T16468] ? copy_init_mm+0x20/0x20 [ 1946.990415][T16468] ? __kasan_check_read+0x11/0x20 [ 1946.995449][T16468] ? _copy_to_user+0x118/0x160 [ 1947.000509][T16468] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1947.006744][T16468] ? put_timespec64+0xda/0x140 [ 1947.011514][T16468] __x64_sys_clone+0x18d/0x250 [ 1947.016299][T16468] ? __ia32_sys_vfork+0xc0/0xc0 [ 1947.021146][T16468] ? trace_hardirqs_off_caller+0x65/0x230 [ 1947.026853][T16468] ? trace_hardirqs_on+0x67/0x240 [ 1947.031870][T16468] do_syscall_64+0xfa/0x760 [ 1947.036381][T16468] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1947.042273][T16468] RIP: 0033:0x459829 [ 1947.046160][T16468] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1947.065754][T16468] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1947.074154][T16468] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1947.082113][T16468] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1947.090070][T16468] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1947.098036][T16468] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1947.106002][T16468] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1947.116316][T16468] memory: usage 307196kB, limit 307200kB, failcnt 102697 [ 1947.123475][T16468] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1947.130399][T16468] Memory cgroup stats for /syz0: [ 1947.130525][T16468] anon 82550784 [ 1947.130525][T16468] file 4096 [ 1947.130525][T16468] kernel_stack 36372480 [ 1947.130525][T16468] slab 45215744 [ 1947.130525][T16468] sock 4096 [ 1947.130525][T16468] shmem 0 [ 1947.130525][T16468] file_mapped 0 [ 1947.130525][T16468] file_dirty 0 [ 1947.130525][T16468] file_writeback 0 [ 1947.130525][T16468] anon_thp 0 [ 1947.130525][T16468] inactive_anon 0 [ 1947.130525][T16468] active_anon 82526208 [ 1947.130525][T16468] inactive_file 32768 [ 1947.130525][T16468] active_file 61440 [ 1947.130525][T16468] unevictable 0 [ 1947.130525][T16468] slab_reclaimable 5677056 [ 1947.130525][T16468] slab_unreclaimable 39538688 [ 1947.130525][T16468] pgfault 156090 [ 1947.130525][T16468] pgmajfault 0 [ 1947.130525][T16468] workingset_refault 495 04:20:21 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x600, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:21 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00030048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:21 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x3e8) 04:20:21 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8912, 0x0) 04:20:21 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a235914289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:21 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1947.130525][T16468] workingset_activate 396 [ 1947.130525][T16468] workingset_nodereclaim 0 [ 1947.130525][T16468] pgrefill 23349 [ 1947.130525][T16468] pgscan 23704 [ 1947.130525][T16468] pgsteal 1363 [ 1947.224039][T16468] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=16465,uid=0 [ 1947.240432][T16468] Memory cgroup out of memory: Killed process 16465 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:35788kB, shmem-rss:0kB, UID:0 04:20:21 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00040048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:21 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a235d14289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1947.320529][ T26] audit: type=1400 audit(1564374021.099:1294): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A235914289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=16603 comm="syz-executor.1" 04:20:21 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8933, 0x0) 04:20:21 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00050048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1947.517417][ T26] audit: type=1400 audit(1564374021.239:1295): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A235D14289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=16611 comm="syz-executor.1" [ 1947.555848][T16610] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1947.579737][T16610] CPU: 1 PID: 16610 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1947.588913][T16610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1947.598981][T16610] Call Trace: [ 1947.602290][T16610] dump_stack+0x172/0x1f0 [ 1947.606747][T16610] dump_header+0x177/0x1152 [ 1947.611307][T16610] ? ___ratelimit+0xf8/0x595 04:20:21 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00060048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1947.616047][T16610] ? trace_hardirqs_on+0x67/0x240 [ 1947.621183][T16610] ? mark_oom_victim.cold+0x18/0x18 [ 1947.626401][T16610] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1947.632229][T16610] ? ___ratelimit+0x60/0x595 [ 1947.636841][T16610] ? do_raw_spin_unlock+0x57/0x270 [ 1947.641976][T16610] oom_kill_process.cold+0x10/0x15 [ 1947.647115][T16610] out_of_memory+0x79a/0x12c0 [ 1947.651859][T16610] ? lock_downgrade+0x920/0x920 [ 1947.656741][T16610] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1947.663006][T16610] ? oom_killer_disable+0x280/0x280 04:20:21 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00080048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1947.668239][T16610] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1947.673814][T16610] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1947.679470][T16610] ? do_raw_spin_unlock+0x57/0x270 [ 1947.684632][T16610] ? _raw_spin_unlock+0x2d/0x50 [ 1947.689511][T16610] try_charge+0xf4b/0x1440 [ 1947.693959][T16610] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1947.699528][T16610] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1947.705084][T16610] ? __kasan_check_read+0x11/0x20 [ 1947.710129][T16610] ? lock_downgrade+0x920/0x920 [ 1947.715003][T16610] ? percpu_ref_tryget_live+0x111/0x290 [ 1947.720567][T16610] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1947.726049][T16610] ? memcg_kmem_put_cache+0x50/0x50 [ 1947.731268][T16610] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1947.736842][T16610] __memcg_kmem_charge+0x13a/0x3a0 [ 1947.741979][T16610] __alloc_pages_nodemask+0x4f4/0x900 [ 1947.747374][T16610] ? __lockdep_free_key_range+0x120/0x120 [ 1947.753105][T16610] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1947.758878][T16610] ? retint_kernel+0x2b/0x2b [ 1947.763514][T16610] ? copy_page_range+0x10c2/0x2120 [ 1947.768621][T16610] ? __kasan_check_read+0x11/0x20 [ 1947.773647][T16610] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1947.779893][T16610] alloc_pages_current+0x107/0x210 [ 1947.784998][T16610] pte_alloc_one+0x1b/0x1a0 [ 1947.789509][T16610] __pte_alloc+0x20/0x310 [ 1947.793841][T16610] copy_page_range+0x1610/0x2120 [ 1947.798860][T16610] ? perf_trace_lock+0xeb/0x4c0 [ 1947.803821][T16610] ? __pmd_alloc+0x460/0x460 [ 1947.808423][T16610] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1947.813980][T16610] ? __rb_insert_augmented+0x20c/0xd90 [ 1947.819439][T16610] ? validate_mm_rb+0xa3/0xc0 [ 1947.824112][T16610] ? __vma_link_rb+0x275/0x370 [ 1947.828890][T16610] ? __kasan_check_write+0x14/0x20 [ 1947.834011][T16610] dup_mm+0xa67/0x1430 [ 1947.838101][T16610] ? vm_area_dup+0x170/0x170 [ 1947.842691][T16610] ? debug_mutex_init+0x2d/0x5a [ 1947.847926][T16610] copy_process+0x28b7/0x6b00 [ 1947.852607][T16610] ? perf_trace_lock+0xeb/0x4c0 [ 1947.857465][T16610] ? __cleanup_sighand+0x60/0x60 [ 1947.864256][T16610] ? __kasan_check_read+0x11/0x20 [ 1947.869279][T16610] ? do_raw_spin_unlock+0x57/0x270 [ 1947.874398][T16610] _do_fork+0x146/0xfa0 [ 1947.878555][T16610] ? copy_init_mm+0x20/0x20 [ 1947.883049][T16610] ? __kasan_check_read+0x11/0x20 [ 1947.888069][T16610] ? _copy_to_user+0x118/0x160 [ 1947.892858][T16610] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1947.899114][T16610] ? put_timespec64+0xda/0x140 [ 1947.903909][T16610] __x64_sys_clone+0x18d/0x250 [ 1947.908705][T16610] ? __ia32_sys_vfork+0xc0/0xc0 [ 1947.913576][T16610] ? trace_hardirqs_off_caller+0x65/0x230 [ 1947.919284][T16610] ? trace_hardirqs_on+0x67/0x240 [ 1947.924313][T16610] do_syscall_64+0xfa/0x760 [ 1947.928828][T16610] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1947.934727][T16610] RIP: 0033:0x459829 [ 1947.938642][T16610] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1947.958253][T16610] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1947.966663][T16610] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1947.974624][T16610] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1947.982617][T16610] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1947.990583][T16610] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1947.998548][T16610] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1948.009506][T16610] memory: usage 307200kB, limit 307200kB, failcnt 102740 [ 1948.051585][T16610] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1948.058762][T16610] Memory cgroup stats for /syz0: [ 1948.058881][T16610] anon 82550784 [ 1948.058881][T16610] file 4096 [ 1948.058881][T16610] kernel_stack 36372480 [ 1948.058881][T16610] slab 45350912 [ 1948.058881][T16610] sock 4096 [ 1948.058881][T16610] shmem 0 [ 1948.058881][T16610] file_mapped 0 [ 1948.058881][T16610] file_dirty 0 [ 1948.058881][T16610] file_writeback 0 [ 1948.058881][T16610] anon_thp 0 [ 1948.058881][T16610] inactive_anon 0 [ 1948.058881][T16610] active_anon 82661376 [ 1948.058881][T16610] inactive_file 32768 [ 1948.058881][T16610] active_file 61440 [ 1948.058881][T16610] unevictable 0 [ 1948.058881][T16610] slab_reclaimable 5812224 [ 1948.058881][T16610] slab_unreclaimable 39538688 [ 1948.058881][T16610] pgfault 156123 [ 1948.058881][T16610] pgmajfault 0 [ 1948.058881][T16610] workingset_refault 495 [ 1948.058881][T16610] workingset_activate 396 [ 1948.058881][T16610] workingset_nodereclaim 0 [ 1948.058881][T16610] pgrefill 23482 [ 1948.058881][T16610] pgscan 23838 [ 1948.058881][T16610] pgsteal 1363 [ 1948.153440][T16610] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=10685,uid=0 [ 1948.169611][T16610] Memory cgroup out of memory: Killed process 10685 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1948.186119][ T1057] oom_reaper: reaped process 10685 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1948.228470][T16605] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1948.248615][T16605] CPU: 1 PID: 16605 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1948.257783][T16605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1948.267887][T16605] Call Trace: [ 1948.271196][T16605] dump_stack+0x172/0x1f0 [ 1948.275529][T16605] dump_header+0x177/0x1152 [ 1948.280041][T16605] ? ___ratelimit+0xf8/0x595 [ 1948.284615][T16605] ? trace_hardirqs_on+0x67/0x240 [ 1948.289629][T16605] ? mark_oom_victim.cold+0x18/0x18 [ 1948.294854][T16605] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1948.300669][T16605] ? ___ratelimit+0x60/0x595 [ 1948.305245][T16605] ? do_raw_spin_unlock+0x57/0x270 [ 1948.310345][T16605] oom_kill_process.cold+0x10/0x15 [ 1948.315448][T16605] out_of_memory+0x79a/0x12c0 [ 1948.320109][T16605] ? lock_downgrade+0x920/0x920 [ 1948.324966][T16605] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1948.331219][T16605] ? oom_killer_disable+0x280/0x280 [ 1948.336406][T16605] ? __kasan_check_read+0x11/0x20 [ 1948.341417][T16605] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1948.346954][T16605] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1948.352603][T16605] ? do_raw_spin_unlock+0x57/0x270 [ 1948.357713][T16605] ? _raw_spin_unlock+0x2d/0x50 [ 1948.362653][T16605] try_charge+0xf4b/0x1440 [ 1948.367102][T16605] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1948.372663][T16605] ? percpu_ref_tryget_live+0x111/0x290 [ 1948.378238][T16605] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1948.383696][T16605] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1948.389256][T16605] mem_cgroup_try_charge+0x136/0x590 [ 1948.394533][T16605] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1948.400189][T16605] __handle_mm_fault+0x1e3a/0x3f20 [ 1948.405301][T16605] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1948.410845][T16605] ? __kasan_check_read+0x11/0x20 [ 1948.415876][T16605] ? trace_hardirqs_on+0x67/0x240 [ 1948.420894][T16605] handle_mm_fault+0x1b5/0x6b0 [ 1948.425650][T16605] __do_page_fault+0x536/0xdd0 [ 1948.430423][T16605] do_page_fault+0x38/0x590 [ 1948.435273][T16605] page_fault+0x39/0x40 [ 1948.439460][T16605] RIP: 0033:0x45c1dd [ 1948.443363][T16605] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 30 8e fb ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 1948.462963][T16605] RSP: 002b:00007ffd41fb7008 EFLAGS: 00010202 [ 1948.469045][T16605] RAX: ffffffffffffffea RBX: 00007f35763f9700 RCX: 00007f35763f9700 [ 1948.477030][T16605] RDX: 00000000003d0f00 RSI: 00007f35763f8db0 RDI: 0000000000410560 [ 1948.484991][T16605] RBP: 00007ffd41fb7220 R08: 00007f35763f99d0 R09: 00007f35763f9700 [ 1948.492955][T16605] R10: 00007f35763f8dc0 R11: 0000000000000246 R12: 0000000000000000 [ 1948.500922][T16605] R13: 00007ffd41fb70bf R14: 00007f35763f99c0 R15: 000000000075bfd4 [ 1948.509973][T16605] memory: usage 307036kB, limit 307200kB, failcnt 102784 [ 1948.517078][T16605] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1948.523941][T16605] Memory cgroup stats for /syz0: [ 1948.524030][T16605] anon 82550784 [ 1948.524030][T16605] file 4096 [ 1948.524030][T16605] kernel_stack 36372480 [ 1948.524030][T16605] slab 45350912 [ 1948.524030][T16605] sock 4096 [ 1948.524030][T16605] shmem 0 [ 1948.524030][T16605] file_mapped 0 [ 1948.524030][T16605] file_dirty 0 [ 1948.524030][T16605] file_writeback 0 [ 1948.524030][T16605] anon_thp 0 [ 1948.524030][T16605] inactive_anon 0 [ 1948.524030][T16605] active_anon 82661376 [ 1948.524030][T16605] inactive_file 32768 [ 1948.524030][T16605] active_file 61440 [ 1948.524030][T16605] unevictable 0 [ 1948.524030][T16605] slab_reclaimable 5812224 [ 1948.524030][T16605] slab_unreclaimable 39538688 [ 1948.524030][T16605] pgfault 156123 [ 1948.524030][T16605] pgmajfault 0 [ 1948.524030][T16605] workingset_refault 495 [ 1948.524030][T16605] workingset_activate 396 [ 1948.524030][T16605] workingset_nodereclaim 0 [ 1948.524030][T16605] pgrefill 23482 [ 1948.524030][T16605] pgscan 23838 [ 1948.524030][T16605] pgsteal 1363 [ 1948.618361][T16605] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=8301,uid=0 [ 1948.635735][T16605] Memory cgroup out of memory: Killed process 8301 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1948.656052][T16610] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1948.666925][T16610] CPU: 1 PID: 16610 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1948.676055][T16610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1948.686117][T16610] Call Trace: [ 1948.689433][T16610] dump_stack+0x172/0x1f0 [ 1948.693807][T16610] dump_header+0x177/0x1152 [ 1948.698326][T16610] ? ___ratelimit+0xf8/0x595 [ 1948.702924][T16610] ? trace_hardirqs_on+0x67/0x240 [ 1948.707951][T16610] ? mark_oom_victim.cold+0x18/0x18 [ 1948.713169][T16610] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1948.718991][T16610] ? ___ratelimit+0x60/0x595 [ 1948.723583][T16610] ? do_raw_spin_unlock+0x57/0x270 [ 1948.728716][T16610] oom_kill_process.cold+0x10/0x15 [ 1948.733841][T16610] out_of_memory+0x79a/0x12c0 [ 1948.738524][T16610] ? lock_downgrade+0x920/0x920 [ 1948.743476][T16610] ? oom_killer_disable+0x280/0x280 [ 1948.748694][T16610] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1948.754265][T16610] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1948.759911][T16610] ? do_raw_spin_unlock+0x57/0x270 [ 1948.765050][T16610] ? _raw_spin_unlock+0x2d/0x50 [ 1948.769908][T16610] try_charge+0xa2d/0x1440 [ 1948.774335][T16610] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1948.779887][T16610] ? percpu_ref_tryget_live+0x111/0x290 [ 1948.785450][T16610] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1948.790921][T16610] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1948.796561][T16610] mem_cgroup_try_charge+0x136/0x590 [ 1948.801861][T16610] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1948.807507][T16610] wp_page_copy+0x421/0x15e0 [ 1948.812100][T16610] ? page_trans_huge_mapcount+0x166/0x450 [ 1948.818375][T16610] ? pmd_pfn+0x1d0/0x1d0 [ 1948.822627][T16610] ? lock_downgrade+0x920/0x920 [ 1948.827486][T16610] ? swp_swapcount+0x540/0x540 [ 1948.832260][T16610] ? __kasan_check_read+0x11/0x20 [ 1948.838623][T16610] ? do_raw_spin_unlock+0x57/0x270 [ 1948.849326][T16610] do_wp_page+0x499/0x14d0 [ 1948.853785][T16610] ? finish_mkwrite_fault+0x570/0x570 [ 1948.859184][T16610] __handle_mm_fault+0x22f7/0x3f20 [ 1948.864305][T16610] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1948.869857][T16610] ? __kasan_check_read+0x11/0x20 [ 1948.874899][T16610] ? trace_hardirqs_on+0x67/0x240 [ 1948.879947][T16610] handle_mm_fault+0x1b5/0x6b0 [ 1948.884726][T16610] __do_page_fault+0x536/0xdd0 [ 1948.889613][T16610] do_page_fault+0x38/0x590 [ 1948.894127][T16610] page_fault+0x39/0x40 [ 1948.898286][T16610] RIP: 0033:0x404f08 [ 1948.902188][T16610] Code: 85 02 00 00 80 3d 8f b5 66 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 7c b5 66 00 39 45 24 0f 84 e7 01 00 00 44 8b a5 80 00 00 00 b3 d5 ff ff 48 2b 05 fc 30 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 1948.921820][T16610] RSP: 002b:00007f3576419c90 EFLAGS: 00010246 [ 1948.929197][T16610] RAX: 00007f357841b000 RBX: 0000000000001ebc RCX: 0000000000459829 [ 1948.937175][T16610] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 [ 1948.945159][T16610] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1948.953147][T16610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1948.961126][T16610] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1948.972809][T16610] memory: usage 306920kB, limit 307200kB, failcnt 102785 [ 1948.973416][T16745] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1948.983926][T16610] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1948.995493][T16610] Memory cgroup stats for /syz0: [ 1948.995608][T16610] anon 82550784 [ 1948.995608][T16610] file 4096 [ 1948.995608][T16610] kernel_stack 36372480 [ 1948.995608][T16610] slab 45350912 [ 1948.995608][T16610] sock 4096 [ 1948.995608][T16610] shmem 0 [ 1948.995608][T16610] file_mapped 0 [ 1948.995608][T16610] file_dirty 0 [ 1948.995608][T16610] file_writeback 0 [ 1948.995608][T16610] anon_thp 0 [ 1948.995608][T16610] inactive_anon 0 [ 1948.995608][T16610] active_anon 82526208 [ 1948.995608][T16610] inactive_file 32768 [ 1948.995608][T16610] active_file 61440 [ 1948.995608][T16610] unevictable 0 [ 1948.995608][T16610] slab_reclaimable 5812224 [ 1948.995608][T16610] slab_unreclaimable 39538688 [ 1948.995608][T16610] pgfault 156156 [ 1948.995608][T16610] pgmajfault 0 [ 1948.995608][T16610] workingset_refault 495 [ 1948.995608][T16610] workingset_activate 396 [ 1948.995608][T16610] workingset_nodereclaim 0 [ 1948.995608][T16610] pgrefill 23482 [ 1948.995608][T16610] pgscan 23838 [ 1948.995608][T16610] pgsteal 1363 [ 1949.089332][T16610] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=4914,uid=0 [ 1949.104795][T16610] Memory cgroup out of memory: Killed process 4914 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1949.120202][ T1057] oom_reaper: reaped process 4914 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1949.133628][T16745] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1949.135310][T16742] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1949.154675][T16742] CPU: 0 PID: 16742 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1949.163794][T16742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1949.173858][T16742] Call Trace: [ 1949.177194][T16742] dump_stack+0x172/0x1f0 [ 1949.181534][T16742] dump_header+0x177/0x1152 [ 1949.186051][T16742] ? ___ratelimit+0xf8/0x595 [ 1949.190663][T16742] ? trace_hardirqs_on+0x67/0x240 [ 1949.195709][T16742] ? mark_oom_victim.cold+0x18/0x18 [ 1949.200922][T16742] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1949.206745][T16742] ? ___ratelimit+0x60/0x595 [ 1949.211343][T16742] ? do_raw_spin_unlock+0x57/0x270 [ 1949.216504][T16742] oom_kill_process.cold+0x10/0x15 [ 1949.221628][T16742] out_of_memory+0x79a/0x12c0 [ 1949.226323][T16742] ? lock_downgrade+0x920/0x920 04:20:22 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x1100, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:22 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00090048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:22 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xae01, 0x0) 04:20:22 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230559289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:22 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x3ec) 04:20:22 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, 0x0, 0x0) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1949.231195][T16742] ? oom_killer_disable+0x280/0x280 [ 1949.236409][T16742] ? __kasan_check_read+0x11/0x20 [ 1949.241458][T16742] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1949.247030][T16742] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1949.252771][T16742] ? do_raw_spin_unlock+0x57/0x270 [ 1949.257903][T16742] ? _raw_spin_unlock+0x2d/0x50 [ 1949.262765][T16742] try_charge+0xa2d/0x1440 [ 1949.267201][T16742] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1949.272758][T16742] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1949.278317][T16742] ? __kasan_check_read+0x11/0x20 04:20:23 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514259d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1949.283348][T16742] ? lock_downgrade+0x920/0x920 [ 1949.288202][T16742] ? percpu_ref_tryget_live+0x111/0x290 [ 1949.293760][T16742] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1949.299231][T16742] ? memcg_kmem_put_cache+0x50/0x50 [ 1949.304442][T16742] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1949.310002][T16742] __memcg_kmem_charge+0x13a/0x3a0 [ 1949.315123][T16742] __alloc_pages_nodemask+0x4f4/0x900 [ 1949.318597][ T26] audit: type=1400 audit(1564374022.999:1296): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230559289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=16748 comm="syz-executor.1" [ 1949.320509][T16742] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1949.359610][T16742] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1949.365869][T16742] ? debug_smp_processor_id+0x3c/0x214 [ 1949.371345][T16742] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1949.377605][T16742] alloc_pages_current+0x107/0x210 [ 1949.382730][T16742] pte_alloc_one+0x1b/0x1a0 [ 1949.387264][T16742] __handle_mm_fault+0x34dd/0x3f20 [ 1949.392489][T16742] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1949.398051][T16742] ? __kasan_check_read+0x11/0x20 [ 1949.403098][T16742] ? trace_hardirqs_on+0x67/0x240 [ 1949.408405][T16742] handle_mm_fault+0x1b5/0x6b0 [ 1949.413185][T16742] __do_page_fault+0x536/0xdd0 [ 1949.417954][T16742] ? page_fault+0x16/0x40 [ 1949.422310][T16742] do_page_fault+0x38/0x590 [ 1949.426832][T16742] page_fault+0x39/0x40 [ 1949.430992][T16742] RIP: 0033:0x459829 04:20:23 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x3f9) [ 1949.434902][T16742] Code: Bad RIP value. [ 1949.438971][T16742] RSP: 002b:00007f3576419c78 EFLAGS: 00010246 [ 1949.445044][T16742] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000459829 [ 1949.453139][T16742] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1949.461116][T16742] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1949.469122][T16742] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 04:20:23 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514599d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1949.477108][ T26] audit: type=1400 audit(1564374023.209:1297): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514259D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=16838 comm="syz-executor.1" [ 1949.477192][T16742] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff 04:20:23 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xae41, 0x0) 04:20:23 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc000a0048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1949.616050][T16742] memory: usage 307064kB, limit 307200kB, failcnt 102785 [ 1949.668944][T16742] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1949.672591][ T26] audit: type=1400 audit(1564374023.449:1298): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514599D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=16879 comm="syz-executor.1" 04:20:23 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d230b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1949.757560][T16742] Memory cgroup stats for /syz0: [ 1949.758370][T16742] anon 82542592 [ 1949.758370][T16742] file 4096 [ 1949.758370][T16742] kernel_stack 36372480 [ 1949.758370][T16742] slab 45350912 [ 1949.758370][T16742] sock 4096 [ 1949.758370][T16742] shmem 0 [ 1949.758370][T16742] file_mapped 0 [ 1949.758370][T16742] file_dirty 0 [ 1949.758370][T16742] file_writeback 0 [ 1949.758370][T16742] anon_thp 0 [ 1949.758370][T16742] inactive_anon 0 [ 1949.758370][T16742] active_anon 82661376 [ 1949.758370][T16742] inactive_file 32768 [ 1949.758370][T16742] active_file 61440 [ 1949.758370][T16742] unevictable 0 [ 1949.758370][T16742] slab_reclaimable 5812224 [ 1949.758370][T16742] slab_unreclaimable 39538688 [ 1949.758370][T16742] pgfault 156255 [ 1949.758370][T16742] pgmajfault 0 [ 1949.758370][T16742] workingset_refault 495 [ 1949.758370][T16742] workingset_activate 396 [ 1949.758370][T16742] workingset_nodereclaim 0 [ 1949.758370][T16742] pgrefill 23515 [ 1949.758370][T16742] pgscan 23871 [ 1949.758370][T16742] pgsteal 1363 [ 1949.888477][ T26] audit: type=1400 audit(1564374023.669:1299): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D230B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=16953 comm="syz-executor.1" [ 1949.903660][T16742] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=16605,uid=0 04:20:23 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x2000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:23 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xae80, 0x0) 04:20:23 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc000b0048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:23 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d2b0b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:23 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x3fa) [ 1950.017839][ T26] audit: type=1400 audit(1564374023.799:1300): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D2B0B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=17008 comm="syz-executor.1" [ 1950.169903][T17018] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1950.185391][T17018] CPU: 1 PID: 17018 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1950.194522][T17018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1950.204680][T17018] Call Trace: [ 1950.207988][T17018] dump_stack+0x172/0x1f0 [ 1950.212689][T17018] dump_header+0x177/0x1152 [ 1950.217204][T17018] ? ___ratelimit+0xf8/0x595 [ 1950.221811][T17018] ? trace_hardirqs_on+0x67/0x240 [ 1950.226853][T17018] ? mark_oom_victim.cold+0x18/0x18 [ 1950.232066][T17018] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1950.237973][T17018] ? ___ratelimit+0x60/0x595 [ 1950.242554][T17018] ? do_raw_spin_unlock+0x57/0x270 [ 1950.247667][T17018] oom_kill_process.cold+0x10/0x15 [ 1950.252789][T17018] out_of_memory+0x79a/0x12c0 [ 1950.257493][T17018] ? lock_downgrade+0x920/0x920 [ 1950.262352][T17018] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1950.268616][T17018] ? oom_killer_disable+0x280/0x280 [ 1950.273840][T17018] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1950.279927][T17018] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1950.279946][T17018] ? do_raw_spin_unlock+0x57/0x270 [ 1950.279962][T17018] ? _raw_spin_unlock+0x2d/0x50 [ 1950.279977][T17018] try_charge+0xf4b/0x1440 [ 1950.279997][T17018] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1950.305800][T17018] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1950.311357][T17018] ? __kasan_check_read+0x11/0x20 [ 1950.316383][T17018] ? lock_downgrade+0x920/0x920 [ 1950.321917][T17018] ? percpu_ref_tryget_live+0x111/0x290 [ 1950.327457][T17018] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1950.332904][T17018] ? memcg_kmem_put_cache+0x50/0x50 [ 1950.338096][T17018] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1950.343641][T17018] __memcg_kmem_charge+0x13a/0x3a0 [ 1950.348766][T17018] __alloc_pages_nodemask+0x4f4/0x900 [ 1950.354155][T17018] ? __lockdep_free_key_range+0x120/0x120 [ 1950.359971][T17018] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1950.365787][T17018] ? __pte_alloc+0x1b5/0x310 [ 1950.370383][T17018] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1950.376624][T17018] ? copy_page_range+0x10c2/0x2120 [ 1950.381747][T17018] ? __kasan_check_read+0x11/0x20 [ 1950.386768][T17018] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1950.393031][T17018] alloc_pages_current+0x107/0x210 [ 1950.398147][T17018] pte_alloc_one+0x1b/0x1a0 [ 1950.402822][T17018] __pte_alloc+0x20/0x310 [ 1950.407140][T17018] copy_page_range+0x1610/0x2120 [ 1950.412064][T17018] ? perf_trace_lock+0xeb/0x4c0 [ 1950.416910][T17018] ? __pmd_alloc+0x460/0x460 [ 1950.421482][T17018] ? lock_downgrade+0x920/0x920 [ 1950.426317][T17018] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1950.432041][T17018] ? vma_compute_subtree_gap+0x158/0x230 [ 1950.437659][T17018] ? validate_mm_rb+0xa3/0xc0 [ 1950.442319][T17018] ? __vma_link_rb+0x275/0x370 [ 1950.447063][T17018] ? __kasan_check_write+0x14/0x20 [ 1950.452177][T17018] dup_mm+0xa67/0x1430 [ 1950.456235][T17018] ? vm_area_dup+0x170/0x170 [ 1950.460826][T17018] ? debug_mutex_init+0x2d/0x5a [ 1950.465678][T17018] copy_process+0x28b7/0x6b00 [ 1950.470363][T17018] ? perf_trace_lock+0xeb/0x4c0 [ 1950.475216][T17018] ? __cleanup_sighand+0x60/0x60 [ 1950.480146][T17018] ? __kasan_check_read+0x11/0x20 [ 1950.485157][T17018] ? do_raw_spin_unlock+0x57/0x270 [ 1950.490265][T17018] _do_fork+0x146/0xfa0 [ 1950.494428][T17018] ? copy_init_mm+0x20/0x20 [ 1950.498935][T17018] ? __kasan_check_read+0x11/0x20 [ 1950.503982][T17018] ? _copy_to_user+0x118/0x160 [ 1950.508766][T17018] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1950.515012][T17018] ? put_timespec64+0xda/0x140 [ 1950.519764][T17018] __x64_sys_clone+0x18d/0x250 [ 1950.524516][T17018] ? __ia32_sys_vfork+0xc0/0xc0 [ 1950.529358][T17018] ? trace_hardirqs_off_caller+0x65/0x230 [ 1950.535064][T17018] ? trace_hardirqs_on+0x67/0x240 [ 1950.540086][T17018] do_syscall_64+0xfa/0x760 [ 1950.544593][T17018] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1950.550494][T17018] RIP: 0033:0x459829 [ 1950.554369][T17018] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1950.573964][T17018] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1950.582377][T17018] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1950.590338][T17018] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1950.598400][T17018] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1950.606359][T17018] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 04:20:24 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, 0x0, 0x0) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:20:24 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc000c0048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:24 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d2d0b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:24 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xae9a, 0x0) 04:20:24 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x4a0) [ 1950.614324][T17018] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1950.624086][T17018] memory: usage 307200kB, limit 307200kB, failcnt 102847 [ 1950.634165][T17018] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1950.677187][T17018] Memory cgroup stats for /syz0: [ 1950.677305][T17018] anon 82542592 [ 1950.677305][T17018] file 4096 [ 1950.677305][T17018] kernel_stack 36306944 [ 1950.677305][T17018] slab 45350912 [ 1950.677305][T17018] sock 4096 [ 1950.677305][T17018] shmem 0 [ 1950.677305][T17018] file_mapped 0 [ 1950.677305][T17018] file_dirty 0 [ 1950.677305][T17018] file_writeback 0 [ 1950.677305][T17018] anon_thp 0 [ 1950.677305][T17018] inactive_anon 0 [ 1950.677305][T17018] active_anon 82661376 [ 1950.677305][T17018] inactive_file 32768 04:20:24 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc000e0048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1950.677305][T17018] active_file 61440 [ 1950.677305][T17018] unevictable 0 [ 1950.677305][T17018] slab_reclaimable 5812224 [ 1950.677305][T17018] slab_unreclaimable 39538688 [ 1950.677305][T17018] pgfault 156321 [ 1950.677305][T17018] pgmajfault 0 [ 1950.677305][T17018] workingset_refault 495 [ 1950.677305][T17018] workingset_activate 396 [ 1950.677305][T17018] workingset_nodereclaim 0 [ 1950.677305][T17018] pgrefill 23548 [ 1950.677305][T17018] pgscan 23938 [ 1950.677305][T17018] pgsteal 1363 04:20:24 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x4b0) [ 1950.774497][ T26] audit: type=1400 audit(1564374024.459:1301): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D2D0B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=17132 comm="syz-executor.1" [ 1950.873619][T17018] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=16746,uid=0 [ 1950.889919][T17018] Memory cgroup out of memory: Killed process 16746 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1950.964770][ T1057] oom_reaper: reaped process 16746 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1950.969616][T17018] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1951.029204][T17018] CPU: 0 PID: 17018 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1951.038356][T17018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1951.048420][T17018] Call Trace: [ 1951.051734][T17018] dump_stack+0x172/0x1f0 [ 1951.056081][T17018] dump_header+0x177/0x1152 [ 1951.060595][T17018] ? ___ratelimit+0xf8/0x595 [ 1951.065203][T17018] ? trace_hardirqs_on+0x67/0x240 [ 1951.070240][T17018] ? mark_oom_victim.cold+0x18/0x18 [ 1951.075457][T17018] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1951.081284][T17018] ? ___ratelimit+0x60/0x595 [ 1951.085990][T17018] ? do_raw_spin_unlock+0x57/0x270 [ 1951.091107][T17018] oom_kill_process.cold+0x10/0x15 [ 1951.096225][T17018] out_of_memory+0x79a/0x12c0 [ 1951.100993][T17018] ? lock_downgrade+0x920/0x920 [ 1951.105849][T17018] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1951.112095][T17018] ? oom_killer_disable+0x280/0x280 [ 1951.117317][T17018] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1951.122904][T17018] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1951.128533][T17018] ? do_raw_spin_unlock+0x57/0x270 [ 1951.133652][T17018] ? _raw_spin_unlock+0x2d/0x50 [ 1951.138490][T17018] try_charge+0xf4b/0x1440 [ 1951.142901][T17018] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1951.148448][T17018] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1951.153997][T17018] ? __kasan_check_read+0x11/0x20 [ 1951.159042][T17018] ? lock_downgrade+0x920/0x920 [ 1951.163933][T17018] ? percpu_ref_tryget_live+0x111/0x290 [ 1951.169473][T17018] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1951.174935][T17018] ? memcg_kmem_put_cache+0x50/0x50 [ 1951.180134][T17018] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1951.185686][T17018] __memcg_kmem_charge+0x13a/0x3a0 [ 1951.190792][T17018] __alloc_pages_nodemask+0x4f4/0x900 [ 1951.196254][T17018] ? __lockdep_free_key_range+0x120/0x120 [ 1951.201971][T17018] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1951.207705][T17018] ? __pte_alloc+0x1b5/0x310 [ 1951.212286][T17018] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1951.218558][T17018] ? copy_page_range+0x10c2/0x2120 [ 1951.223663][T17018] ? __kasan_check_read+0x11/0x20 [ 1951.228703][T17018] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1951.234969][T17018] alloc_pages_current+0x107/0x210 [ 1951.240083][T17018] pte_alloc_one+0x1b/0x1a0 [ 1951.244763][T17018] __pte_alloc+0x20/0x310 [ 1951.249115][T17018] copy_page_range+0x1610/0x2120 [ 1951.254046][T17018] ? perf_trace_lock+0xeb/0x4c0 [ 1951.258915][T17018] ? __pmd_alloc+0x460/0x460 [ 1951.263510][T17018] ? lock_downgrade+0x920/0x920 [ 1951.268379][T17018] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1951.274088][T17018] ? vma_compute_subtree_gap+0x158/0x230 [ 1951.279711][T17018] ? validate_mm_rb+0xa3/0xc0 [ 1951.284379][T17018] ? __vma_link_rb+0x275/0x370 [ 1951.289138][T17018] ? __kasan_check_write+0x14/0x20 [ 1951.294242][T17018] dup_mm+0xa67/0x1430 [ 1951.298738][T17018] ? vm_area_dup+0x170/0x170 [ 1951.303320][T17018] ? debug_mutex_init+0x2d/0x5a [ 1951.308162][T17018] copy_process+0x28b7/0x6b00 [ 1951.312836][T17018] ? perf_trace_lock+0xeb/0x4c0 [ 1951.317710][T17018] ? __cleanup_sighand+0x60/0x60 [ 1951.322655][T17018] ? __kasan_check_read+0x11/0x20 [ 1951.327694][T17018] ? do_raw_spin_unlock+0x57/0x270 [ 1951.332804][T17018] _do_fork+0x146/0xfa0 [ 1951.336961][T17018] ? copy_init_mm+0x20/0x20 [ 1951.341464][T17018] ? __kasan_check_read+0x11/0x20 [ 1951.346475][T17018] ? _copy_to_user+0x118/0x160 [ 1951.351227][T17018] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1951.357466][T17018] ? put_timespec64+0xda/0x140 [ 1951.362231][T17018] __x64_sys_clone+0x18d/0x250 [ 1951.366993][T17018] ? __ia32_sys_vfork+0xc0/0xc0 [ 1951.371848][T17018] ? trace_hardirqs_off_caller+0x65/0x230 [ 1951.377576][T17018] ? trace_hardirqs_on+0x67/0x240 [ 1951.382601][T17018] do_syscall_64+0xfa/0x760 [ 1951.387104][T17018] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1951.392994][T17018] RIP: 0033:0x459829 [ 1951.396883][T17018] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1951.416504][T17018] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1951.424946][T17018] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1951.432915][T17018] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1951.440884][T17018] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1951.448860][T17018] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1951.456830][T17018] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1951.466954][T17018] memory: usage 306928kB, limit 307200kB, failcnt 102853 [ 1951.478316][T17018] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1951.485971][T17018] Memory cgroup stats for /syz0: [ 1951.486088][T17018] anon 82542592 [ 1951.486088][T17018] file 4096 [ 1951.486088][T17018] kernel_stack 36306944 [ 1951.486088][T17018] slab 45350912 [ 1951.486088][T17018] sock 4096 [ 1951.486088][T17018] shmem 0 [ 1951.486088][T17018] file_mapped 0 [ 1951.486088][T17018] file_dirty 0 [ 1951.486088][T17018] file_writeback 0 [ 1951.486088][T17018] anon_thp 0 [ 1951.486088][T17018] inactive_anon 0 [ 1951.486088][T17018] active_anon 82661376 [ 1951.486088][T17018] inactive_file 32768 [ 1951.486088][T17018] active_file 61440 [ 1951.486088][T17018] unevictable 0 [ 1951.486088][T17018] slab_reclaimable 5812224 [ 1951.486088][T17018] slab_unreclaimable 39538688 [ 1951.486088][T17018] pgfault 156321 [ 1951.486088][T17018] pgmajfault 0 [ 1951.486088][T17018] workingset_refault 495 [ 1951.486088][T17018] workingset_activate 396 [ 1951.486088][T17018] workingset_nodereclaim 0 [ 1951.486088][T17018] pgrefill 23548 [ 1951.486088][T17018] pgscan 23938 [ 1951.486088][T17018] pgsteal 1363 [ 1951.580538][T17018] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=4159,uid=0 [ 1951.597148][T17018] Memory cgroup out of memory: Killed process 4159 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1951.615128][ T1057] oom_reaper: reaped process 4159 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:20:25 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x4000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:25 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d590b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:25 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc000f0048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:25 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40045201, 0x0) 04:20:25 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, 0x0, 0x0) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:20:25 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x500) [ 1951.620099][T17018] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1951.648500][T17370] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:25 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00100048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1951.712638][ T26] audit: type=1400 audit(1564374025.489:1302): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D590B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=17383 comm="syz-executor.1" 04:20:25 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40045431, 0x0) 04:20:25 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d305906774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:25 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x600) 04:20:25 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00110048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1951.955395][T17389] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1951.970486][ T26] audit: type=1400 audit(1564374025.749:1303): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D305906774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=17507 comm="syz-executor.1" [ 1952.018005][T17389] CPU: 0 PID: 17389 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1952.027153][T17389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1952.037217][T17389] Call Trace: [ 1952.040610][T17389] dump_stack+0x172/0x1f0 [ 1952.044966][T17389] dump_header+0x177/0x1152 [ 1952.049483][T17389] ? ___ratelimit+0xf8/0x595 [ 1952.054090][T17389] ? trace_hardirqs_on+0x67/0x240 [ 1952.059128][T17389] ? mark_oom_victim.cold+0x18/0x18 [ 1952.064349][T17389] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1952.070174][T17389] ? ___ratelimit+0x60/0x595 [ 1952.074775][T17389] ? do_raw_spin_unlock+0x57/0x270 [ 1952.079903][T17389] oom_kill_process.cold+0x10/0x15 [ 1952.085028][T17389] out_of_memory+0x79a/0x12c0 [ 1952.089716][T17389] ? lock_downgrade+0x920/0x920 [ 1952.094587][T17389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1952.095023][ T26] audit: type=1400 audit(1564374025.879:1304): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B59774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=17517 comm="syz-executor.1" [ 1952.100847][T17389] ? oom_killer_disable+0x280/0x280 [ 1952.100873][T17389] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1952.100897][T17389] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1952.150621][T17389] ? do_raw_spin_unlock+0x57/0x270 [ 1952.155757][T17389] ? _raw_spin_unlock+0x2d/0x50 [ 1952.160625][T17389] try_charge+0xf4b/0x1440 04:20:25 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b59774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1952.165055][T17389] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1952.170615][T17389] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1952.176169][T17389] ? __kasan_check_read+0x11/0x20 [ 1952.181209][T17389] ? lock_downgrade+0x920/0x920 [ 1952.186073][T17389] ? percpu_ref_tryget_live+0x111/0x290 [ 1952.191640][T17389] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1952.197112][T17389] ? memcg_kmem_put_cache+0x50/0x50 [ 1952.202336][T17389] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1952.207901][T17389] __memcg_kmem_charge+0x13a/0x3a0 [ 1952.213020][T17389] __alloc_pages_nodemask+0x4f4/0x900 [ 1952.213038][T17389] ? __lockdep_free_key_range+0x120/0x120 [ 1952.213059][T17389] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1952.229955][T17389] ? __pte_alloc+0x1b5/0x310 [ 1952.234580][T17389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1952.240843][T17389] ? copy_page_range+0x10c2/0x2120 [ 1952.245972][T17389] ? __kasan_check_read+0x11/0x20 [ 1952.245992][T17389] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1952.246011][T17389] alloc_pages_current+0x107/0x210 [ 1952.246029][T17389] pte_alloc_one+0x1b/0x1a0 [ 1952.246044][T17389] __pte_alloc+0x20/0x310 [ 1952.246060][T17389] copy_page_range+0x1610/0x2120 [ 1952.246075][T17389] ? perf_trace_lock+0xeb/0x4c0 [ 1952.246106][T17389] ? __pmd_alloc+0x460/0x460 [ 1952.276369][T17389] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1952.276390][T17389] ? __rb_insert_augmented+0x20c/0xd90 [ 1952.276403][T17389] ? validate_mm_rb+0xa3/0xc0 [ 1952.276417][T17389] ? __vma_link_rb+0x275/0x370 [ 1952.276431][T17389] ? __kasan_check_write+0x14/0x20 [ 1952.276448][T17389] dup_mm+0xa67/0x1430 [ 1952.276477][T17389] ? vm_area_dup+0x170/0x170 [ 1952.285971][T17389] ? debug_mutex_init+0x2d/0x5a [ 1952.325469][T17389] copy_process+0x28b7/0x6b00 [ 1952.330164][T17389] ? perf_trace_lock+0xeb/0x4c0 [ 1952.335037][T17389] ? __cleanup_sighand+0x60/0x60 [ 1952.339999][T17389] _do_fork+0x146/0xfa0 [ 1952.344169][T17389] ? copy_init_mm+0x20/0x20 [ 1952.348870][T17389] ? __kasan_check_read+0x11/0x20 [ 1952.353909][T17389] ? _copy_to_user+0x118/0x160 [ 1952.358687][T17389] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1952.364936][T17389] ? put_timespec64+0xda/0x140 [ 1952.369705][T17389] __x64_sys_clone+0x18d/0x250 [ 1952.374484][T17389] ? __ia32_sys_vfork+0xc0/0xc0 [ 1952.379367][T17389] ? trace_hardirqs_off_caller+0x65/0x230 [ 1952.385186][T17389] ? trace_hardirqs_on+0x67/0x240 [ 1952.390312][T17389] do_syscall_64+0xfa/0x760 [ 1952.394821][T17389] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1952.400713][T17389] RIP: 0033:0x459829 [ 1952.404590][T17389] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1952.424183][T17389] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1952.432589][T17389] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1952.440554][T17389] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1952.448518][T17389] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1952.456566][T17389] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1952.464520][T17389] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1952.473603][T17389] memory: usage 307200kB, limit 307200kB, failcnt 102915 [ 1952.480693][T17389] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1952.487582][T17389] Memory cgroup stats for /syz0: [ 1952.487695][T17389] anon 82407424 [ 1952.487695][T17389] file 4096 [ 1952.487695][T17389] kernel_stack 36372480 [ 1952.487695][T17389] slab 45350912 [ 1952.487695][T17389] sock 4096 [ 1952.487695][T17389] shmem 0 [ 1952.487695][T17389] file_mapped 0 [ 1952.487695][T17389] file_dirty 0 [ 1952.487695][T17389] file_writeback 0 [ 1952.487695][T17389] anon_thp 0 [ 1952.487695][T17389] inactive_anon 0 [ 1952.487695][T17389] active_anon 82526208 [ 1952.487695][T17389] inactive_file 32768 [ 1952.487695][T17389] active_file 61440 [ 1952.487695][T17389] unevictable 0 [ 1952.487695][T17389] slab_reclaimable 5812224 [ 1952.487695][T17389] slab_unreclaimable 39538688 [ 1952.487695][T17389] pgfault 156387 [ 1952.487695][T17389] pgmajfault 0 [ 1952.487695][T17389] workingset_refault 495 [ 1952.487695][T17389] workingset_activate 396 [ 1952.487695][T17389] workingset_nodereclaim 0 [ 1952.487695][T17389] pgrefill 23614 [ 1952.487695][T17389] pgscan 23972 [ 1952.487695][T17389] pgsteal 1363 [ 1952.581587][T17389] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17373,uid=0 [ 1952.598372][T17389] Memory cgroup out of memory: Killed process 17373 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1952.633344][T17389] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1952.654383][T17389] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1952.666934][T17389] CPU: 0 PID: 17389 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1952.676063][T17389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1952.686129][T17389] Call Trace: [ 1952.689437][T17389] dump_stack+0x172/0x1f0 [ 1952.693777][T17389] dump_header+0x177/0x1152 [ 1952.698298][T17389] ? ___ratelimit+0xf8/0x595 [ 1952.702894][T17389] ? trace_hardirqs_on+0x67/0x240 [ 1952.707930][T17389] ? mark_oom_victim.cold+0x18/0x18 [ 1952.713136][T17389] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1952.718946][T17389] ? ___ratelimit+0x60/0x595 [ 1952.723534][T17389] ? do_raw_spin_unlock+0x57/0x270 [ 1952.728634][T17389] oom_kill_process.cold+0x10/0x15 [ 1952.733739][T17389] out_of_memory+0x79a/0x12c0 [ 1952.738404][T17389] ? lock_downgrade+0x920/0x920 [ 1952.743247][T17389] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1952.749485][T17389] ? oom_killer_disable+0x280/0x280 [ 1952.754699][T17389] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1952.760243][T17389] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1952.765881][T17389] ? do_raw_spin_unlock+0x57/0x270 [ 1952.771020][T17389] ? _raw_spin_unlock+0x2d/0x50 [ 1952.775962][T17389] try_charge+0xf4b/0x1440 [ 1952.780383][T17389] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1952.785928][T17389] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1952.791503][T17389] ? __kasan_check_read+0x11/0x20 [ 1952.796542][T17389] ? lock_downgrade+0x920/0x920 [ 1952.801393][T17389] ? percpu_ref_tryget_live+0x111/0x290 [ 1952.806948][T17389] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1952.812411][T17389] ? memcg_kmem_put_cache+0x50/0x50 [ 1952.817593][T17389] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1952.823150][T17389] __memcg_kmem_charge+0x13a/0x3a0 [ 1952.828268][T17389] __alloc_pages_nodemask+0x4f4/0x900 [ 1952.833648][T17389] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1952.839386][T17389] ? __pmd_alloc+0x377/0x460 [ 1952.843988][T17389] ? __kasan_check_read+0x11/0x20 [ 1952.849018][T17389] ? lock_downgrade+0x920/0x920 [ 1952.853862][T17389] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1952.860104][T17389] alloc_pages_current+0x107/0x210 [ 1952.865332][T17389] pte_alloc_one+0x1b/0x1a0 [ 1952.869838][T17389] __pte_alloc+0x20/0x310 [ 1952.874160][T17389] copy_page_range+0x1610/0x2120 [ 1952.879115][T17389] ? percpu_ref_put_many+0x94/0x190 [ 1952.884361][T17389] ? lock_downgrade+0x920/0x920 [ 1952.889205][T17389] ? __pmd_alloc+0x460/0x460 [ 1952.893780][T17389] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1952.899355][T17389] ? validate_mm_rb+0xa3/0xc0 [ 1952.904019][T17389] ? __vma_link_rb+0x275/0x370 [ 1952.908831][T17389] dup_mm+0xa67/0x1430 [ 1952.912903][T17389] ? vm_area_dup+0x170/0x170 [ 1952.917480][T17389] ? debug_mutex_init+0x2d/0x5a [ 1952.922321][T17389] copy_process+0x28b7/0x6b00 [ 1952.926998][T17389] ? perf_trace_lock+0xeb/0x4c0 [ 1952.931851][T17389] ? __cleanup_sighand+0x60/0x60 [ 1952.936885][T17389] _do_fork+0x146/0xfa0 [ 1952.941040][T17389] ? copy_init_mm+0x20/0x20 [ 1952.945556][T17389] ? __kasan_check_read+0x11/0x20 [ 1952.950587][T17389] ? _copy_to_user+0x118/0x160 [ 1952.955347][T17389] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1952.961593][T17389] ? put_timespec64+0xda/0x140 [ 1952.967565][T17389] __x64_sys_clone+0x18d/0x250 [ 1952.972344][T17389] ? __ia32_sys_vfork+0xc0/0xc0 [ 1952.977204][T17389] ? trace_hardirqs_off_caller+0x65/0x230 [ 1952.982922][T17389] ? trace_hardirqs_on+0x67/0x240 [ 1952.987962][T17389] do_syscall_64+0xfa/0x760 [ 1952.992476][T17389] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1952.998367][T17389] RIP: 0033:0x459829 [ 1953.002247][T17389] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1953.021929][T17389] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1953.030347][T17389] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1953.038350][T17389] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1953.046330][T17389] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1953.054428][T17389] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1953.062444][T17389] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1953.073094][T17389] memory: usage 307196kB, limit 307200kB, failcnt 102944 [ 1953.080220][T17389] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1953.087139][T17389] Memory cgroup stats for /syz0: [ 1953.087257][T17389] anon 82542592 [ 1953.087257][T17389] file 4096 [ 1953.087257][T17389] kernel_stack 36372480 [ 1953.087257][T17389] slab 45350912 [ 1953.087257][T17389] sock 4096 [ 1953.087257][T17389] shmem 0 [ 1953.087257][T17389] file_mapped 0 [ 1953.087257][T17389] file_dirty 0 [ 1953.087257][T17389] file_writeback 0 [ 1953.087257][T17389] anon_thp 0 [ 1953.087257][T17389] inactive_anon 0 [ 1953.087257][T17389] active_anon 82526208 [ 1953.087257][T17389] inactive_file 32768 [ 1953.087257][T17389] active_file 61440 [ 1953.087257][T17389] unevictable 0 [ 1953.087257][T17389] slab_reclaimable 5812224 [ 1953.087257][T17389] slab_unreclaimable 39538688 [ 1953.087257][T17389] pgfault 156420 [ 1953.087257][T17389] pgmajfault 0 [ 1953.087257][T17389] workingset_refault 495 [ 1953.087257][T17389] workingset_activate 396 [ 1953.087257][T17389] workingset_nodereclaim 0 [ 1953.087257][T17389] pgrefill 23614 [ 1953.087257][T17389] pgscan 23972 [ 1953.087257][T17389] pgsteal 1363 [ 1953.180755][T17389] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=758,uid=0 [ 1953.196066][T17389] Memory cgroup out of memory: Killed process 758 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1953.211518][ T1057] oom_reaper: reaped process 758 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1953.238907][T17387] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1953.251099][T17387] CPU: 0 PID: 17387 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1953.260348][T17387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1953.270396][T17387] Call Trace: [ 1953.273679][T17387] dump_stack+0x172/0x1f0 [ 1953.278021][T17387] dump_header+0x177/0x1152 [ 1953.282554][T17387] ? ___ratelimit+0xf8/0x595 [ 1953.287147][T17387] ? trace_hardirqs_on+0x67/0x240 [ 1953.292180][T17387] ? mark_oom_victim.cold+0x18/0x18 [ 1953.297389][T17387] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1953.303193][T17387] ? ___ratelimit+0x60/0x595 [ 1953.307785][T17387] ? do_raw_spin_unlock+0x57/0x270 [ 1953.312904][T17387] oom_kill_process.cold+0x10/0x15 [ 1953.318005][T17387] out_of_memory+0x79a/0x12c0 [ 1953.322671][T17387] ? lock_downgrade+0x920/0x920 [ 1953.327540][T17387] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1953.333781][T17387] ? oom_killer_disable+0x280/0x280 [ 1953.338989][T17387] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1953.344553][T17387] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1953.350193][T17387] ? do_raw_spin_unlock+0x57/0x270 [ 1953.355291][T17387] ? _raw_spin_unlock+0x2d/0x50 [ 1953.360131][T17387] try_charge+0xf4b/0x1440 [ 1953.364558][T17387] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1953.370107][T17387] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1953.375642][T17387] ? __kasan_check_read+0x11/0x20 [ 1953.380688][T17387] ? lock_downgrade+0x920/0x920 [ 1953.385534][T17387] ? percpu_ref_tryget_live+0x111/0x290 [ 1953.391079][T17387] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1953.396523][T17387] ? memcg_kmem_put_cache+0x50/0x50 [ 1953.401706][T17387] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1953.407254][T17387] __memcg_kmem_charge+0x13a/0x3a0 [ 1953.412372][T17387] __alloc_pages_nodemask+0x4f4/0x900 [ 1953.417739][T17387] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1953.423446][T17387] ? percpu_ref_put_many+0xb6/0x190 [ 1953.428638][T17387] ? trace_hardirqs_on+0x67/0x240 [ 1953.433650][T17387] ? __kasan_check_read+0x11/0x20 [ 1953.438678][T17387] copy_process+0x3f8/0x6b00 [ 1953.443269][T17387] ? __kasan_check_read+0x11/0x20 [ 1953.448306][T17387] ? record_times+0x1e/0x2b0 [ 1953.452919][T17387] ? lock_downgrade+0x920/0x920 [ 1953.457780][T17387] ? __cleanup_sighand+0x60/0x60 [ 1953.462722][T17387] ? perf_trace_lock+0xeb/0x4c0 [ 1953.467581][T17387] ? __lockdep_free_key_range+0x120/0x120 [ 1953.473335][T17387] ? set_task_reclaim_state+0x56/0xb0 [ 1953.478713][T17387] _do_fork+0x146/0xfa0 [ 1953.482864][T17387] ? copy_init_mm+0x20/0x20 [ 1953.487387][T17387] ? lock_downgrade+0x920/0x920 [ 1953.492248][T17387] ? percpu_ref_tryget_live+0x290/0x290 [ 1953.497884][T17387] ? cgroup_file_notify+0x140/0x1b0 [ 1953.503071][T17387] ? blkcg_maybe_throttle_current+0x5fe/0x1030 [ 1953.509241][T17387] __x64_sys_clone+0x18d/0x250 [ 1953.513999][T17387] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1953.520232][T17387] ? __ia32_sys_vfork+0xc0/0xc0 [ 1953.525089][T17387] ? trace_hardirqs_off_caller+0x65/0x230 [ 1953.530837][T17387] ? trace_hardirqs_on+0x67/0x240 [ 1953.535857][T17387] do_syscall_64+0xfa/0x760 [ 1953.540882][T17387] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1953.546772][T17387] RIP: 0033:0x45c1f9 [ 1953.550685][T17387] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1953.570284][T17387] RSP: 002b:00007ffd41fb7008 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1953.578691][T17387] RAX: ffffffffffffffda RBX: 00007f35763f9700 RCX: 000000000045c1f9 [ 1953.587098][T17387] RDX: 00007f35763f99d0 RSI: 00007f35763f8db0 RDI: 00000000003d0f00 [ 1953.595087][T17387] RBP: 00007ffd41fb7220 R08: 00007f35763f9700 R09: 00007f35763f9700 [ 1953.603049][T17387] R10: 00007f35763f99d0 R11: 0000000000000202 R12: 0000000000000000 [ 1953.611126][T17387] R13: 00007ffd41fb70bf R14: 00007f35763f99c0 R15: 000000000075bfd4 [ 1953.620032][T17387] memory: usage 307016kB, limit 307200kB, failcnt 102967 [ 1953.627212][T17387] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1953.634086][T17387] Memory cgroup stats for /syz0: [ 1953.634169][T17387] anon 82542592 [ 1953.634169][T17387] file 4096 [ 1953.634169][T17387] kernel_stack 36372480 [ 1953.634169][T17387] slab 45350912 [ 1953.634169][T17387] sock 4096 [ 1953.634169][T17387] shmem 0 [ 1953.634169][T17387] file_mapped 0 [ 1953.634169][T17387] file_dirty 0 [ 1953.634169][T17387] file_writeback 0 [ 1953.634169][T17387] anon_thp 0 [ 1953.634169][T17387] inactive_anon 0 [ 1953.634169][T17387] active_anon 82526208 [ 1953.634169][T17387] inactive_file 32768 [ 1953.634169][T17387] active_file 61440 [ 1953.634169][T17387] unevictable 0 [ 1953.634169][T17387] slab_reclaimable 5812224 [ 1953.634169][T17387] slab_unreclaimable 39538688 [ 1953.634169][T17387] pgfault 156453 [ 1953.634169][T17387] pgmajfault 0 [ 1953.634169][T17387] workingset_refault 495 [ 1953.634169][T17387] workingset_activate 396 [ 1953.634169][T17387] workingset_nodereclaim 0 [ 1953.634169][T17387] pgrefill 23614 [ 1953.634169][T17387] pgscan 23972 [ 1953.634169][T17387] pgsteal 1363 04:20:27 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x4800, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:27 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00120048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:27 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40045436, 0x0) 04:20:27 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06775994f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:27 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x700) 04:20:27 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100), 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1953.727988][T17387] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17387,uid=0 [ 1953.743502][T17387] Memory cgroup out of memory: Killed process 17387 (syz-executor.0) total-vm:72708kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB, UID:0 [ 1953.758973][ T1057] oom_reaper: reaped process 17387 (syz-executor.0), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1953.814113][ T26] audit: type=1400 audit(1564374027.589:1305): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06775994F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=17636 comm="syz-executor.1" 04:20:27 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06775d94f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:27 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00130048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:27 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400454ca, 0x0) 04:20:27 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x900) 04:20:27 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00140048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1954.027434][T17664] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 04:20:27 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5599dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1954.113455][T17664] CPU: 1 PID: 17664 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1954.122611][T17664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1954.132678][T17664] Call Trace: [ 1954.135982][T17664] dump_stack+0x172/0x1f0 [ 1954.140330][T17664] dump_header+0x177/0x1152 [ 1954.144846][T17664] ? ___ratelimit+0xf8/0x595 [ 1954.149446][T17664] ? trace_hardirqs_on+0x67/0x240 [ 1954.154478][T17664] ? mark_oom_victim.cold+0x18/0x18 [ 1954.159688][T17664] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1954.165502][T17664] ? ___ratelimit+0x60/0x595 [ 1954.170098][T17664] ? do_raw_spin_unlock+0x57/0x270 [ 1954.175219][T17664] oom_kill_process.cold+0x10/0x15 [ 1954.175235][T17664] out_of_memory+0x79a/0x12c0 [ 1954.175250][T17664] ? lock_downgrade+0x920/0x920 [ 1954.175273][T17664] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1954.196128][T17664] ? oom_killer_disable+0x280/0x280 [ 1954.201350][T17664] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1954.206905][T17664] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1954.212554][T17664] ? do_raw_spin_unlock+0x57/0x270 [ 1954.217681][T17664] ? _raw_spin_unlock+0x2d/0x50 [ 1954.222545][T17664] try_charge+0xf4b/0x1440 [ 1954.226984][T17664] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1954.232548][T17664] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1954.238113][T17664] ? __kasan_check_read+0x11/0x20 [ 1954.243157][T17664] ? lock_downgrade+0x920/0x920 [ 1954.248022][T17664] ? percpu_ref_tryget_live+0x111/0x290 [ 1954.253578][T17664] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1954.259256][T17664] ? memcg_kmem_put_cache+0x50/0x50 [ 1954.264465][T17664] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1954.270026][T17664] __memcg_kmem_charge+0x13a/0x3a0 [ 1954.275155][T17664] __alloc_pages_nodemask+0x4f4/0x900 [ 1954.280640][T17664] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1954.286385][T17664] ? vm_mmap_pgoff+0x1d4/0x230 [ 1954.291167][T17664] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1954.296908][T17664] ? do_huge_pmd_anonymous_page+0xc53/0x19d0 [ 1954.302994][T17664] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1954.309262][T17664] alloc_pages_current+0x107/0x210 [ 1954.314392][T17664] pte_alloc_one+0x1b/0x1a0 [ 1954.318909][T17664] __pte_alloc+0x20/0x310 [ 1954.323253][T17664] __handle_mm_fault+0x3414/0x3f20 [ 1954.328476][T17664] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1954.334041][T17664] ? __kasan_check_read+0x11/0x20 [ 1954.339094][T17664] ? trace_hardirqs_on+0x67/0x240 [ 1954.344146][T17664] handle_mm_fault+0x1b5/0x6b0 [ 1954.348931][T17664] __do_page_fault+0x536/0xdd0 [ 1954.353721][T17664] do_page_fault+0x38/0x590 [ 1954.358247][T17664] page_fault+0x39/0x40 [ 1954.362409][T17664] RIP: 0033:0x41116f [ 1954.366319][T17664] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1954.385935][T17664] RSP: 002b:00007ffd41fb7050 EFLAGS: 00010206 [ 1954.392009][T17664] RAX: 00007f35763d9000 RBX: 0000000000020000 RCX: 000000000045987a [ 1954.400083][T17664] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1954.400091][T17664] RBP: 00007ffd41fb7130 R08: ffffffffffffffff R09: 0000000000000000 [ 1954.400098][T17664] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd41fb7220 [ 1954.400104][T17664] R13: 00007f35763f9700 R14: 0000000000000001 R15: 000000000075bfd4 [ 1954.407990][T17664] memory: usage 307200kB, limit 307200kB, failcnt 103013 [ 1954.425142][T17664] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1954.452005][T17664] Memory cgroup stats for /syz0: [ 1954.452116][T17664] anon 82542592 [ 1954.452116][T17664] file 4096 [ 1954.452116][T17664] kernel_stack 36306944 [ 1954.452116][T17664] slab 45350912 [ 1954.452116][T17664] sock 4096 [ 1954.452116][T17664] shmem 0 [ 1954.452116][T17664] file_mapped 0 [ 1954.452116][T17664] file_dirty 0 [ 1954.452116][T17664] file_writeback 0 [ 1954.452116][T17664] anon_thp 0 [ 1954.452116][T17664] inactive_anon 0 [ 1954.452116][T17664] active_anon 82526208 [ 1954.452116][T17664] inactive_file 32768 [ 1954.452116][T17664] active_file 61440 [ 1954.452116][T17664] unevictable 0 [ 1954.452116][T17664] slab_reclaimable 5812224 [ 1954.452116][T17664] slab_unreclaimable 39538688 [ 1954.452116][T17664] pgfault 156486 [ 1954.452116][T17664] pgmajfault 0 [ 1954.452116][T17664] workingset_refault 495 [ 1954.452116][T17664] workingset_activate 396 [ 1954.452116][T17664] workingset_nodereclaim 0 [ 1954.452116][T17664] pgrefill 23647 [ 1954.452116][T17664] pgscan 24005 [ 1954.452116][T17664] pgsteal 1363 [ 1954.547278][T17664] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17632,uid=0 [ 1954.562915][T17664] Memory cgroup out of memory: Killed process 17632 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1954.578368][ T1057] oom_reaper: reaped process 17632 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1954.593805][T17669] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1954.604959][T17669] CPU: 1 PID: 17669 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1954.614094][T17669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1954.624165][T17669] Call Trace: [ 1954.627473][T17669] dump_stack+0x172/0x1f0 [ 1954.631836][T17669] dump_header+0x177/0x1152 [ 1954.636355][T17669] ? ___ratelimit+0xf8/0x595 [ 1954.640943][T17669] ? trace_hardirqs_on+0x67/0x240 [ 1954.645988][T17669] ? mark_oom_victim.cold+0x18/0x18 [ 1954.651237][T17669] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1954.657148][T17669] ? ___ratelimit+0x60/0x595 [ 1954.661739][T17669] ? do_raw_spin_unlock+0x57/0x270 [ 1954.666890][T17669] oom_kill_process.cold+0x10/0x15 [ 1954.672015][T17669] out_of_memory+0x79a/0x12c0 [ 1954.676693][T17669] ? lock_downgrade+0x920/0x920 [ 1954.681535][T17669] ? oom_killer_disable+0x280/0x280 [ 1954.686763][T17669] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1954.692336][T17669] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1954.698534][T17669] ? do_raw_spin_unlock+0x57/0x270 [ 1954.703688][T17669] ? _raw_spin_unlock+0x2d/0x50 [ 1954.708546][T17669] try_charge+0xa2d/0x1440 [ 1954.712998][T17669] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1954.718537][T17669] ? percpu_ref_tryget_live+0x111/0x290 [ 1954.724084][T17669] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1954.729549][T17669] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1954.735085][T17669] mem_cgroup_try_charge+0x136/0x590 [ 1954.740365][T17669] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1954.745994][T17669] wp_page_copy+0x421/0x15e0 [ 1954.750578][T17669] ? page_trans_huge_mapcount+0x166/0x450 [ 1954.756321][T17669] ? pmd_pfn+0x1d0/0x1d0 [ 1954.760574][T17669] ? lock_downgrade+0x920/0x920 [ 1954.765432][T17669] ? swp_swapcount+0x540/0x540 [ 1954.770192][T17669] ? __kasan_check_read+0x11/0x20 [ 1954.775217][T17669] ? do_raw_spin_unlock+0x57/0x270 [ 1954.780325][T17669] do_wp_page+0x499/0x14d0 [ 1954.784732][T17669] ? finish_mkwrite_fault+0x570/0x570 [ 1954.790100][T17669] __handle_mm_fault+0x22f7/0x3f20 [ 1954.795215][T17669] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1954.800782][T17669] ? __kasan_check_read+0x11/0x20 [ 1954.805833][T17669] ? trace_hardirqs_on+0x67/0x240 [ 1954.811024][T17669] handle_mm_fault+0x1b5/0x6b0 [ 1954.815786][T17669] __do_page_fault+0x536/0xdd0 [ 1954.820584][T17669] do_page_fault+0x38/0x590 [ 1954.825092][T17669] page_fault+0x39/0x40 [ 1954.829230][T17669] RIP: 0033:0x404f08 [ 1954.833117][T17669] Code: 85 02 00 00 80 3d 8f b5 66 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 7c b5 66 00 39 45 24 0f 84 e7 01 00 00 44 8b a5 80 00 00 00 b3 d5 ff ff 48 2b 05 fc 30 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 1954.852845][T17669] RSP: 002b:00007f3576419c90 EFLAGS: 00010246 [ 1954.858918][T17669] RAX: 00007f357841b000 RBX: 0000000000001ed0 RCX: 0000000000459829 [ 1954.866892][T17669] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 [ 1954.874864][T17669] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1954.882845][T17669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1954.895332][T17669] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1954.905260][T17669] memory: usage 306996kB, limit 307200kB, failcnt 103020 [ 1954.912305][T17669] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1954.919222][T17669] Memory cgroup stats for /syz0: [ 1954.919337][T17669] anon 82542592 [ 1954.919337][T17669] file 4096 [ 1954.919337][T17669] kernel_stack 36306944 [ 1954.919337][T17669] slab 45350912 [ 1954.919337][T17669] sock 4096 [ 1954.919337][T17669] shmem 0 [ 1954.919337][T17669] file_mapped 0 [ 1954.919337][T17669] file_dirty 0 [ 1954.919337][T17669] file_writeback 0 [ 1954.919337][T17669] anon_thp 0 [ 1954.919337][T17669] inactive_anon 0 [ 1954.919337][T17669] active_anon 82526208 [ 1954.919337][T17669] inactive_file 32768 [ 1954.919337][T17669] active_file 61440 [ 1954.919337][T17669] unevictable 0 [ 1954.919337][T17669] slab_reclaimable 5812224 [ 1954.919337][T17669] slab_unreclaimable 39538688 [ 1954.919337][T17669] pgfault 156519 [ 1954.919337][T17669] pgmajfault 0 [ 1954.919337][T17669] workingset_refault 495 [ 1954.919337][T17669] workingset_activate 396 [ 1954.919337][T17669] workingset_nodereclaim 0 [ 1954.919337][T17669] pgrefill 23647 [ 1954.919337][T17669] pgscan 24005 [ 1954.919337][T17669] pgsteal 1363 [ 1954.919361][T17669] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=28014,uid=0 [ 1955.015880][T17669] Memory cgroup out of memory: Killed process 28014 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1955.047723][ T1057] oom_reaper: reaped process 28014 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1955.069589][T17713] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1955.085744][T17713] CPU: 1 PID: 17713 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1955.094895][T17713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1955.096961][T17669] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1955.104958][T17713] Call Trace: [ 1955.104986][T17713] dump_stack+0x172/0x1f0 [ 1955.105005][T17713] dump_header+0x177/0x1152 [ 1955.105028][T17713] ? ___ratelimit+0xf8/0x595 [ 1955.130230][T17713] ? trace_hardirqs_on+0x67/0x240 [ 1955.135265][T17713] ? mark_oom_victim.cold+0x18/0x18 [ 1955.140550][T17713] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1955.146481][T17713] ? ___ratelimit+0x60/0x595 [ 1955.151054][T17713] ? do_raw_spin_unlock+0x57/0x270 [ 1955.156159][T17713] oom_kill_process.cold+0x10/0x15 [ 1955.161259][T17713] out_of_memory+0x79a/0x12c0 [ 1955.165930][T17713] ? lock_downgrade+0x920/0x920 [ 1955.170774][T17713] ? oom_killer_disable+0x280/0x280 [ 1955.175966][T17713] ? __kasan_check_read+0x11/0x20 [ 1955.180977][T17713] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1955.186530][T17713] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1955.192175][T17713] ? do_raw_spin_unlock+0x57/0x270 [ 1955.197279][T17713] ? _raw_spin_unlock+0x2d/0x50 [ 1955.202132][T17713] try_charge+0xa2d/0x1440 [ 1955.206535][T17713] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1955.212065][T17713] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1955.217672][T17713] ? __kasan_check_read+0x11/0x20 [ 1955.230557][T17713] ? lock_downgrade+0x920/0x920 [ 1955.235406][T17713] ? percpu_ref_tryget_live+0x111/0x290 [ 1955.240955][T17713] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1955.246414][T17713] ? memcg_kmem_put_cache+0x50/0x50 [ 1955.251608][T17713] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1955.257231][T17713] __memcg_kmem_charge+0x13a/0x3a0 [ 1955.262422][T17713] __alloc_pages_nodemask+0x4f4/0x900 [ 1955.267821][T17713] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1955.273535][T17713] ? record_times+0x1e/0x2b0 [ 1955.278116][T17713] ? lock_downgrade+0x920/0x920 [ 1955.282972][T17713] ? rwlock_bug.part.0+0x90/0x90 [ 1955.287892][T17713] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1955.294118][T17713] ? debug_smp_processor_id+0x3c/0x214 [ 1955.299568][T17713] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1955.305830][T17713] alloc_pages_current+0x107/0x210 [ 1955.310929][T17713] pte_alloc_one+0x1b/0x1a0 [ 1955.315434][T17713] __handle_mm_fault+0x34dd/0x3f20 [ 1955.320531][T17713] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1955.326060][T17713] ? __kasan_check_read+0x11/0x20 [ 1955.331095][T17713] ? trace_hardirqs_on+0x67/0x240 [ 1955.336105][T17713] handle_mm_fault+0x1b5/0x6b0 [ 1955.340862][T17713] __do_page_fault+0x536/0xdd0 [ 1955.345624][T17713] ? page_fault+0x16/0x40 [ 1955.349945][T17713] do_page_fault+0x38/0x590 [ 1955.354446][T17713] page_fault+0x39/0x40 [ 1955.358588][T17713] RIP: 0033:0x459829 [ 1955.362471][T17713] Code: Bad RIP value. [ 1955.366568][T17713] RSP: 002b:00007f3576419c78 EFLAGS: 00010246 [ 1955.372616][T17713] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000459829 [ 1955.380585][T17713] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1955.388547][T17713] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1955.396501][T17713] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1955.404466][T17713] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1955.414026][T17713] memory: usage 306848kB, limit 307200kB, failcnt 103021 04:20:29 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x8800, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:29 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455cb, 0x0) 04:20:29 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00600048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:29 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed202dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:29 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xa00) 04:20:29 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100), 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1955.421140][T17713] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1955.432658][T17713] Memory cgroup stats for /syz0: [ 1955.462544][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 1955.462563][ T26] audit: type=1400 audit(1564374029.239:1308): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED202DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=17894 comm="syz-executor.1" [ 1955.464552][T17713] anon 82542592 [ 1955.464552][T17713] file 4096 [ 1955.464552][T17713] kernel_stack 36306944 [ 1955.464552][T17713] slab 45350912 [ 1955.464552][T17713] sock 4096 [ 1955.464552][T17713] shmem 0 [ 1955.464552][T17713] file_mapped 0 [ 1955.464552][T17713] file_dirty 0 [ 1955.464552][T17713] file_writeback 0 [ 1955.464552][T17713] anon_thp 0 [ 1955.464552][T17713] inactive_anon 0 [ 1955.464552][T17713] active_anon 82526208 [ 1955.464552][T17713] inactive_file 32768 [ 1955.464552][T17713] active_file 61440 [ 1955.464552][T17713] unevictable 0 [ 1955.464552][T17713] slab_reclaimable 5812224 04:20:29 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00f00048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:29 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed205dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:29 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40049409, 0x0) [ 1955.464552][T17713] slab_unreclaimable 39538688 [ 1955.464552][T17713] pgfault 156552 [ 1955.464552][T17713] pgmajfault 0 [ 1955.464552][T17713] workingset_refault 495 [ 1955.464552][T17713] workingset_activate 396 [ 1955.464552][T17713] workingset_nodereclaim 0 [ 1955.464552][T17713] pgrefill 23647 [ 1955.464552][T17713] pgscan 24005 [ 1955.464552][T17713] pgsteal 1363 [ 1955.552498][T17713] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19111,uid=0 04:20:29 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000348000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1955.683699][ T26] audit: type=1400 audit(1564374029.459:1309): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED205DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=17918 comm="syz-executor.1" [ 1955.702391][T17713] Memory cgroup out of memory: Killed process 19111 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 04:20:29 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed212dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:29 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40086602, 0x0) [ 1955.879257][ T26] audit: type=1400 audit(1564374029.659:1310): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED212DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=18022 comm="syz-executor.1" [ 1956.008280][T18034] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1956.045941][T18034] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1956.056940][T18034] CPU: 1 PID: 18034 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1956.066392][T18034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1956.076440][T18034] Call Trace: [ 1956.079725][T18034] dump_stack+0x172/0x1f0 [ 1956.084048][T18034] dump_header+0x177/0x1152 [ 1956.088585][T18034] ? ___ratelimit+0xf8/0x595 [ 1956.093180][T18034] ? trace_hardirqs_on+0x67/0x240 [ 1956.098244][T18034] ? mark_oom_victim.cold+0x18/0x18 [ 1956.103442][T18034] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1956.109240][T18034] ? ___ratelimit+0x60/0x595 [ 1956.113842][T18034] ? do_raw_spin_unlock+0x57/0x270 [ 1956.118946][T18034] oom_kill_process.cold+0x10/0x15 [ 1956.124060][T18034] out_of_memory+0x79a/0x12c0 [ 1956.128743][T18034] ? lock_downgrade+0x920/0x920 [ 1956.133585][T18034] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1956.139838][T18034] ? oom_killer_disable+0x280/0x280 [ 1956.145060][T18034] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1956.150634][T18034] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1956.156258][T18034] ? do_raw_spin_unlock+0x57/0x270 [ 1956.161361][T18034] ? _raw_spin_unlock+0x2d/0x50 [ 1956.166240][T18034] try_charge+0xf4b/0x1440 [ 1956.170741][T18034] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1956.176294][T18034] ? percpu_ref_tryget_live+0x111/0x290 [ 1956.181859][T18034] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1956.187346][T18034] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1956.192902][T18034] mem_cgroup_try_charge+0x136/0x590 [ 1956.198185][T18034] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1956.203846][T18034] wp_page_copy+0x421/0x15e0 [ 1956.208449][T18034] ? page_trans_huge_mapcount+0x166/0x450 [ 1956.214187][T18034] ? pmd_pfn+0x1d0/0x1d0 [ 1956.218423][T18034] ? lock_downgrade+0x920/0x920 [ 1956.223382][T18034] ? swp_swapcount+0x540/0x540 [ 1956.228184][T18034] ? __kasan_check_read+0x11/0x20 [ 1956.233225][T18034] ? do_raw_spin_unlock+0x57/0x270 [ 1956.238372][T18034] do_wp_page+0x499/0x14d0 [ 1956.242828][T18034] ? finish_mkwrite_fault+0x570/0x570 [ 1956.248199][T18034] __handle_mm_fault+0x22f7/0x3f20 [ 1956.253315][T18034] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1956.258872][T18034] ? __kasan_check_read+0x11/0x20 [ 1956.264027][T18034] ? trace_hardirqs_on+0x67/0x240 [ 1956.269174][T18034] handle_mm_fault+0x1b5/0x6b0 [ 1956.274927][T18034] __do_page_fault+0x536/0xdd0 [ 1956.279738][T18034] do_page_fault+0x38/0x590 [ 1956.284258][T18034] page_fault+0x39/0x40 [ 1956.288417][T18034] RIP: 0033:0x404e9e [ 1956.292321][T18034] Code: 48 8b 55 40 48 8b 75 38 48 8b 7d 30 ff 75 70 ff 75 68 ff 75 60 4c 8b 4d 58 4c 8b 45 50 ff d0 48 83 c4 20 48 89 c3 48 83 fb ff <48> 89 5d 78 41 8b 04 24 0f 85 d4 00 00 00 85 c0 0f 85 cc 00 00 00 [ 1956.311938][T18034] RSP: 002b:00007f3576419c90 EFLAGS: 00010217 [ 1956.318106][T18034] RAX: 0000000000000000 RBX: 0000000000001ed6 RCX: 0000000000459829 [ 1956.326081][T18034] RDX: 0000000000404e56 RSI: 0000000000000000 RDI: 0000000000000000 [ 1956.334055][T18034] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1956.342451][T18034] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1956.350409][T18034] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1956.359155][T18034] memory: usage 307200kB, limit 307200kB, failcnt 103079 [ 1956.366522][T18034] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1956.373381][T18034] Memory cgroup stats for /syz0: [ 1956.373476][T18034] anon 82542592 [ 1956.373476][T18034] file 4096 [ 1956.373476][T18034] kernel_stack 36372480 [ 1956.373476][T18034] slab 45350912 [ 1956.373476][T18034] sock 4096 [ 1956.373476][T18034] shmem 0 [ 1956.373476][T18034] file_mapped 0 [ 1956.373476][T18034] file_dirty 0 [ 1956.373476][T18034] file_writeback 0 [ 1956.373476][T18034] anon_thp 0 [ 1956.373476][T18034] inactive_anon 0 [ 1956.373476][T18034] active_anon 82391040 [ 1956.373476][T18034] inactive_file 32768 [ 1956.373476][T18034] active_file 61440 [ 1956.373476][T18034] unevictable 0 [ 1956.373476][T18034] slab_reclaimable 5812224 [ 1956.373476][T18034] slab_unreclaimable 39538688 [ 1956.373476][T18034] pgfault 156618 [ 1956.373476][T18034] pgmajfault 0 [ 1956.373476][T18034] workingset_refault 528 [ 1956.373476][T18034] workingset_activate 396 [ 1956.373476][T18034] workingset_nodereclaim 0 [ 1956.373476][T18034] pgrefill 23680 [ 1956.373476][T18034] pgscan 24038 [ 1956.373476][T18034] pgsteal 1363 [ 1956.468773][T18034] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17888,uid=0 [ 1956.484343][T18034] Memory cgroup out of memory: Killed process 17888 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1956.503232][T18037] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1956.516715][T18037] CPU: 0 PID: 18037 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1956.525864][T18037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1956.538832][T18037] Call Trace: [ 1956.542124][T18037] dump_stack+0x172/0x1f0 [ 1956.546457][T18037] dump_header+0x177/0x1152 [ 1956.551064][T18037] ? ___ratelimit+0xf8/0x595 [ 1956.555689][T18037] ? trace_hardirqs_on+0x67/0x240 [ 1956.560719][T18037] ? mark_oom_victim.cold+0x18/0x18 [ 1956.565943][T18037] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1956.571759][T18037] ? ___ratelimit+0x60/0x595 [ 1956.576350][T18037] ? do_raw_spin_unlock+0x57/0x270 [ 1956.581470][T18037] oom_kill_process.cold+0x10/0x15 [ 1956.586585][T18037] out_of_memory+0x79a/0x12c0 [ 1956.591259][T18037] ? lock_downgrade+0x920/0x920 [ 1956.596117][T18037] ? oom_killer_disable+0x280/0x280 [ 1956.601340][T18037] ? __kasan_check_read+0x11/0x20 [ 1956.606385][T18037] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1956.611949][T18037] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1956.617577][T18037] ? do_raw_spin_unlock+0x57/0x270 [ 1956.622677][T18037] ? _raw_spin_unlock+0x2d/0x50 [ 1956.627529][T18037] try_charge+0xa2d/0x1440 [ 1956.631948][T18037] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1956.637490][T18037] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1956.643039][T18037] ? __kasan_check_read+0x11/0x20 [ 1956.648082][T18037] ? lock_downgrade+0x920/0x920 [ 1956.653641][T18037] ? percpu_ref_tryget_live+0x111/0x290 [ 1956.659201][T18037] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1956.664676][T18037] ? memcg_kmem_put_cache+0x50/0x50 [ 1956.669884][T18037] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1956.675427][T18037] __memcg_kmem_charge+0x13a/0x3a0 [ 1956.680632][T18037] __alloc_pages_nodemask+0x4f4/0x900 [ 1956.686015][T18037] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1956.691740][T18037] ? record_times+0x1e/0x2b0 [ 1956.696327][T18037] ? lock_downgrade+0x920/0x920 [ 1956.701173][T18037] ? rwlock_bug.part.0+0x90/0x90 [ 1956.706112][T18037] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1956.712361][T18037] ? debug_smp_processor_id+0x3c/0x214 [ 1956.717808][T18037] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1956.724042][T18037] alloc_pages_current+0x107/0x210 [ 1956.729147][T18037] pte_alloc_one+0x1b/0x1a0 [ 1956.733637][T18037] __handle_mm_fault+0x34dd/0x3f20 [ 1956.738743][T18037] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1956.744326][T18037] ? __kasan_check_read+0x11/0x20 [ 1956.749543][T18037] ? trace_hardirqs_on+0x67/0x240 [ 1956.754566][T18037] handle_mm_fault+0x1b5/0x6b0 [ 1956.759372][T18037] __do_page_fault+0x536/0xdd0 [ 1956.764144][T18037] ? page_fault+0x16/0x40 [ 1956.768479][T18037] do_page_fault+0x38/0x590 [ 1956.772986][T18037] page_fault+0x39/0x40 [ 1956.777128][T18037] RIP: 0033:0x459829 [ 1956.781039][T18037] Code: Bad RIP value. [ 1956.785101][T18037] RSP: 002b:00007f3576419c78 EFLAGS: 00010246 [ 1956.791256][T18037] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000459829 [ 1956.799218][T18037] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1956.807191][T18037] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1956.815182][T18037] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1956.823170][T18037] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1956.831637][T18037] memory: usage 306936kB, limit 307200kB, failcnt 103086 [ 1956.838901][T18037] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1956.845947][T18037] Memory cgroup stats for /syz0: [ 1956.846072][T18037] anon 82542592 [ 1956.846072][T18037] file 4096 [ 1956.846072][T18037] kernel_stack 36372480 [ 1956.846072][T18037] slab 45350912 [ 1956.846072][T18037] sock 4096 [ 1956.846072][T18037] shmem 0 [ 1956.846072][T18037] file_mapped 0 [ 1956.846072][T18037] file_dirty 0 [ 1956.846072][T18037] file_writeback 0 [ 1956.846072][T18037] anon_thp 0 [ 1956.846072][T18037] inactive_anon 0 [ 1956.846072][T18037] active_anon 82391040 [ 1956.846072][T18037] inactive_file 32768 [ 1956.846072][T18037] active_file 61440 [ 1956.846072][T18037] unevictable 0 [ 1956.846072][T18037] slab_reclaimable 5812224 [ 1956.846072][T18037] slab_unreclaimable 39538688 [ 1956.846072][T18037] pgfault 156618 [ 1956.846072][T18037] pgmajfault 0 [ 1956.846072][T18037] workingset_refault 528 [ 1956.846072][T18037] workingset_activate 396 [ 1956.846072][T18037] workingset_nodereclaim 0 [ 1956.846072][T18037] pgrefill 23680 [ 1956.846072][T18037] pgscan 24038 [ 1956.846072][T18037] pgsteal 1363 [ 1956.939527][T18037] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18037,uid=0 [ 1956.955000][T18037] Memory cgroup out of memory: Killed process 18037 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1956.971767][ T1057] oom_reaper: reaped process 18037 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1956.975562][T18027] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1956.993091][T18027] CPU: 0 PID: 18027 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1957.002220][T18027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1957.012723][T18027] Call Trace: [ 1957.016059][T18027] dump_stack+0x172/0x1f0 [ 1957.020397][T18027] dump_header+0x177/0x1152 [ 1957.024894][T18027] ? ___ratelimit+0xf8/0x595 [ 1957.029476][T18027] ? trace_hardirqs_on+0x67/0x240 [ 1957.034503][T18027] ? mark_oom_victim.cold+0x18/0x18 [ 1957.039707][T18027] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1957.045522][T18027] ? ___ratelimit+0x60/0x595 [ 1957.050120][T18027] ? do_raw_spin_unlock+0x57/0x270 [ 1957.055267][T18027] oom_kill_process.cold+0x10/0x15 [ 1957.060409][T18027] out_of_memory+0x79a/0x12c0 [ 1957.065096][T18027] ? lock_downgrade+0x920/0x920 [ 1957.070042][T18027] ? oom_killer_disable+0x280/0x280 [ 1957.075268][T18027] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1957.080829][T18027] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1957.086467][T18027] ? do_raw_spin_unlock+0x57/0x270 [ 1957.091574][T18027] ? _raw_spin_unlock+0x2d/0x50 [ 1957.096431][T18027] try_charge+0xa2d/0x1440 [ 1957.100854][T18027] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1957.106393][T18027] ? percpu_ref_tryget_live+0x111/0x290 [ 1957.111929][T18027] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1957.117651][T18027] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1957.123203][T18027] mem_cgroup_try_charge+0x136/0x590 [ 1957.128483][T18027] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1957.134110][T18027] wp_page_copy+0x421/0x15e0 [ 1957.138709][T18027] ? page_trans_huge_mapcount+0x166/0x450 [ 1957.144682][T18027] ? pmd_pfn+0x1d0/0x1d0 [ 1957.148922][T18027] ? lock_downgrade+0x920/0x920 [ 1957.153775][T18027] ? swp_swapcount+0x540/0x540 [ 1957.158558][T18027] ? __kasan_check_read+0x11/0x20 [ 1957.163583][T18027] ? do_raw_spin_unlock+0x57/0x270 [ 1957.168726][T18027] do_wp_page+0x499/0x14d0 [ 1957.173156][T18027] ? finish_mkwrite_fault+0x570/0x570 [ 1957.178542][T18027] __handle_mm_fault+0x22f7/0x3f20 [ 1957.183829][T18027] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1957.189383][T18027] ? __kasan_check_read+0x11/0x20 [ 1957.194702][T18027] ? trace_hardirqs_on+0x67/0x240 [ 1957.199745][T18027] handle_mm_fault+0x1b5/0x6b0 [ 1957.204651][T18027] __do_page_fault+0x536/0xdd0 [ 1957.209419][T18027] do_page_fault+0x38/0x590 [ 1957.213911][T18027] page_fault+0x39/0x40 [ 1957.218086][T18027] RIP: 0033:0x415003 [ 1957.222078][T18027] Code: e9 4c 89 e2 ff 74 24 48 4c 8b 4c 24 10 89 ee 4c 8b 44 24 18 48 89 df e8 cb f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 48 f7 d8 <64> 89 04 25 d4 ff ff ff 48 83 c8 ff c3 48 81 ec 98 00 00 00 31 ff [ 1957.241803][T18027] RSP: 002b:00007ffd41fb7138 EFLAGS: 00010213 [ 1957.247874][T18027] RAX: 000000000000006e RBX: 00000000000003e8 RCX: 0000000000459829 [ 1957.255857][T18027] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000075bf2c [ 1957.263829][T18027] RBP: 000000000000002d R08: ffffffffffffffff R09: ffffffffffffffff [ 1957.271797][T18027] R10: 00007ffd41fb7210 R11: 0000000000000246 R12: 000000000075bf20 [ 1957.279770][T18027] R13: 00000000001dd8a1 R14: 00000000001dd8ce R15: 000000000075bf2c [ 1957.287978][T18027] memory: usage 306764kB, limit 307200kB, failcnt 103086 [ 1957.295060][T18027] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1957.301912][T18027] Memory cgroup stats for /syz0: [ 1957.301984][T18027] anon 82542592 [ 1957.301984][T18027] file 4096 [ 1957.301984][T18027] kernel_stack 36306944 [ 1957.301984][T18027] slab 45350912 [ 1957.301984][T18027] sock 4096 [ 1957.301984][T18027] shmem 0 [ 1957.301984][T18027] file_mapped 0 [ 1957.301984][T18027] file_dirty 0 [ 1957.301984][T18027] file_writeback 0 [ 1957.301984][T18027] anon_thp 0 [ 1957.301984][T18027] inactive_anon 0 [ 1957.301984][T18027] active_anon 82391040 [ 1957.301984][T18027] inactive_file 32768 [ 1957.301984][T18027] active_file 61440 [ 1957.301984][T18027] unevictable 0 [ 1957.301984][T18027] slab_reclaimable 5812224 [ 1957.301984][T18027] slab_unreclaimable 39538688 [ 1957.301984][T18027] pgfault 156618 [ 1957.301984][T18027] pgmajfault 0 [ 1957.301984][T18027] workingset_refault 528 [ 1957.301984][T18027] workingset_activate 396 [ 1957.301984][T18027] workingset_nodereclaim 0 [ 1957.301984][T18027] pgrefill 23680 [ 1957.301984][T18027] pgscan 24038 [ 1957.301984][T18027] pgsteal 1363 [ 1957.395491][T18027] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=17110,uid=0 04:20:31 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x200000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:31 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000548000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:31 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xe00) 04:20:31 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4008ae89, 0x0) 04:20:31 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed259dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:31 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100), 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1957.411114][T18027] Memory cgroup out of memory: Killed process 17110 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1957.427231][T18034] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1957.429204][ T1057] oom_reaper: reaped process 17110 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1957.485759][ T26] audit: type=1400 audit(1564374031.269:1311): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED259DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=18044 comm="syz-executor.1" 04:20:31 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc006c0548000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:31 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd59e8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:31 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4008ae90, 0x0) [ 1957.627970][T18055] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1957.693843][ T26] audit: type=1400 audit(1564374031.469:1312): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD59E8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=18061 comm="syz-executor.1" [ 1957.700680][T18081] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:31 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd5de8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:31 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xf00) 04:20:31 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000648000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1957.868305][ T26] audit: type=1400 audit(1564374031.649:1313): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD5DE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B01 pid=18175 comm="syz-executor.1" 04:20:31 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4010ae67, 0x0) 04:20:31 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x1000000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:31 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2586c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:31 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000948000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:31 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4020940d, 0x0) [ 1958.093548][ T26] audit: type=1400 audit(1564374031.869:1314): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2586C675750D4C2E9AF281FA937D1B01 pid=18268 comm="syz-executor.1" [ 1958.146974][T18249] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1958.165223][T18249] CPU: 1 PID: 18249 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1958.174394][T18249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1958.184456][T18249] Call Trace: [ 1958.187759][T18249] dump_stack+0x172/0x1f0 [ 1958.192149][T18249] dump_header+0x177/0x1152 [ 1958.196774][T18249] ? ___ratelimit+0xf8/0x595 [ 1958.201386][T18249] ? trace_hardirqs_on+0x67/0x240 [ 1958.206431][T18249] ? mark_oom_victim.cold+0x18/0x18 [ 1958.211653][T18249] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1958.217572][T18249] ? ___ratelimit+0x60/0x595 [ 1958.222173][T18249] ? do_raw_spin_unlock+0x57/0x270 [ 1958.227302][T18249] oom_kill_process.cold+0x10/0x15 [ 1958.232432][T18249] out_of_memory+0x79a/0x12c0 [ 1958.237120][T18249] ? lock_downgrade+0x920/0x920 [ 1958.241985][T18249] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1958.248230][T18249] ? oom_killer_disable+0x280/0x280 [ 1958.253445][T18249] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1958.259006][T18249] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1958.259024][T18249] ? do_raw_spin_unlock+0x57/0x270 [ 1958.259049][T18249] ? _raw_spin_unlock+0x2d/0x50 [ 1958.259063][T18249] try_charge+0xf4b/0x1440 [ 1958.259081][T18249] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1958.259095][T18249] ? percpu_ref_tryget_live+0x111/0x290 [ 1958.259114][T18249] ? get_mem_cgroup_from_mm+0x16/0x320 04:20:32 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:20:32 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2f86c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:32 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4020ae46, 0x0) 04:20:32 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000a48000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1958.295745][T18249] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1958.301310][T18249] mem_cgroup_try_charge+0x136/0x590 [ 1958.306707][T18249] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1958.312355][T18249] wp_page_copy+0x421/0x15e0 [ 1958.316983][T18249] ? page_trans_huge_mapcount+0x166/0x450 [ 1958.322717][T18249] ? pmd_pfn+0x1d0/0x1d0 [ 1958.326984][T18249] ? lock_downgrade+0x920/0x920 [ 1958.331849][T18249] ? swp_swapcount+0x540/0x540 [ 1958.336625][T18249] ? psi_memstall_leave+0x12e/0x180 [ 1958.341846][T18249] ? __kasan_check_read+0x11/0x20 [ 1958.346879][T18249] ? do_raw_spin_unlock+0x57/0x270 [ 1958.352003][T18249] do_wp_page+0x499/0x14d0 [ 1958.356428][T18249] ? finish_mkwrite_fault+0x570/0x570 [ 1958.356448][T18249] __handle_mm_fault+0x22f7/0x3f20 [ 1958.356466][T18249] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1958.356479][T18249] ? __kasan_check_read+0x11/0x20 [ 1958.356502][T18249] ? trace_hardirqs_on+0x67/0x240 [ 1958.382540][T18249] handle_mm_fault+0x1b5/0x6b0 [ 1958.387318][T18249] __do_page_fault+0x536/0xdd0 [ 1958.392102][T18249] do_page_fault+0x38/0x590 [ 1958.396617][T18249] page_fault+0x39/0x40 [ 1958.400770][T18249] RIP: 0033:0x432ff8 [ 1958.404674][T18249] Code: 00 0f 85 1f ff ff ff 49 c7 40 38 00 00 00 00 49 c7 40 40 00 00 00 00 e9 0a ff ff ff 66 0f 1f 44 00 00 48 89 ee bf 40 56 71 00 43 cd ff ff 48 85 c0 49 89 c0 0f 85 7b fe ff ff 0f 1f 80 00 00 [ 1958.409681][ T26] audit: type=1400 audit(1564374031.949:1315): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2F86C675750D4C2E9AF281FA937D1B01 pid=18310 comm="syz-executor.1" [ 1958.424301][T18249] RSP: 002b:00007ffd41fb7000 EFLAGS: 00010246 [ 1958.424313][T18249] RAX: 0000000000000000 RBX: 0000000000715640 RCX: 000000000045987a [ 1958.424320][T18249] RDX: 0000000000000011 RSI: 0000000000000110 RDI: 0000000000715640 [ 1958.424326][T18249] RBP: 0000000000000110 R08: ffffffffffffffff R09: 0000000000000000 [ 1958.424333][T18249] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000205b0 04:20:32 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x14ff) 04:20:32 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000b48000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1958.424340][T18249] R13: 000055555710fa50 R14: 0000000000000001 R15: 000000000075bfd4 [ 1958.496497][T18249] memory: usage 307200kB, limit 307200kB, failcnt 103138 [ 1958.509030][T18249] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 04:20:32 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc5986c675750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1958.585434][T18249] Memory cgroup stats for /syz0: [ 1958.585716][T18249] anon 82542592 [ 1958.585716][T18249] file 4096 [ 1958.585716][T18249] kernel_stack 36306944 [ 1958.585716][T18249] slab 45350912 [ 1958.585716][T18249] sock 4096 [ 1958.585716][T18249] shmem 0 [ 1958.585716][T18249] file_mapped 0 [ 1958.585716][T18249] file_dirty 0 [ 1958.585716][T18249] file_writeback 0 [ 1958.585716][T18249] anon_thp 0 [ 1958.585716][T18249] inactive_anon 0 [ 1958.585716][T18249] active_anon 82391040 [ 1958.585716][T18249] inactive_file 32768 [ 1958.585716][T18249] active_file 61440 [ 1958.585716][T18249] unevictable 0 [ 1958.585716][T18249] slab_reclaimable 5812224 [ 1958.585716][T18249] slab_unreclaimable 39538688 [ 1958.585716][T18249] pgfault 156750 [ 1958.585716][T18249] pgmajfault 0 [ 1958.585716][T18249] workingset_refault 528 [ 1958.585716][T18249] workingset_activate 396 [ 1958.585716][T18249] workingset_nodereclaim 0 [ 1958.585716][T18249] pgrefill 23746 [ 1958.585716][T18249] pgscan 24137 [ 1958.585716][T18249] pgsteal 1363 04:20:32 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c622750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1958.670700][ T26] audit: type=1400 audit(1564374032.369:1316): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC5986C675750D4C2E9AF281FA937D1B01 pid=18419 comm="syz-executor.1" [ 1958.712035][T18249] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18060,uid=0 [ 1958.735010][T18249] Memory cgroup out of memory: Killed process 18060 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1958.837745][ T26] audit: type=1400 audit(1564374032.549:1317): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C622750D4C2E9AF281FA937D1B01 pid=18431 comm="syz-executor.1" [ 1958.837957][T18257] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1958.913241][T18257] CPU: 0 PID: 18257 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1958.922418][T18257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1958.932480][T18257] Call Trace: [ 1958.935790][T18257] dump_stack+0x172/0x1f0 [ 1958.940143][T18257] dump_header+0x177/0x1152 [ 1958.944656][T18257] ? ___ratelimit+0xf8/0x595 [ 1958.949265][T18257] ? trace_hardirqs_on+0x67/0x240 [ 1958.954323][T18257] ? mark_oom_victim.cold+0x18/0x18 [ 1958.959540][T18257] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1958.966213][T18257] ? ___ratelimit+0x60/0x595 [ 1958.970806][T18257] ? do_raw_spin_unlock+0x57/0x270 [ 1958.975969][T18257] oom_kill_process.cold+0x10/0x15 [ 1958.981098][T18257] out_of_memory+0x79a/0x12c0 [ 1958.985881][T18257] ? lock_downgrade+0x920/0x920 [ 1958.990747][T18257] ? oom_killer_disable+0x280/0x280 [ 1958.996497][T18257] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1959.002064][T18257] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1959.007724][T18257] ? do_raw_spin_unlock+0x57/0x270 [ 1959.012856][T18257] ? _raw_spin_unlock+0x2d/0x50 [ 1959.017725][T18257] try_charge+0xa2d/0x1440 [ 1959.022159][T18257] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1959.027723][T18257] ? percpu_ref_tryget_live+0x111/0x290 [ 1959.033277][T18257] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1959.038760][T18257] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1959.044324][T18257] mem_cgroup_try_charge+0x136/0x590 [ 1959.049626][T18257] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1959.055281][T18257] wp_page_copy+0x421/0x15e0 [ 1959.059886][T18257] ? page_trans_huge_mapcount+0x166/0x450 [ 1959.065626][T18257] ? pmd_pfn+0x1d0/0x1d0 [ 1959.069890][T18257] ? lock_downgrade+0x920/0x920 [ 1959.074760][T18257] ? swp_swapcount+0x540/0x540 [ 1959.079544][T18257] ? __kasan_check_read+0x11/0x20 [ 1959.084589][T18257] ? do_raw_spin_unlock+0x57/0x270 [ 1959.089714][T18257] do_wp_page+0x499/0x14d0 [ 1959.094149][T18257] ? finish_mkwrite_fault+0x570/0x570 [ 1959.099542][T18257] __handle_mm_fault+0x22f7/0x3f20 [ 1959.104681][T18257] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1959.110247][T18257] ? __kasan_check_read+0x11/0x20 [ 1959.115474][T18257] ? trace_hardirqs_on+0x67/0x240 [ 1959.120543][T18257] handle_mm_fault+0x1b5/0x6b0 [ 1959.125331][T18257] __do_page_fault+0x536/0xdd0 [ 1959.130118][T18257] do_page_fault+0x38/0x590 [ 1959.134638][T18257] page_fault+0x39/0x40 [ 1959.138802][T18257] RIP: 0033:0x404f08 [ 1959.142705][T18257] Code: 85 02 00 00 80 3d 8f b5 66 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 7c b5 66 00 39 45 24 0f 84 e7 01 00 00 44 8b a5 80 00 00 00 b3 d5 ff ff 48 2b 05 fc 30 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 1959.162328][T18257] RSP: 002b:00007f3576419c90 EFLAGS: 00010246 [ 1959.168409][T18257] RAX: 00007f357841b000 RBX: 0000000000001ede RCX: 0000000000459829 [ 1959.176480][T18257] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 [ 1959.184551][T18257] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1959.192548][T18257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1959.200537][T18257] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1959.211005][T18257] memory: usage 307092kB, limit 307200kB, failcnt 103138 [ 1959.218602][T18257] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1959.226614][T18257] Memory cgroup stats for /syz0: [ 1959.226815][T18257] anon 82542592 [ 1959.226815][T18257] file 4096 [ 1959.226815][T18257] kernel_stack 36306944 [ 1959.226815][T18257] slab 45350912 [ 1959.226815][T18257] sock 4096 [ 1959.226815][T18257] shmem 0 [ 1959.226815][T18257] file_mapped 0 [ 1959.226815][T18257] file_dirty 0 [ 1959.226815][T18257] file_writeback 0 [ 1959.226815][T18257] anon_thp 0 [ 1959.226815][T18257] inactive_anon 0 [ 1959.226815][T18257] active_anon 82391040 [ 1959.226815][T18257] inactive_file 32768 [ 1959.226815][T18257] active_file 61440 [ 1959.226815][T18257] unevictable 0 [ 1959.226815][T18257] slab_reclaimable 5812224 [ 1959.226815][T18257] slab_unreclaimable 39538688 [ 1959.226815][T18257] pgfault 156783 [ 1959.226815][T18257] pgmajfault 0 [ 1959.226815][T18257] workingset_refault 528 [ 1959.226815][T18257] workingset_activate 396 [ 1959.226815][T18257] workingset_nodereclaim 0 [ 1959.226815][T18257] pgrefill 23746 [ 1959.226815][T18257] pgscan 24137 [ 1959.226815][T18257] pgsteal 1363 [ 1959.321685][T18257] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=16570,uid=0 [ 1959.341687][T18257] Memory cgroup out of memory: Killed process 16570 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1959.362784][T18303] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1959.375647][T18303] CPU: 0 PID: 18303 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1959.384083][T18257] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1959.384766][T18303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1959.384772][T18303] Call Trace: [ 1959.384794][T18303] dump_stack+0x172/0x1f0 [ 1959.384812][T18303] dump_header+0x177/0x1152 [ 1959.384827][T18303] ? ___ratelimit+0xf8/0x595 [ 1959.384842][T18303] ? trace_hardirqs_on+0x67/0x240 [ 1959.384857][T18303] ? mark_oom_victim.cold+0x18/0x18 [ 1959.384872][T18303] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1959.384896][T18303] ? ___ratelimit+0x60/0x595 [ 1959.440665][T18303] ? do_raw_spin_unlock+0x57/0x270 [ 1959.445771][T18303] oom_kill_process.cold+0x10/0x15 [ 1959.450897][T18303] out_of_memory+0x79a/0x12c0 [ 1959.455581][T18303] ? lock_downgrade+0x920/0x920 [ 1959.460475][T18303] ? oom_killer_disable+0x280/0x280 [ 1959.465781][T18303] ? __kasan_check_read+0x11/0x20 [ 1959.470802][T18303] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1959.476346][T18303] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1959.481975][T18303] ? do_raw_spin_unlock+0x57/0x270 [ 1959.487072][T18303] ? _raw_spin_unlock+0x2d/0x50 [ 1959.491905][T18303] try_charge+0xa2d/0x1440 [ 1959.496329][T18303] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1959.501874][T18303] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1959.507404][T18303] ? __kasan_check_read+0x11/0x20 [ 1959.512443][T18303] ? lock_downgrade+0x920/0x920 [ 1959.517295][T18303] ? percpu_ref_tryget_live+0x111/0x290 [ 1959.522871][T18303] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1959.528323][T18303] ? memcg_kmem_put_cache+0x50/0x50 [ 1959.533511][T18303] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1959.539241][T18303] __memcg_kmem_charge+0x13a/0x3a0 [ 1959.544346][T18303] __alloc_pages_nodemask+0x4f4/0x900 [ 1959.549738][T18303] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1959.555467][T18303] ? record_times+0x1e/0x2b0 [ 1959.560054][T18303] ? lock_downgrade+0x920/0x920 [ 1959.565002][T18303] ? rwlock_bug.part.0+0x90/0x90 [ 1959.569938][T18303] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1959.576377][T18303] ? debug_smp_processor_id+0x3c/0x214 [ 1959.581834][T18303] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1959.588082][T18303] alloc_pages_current+0x107/0x210 [ 1959.593181][T18303] pte_alloc_one+0x1b/0x1a0 [ 1959.597689][T18303] __handle_mm_fault+0x34dd/0x3f20 [ 1959.602800][T18303] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1959.608338][T18303] ? __kasan_check_read+0x11/0x20 [ 1959.613380][T18303] ? trace_hardirqs_on+0x67/0x240 [ 1959.618398][T18303] handle_mm_fault+0x1b5/0x6b0 [ 1959.623155][T18303] __do_page_fault+0x536/0xdd0 [ 1959.627904][T18303] ? page_fault+0x16/0x40 [ 1959.632243][T18303] do_page_fault+0x38/0x590 [ 1959.636749][T18303] page_fault+0x39/0x40 [ 1959.640894][T18303] RIP: 0033:0x459829 [ 1959.644796][T18303] Code: Bad RIP value. [ 1959.648878][T18303] RSP: 002b:00007f3576419c78 EFLAGS: 00010246 [ 1959.655035][T18303] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000459829 04:20:33 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x2000000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:33 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x2000) 04:20:33 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40304580, 0x0) 04:20:33 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000c48000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:33 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c623750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:33 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1959.663007][T18303] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1959.670970][T18303] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1959.678929][T18303] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1959.686974][T18303] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1959.705542][T18303] memory: usage 306924kB, limit 307200kB, failcnt 103140 [ 1959.774660][T18303] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1959.816562][T18303] Memory cgroup stats for /syz0: [ 1959.816680][T18303] anon 82542592 [ 1959.816680][T18303] file 4096 [ 1959.816680][T18303] kernel_stack 36306944 [ 1959.816680][T18303] slab 45350912 [ 1959.816680][T18303] sock 4096 [ 1959.816680][T18303] shmem 0 [ 1959.816680][T18303] file_mapped 0 [ 1959.816680][T18303] file_dirty 0 [ 1959.816680][T18303] file_writeback 0 [ 1959.816680][T18303] anon_thp 0 [ 1959.816680][T18303] inactive_anon 0 [ 1959.816680][T18303] active_anon 82391040 [ 1959.816680][T18303] inactive_file 32768 04:20:33 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000e48000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:33 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40345410, 0x0) 04:20:33 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c625750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1959.816680][T18303] active_file 61440 [ 1959.816680][T18303] unevictable 0 [ 1959.816680][T18303] slab_reclaimable 5812224 [ 1959.816680][T18303] slab_unreclaimable 39538688 [ 1959.816680][T18303] pgfault 156816 [ 1959.816680][T18303] pgmajfault 0 [ 1959.816680][T18303] workingset_refault 528 [ 1959.816680][T18303] workingset_activate 396 [ 1959.816680][T18303] workingset_nodereclaim 0 [ 1959.816680][T18303] pgrefill 23746 [ 1959.816680][T18303] pgscan 24137 [ 1959.816680][T18303] pgsteal 1363 04:20:33 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x2c01) [ 1959.956838][T18303] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3595,uid=0 04:20:33 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c62a750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:33 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000f48000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1960.029292][T18303] Memory cgroup out of memory: Killed process 3595 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1960.299586][T18704] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1960.339838][T18700] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1960.353465][T18700] CPU: 1 PID: 18700 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1960.362595][T18700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1960.372664][T18700] Call Trace: [ 1960.375972][T18700] dump_stack+0x172/0x1f0 [ 1960.380319][T18700] dump_header+0x177/0x1152 [ 1960.384841][T18700] ? ___ratelimit+0xf8/0x595 [ 1960.389449][T18700] ? trace_hardirqs_on+0x67/0x240 [ 1960.394499][T18700] ? mark_oom_victim.cold+0x18/0x18 [ 1960.399721][T18700] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1960.405639][T18700] ? ___ratelimit+0x60/0x595 [ 1960.410244][T18700] ? do_raw_spin_unlock+0x57/0x270 [ 1960.415382][T18700] oom_kill_process.cold+0x10/0x15 [ 1960.420510][T18700] out_of_memory+0x79a/0x12c0 [ 1960.425216][T18700] ? lock_downgrade+0x920/0x920 [ 1960.430087][T18700] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1960.436348][T18700] ? oom_killer_disable+0x280/0x280 [ 1960.441593][T18700] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1960.447247][T18700] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1960.452912][T18700] ? do_raw_spin_unlock+0x57/0x270 [ 1960.458050][T18700] ? _raw_spin_unlock+0x2d/0x50 [ 1960.462924][T18700] try_charge+0xf4b/0x1440 [ 1960.467366][T18700] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1960.472939][T18700] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1960.478502][T18700] ? __kasan_check_read+0x11/0x20 [ 1960.483553][T18700] ? lock_downgrade+0x920/0x920 [ 1960.488533][T18700] ? percpu_ref_tryget_live+0x111/0x290 [ 1960.494101][T18700] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1960.499589][T18700] ? memcg_kmem_put_cache+0x50/0x50 [ 1960.504809][T18700] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1960.510371][T18700] __memcg_kmem_charge+0x13a/0x3a0 [ 1960.515514][T18700] __alloc_pages_nodemask+0x4f4/0x900 [ 1960.520901][T18700] ? __lockdep_free_key_range+0x120/0x120 [ 1960.526642][T18700] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1960.532385][T18700] ? __pte_alloc+0x1b5/0x310 [ 1960.536992][T18700] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1960.543255][T18700] ? copy_page_range+0x10c2/0x2120 [ 1960.548382][T18700] ? __kasan_check_read+0x11/0x20 [ 1960.553423][T18700] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1960.559678][T18700] alloc_pages_current+0x107/0x210 [ 1960.564817][T18700] pte_alloc_one+0x1b/0x1a0 [ 1960.569342][T18700] __pte_alloc+0x20/0x310 [ 1960.573711][T18700] copy_page_range+0x1610/0x2120 [ 1960.578666][T18700] ? perf_trace_lock+0xeb/0x4c0 [ 1960.583649][T18700] ? __pmd_alloc+0x460/0x460 [ 1960.588256][T18700] ? lock_downgrade+0x920/0x920 [ 1960.593119][T18700] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1960.598863][T18700] ? vma_compute_subtree_gap+0x158/0x230 [ 1960.604507][T18700] ? validate_mm_rb+0xa3/0xc0 [ 1960.609218][T18700] ? __vma_link_rb+0x275/0x370 [ 1960.614011][T18700] ? __kasan_check_write+0x14/0x20 [ 1960.619234][T18700] dup_mm+0xa67/0x1430 [ 1960.623374][T18700] ? vm_area_dup+0x170/0x170 [ 1960.627981][T18700] ? debug_mutex_init+0x2d/0x5a [ 1960.632850][T18700] copy_process+0x28b7/0x6b00 [ 1960.637545][T18700] ? perf_trace_lock+0xeb/0x4c0 [ 1960.642428][T18700] ? __cleanup_sighand+0x60/0x60 [ 1960.647408][T18700] _do_fork+0x146/0xfa0 [ 1960.651586][T18700] ? copy_init_mm+0x20/0x20 [ 1960.656106][T18700] ? __kasan_check_read+0x11/0x20 [ 1960.661143][T18700] ? _copy_to_user+0x118/0x160 [ 1960.665940][T18700] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1960.672208][T18700] ? put_timespec64+0xda/0x140 [ 1960.676993][T18700] __x64_sys_clone+0x18d/0x250 [ 1960.681773][T18700] ? __ia32_sys_vfork+0xc0/0xc0 [ 1960.686652][T18700] ? trace_hardirqs_off_caller+0x65/0x230 [ 1960.692389][T18700] ? trace_hardirqs_on+0x67/0x240 [ 1960.697432][T18700] do_syscall_64+0xfa/0x760 [ 1960.701953][T18700] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1960.707860][T18700] RIP: 0033:0x459829 [ 1960.711767][T18700] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1960.731392][T18700] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1960.739833][T18700] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1960.747826][T18700] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1960.755819][T18700] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1960.763824][T18700] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1960.771820][T18700] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1960.790617][T18700] memory: usage 307200kB, limit 307200kB, failcnt 103182 [ 1960.798178][T18700] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1960.805913][T18700] Memory cgroup stats for /syz0: [ 1960.806030][T18700] anon 82542592 [ 1960.806030][T18700] file 4096 [ 1960.806030][T18700] kernel_stack 36372480 [ 1960.806030][T18700] slab 45350912 [ 1960.806030][T18700] sock 4096 [ 1960.806030][T18700] shmem 0 [ 1960.806030][T18700] file_mapped 0 [ 1960.806030][T18700] file_dirty 0 [ 1960.806030][T18700] file_writeback 0 [ 1960.806030][T18700] anon_thp 0 [ 1960.806030][T18700] inactive_anon 0 [ 1960.806030][T18700] active_anon 82391040 [ 1960.806030][T18700] inactive_file 32768 [ 1960.806030][T18700] active_file 61440 [ 1960.806030][T18700] unevictable 0 [ 1960.806030][T18700] slab_reclaimable 5812224 [ 1960.806030][T18700] slab_unreclaimable 39538688 [ 1960.806030][T18700] pgfault 156915 [ 1960.806030][T18700] pgmajfault 0 [ 1960.806030][T18700] workingset_refault 528 [ 1960.806030][T18700] workingset_activate 396 [ 1960.806030][T18700] workingset_nodereclaim 0 [ 1960.806030][T18700] pgrefill 23746 [ 1960.806030][T18700] pgscan 24137 [ 1960.806030][T18700] pgsteal 1363 [ 1960.902403][T18700] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18438,uid=0 [ 1960.921272][T18700] Memory cgroup out of memory: Killed process 18438 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 04:20:34 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x6000000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:34 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4038564f, 0x0) 04:20:34 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c62b750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:34 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x3f00) 04:20:34 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00001148000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:34 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1960.953275][T18704] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:34 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00001248000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1961.036587][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 1961.036605][ T26] audit: type=1400 audit(1564374034.819:1321): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C62B750D4C2E9AF281FA937D1B01 pid=18718 comm="syz-executor.1" 04:20:34 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4038ae7a, 0x0) 04:20:34 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c62d750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:35 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00001348000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1961.250374][T18722] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1961.311744][T18722] CPU: 1 PID: 18722 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1961.320919][T18722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1961.331116][T18722] Call Trace: [ 1961.334416][T18722] dump_stack+0x172/0x1f0 04:20:35 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x4000) [ 1961.335148][ T26] audit: type=1400 audit(1564374035.089:1322): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C62D750D4C2E9AF281FA937D1B01 pid=18834 comm="syz-executor.1" [ 1961.338755][T18722] dump_header+0x177/0x1152 [ 1961.338773][T18722] ? ___ratelimit+0xf8/0x595 [ 1961.338794][T18722] ? trace_hardirqs_on+0x67/0x240 [ 1961.386397][T18722] ? mark_oom_victim.cold+0x18/0x18 [ 1961.391604][T18722] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1961.397416][T18722] ? ___ratelimit+0x60/0x595 [ 1961.402015][T18722] ? do_raw_spin_unlock+0x57/0x270 [ 1961.407140][T18722] oom_kill_process.cold+0x10/0x15 04:20:35 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c62e750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1961.407157][T18722] out_of_memory+0x79a/0x12c0 [ 1961.407173][T18722] ? lock_downgrade+0x920/0x920 [ 1961.407196][T18722] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1961.417071][T18722] ? oom_killer_disable+0x280/0x280 [ 1961.417095][T18722] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1961.417110][T18722] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1961.417128][T18722] ? do_raw_spin_unlock+0x57/0x270 [ 1961.417151][T18722] ? _raw_spin_unlock+0x2d/0x50 [ 1961.454554][T18722] try_charge+0xf4b/0x1440 [ 1961.458988][T18722] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1961.464552][T18722] ? percpu_ref_tryget_live+0x111/0x290 [ 1961.470115][T18722] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1961.475591][T18722] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1961.481162][T18722] mem_cgroup_try_charge+0x136/0x590 [ 1961.486465][T18722] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1961.491502][ T26] audit: type=1400 audit(1564374035.089:1323): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C62E750D4C2E9AF281FA937D1B01 pid=18851 comm="syz-executor.1" [ 1961.492105][T18722] wp_page_copy+0x421/0x15e0 [ 1961.492123][T18722] ? lock_downgrade+0x920/0x920 [ 1961.492143][T18722] ? pmd_pfn+0x1d0/0x1d0 [ 1961.539243][T18722] ? lock_downgrade+0x920/0x920 [ 1961.544105][T18722] ? vm_normal_page+0x15d/0x3c0 [ 1961.548971][T18722] ? __pte_alloc_kernel+0x210/0x210 [ 1961.554215][T18722] ? psi_memstall_leave+0x12e/0x180 [ 1961.559426][T18722] ? __kasan_check_read+0x11/0x20 [ 1961.564519][T18722] ? do_raw_spin_unlock+0x57/0x270 [ 1961.569637][T18722] do_wp_page+0x499/0x14d0 [ 1961.574058][T18722] ? do_raw_spin_lock+0x12a/0x2e0 [ 1961.579089][T18722] ? rwlock_bug.part.0+0x90/0x90 [ 1961.584046][T18722] ? finish_mkwrite_fault+0x570/0x570 [ 1961.589430][T18722] ? add_mm_counter_fast.part.0+0x40/0x40 [ 1961.595175][T18722] __handle_mm_fault+0x22f7/0x3f20 [ 1961.600316][T18722] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1961.605874][T18722] ? __kasan_check_read+0x11/0x20 [ 1961.605900][T18722] ? trace_hardirqs_on+0x67/0x240 [ 1961.605920][T18722] handle_mm_fault+0x1b5/0x6b0 [ 1961.620820][T18722] __do_page_fault+0x536/0xdd0 [ 1961.620843][T18722] do_page_fault+0x38/0x590 [ 1961.620866][T18722] page_fault+0x39/0x40 [ 1961.634351][T18722] RIP: 0033:0x40e9c8 [ 1961.638255][T18722] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 35 ee 4b 00 31 c0 e8 63 33 ff ff 31 ff e8 ac 2f ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 9e 1a 66 00 [ 1961.657887][T18722] RSP: 002b:00007ffd41fb7070 EFLAGS: 00010246 [ 1961.663955][T18722] RAX: 000000000c41f0e3 RBX: 0000000061aba6ee RCX: 0000001b33220000 [ 1961.671934][T18722] RDX: 0000000000000000 RSI: 00000000000010e3 RDI: ffffffff0c41f0e3 [ 1961.679916][T18722] RBP: 0000000000000006 R08: 000000000c41f0e3 R09: 000000000c41f0e7 [ 1961.687892][T18722] R10: 00007ffd41fb7210 R11: 0000000000000246 R12: 000000000075bfa8 [ 1961.695879][T18722] R13: 0000000080000000 R14: 00007f357841b008 R15: 0000000000000006 [ 1961.719750][T18722] memory: usage 307168kB, limit 307200kB, failcnt 103228 [ 1961.729995][T18722] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1961.738042][T18722] Memory cgroup stats for /syz0: [ 1961.738159][T18722] anon 82677760 [ 1961.738159][T18722] file 4096 [ 1961.738159][T18722] kernel_stack 36306944 [ 1961.738159][T18722] slab 45350912 [ 1961.738159][T18722] sock 4096 [ 1961.738159][T18722] shmem 0 [ 1961.738159][T18722] file_mapped 0 [ 1961.738159][T18722] file_dirty 0 [ 1961.738159][T18722] file_writeback 0 [ 1961.738159][T18722] anon_thp 0 [ 1961.738159][T18722] inactive_anon 0 [ 1961.738159][T18722] active_anon 82526208 [ 1961.738159][T18722] inactive_file 32768 [ 1961.738159][T18722] active_file 61440 [ 1961.738159][T18722] unevictable 0 [ 1961.738159][T18722] slab_reclaimable 5812224 [ 1961.738159][T18722] slab_unreclaimable 39538688 [ 1961.738159][T18722] pgfault 156948 [ 1961.738159][T18722] pgmajfault 0 [ 1961.738159][T18722] workingset_refault 528 [ 1961.738159][T18722] workingset_activate 396 [ 1961.738159][T18722] workingset_nodereclaim 0 [ 1961.738159][T18722] pgrefill 23746 [ 1961.738159][T18722] pgscan 24137 [ 1961.738159][T18722] pgsteal 1363 [ 1961.869605][T18722] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18706,uid=0 [ 1961.886005][T18722] Memory cgroup out of memory: Killed process 18706 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1961.922623][T18724] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1961.947522][T18724] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1961.957984][T18724] CPU: 1 PID: 18724 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1961.967503][T18724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1961.977571][T18724] Call Trace: [ 1961.980871][T18724] dump_stack+0x172/0x1f0 [ 1961.985231][T18724] dump_header+0x177/0x1152 [ 1961.989834][T18724] ? ___ratelimit+0xf8/0x595 [ 1961.994426][T18724] ? trace_hardirqs_on+0x67/0x240 [ 1961.999463][T18724] ? mark_oom_victim.cold+0x18/0x18 [ 1962.004853][T18724] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1962.010668][T18724] ? ___ratelimit+0x60/0x595 [ 1962.015263][T18724] ? do_raw_spin_unlock+0x57/0x270 [ 1962.020404][T18724] oom_kill_process.cold+0x10/0x15 [ 1962.025540][T18724] out_of_memory+0x79a/0x12c0 [ 1962.030245][T18724] ? lock_downgrade+0x920/0x920 [ 1962.035108][T18724] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1962.041363][T18724] ? oom_killer_disable+0x280/0x280 [ 1962.046558][T18724] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1962.052101][T18724] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1962.057758][T18724] ? do_raw_spin_unlock+0x57/0x270 [ 1962.062861][T18724] ? _raw_spin_unlock+0x2d/0x50 [ 1962.067789][T18724] try_charge+0xf4b/0x1440 [ 1962.072214][T18724] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1962.077771][T18724] ? percpu_ref_tryget_live+0x111/0x290 [ 1962.083408][T18724] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1962.088866][T18724] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1962.094420][T18724] mem_cgroup_try_charge+0x136/0x590 [ 1962.099725][T18724] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1962.105373][T18724] wp_page_copy+0x421/0x15e0 [ 1962.109965][T18724] ? page_trans_huge_mapcount+0x166/0x450 [ 1962.115690][T18724] ? pmd_pfn+0x1d0/0x1d0 [ 1962.119922][T18724] ? lock_downgrade+0x920/0x920 [ 1962.124825][T18724] ? swp_swapcount+0x540/0x540 [ 1962.129625][T18724] ? psi_memstall_leave+0x12e/0x180 [ 1962.134849][T18724] ? __kasan_check_read+0x11/0x20 [ 1962.139885][T18724] ? do_raw_spin_unlock+0x57/0x270 [ 1962.145031][T18724] do_wp_page+0x499/0x14d0 [ 1962.149485][T18724] ? finish_mkwrite_fault+0x570/0x570 [ 1962.154853][T18724] __handle_mm_fault+0x22f7/0x3f20 [ 1962.159995][T18724] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1962.165538][T18724] ? __kasan_check_read+0x11/0x20 [ 1962.170557][T18724] ? trace_hardirqs_on+0x67/0x240 [ 1962.175574][T18724] handle_mm_fault+0x1b5/0x6b0 [ 1962.180333][T18724] __do_page_fault+0x536/0xdd0 [ 1962.185102][T18724] do_page_fault+0x38/0x590 [ 1962.189591][T18724] page_fault+0x39/0x40 [ 1962.193727][T18724] RIP: 0033:0x404f08 [ 1962.197605][T18724] Code: 85 02 00 00 80 3d 8f b5 66 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 7c b5 66 00 39 45 24 0f 84 e7 01 00 00 44 8b a5 80 00 00 00 b3 d5 ff ff 48 2b 05 fc 30 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 1962.217199][T18724] RSP: 002b:00007f3576419c90 EFLAGS: 00010246 [ 1962.223255][T18724] RAX: 00007f357841b000 RBX: 0000000000001ee9 RCX: 0000000000459829 [ 1962.231240][T18724] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 [ 1962.239214][T18724] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1962.247280][T18724] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1962.255242][T18724] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1962.266221][T18724] memory: usage 307092kB, limit 307200kB, failcnt 103263 [ 1962.273278][T18724] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1962.280207][T18724] Memory cgroup stats for /syz0: [ 1962.280326][T18724] anon 82677760 [ 1962.280326][T18724] file 4096 [ 1962.280326][T18724] kernel_stack 36306944 [ 1962.280326][T18724] slab 45350912 [ 1962.280326][T18724] sock 4096 [ 1962.280326][T18724] shmem 0 [ 1962.280326][T18724] file_mapped 0 [ 1962.280326][T18724] file_dirty 0 [ 1962.280326][T18724] file_writeback 0 [ 1962.280326][T18724] anon_thp 0 [ 1962.280326][T18724] inactive_anon 0 [ 1962.280326][T18724] active_anon 82526208 [ 1962.280326][T18724] inactive_file 32768 [ 1962.280326][T18724] active_file 61440 [ 1962.280326][T18724] unevictable 0 [ 1962.280326][T18724] slab_reclaimable 5812224 [ 1962.280326][T18724] slab_unreclaimable 39538688 [ 1962.280326][T18724] pgfault 156981 [ 1962.280326][T18724] pgmajfault 0 [ 1962.280326][T18724] workingset_refault 528 [ 1962.280326][T18724] workingset_activate 396 [ 1962.280326][T18724] workingset_nodereclaim 0 [ 1962.280326][T18724] pgrefill 23746 [ 1962.280326][T18724] pgscan 24137 [ 1962.280326][T18724] pgsteal 1363 [ 1962.374174][T18724] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=18966,uid=0 [ 1962.389918][T18724] Memory cgroup out of memory: Killed process 18966 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1962.405976][ T1057] oom_reaper: reaped process 18966 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 04:20:36 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x7fffffe, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:36 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c630750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:36 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x40505412, 0x0) 04:20:36 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x4401) 04:20:36 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00001448000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:36 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1962.418401][T18724] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:36 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00003f48000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1962.503963][ T26] audit: type=1400 audit(1564374036.279:1324): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C630750D4C2E9AF281FA937D1B01 pid=18972 comm="syz-executor.1" 04:20:36 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4090ae82, 0x0) 04:20:36 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c658750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:36 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00004048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1962.700751][ T26] audit: type=1400 audit(1564374036.469:1325): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C658750D4C2E9AF281FA937D1B01 pid=18994 comm="syz-executor.1" 04:20:36 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x4c01) 04:20:36 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c663750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1962.785965][T19009] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1962.849766][T19009] CPU: 1 PID: 19009 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1962.859007][T19009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1962.869073][T19009] Call Trace: [ 1962.872375][T19009] dump_stack+0x172/0x1f0 [ 1962.876712][T19009] dump_header+0x177/0x1152 [ 1962.876728][T19009] ? ___ratelimit+0xf8/0x595 [ 1962.876750][T19009] ? trace_hardirqs_on+0x67/0x240 [ 1962.890857][T19009] ? mark_oom_victim.cold+0x18/0x18 [ 1962.896063][T19009] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1962.896078][T19009] ? ___ratelimit+0x60/0x595 [ 1962.896092][T19009] ? do_raw_spin_unlock+0x57/0x270 [ 1962.896108][T19009] oom_kill_process.cold+0x10/0x15 [ 1962.896130][T19009] out_of_memory+0x79a/0x12c0 [ 1962.921403][T19009] ? lock_downgrade+0x920/0x920 [ 1962.926281][T19009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1962.932548][T19009] ? oom_killer_disable+0x280/0x280 [ 1962.937764][T19009] ? __kasan_check_read+0x11/0x20 [ 1962.942825][T19009] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1962.945525][ T26] audit: type=1400 audit(1564374036.629:1326): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C663750D4C2E9AF281FA937D1B01 pid=19127 comm="syz-executor.1" [ 1962.948381][T19009] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1962.948406][T19009] ? do_raw_spin_unlock+0x57/0x270 [ 1962.993259][T19009] ? _raw_spin_unlock+0x2d/0x50 [ 1962.998129][T19009] try_charge+0xf4b/0x1440 [ 1963.002572][T19009] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1963.008135][T19009] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1963.013695][T19009] ? __kasan_check_read+0x11/0x20 [ 1963.018744][T19009] ? lock_downgrade+0x920/0x920 [ 1963.023631][T19009] ? percpu_ref_tryget_live+0x111/0x290 [ 1963.029190][T19009] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1963.034664][T19009] ? memcg_kmem_put_cache+0x50/0x50 [ 1963.039880][T19009] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1963.045444][T19009] __memcg_kmem_charge+0x13a/0x3a0 [ 1963.050582][T19009] __alloc_pages_nodemask+0x4f4/0x900 [ 1963.055995][T19009] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1963.061740][T19009] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1963.068404][T19009] ? debug_smp_processor_id+0x3c/0x214 [ 1963.073884][T19009] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1963.080147][T19009] alloc_pages_current+0x107/0x210 [ 1963.085283][T19009] pte_alloc_one+0x1b/0x1a0 [ 1963.089836][T19009] __handle_mm_fault+0x34dd/0x3f20 [ 1963.094976][T19009] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1963.100537][T19009] ? __kasan_check_read+0x11/0x20 [ 1963.105604][T19009] ? trace_hardirqs_on+0x67/0x240 [ 1963.110655][T19009] handle_mm_fault+0x1b5/0x6b0 [ 1963.115438][T19009] __do_page_fault+0x536/0xdd0 [ 1963.120216][T19009] ? page_fault+0x16/0x40 [ 1963.124571][T19009] do_page_fault+0x38/0x590 [ 1963.129097][T19009] page_fault+0x39/0x40 [ 1963.133263][T19009] RIP: 0033:0x459829 [ 1963.137175][T19009] Code: Bad RIP value. [ 1963.141263][T19009] RSP: 002b:00007f3576419c78 EFLAGS: 00010246 [ 1963.147367][T19009] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000459829 [ 1963.155411][T19009] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1963.163404][T19009] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1963.171397][T19009] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1963.179387][T19009] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1963.201301][T19009] memory: usage 307200kB, limit 307200kB, failcnt 103295 [ 1963.210601][T19009] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1963.217528][T19009] Memory cgroup stats for /syz0: [ 1963.217631][T19009] anon 82673664 [ 1963.217631][T19009] file 4096 [ 1963.217631][T19009] kernel_stack 36372480 [ 1963.217631][T19009] slab 45350912 [ 1963.217631][T19009] sock 4096 [ 1963.217631][T19009] shmem 0 [ 1963.217631][T19009] file_mapped 0 [ 1963.217631][T19009] file_dirty 0 [ 1963.217631][T19009] file_writeback 0 [ 1963.217631][T19009] anon_thp 0 [ 1963.217631][T19009] inactive_anon 0 [ 1963.217631][T19009] active_anon 82526208 [ 1963.217631][T19009] inactive_file 32768 [ 1963.217631][T19009] active_file 61440 [ 1963.217631][T19009] unevictable 0 [ 1963.217631][T19009] slab_reclaimable 5812224 [ 1963.217631][T19009] slab_unreclaimable 39538688 [ 1963.217631][T19009] pgfault 157080 [ 1963.217631][T19009] pgmajfault 0 [ 1963.217631][T19009] workingset_refault 528 [ 1963.217631][T19009] workingset_activate 396 [ 1963.217631][T19009] workingset_nodereclaim 0 [ 1963.217631][T19009] pgrefill 23746 [ 1963.217631][T19009] pgscan 24137 [ 1963.217631][T19009] pgsteal 1363 [ 1963.313487][T19009] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=31442,uid=0 [ 1963.338047][T19009] Memory cgroup out of memory: Killed process 31442 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1963.369081][T18980] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1963.380030][T18980] CPU: 1 PID: 18980 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1963.389150][T18980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1963.399221][T18980] Call Trace: [ 1963.402527][T18980] dump_stack+0x172/0x1f0 [ 1963.406875][T18980] dump_header+0x177/0x1152 [ 1963.411396][T18980] ? ___ratelimit+0xf8/0x595 [ 1963.416021][T18980] ? trace_hardirqs_on+0x67/0x240 [ 1963.421050][T18980] ? mark_oom_victim.cold+0x18/0x18 [ 1963.426241][T18980] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1963.432063][T18980] ? ___ratelimit+0x60/0x595 [ 1963.436642][T18980] ? do_raw_spin_unlock+0x57/0x270 [ 1963.441744][T18980] oom_kill_process.cold+0x10/0x15 [ 1963.446845][T18980] out_of_memory+0x79a/0x12c0 [ 1963.451506][T18980] ? lock_downgrade+0x920/0x920 [ 1963.456360][T18980] ? oom_killer_disable+0x280/0x280 [ 1963.461576][T18980] ? __kasan_check_read+0x11/0x20 [ 1963.466607][T18980] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1963.472162][T18980] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1963.477970][T18980] ? do_raw_spin_unlock+0x57/0x270 [ 1963.483079][T18980] ? _raw_spin_unlock+0x2d/0x50 [ 1963.487921][T18980] try_charge+0xa2d/0x1440 [ 1963.493138][T18980] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1963.498684][T18980] ? percpu_ref_tryget_live+0x111/0x290 [ 1963.504325][T18980] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1963.509793][T18980] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1963.515356][T18980] mem_cgroup_try_charge+0x136/0x590 [ 1963.520638][T18980] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1963.526265][T18980] __handle_mm_fault+0x1e3a/0x3f20 [ 1963.531374][T18980] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1963.536914][T18980] ? __kasan_check_read+0x11/0x20 [ 1963.541943][T18980] ? trace_hardirqs_on+0x67/0x240 [ 1963.546969][T18980] handle_mm_fault+0x1b5/0x6b0 [ 1963.551733][T18980] __do_page_fault+0x536/0xdd0 [ 1963.556506][T18980] do_page_fault+0x38/0x590 [ 1963.561078][T18980] page_fault+0x39/0x40 [ 1963.565221][T18980] RIP: 0033:0x440b41 [ 1963.569101][T18980] Code: 2e 0f 1f 84 00 00 00 00 00 48 81 fa 00 04 00 00 77 77 89 d1 c1 e9 05 74 60 ff c9 48 8b 06 4c 8b 46 08 4c 8b 4e 10 4c 8b 56 18 <48> 89 07 4c 89 47 08 4c 89 4f 10 4c 89 57 18 48 8d 76 20 48 8d 7f [ 1963.588734][T18980] RSP: 002b:00007ffd41fb7138 EFLAGS: 00010246 [ 1963.594790][T18980] RAX: 0000000000746125 RBX: 0000000000000000 RCX: 0000000000000000 [ 1963.602829][T18980] RDX: 0000000000000020 RSI: 0000000000760110 RDI: 0000000020000080 [ 1963.610914][T18980] RBP: 00000000007600f0 R08: 0000000000000000 R09: 0000000000000000 [ 1963.619008][T18980] R10: 0000000000000000 R11: 0000000000000012 R12: 00000000004c5d8e [ 1963.626979][T18980] R13: 000000000000012c R14: 00000000007600f8 R15: fffffffffffffffe [ 1963.636865][T18980] memory: usage 306960kB, limit 307200kB, failcnt 103295 [ 1963.644061][T18980] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1963.650989][T18980] Memory cgroup stats for /syz0: [ 1963.651098][T18980] anon 82673664 [ 1963.651098][T18980] file 4096 [ 1963.651098][T18980] kernel_stack 36372480 [ 1963.651098][T18980] slab 45350912 [ 1963.651098][T18980] sock 4096 [ 1963.651098][T18980] shmem 0 [ 1963.651098][T18980] file_mapped 0 [ 1963.651098][T18980] file_dirty 0 [ 1963.651098][T18980] file_writeback 0 [ 1963.651098][T18980] anon_thp 0 [ 1963.651098][T18980] inactive_anon 0 [ 1963.651098][T18980] active_anon 82526208 [ 1963.651098][T18980] inactive_file 32768 [ 1963.651098][T18980] active_file 61440 [ 1963.651098][T18980] unevictable 0 [ 1963.651098][T18980] slab_reclaimable 5812224 [ 1963.651098][T18980] slab_unreclaimable 39538688 [ 1963.651098][T18980] pgfault 157080 [ 1963.651098][T18980] pgmajfault 0 [ 1963.651098][T18980] workingset_refault 528 [ 1963.651098][T18980] workingset_activate 396 [ 1963.651098][T18980] workingset_nodereclaim 0 [ 1963.651098][T18980] pgrefill 23746 [ 1963.651098][T18980] pgscan 24137 [ 1963.651098][T18980] pgsteal 1363 [ 1963.744757][T18980] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=29549,uid=0 [ 1963.760370][T18980] Memory cgroup out of memory: Killed process 29549 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1963.778435][T18983] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:37 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x8000000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:37 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x41007701, 0x0) 04:20:37 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c664750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:37 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00655848000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:37 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x6803) 04:20:37 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) [ 1963.796295][T18990] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:37 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00006048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1963.891604][ T26] audit: type=1400 audit(1564374037.669:1327): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C664750D4C2E9AF281FA937D1B01 pid=19229 comm="syz-executor.1" 04:20:37 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c669750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:37 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x4138ae84, 0x0) 04:20:37 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00586548000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1964.036565][T19238] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:37 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x6b00) [ 1964.106355][ T26] audit: type=1400 audit(1564374037.889:1328): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C669750D4C2E9AF281FA937D1B01 pid=19305 comm="syz-executor.1" [ 1964.130487][T19238] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 04:20:38 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c66c750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1964.250031][T19238] CPU: 1 PID: 19238 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1964.259216][T19238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1964.269371][T19238] Call Trace: [ 1964.272679][T19238] dump_stack+0x172/0x1f0 [ 1964.277053][T19238] dump_header+0x177/0x1152 [ 1964.281581][T19238] ? ___ratelimit+0xf8/0x595 [ 1964.286183][T19238] ? trace_hardirqs_on+0x67/0x240 [ 1964.291218][T19238] ? mark_oom_victim.cold+0x18/0x18 [ 1964.296437][T19238] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1964.302263][T19238] ? ___ratelimit+0x60/0x595 [ 1964.306867][T19238] ? do_raw_spin_unlock+0x57/0x270 [ 1964.311997][T19238] oom_kill_process.cold+0x10/0x15 [ 1964.317120][T19238] out_of_memory+0x79a/0x12c0 [ 1964.317550][ T26] audit: type=1400 audit(1564374038.029:1329): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C66C750D4C2E9AF281FA937D1B01 pid=19364 comm="syz-executor.1" [ 1964.321816][T19238] ? lock_downgrade+0x920/0x920 [ 1964.321837][T19238] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1964.321853][T19238] ? oom_killer_disable+0x280/0x280 [ 1964.321879][T19238] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1964.377347][T19238] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1964.382998][T19238] ? do_raw_spin_unlock+0x57/0x270 [ 1964.388115][T19238] ? _raw_spin_unlock+0x2d/0x50 [ 1964.388131][T19238] try_charge+0xf4b/0x1440 [ 1964.388151][T19238] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1964.388171][T19238] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1964.408503][T19238] ? __kasan_check_read+0x11/0x20 [ 1964.413548][T19238] ? lock_downgrade+0x920/0x920 [ 1964.418416][T19238] ? percpu_ref_tryget_live+0x111/0x290 [ 1964.423995][T19238] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1964.429473][T19238] ? memcg_kmem_put_cache+0x50/0x50 [ 1964.434727][T19238] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1964.440291][T19238] __memcg_kmem_charge+0x13a/0x3a0 [ 1964.445425][T19238] __alloc_pages_nodemask+0x4f4/0x900 [ 1964.450824][T19238] ? stack_trace_consume_entry+0x190/0x190 [ 1964.456647][T19238] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1964.456661][T19238] ? debug_smp_processor_id+0x3c/0x214 [ 1964.456678][T19238] ? save_stack+0x5c/0x90 [ 1964.456698][T19238] ? save_stack+0x23/0x90 [ 1964.467883][T19238] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1964.467896][T19238] ? kasan_slab_alloc+0xf/0x20 [ 1964.467908][T19238] ? kmem_cache_alloc+0x121/0x710 [ 1964.467925][T19238] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1964.467947][T19238] alloc_pages_current+0x107/0x210 [ 1964.503967][T19238] get_zeroed_page+0x14/0x50 [ 1964.508579][T19238] __pud_alloc+0x3b/0x250 [ 1964.512927][T19238] pud_alloc+0xde/0x150 [ 1964.517096][T19238] copy_page_range+0x383/0x2120 [ 1964.521966][T19238] ? percpu_ref_put_many+0x94/0x190 [ 1964.527190][T19238] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1964.533456][T19238] ? anon_vma_fork+0x371/0x4a0 [ 1964.538244][T19238] ? lock_downgrade+0x920/0x920 [ 1964.543117][T19238] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1964.548864][T19238] ? __pmd_alloc+0x460/0x460 [ 1964.553474][T19238] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1964.559038][T19238] ? validate_mm_rb+0xa3/0xc0 [ 1964.563732][T19238] ? __vma_link_rb+0x275/0x370 [ 1964.568521][T19238] dup_mm+0xa67/0x1430 [ 1964.572624][T19238] ? vm_area_dup+0x170/0x170 [ 1964.577230][T19238] ? debug_mutex_init+0x2d/0x5a [ 1964.582096][T19238] copy_process+0x28b7/0x6b00 [ 1964.586809][T19238] ? perf_trace_lock+0xeb/0x4c0 [ 1964.591719][T19238] ? __cleanup_sighand+0x60/0x60 [ 1964.596781][T19238] _do_fork+0x146/0xfa0 [ 1964.600969][T19238] ? copy_init_mm+0x20/0x20 [ 1964.605496][T19238] ? __kasan_check_read+0x11/0x20 [ 1964.610583][T19238] ? _copy_to_user+0x118/0x160 [ 1964.615467][T19238] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1964.621741][T19238] ? put_timespec64+0xda/0x140 [ 1964.626538][T19238] __x64_sys_clone+0x18d/0x250 [ 1964.631330][T19238] ? __ia32_sys_vfork+0xc0/0xc0 [ 1964.636209][T19238] ? trace_hardirqs_off_caller+0x65/0x230 [ 1964.641949][T19238] ? trace_hardirqs_on+0x67/0x240 [ 1964.647000][T19238] do_syscall_64+0xfa/0x760 [ 1964.651658][T19238] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1964.657587][T19238] RIP: 0033:0x459829 [ 1964.661516][T19238] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1964.681159][T19238] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1964.681174][T19238] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1964.681181][T19238] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1964.681189][T19238] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1964.681196][T19238] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1964.681204][T19238] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1964.691343][T19238] memory: usage 307200kB, limit 307200kB, failcnt 103322 [ 1964.731059][T19238] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1964.745680][T19238] Memory cgroup stats for /syz0: [ 1964.745793][T19238] anon 82538496 [ 1964.745793][T19238] file 4096 [ 1964.745793][T19238] kernel_stack 36372480 [ 1964.745793][T19238] slab 45350912 [ 1964.745793][T19238] sock 4096 [ 1964.745793][T19238] shmem 0 [ 1964.745793][T19238] file_mapped 0 [ 1964.745793][T19238] file_dirty 0 [ 1964.745793][T19238] file_writeback 0 [ 1964.745793][T19238] anon_thp 0 [ 1964.745793][T19238] inactive_anon 0 [ 1964.745793][T19238] active_anon 82661376 [ 1964.745793][T19238] inactive_file 32768 [ 1964.745793][T19238] active_file 61440 [ 1964.745793][T19238] unevictable 0 [ 1964.745793][T19238] slab_reclaimable 5812224 [ 1964.745793][T19238] slab_unreclaimable 39538688 [ 1964.745793][T19238] pgfault 157179 [ 1964.745793][T19238] pgmajfault 0 [ 1964.745793][T19238] workingset_refault 528 [ 1964.745793][T19238] workingset_activate 396 [ 1964.745793][T19238] workingset_nodereclaim 0 [ 1964.745793][T19238] pgrefill 23746 [ 1964.745793][T19238] pgscan 24137 [ 1964.745793][T19238] pgsteal 1363 [ 1964.840434][T19238] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19222,uid=0 [ 1964.856837][T19238] Memory cgroup out of memory: Killed process 19222 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 04:20:38 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x11000000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:38 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00056c48000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:38 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c66f750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:38 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045430, 0x0) 04:20:38 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, 0x0, 0x0) splice(r0, 0x0, r2, 0x0, 0x80000001, 0x0) 04:20:38 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x80fe) [ 1964.904991][T19485] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:38 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00008148000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1964.972900][ T26] audit: type=1400 audit(1564374038.749:1330): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C66F750D4C2E9AF281FA937D1B01 pid=19488 comm="syz-executor.1" 04:20:38 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xa004) 04:20:38 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c670750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:38 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045432, 0x0) [ 1965.171575][T19579] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1965.219357][T19579] CPU: 1 PID: 19579 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1965.228508][T19579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1965.238577][T19579] Call Trace: [ 1965.241888][T19579] dump_stack+0x172/0x1f0 [ 1965.246260][T19579] dump_header+0x177/0x1152 [ 1965.250784][T19579] ? ___ratelimit+0xf8/0x595 [ 1965.255404][T19579] ? trace_hardirqs_on+0x67/0x240 [ 1965.260447][T19579] ? mark_oom_victim.cold+0x18/0x18 [ 1965.265665][T19579] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1965.271492][T19579] ? ___ratelimit+0x60/0x595 [ 1965.276108][T19579] ? do_raw_spin_unlock+0x57/0x270 [ 1965.281248][T19579] oom_kill_process.cold+0x10/0x15 [ 1965.286384][T19579] out_of_memory+0x79a/0x12c0 [ 1965.291084][T19579] ? lock_downgrade+0x920/0x920 [ 1965.295952][T19579] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1965.302213][T19579] ? oom_killer_disable+0x280/0x280 [ 1965.307718][T19579] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1965.313281][T19579] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1965.318937][T19579] ? do_raw_spin_unlock+0x57/0x270 [ 1965.324162][T19579] ? _raw_spin_unlock+0x2d/0x50 [ 1965.329032][T19579] try_charge+0xf4b/0x1440 [ 1965.333468][T19579] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1965.339031][T19579] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1965.344591][T19579] ? __kasan_check_read+0x11/0x20 [ 1965.349674][T19579] ? lock_downgrade+0x920/0x920 [ 1965.354544][T19579] ? percpu_ref_tryget_live+0x111/0x290 [ 1965.360111][T19579] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1965.365591][T19579] ? memcg_kmem_put_cache+0x50/0x50 [ 1965.370807][T19579] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1965.376371][T19579] __memcg_kmem_charge+0x13a/0x3a0 [ 1965.381594][T19579] __alloc_pages_nodemask+0x4f4/0x900 [ 1965.386989][T19579] ? __lockdep_free_key_range+0x120/0x120 [ 1965.392725][T19579] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1965.398461][T19579] ? __pte_alloc+0x1b5/0x310 [ 1965.403066][T19579] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1965.409326][T19579] ? copy_page_range+0x10c2/0x2120 [ 1965.414475][T19579] ? __kasan_check_read+0x11/0x20 [ 1965.419534][T19579] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1965.425815][T19579] alloc_pages_current+0x107/0x210 [ 1965.430953][T19579] pte_alloc_one+0x1b/0x1a0 [ 1965.435478][T19579] __pte_alloc+0x20/0x310 [ 1965.439830][T19579] copy_page_range+0x1610/0x2120 [ 1965.444785][T19579] ? perf_trace_lock+0xeb/0x4c0 [ 1965.449677][T19579] ? __pmd_alloc+0x460/0x460 [ 1965.454543][T19579] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1965.460109][T19579] ? __rb_insert_augmented+0x20c/0xd90 [ 1965.465588][T19579] ? validate_mm_rb+0xa3/0xc0 [ 1965.470302][T19579] ? __vma_link_rb+0x275/0x370 [ 1965.475080][T19579] ? __kasan_check_write+0x14/0x20 [ 1965.480209][T19579] dup_mm+0xa67/0x1430 [ 1965.484302][T19579] ? vm_area_dup+0x170/0x170 [ 1965.489608][T19579] ? debug_mutex_init+0x2d/0x5a [ 1965.494657][T19579] copy_process+0x28b7/0x6b00 [ 1965.499350][T19579] ? perf_trace_lock+0xeb/0x4c0 [ 1965.504225][T19579] ? __cleanup_sighand+0x60/0x60 [ 1965.509214][T19579] ? __kasan_check_read+0x11/0x20 [ 1965.514254][T19579] ? do_raw_spin_unlock+0x57/0x270 [ 1965.519385][T19579] _do_fork+0x146/0xfa0 [ 1965.523559][T19579] ? copy_init_mm+0x20/0x20 [ 1965.528084][T19579] ? __kasan_check_read+0x11/0x20 [ 1965.533124][T19579] ? _copy_to_user+0x118/0x160 [ 1965.537906][T19579] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1965.544166][T19579] ? put_timespec64+0xda/0x140 [ 1965.548950][T19579] __x64_sys_clone+0x18d/0x250 [ 1965.553742][T19579] ? __ia32_sys_vfork+0xc0/0xc0 [ 1965.558701][T19579] ? trace_hardirqs_off_caller+0x65/0x230 [ 1965.564438][T19579] ? trace_hardirqs_on+0x67/0x240 [ 1965.569482][T19579] do_syscall_64+0xfa/0x760 [ 1965.574010][T19579] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1965.579918][T19579] RIP: 0033:0x459829 [ 1965.583830][T19579] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1965.603451][T19579] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1965.611876][T19579] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 04:20:39 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc0000f048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:39 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xb004) [ 1965.619871][T19579] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1965.627854][T19579] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1965.635839][T19579] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1965.643830][T19579] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1965.872578][T19579] memory: usage 307128kB, limit 307200kB, failcnt 103352 [ 1965.896082][T19579] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1965.912555][T19579] Memory cgroup stats for /syz0: [ 1965.912678][T19579] anon 82538496 [ 1965.912678][T19579] file 4096 [ 1965.912678][T19579] kernel_stack 36372480 [ 1965.912678][T19579] slab 45350912 [ 1965.912678][T19579] sock 4096 [ 1965.912678][T19579] shmem 0 [ 1965.912678][T19579] file_mapped 0 [ 1965.912678][T19579] file_dirty 0 [ 1965.912678][T19579] file_writeback 0 [ 1965.912678][T19579] anon_thp 0 [ 1965.912678][T19579] inactive_anon 0 [ 1965.912678][T19579] active_anon 82661376 [ 1965.912678][T19579] inactive_file 32768 [ 1965.912678][T19579] active_file 61440 [ 1965.912678][T19579] unevictable 0 [ 1965.912678][T19579] slab_reclaimable 5812224 [ 1965.912678][T19579] slab_unreclaimable 39538688 [ 1965.912678][T19579] pgfault 157245 [ 1965.912678][T19579] pgmajfault 0 [ 1965.912678][T19579] workingset_refault 528 [ 1965.912678][T19579] workingset_activate 396 [ 1965.912678][T19579] workingset_nodereclaim 0 [ 1965.912678][T19579] pgrefill 23746 [ 1965.912678][T19579] pgscan 24137 [ 1965.912678][T19579] pgsteal 1363 [ 1966.007141][T19579] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19486,uid=0 [ 1966.022664][T19579] Memory cgroup out of memory: Killed process 19486 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1966.053742][T19579] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1966.076779][T19532] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1966.089163][T19532] CPU: 0 PID: 19532 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1966.098278][T19532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1966.108398][T19532] Call Trace: [ 1966.111691][T19532] dump_stack+0x172/0x1f0 [ 1966.116088][T19532] dump_header+0x177/0x1152 [ 1966.120667][T19532] ? ___ratelimit+0xf8/0x595 [ 1966.125431][T19532] ? trace_hardirqs_on+0x67/0x240 [ 1966.130462][T19532] ? mark_oom_victim.cold+0x18/0x18 [ 1966.135844][T19532] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1966.141659][T19532] ? ___ratelimit+0x60/0x595 [ 1966.146237][T19532] ? do_raw_spin_unlock+0x57/0x270 [ 1966.151343][T19532] oom_kill_process.cold+0x10/0x15 [ 1966.156450][T19532] out_of_memory+0x79a/0x12c0 [ 1966.161114][T19532] ? lock_downgrade+0x920/0x920 [ 1966.165966][T19532] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1966.172214][T19532] ? oom_killer_disable+0x280/0x280 [ 1966.177411][T19532] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1966.182956][T19532] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1966.188593][T19532] ? do_raw_spin_unlock+0x57/0x270 [ 1966.193691][T19532] ? _raw_spin_unlock+0x2d/0x50 [ 1966.198538][T19532] try_charge+0xf4b/0x1440 [ 1966.202960][T19532] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1966.208486][T19532] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1966.214027][T19532] ? __kasan_check_read+0x11/0x20 [ 1966.219175][T19532] ? lock_downgrade+0x920/0x920 [ 1966.224028][T19532] ? percpu_ref_tryget_live+0x111/0x290 [ 1966.229578][T19532] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1966.235217][T19532] ? memcg_kmem_put_cache+0x50/0x50 [ 1966.240406][T19532] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1966.245988][T19532] __memcg_kmem_charge+0x13a/0x3a0 [ 1966.251109][T19532] __alloc_pages_nodemask+0x4f4/0x900 [ 1966.256470][T19532] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1966.262208][T19532] ? vm_mmap_pgoff+0x1d4/0x230 [ 1966.266987][T19532] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1966.272699][T19532] ? do_huge_pmd_anonymous_page+0xc53/0x19d0 [ 1966.278674][T19532] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1966.284918][T19532] alloc_pages_current+0x107/0x210 [ 1966.290020][T19532] pte_alloc_one+0x1b/0x1a0 [ 1966.294603][T19532] __pte_alloc+0x20/0x310 [ 1966.298921][T19532] __handle_mm_fault+0x3414/0x3f20 [ 1966.304020][T19532] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1966.309551][T19532] ? __kasan_check_read+0x11/0x20 [ 1966.314566][T19532] ? trace_hardirqs_on+0x67/0x240 [ 1966.319583][T19532] handle_mm_fault+0x1b5/0x6b0 [ 1966.324339][T19532] __do_page_fault+0x536/0xdd0 [ 1966.329088][T19532] do_page_fault+0x38/0x590 [ 1966.333581][T19532] page_fault+0x39/0x40 [ 1966.337730][T19532] RIP: 0033:0x41116f [ 1966.341607][T19532] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 1966.361230][T19532] RSP: 002b:00007ffd41fb7050 EFLAGS: 00010206 [ 1966.367293][T19532] RAX: 00007f35763d9000 RBX: 0000000000020000 RCX: 000000000045987a [ 1966.375268][T19532] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 1966.383245][T19532] RBP: 00007ffd41fb7130 R08: ffffffffffffffff R09: 0000000000000000 [ 1966.391205][T19532] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd41fb7220 [ 1966.399164][T19532] R13: 00007f35763f9700 R14: 0000000000000001 R15: 000000000075bfd4 [ 1966.407693][T19532] memory: usage 307196kB, limit 307200kB, failcnt 103383 [ 1966.414779][T19532] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1966.421631][T19532] Memory cgroup stats for /syz0: [ 1966.421759][T19532] anon 82538496 [ 1966.421759][T19532] file 4096 [ 1966.421759][T19532] kernel_stack 36438016 [ 1966.421759][T19532] slab 45350912 [ 1966.421759][T19532] sock 4096 [ 1966.421759][T19532] shmem 0 [ 1966.421759][T19532] file_mapped 0 [ 1966.421759][T19532] file_dirty 0 [ 1966.421759][T19532] file_writeback 0 [ 1966.421759][T19532] anon_thp 0 [ 1966.421759][T19532] inactive_anon 0 [ 1966.421759][T19532] active_anon 82526208 [ 1966.421759][T19532] inactive_file 32768 [ 1966.421759][T19532] active_file 61440 [ 1966.421759][T19532] unevictable 0 [ 1966.421759][T19532] slab_reclaimable 5812224 [ 1966.421759][T19532] slab_unreclaimable 39538688 [ 1966.421759][T19532] pgfault 157311 [ 1966.421759][T19532] pgmajfault 0 [ 1966.421759][T19532] workingset_refault 528 [ 1966.421759][T19532] workingset_activate 396 [ 1966.421759][T19532] workingset_nodereclaim 0 [ 1966.421759][T19532] pgrefill 23746 [ 1966.421759][T19532] pgscan 24137 [ 1966.421759][T19532] pgsteal 1363 [ 1966.515651][T19532] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19746,uid=0 [ 1966.531158][T19532] Memory cgroup out of memory: Killed process 19746 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1966.546528][ T1057] oom_reaper: reaped process 19746 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1966.568586][T19532] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1966.580743][T19532] CPU: 0 PID: 19532 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1966.589841][T19532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1966.599894][T19532] Call Trace: [ 1966.603328][T19532] dump_stack+0x172/0x1f0 [ 1966.607663][T19532] dump_header+0x177/0x1152 [ 1966.612193][T19532] ? ___ratelimit+0xf8/0x595 [ 1966.616790][T19532] ? trace_hardirqs_on+0x67/0x240 [ 1966.621826][T19532] ? mark_oom_victim.cold+0x18/0x18 [ 1966.627040][T19532] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1966.632853][T19532] ? ___ratelimit+0x60/0x595 [ 1966.637439][T19532] ? do_raw_spin_unlock+0x57/0x270 [ 1966.642564][T19532] oom_kill_process.cold+0x10/0x15 [ 1966.647708][T19532] out_of_memory+0x79a/0x12c0 [ 1966.652388][T19532] ? lock_downgrade+0x920/0x920 [ 1966.657266][T19532] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1966.663578][T19532] ? oom_killer_disable+0x280/0x280 [ 1966.668881][T19532] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1966.674592][T19532] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1966.680215][T19532] ? do_raw_spin_unlock+0x57/0x270 [ 1966.685318][T19532] ? _raw_spin_unlock+0x2d/0x50 [ 1966.690156][T19532] try_charge+0xf4b/0x1440 [ 1966.694673][T19532] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1966.700221][T19532] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1966.705752][T19532] ? __kasan_check_read+0x11/0x20 [ 1966.710789][T19532] ? lock_downgrade+0x920/0x920 [ 1966.715744][T19532] ? percpu_ref_tryget_live+0x111/0x290 [ 1966.721279][T19532] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1966.726730][T19532] ? memcg_kmem_put_cache+0x50/0x50 [ 1966.731911][T19532] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1966.737445][T19532] __memcg_kmem_charge+0x13a/0x3a0 [ 1966.742549][T19532] __alloc_pages_nodemask+0x4f4/0x900 [ 1966.747925][T19532] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1966.753649][T19532] ? percpu_ref_put_many+0xb6/0x190 [ 1966.759190][T19532] ? trace_hardirqs_on+0x67/0x240 [ 1966.764202][T19532] ? __kasan_check_read+0x11/0x20 [ 1966.769238][T19532] copy_process+0x3f8/0x6b00 [ 1966.773935][T19532] ? __kasan_check_read+0x11/0x20 [ 1966.778958][T19532] ? record_times+0x1e/0x2b0 [ 1966.783558][T19532] ? lock_downgrade+0x920/0x920 [ 1966.788421][T19532] ? __cleanup_sighand+0x60/0x60 [ 1966.793383][T19532] ? perf_trace_lock+0xeb/0x4c0 [ 1966.798241][T19532] ? __lockdep_free_key_range+0x120/0x120 [ 1966.803957][T19532] ? set_task_reclaim_state+0x56/0xb0 [ 1966.809341][T19532] _do_fork+0x146/0xfa0 [ 1966.813483][T19532] ? copy_init_mm+0x20/0x20 [ 1966.817978][T19532] ? lock_downgrade+0x920/0x920 [ 1966.822822][T19532] ? percpu_ref_tryget_live+0x290/0x290 [ 1966.828382][T19532] ? cgroup_file_notify+0x140/0x1b0 [ 1966.833571][T19532] ? blkcg_maybe_throttle_current+0x5fe/0x1030 [ 1966.839733][T19532] __x64_sys_clone+0x18d/0x250 [ 1966.844490][T19532] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1966.850822][T19532] ? __ia32_sys_vfork+0xc0/0xc0 [ 1966.855676][T19532] ? trace_hardirqs_off_caller+0x65/0x230 [ 1966.861383][T19532] ? trace_hardirqs_on+0x67/0x240 [ 1966.866396][T19532] do_syscall_64+0xfa/0x760 [ 1966.870909][T19532] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1966.876809][T19532] RIP: 0033:0x45c1f9 [ 1966.880699][T19532] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1966.900358][T19532] RSP: 002b:00007ffd41fb7008 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1966.908765][T19532] RAX: ffffffffffffffda RBX: 00007f35763f9700 RCX: 000000000045c1f9 [ 1966.916819][T19532] RDX: 00007f35763f99d0 RSI: 00007f35763f8db0 RDI: 00000000003d0f00 [ 1966.924795][T19532] RBP: 00007ffd41fb7220 R08: 00007f35763f9700 R09: 00007f35763f9700 [ 1966.932775][T19532] R10: 00007f35763f99d0 R11: 0000000000000202 R12: 0000000000000000 [ 1966.940762][T19532] R13: 00007ffd41fb70bf R14: 00007f35763f99c0 R15: 000000000075bfd4 [ 1966.949242][T19532] memory: usage 307032kB, limit 307200kB, failcnt 103398 [ 1966.956371][T19532] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1966.963218][T19532] Memory cgroup stats for /syz0: [ 1966.963297][T19532] anon 82538496 [ 1966.963297][T19532] file 4096 [ 1966.963297][T19532] kernel_stack 36372480 [ 1966.963297][T19532] slab 45350912 [ 1966.963297][T19532] sock 4096 [ 1966.963297][T19532] shmem 0 [ 1966.963297][T19532] file_mapped 0 [ 1966.963297][T19532] file_dirty 0 [ 1966.963297][T19532] file_writeback 0 [ 1966.963297][T19532] anon_thp 0 [ 1966.963297][T19532] inactive_anon 0 [ 1966.963297][T19532] active_anon 82526208 [ 1966.963297][T19532] inactive_file 32768 [ 1966.963297][T19532] active_file 61440 [ 1966.963297][T19532] unevictable 0 [ 1966.963297][T19532] slab_reclaimable 5812224 [ 1966.963297][T19532] slab_unreclaimable 39538688 [ 1966.963297][T19532] pgfault 157311 [ 1966.963297][T19532] pgmajfault 0 [ 1966.963297][T19532] workingset_refault 528 [ 1966.963297][T19532] workingset_activate 396 [ 1966.963297][T19532] workingset_nodereclaim 0 [ 1966.963297][T19532] pgrefill 23746 [ 1966.963297][T19532] pgscan 24137 [ 1966.963297][T19532] pgsteal 1363 [ 1967.058477][T19532] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19532,uid=0 04:20:40 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x40000000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:40 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c673750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:40 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045438, 0x0) 04:20:40 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r1) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r1, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x80000001, 0x0) 04:20:40 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc0000000f000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:40 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xc0fe) [ 1967.074013][T19532] Memory cgroup out of memory: Killed process 19532 (syz-executor.0) total-vm:72708kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB, UID:0 [ 1967.089500][ T1057] oom_reaper: reaped process 19532 (syz-executor.0), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB 04:20:40 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045439, 0x0) [ 1967.159628][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 1967.159647][ T26] audit: type=1400 audit(1564374040.939:1332): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C673750D4C2E9AF281FA937D1B01 pid=19753 comm="syz-executor.1" 04:20:41 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000248000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:41 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c678750d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:41 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80045440, 0x0) 04:20:41 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000348000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1967.380750][ T26] audit: type=1400 audit(1564374041.159:1333): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C678750D4C2E9AF281FA937D1B01 pid=19790 comm="syz-executor.1" [ 1967.422299][T19761] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1967.458468][T19761] CPU: 1 PID: 19761 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1967.468571][T19761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1967.478632][T19761] Call Trace: [ 1967.481934][T19761] dump_stack+0x172/0x1f0 [ 1967.486267][T19761] dump_header+0x177/0x1152 [ 1967.486282][T19761] ? ___ratelimit+0xf8/0x595 [ 1967.486296][T19761] ? trace_hardirqs_on+0x67/0x240 [ 1967.486309][T19761] ? mark_oom_victim.cold+0x18/0x18 [ 1967.486324][T19761] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1967.486337][T19761] ? ___ratelimit+0x60/0x595 [ 1967.486350][T19761] ? do_raw_spin_unlock+0x57/0x270 [ 1967.486366][T19761] oom_kill_process.cold+0x10/0x15 [ 1967.486381][T19761] out_of_memory+0x79a/0x12c0 [ 1967.486402][T19761] ? lock_downgrade+0x920/0x920 [ 1967.536733][T19761] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1967.544041][T19761] ? oom_killer_disable+0x280/0x280 [ 1967.549267][T19761] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1967.554852][T19761] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1967.560528][T19761] ? do_raw_spin_unlock+0x57/0x270 [ 1967.565663][T19761] ? _raw_spin_unlock+0x2d/0x50 [ 1967.570540][T19761] try_charge+0xf4b/0x1440 [ 1967.574984][T19761] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1967.580544][T19761] ? percpu_ref_tryget_live+0x111/0x290 [ 1967.586098][T19761] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1967.591751][T19761] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1967.597403][T19761] mem_cgroup_try_charge+0x136/0x590 [ 1967.602745][T19761] mem_cgroup_try_charge_delay+0x1f/0xa0 04:20:41 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000448000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1967.608395][T19761] wp_page_copy+0x421/0x15e0 [ 1967.612996][T19761] ? page_trans_huge_mapcount+0x166/0x450 [ 1967.618741][T19761] ? pmd_pfn+0x1d0/0x1d0 [ 1967.622993][T19761] ? lock_downgrade+0x920/0x920 [ 1967.627864][T19761] ? swp_swapcount+0x540/0x540 [ 1967.633076][T19761] ? psi_memstall_leave+0x12e/0x180 [ 1967.638316][T19761] ? __kasan_check_read+0x11/0x20 [ 1967.643708][T19761] ? do_raw_spin_unlock+0x57/0x270 [ 1967.649016][T19761] do_wp_page+0x499/0x14d0 [ 1967.653459][T19761] ? finish_mkwrite_fault+0x570/0x570 [ 1967.658857][T19761] __handle_mm_fault+0x22f7/0x3f20 [ 1967.664162][T19761] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1967.669719][T19761] ? __kasan_check_read+0x11/0x20 [ 1967.674769][T19761] ? trace_hardirqs_on+0x67/0x240 [ 1967.679829][T19761] handle_mm_fault+0x1b5/0x6b0 [ 1967.685236][T19761] __do_page_fault+0x536/0xdd0 [ 1967.690031][T19761] do_page_fault+0x38/0x590 [ 1967.694553][T19761] page_fault+0x39/0x40 [ 1967.698711][T19761] RIP: 0033:0x411240 [ 1967.702616][T19761] Code: ff ff 48 83 c8 01 48 89 05 8d f2 65 00 48 8b 05 66 3c 30 00 49 c7 85 c8 02 00 00 90 4e 71 00 49 89 85 c0 02 00 00 4c 89 70 08 <4c> 89 35 49 3c 30 00 48 c7 05 5e f2 65 00 00 00 00 00 f0 ff 0d 5f [ 1967.722408][T19761] RSP: 002b:00007ffd41fb7050 EFLAGS: 00010202 [ 1967.728527][T19761] RAX: 00007f357641a9c0 RBX: 0000000000020000 RCX: 00000000ffffffe0 [ 1967.736489][T19761] RDX: 0000000000000040 RSI: 0000000000000001 RDI: 00007f35763f96a0 [ 1967.744455][T19761] RBP: 00007ffd41fb7130 R08: 0000000000716800 R09: 0000000000716800 [ 1967.752437][T19761] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd41fb7220 [ 1967.760441][T19761] R13: 00007f35763f9700 R14: 00007f35763f99c0 R15: 000000000075bfd4 [ 1967.784369][T19761] memory: usage 307200kB, limit 307200kB, failcnt 103472 [ 1967.793676][T19761] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1967.800709][T19761] Memory cgroup stats for /syz0: [ 1967.800836][T19761] anon 82538496 [ 1967.800836][T19761] file 4096 [ 1967.800836][T19761] kernel_stack 36372480 [ 1967.800836][T19761] slab 45350912 [ 1967.800836][T19761] sock 4096 [ 1967.800836][T19761] shmem 0 [ 1967.800836][T19761] file_mapped 0 [ 1967.800836][T19761] file_dirty 0 [ 1967.800836][T19761] file_writeback 0 [ 1967.800836][T19761] anon_thp 0 [ 1967.800836][T19761] inactive_anon 0 [ 1967.800836][T19761] active_anon 82526208 [ 1967.800836][T19761] inactive_file 32768 [ 1967.800836][T19761] active_file 61440 [ 1967.800836][T19761] unevictable 0 [ 1967.800836][T19761] slab_reclaimable 5812224 [ 1967.800836][T19761] slab_unreclaimable 39538688 [ 1967.800836][T19761] pgfault 157344 [ 1967.800836][T19761] pgmajfault 0 [ 1967.800836][T19761] workingset_refault 528 [ 1967.800836][T19761] workingset_activate 396 [ 1967.800836][T19761] workingset_nodereclaim 0 [ 1967.800836][T19761] pgrefill 23878 [ 1967.800836][T19761] pgscan 24269 [ 1967.800836][T19761] pgsteal 1363 [ 1967.897549][T19761] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=27794,uid=0 [ 1967.913566][T19761] Memory cgroup out of memory: Killed process 27794 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1967.929030][ T1057] oom_reaper: reaped process 27794 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1967.938813][T19762] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1967.954704][T19762] CPU: 0 PID: 19762 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1967.964010][T19762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1967.974344][T19762] Call Trace: [ 1967.977647][T19762] dump_stack+0x172/0x1f0 [ 1967.981990][T19762] dump_header+0x177/0x1152 [ 1967.986500][T19762] ? ___ratelimit+0xf8/0x595 [ 1967.986517][T19762] ? trace_hardirqs_on+0x67/0x240 [ 1967.986531][T19762] ? mark_oom_victim.cold+0x18/0x18 [ 1967.986548][T19762] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1967.986562][T19762] ? ___ratelimit+0x60/0x595 [ 1967.986576][T19762] ? do_raw_spin_unlock+0x57/0x270 [ 1967.986593][T19762] oom_kill_process.cold+0x10/0x15 [ 1967.986608][T19762] out_of_memory+0x79a/0x12c0 [ 1967.986625][T19762] ? lock_downgrade+0x920/0x920 [ 1967.986644][T19762] ? oom_killer_disable+0x280/0x280 [ 1967.986670][T19762] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1967.996307][T19762] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1967.996325][T19762] ? do_raw_spin_unlock+0x57/0x270 [ 1967.996342][T19762] ? _raw_spin_unlock+0x2d/0x50 [ 1967.996361][T19762] try_charge+0xa2d/0x1440 [ 1968.062745][T19762] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1968.068283][T19762] ? percpu_ref_tryget_live+0x111/0x290 [ 1968.073836][T19762] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1968.079298][T19762] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1968.084850][T19762] mem_cgroup_try_charge+0x136/0x590 [ 1968.090394][T19762] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1968.096024][T19762] wp_page_copy+0x421/0x15e0 [ 1968.100610][T19762] ? page_trans_huge_mapcount+0x166/0x450 [ 1968.106348][T19762] ? pmd_pfn+0x1d0/0x1d0 [ 1968.110602][T19762] ? lock_downgrade+0x920/0x920 [ 1968.115464][T19762] ? swp_swapcount+0x540/0x540 [ 1968.120234][T19762] ? __kasan_check_read+0x11/0x20 [ 1968.125251][T19762] ? do_raw_spin_unlock+0x57/0x270 [ 1968.130373][T19762] do_wp_page+0x499/0x14d0 [ 1968.134799][T19762] ? finish_mkwrite_fault+0x570/0x570 [ 1968.140193][T19762] __handle_mm_fault+0x22f7/0x3f20 [ 1968.145345][T19762] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1968.150896][T19762] ? __kasan_check_read+0x11/0x20 [ 1968.155937][T19762] ? trace_hardirqs_on+0x67/0x240 [ 1968.161223][T19762] handle_mm_fault+0x1b5/0x6b0 [ 1968.165984][T19762] __do_page_fault+0x536/0xdd0 [ 1968.170794][T19762] do_page_fault+0x38/0x590 [ 1968.175323][T19762] page_fault+0x39/0x40 [ 1968.179473][T19762] RIP: 0033:0x404f08 [ 1968.183352][T19762] Code: 85 02 00 00 80 3d 8f b5 66 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 7c b5 66 00 39 45 24 0f 84 e7 01 00 00 44 8b a5 80 00 00 00 b3 d5 ff ff 48 2b 05 fc 30 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 1968.203290][T19762] RSP: 002b:00007f3576419c90 EFLAGS: 00010246 [ 1968.209399][T19762] RAX: 00007f357841b000 RBX: 0000000000001efd RCX: 0000000000459829 [ 1968.217366][T19762] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 [ 1968.225415][T19762] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1968.233384][T19762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1968.241880][T19762] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1968.250154][T19762] memory: usage 306924kB, limit 307200kB, failcnt 103472 [ 1968.260478][T19762] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1968.267378][T19762] Memory cgroup stats for /syz0: [ 1968.267492][T19762] anon 82538496 [ 1968.267492][T19762] file 4096 [ 1968.267492][T19762] kernel_stack 36372480 [ 1968.267492][T19762] slab 45350912 [ 1968.267492][T19762] sock 4096 [ 1968.267492][T19762] shmem 0 [ 1968.267492][T19762] file_mapped 0 [ 1968.267492][T19762] file_dirty 0 [ 1968.267492][T19762] file_writeback 0 [ 1968.267492][T19762] anon_thp 0 [ 1968.267492][T19762] inactive_anon 0 [ 1968.267492][T19762] active_anon 82526208 [ 1968.267492][T19762] inactive_file 32768 [ 1968.267492][T19762] active_file 61440 [ 1968.267492][T19762] unevictable 0 [ 1968.267492][T19762] slab_reclaimable 5812224 [ 1968.267492][T19762] slab_unreclaimable 39538688 [ 1968.267492][T19762] pgfault 157344 [ 1968.267492][T19762] pgmajfault 0 [ 1968.267492][T19762] workingset_refault 528 [ 1968.267492][T19762] workingset_activate 396 [ 1968.267492][T19762] workingset_nodereclaim 0 [ 1968.267492][T19762] pgrefill 23878 [ 1968.267492][T19762] pgscan 24269 [ 1968.267492][T19762] pgsteal 1363 [ 1968.361275][T19762] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=26789,uid=0 [ 1968.376858][T19762] Memory cgroup out of memory: Killed process 26789 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1968.392366][ T1057] oom_reaper: reaped process 26789 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1968.395899][T19791] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1968.418773][T19762] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1968.426100][T19791] CPU: 1 PID: 19791 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1968.436409][T19791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1968.446469][T19791] Call Trace: [ 1968.449864][T19791] dump_stack+0x172/0x1f0 [ 1968.454186][T19791] dump_header+0x177/0x1152 [ 1968.458774][T19791] ? ___ratelimit+0xf8/0x595 [ 1968.463368][T19791] ? trace_hardirqs_on+0x67/0x240 [ 1968.468390][T19791] ? mark_oom_victim.cold+0x18/0x18 [ 1968.473577][T19791] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1968.479404][T19791] ? ___ratelimit+0x60/0x595 [ 1968.483985][T19791] ? do_raw_spin_unlock+0x57/0x270 [ 1968.489090][T19791] oom_kill_process.cold+0x10/0x15 [ 1968.494195][T19791] out_of_memory+0x79a/0x12c0 [ 1968.507268][T19791] ? lock_downgrade+0x920/0x920 [ 1968.512119][T19791] ? oom_killer_disable+0x280/0x280 [ 1968.517316][T19791] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1968.522859][T19791] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1968.528519][T19791] ? do_raw_spin_unlock+0x57/0x270 [ 1968.533624][T19791] ? _raw_spin_unlock+0x2d/0x50 [ 1968.538475][T19791] try_charge+0xa2d/0x1440 [ 1968.543004][T19791] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1968.548547][T19791] ? percpu_ref_tryget_live+0x111/0x290 [ 1968.554097][T19791] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1968.559552][T19791] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1968.565094][T19791] mem_cgroup_try_charge+0x136/0x590 [ 1968.570370][T19791] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1968.576028][T19791] wp_page_copy+0x421/0x15e0 [ 1968.580621][T19791] ? page_trans_huge_mapcount+0x166/0x450 [ 1968.586454][T19791] ? pmd_pfn+0x1d0/0x1d0 [ 1968.590696][T19791] ? lock_downgrade+0x920/0x920 [ 1968.595545][T19791] ? swp_swapcount+0x540/0x540 [ 1968.600402][T19791] ? do_raw_spin_unlock+0x57/0x270 [ 1968.605515][T19791] ? __kasan_check_read+0x11/0x20 [ 1968.610824][T19791] ? do_raw_spin_unlock+0x57/0x270 [ 1968.616026][T19791] do_wp_page+0x499/0x14d0 [ 1968.620452][T19791] ? finish_mkwrite_fault+0x570/0x570 [ 1968.626705][T19791] __handle_mm_fault+0x22f7/0x3f20 [ 1968.631847][T19791] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1968.637385][T19791] ? __kasan_check_read+0x11/0x20 [ 1968.642498][T19791] ? trace_hardirqs_on+0x67/0x240 [ 1968.647530][T19791] handle_mm_fault+0x1b5/0x6b0 [ 1968.652288][T19791] __do_page_fault+0x536/0xdd0 [ 1968.657050][T19791] do_page_fault+0x38/0x590 [ 1968.661567][T19791] page_fault+0x39/0x40 [ 1968.665709][T19791] RIP: 0033:0x404f08 [ 1968.669590][T19791] Code: 85 02 00 00 80 3d 8f b5 66 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 7c b5 66 00 39 45 24 0f 84 e7 01 00 00 44 8b a5 80 00 00 00 b3 d5 ff ff 48 2b 05 fc 30 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 1968.689185][T19791] RSP: 002b:00007f3576419c90 EFLAGS: 00010246 [ 1968.695239][T19791] RAX: 00007f357841b000 RBX: 0000000000000000 RCX: 0000000000459829 [ 1968.703204][T19791] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 04:20:42 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x48000000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:42 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000548000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:42 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800454d2, 0x0) 04:20:42 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xe0ff) 04:20:42 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675220d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:42 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r1) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r1, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x80000001, 0x0) [ 1968.711527][T19791] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1968.719491][T19791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1968.727567][T19791] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1968.766875][T19791] memory: usage 306828kB, limit 307200kB, failcnt 103473 [ 1968.779613][T19791] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1968.788568][ T26] audit: type=1400 audit(1564374042.569:1334): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675220D4C2E9AF281FA937D1B01 pid=19899 comm="syz-executor.1" [ 1968.815671][T19791] Memory cgroup stats for /syz0: [ 1968.815816][T19791] anon 82538496 [ 1968.815816][T19791] file 4096 [ 1968.815816][T19791] kernel_stack 36306944 [ 1968.815816][T19791] slab 45350912 [ 1968.815816][T19791] sock 4096 [ 1968.815816][T19791] shmem 0 [ 1968.815816][T19791] file_mapped 0 [ 1968.815816][T19791] file_dirty 0 04:20:42 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000648000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:42 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675230d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1968.815816][T19791] file_writeback 0 [ 1968.815816][T19791] anon_thp 0 [ 1968.815816][T19791] inactive_anon 0 [ 1968.815816][T19791] active_anon 82526208 [ 1968.815816][T19791] inactive_file 32768 [ 1968.815816][T19791] active_file 61440 [ 1968.815816][T19791] unevictable 0 [ 1968.815816][T19791] slab_reclaimable 5812224 [ 1968.815816][T19791] slab_unreclaimable 39538688 [ 1968.815816][T19791] pgfault 157410 [ 1968.815816][T19791] pgmajfault 0 [ 1968.815816][T19791] workingset_refault 528 [ 1968.815816][T19791] workingset_activate 396 [ 1968.815816][T19791] workingset_nodereclaim 0 [ 1968.815816][T19791] pgrefill 23878 [ 1968.815816][T19791] pgscan 24269 [ 1968.815816][T19791] pgsteal 1363 04:20:42 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455c9, 0x0) [ 1968.980770][ T26] audit: type=1400 audit(1564374042.759:1335): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675230D4C2E9AF281FA937D1B01 pid=19922 comm="syz-executor.1" 04:20:42 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675250d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:42 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xe803) 04:20:42 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000848000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1969.089842][T19791] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=13690,uid=0 [ 1969.154756][ T26] audit: type=1400 audit(1564374042.939:1336): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675250D4C2E9AF281FA937D1B01 pid=20028 comm="syz-executor.1" [ 1969.169264][T19791] Memory cgroup out of memory: Killed process 13690 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1969.329232][T19912] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 1969.343028][T19912] CPU: 1 PID: 19912 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1969.352182][T19912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1969.352188][T19912] Call Trace: [ 1969.352222][T19912] dump_stack+0x172/0x1f0 [ 1969.352244][T19912] dump_header+0x177/0x1152 [ 1969.352258][T19912] ? ___ratelimit+0xf8/0x595 [ 1969.352271][T19912] ? trace_hardirqs_on+0x67/0x240 [ 1969.352283][T19912] ? mark_oom_victim.cold+0x18/0x18 [ 1969.352312][T19912] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1969.369992][T19912] ? ___ratelimit+0x60/0x595 [ 1969.370007][T19912] ? do_raw_spin_unlock+0x57/0x270 [ 1969.370029][T19912] oom_kill_process.cold+0x10/0x15 [ 1969.409965][T19912] out_of_memory+0x79a/0x12c0 [ 1969.414653][T19912] ? lock_downgrade+0x920/0x920 [ 1969.419522][T19912] ? oom_killer_disable+0x280/0x280 [ 1969.424730][T19912] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1969.430287][T19912] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1969.435944][T19912] ? do_raw_spin_unlock+0x57/0x270 [ 1969.441057][T19912] ? _raw_spin_unlock+0x2d/0x50 [ 1969.445906][T19912] try_charge+0xf4b/0x1440 [ 1969.450337][T19912] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1969.455921][T19912] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1969.461560][T19912] ? __kasan_check_read+0x11/0x20 [ 1969.467217][T19912] ? lock_downgrade+0x920/0x920 [ 1969.472056][T19912] ? percpu_ref_tryget_live+0x111/0x290 [ 1969.477615][T19912] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1969.483130][T19912] ? memcg_kmem_put_cache+0x50/0x50 [ 1969.488321][T19912] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1969.493860][T19912] __memcg_kmem_charge+0x13a/0x3a0 [ 1969.498998][T19912] __alloc_pages_nodemask+0x4f4/0x900 [ 1969.504413][T19912] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1969.510150][T19912] ? percpu_ref_put_many+0xb6/0x190 [ 1969.515377][T19912] ? trace_hardirqs_on+0x67/0x240 [ 1969.520414][T19912] ? __kasan_check_read+0x11/0x20 [ 1969.525463][T19912] copy_process+0x3f8/0x6b00 [ 1969.530067][T19912] ? __kasan_check_read+0x11/0x20 [ 1969.535094][T19912] ? record_times+0x1e/0x2b0 [ 1969.539819][T19912] ? lock_downgrade+0x920/0x920 [ 1969.544685][T19912] ? __cleanup_sighand+0x60/0x60 [ 1969.549639][T19912] ? perf_trace_lock+0xeb/0x4c0 [ 1969.554503][T19912] ? __lockdep_free_key_range+0x120/0x120 [ 1969.560227][T19912] ? set_task_reclaim_state+0x56/0xb0 [ 1969.565606][T19912] _do_fork+0x146/0xfa0 [ 1969.569789][T19912] ? copy_init_mm+0x20/0x20 [ 1969.574309][T19912] ? lock_downgrade+0x920/0x920 [ 1969.579166][T19912] ? percpu_ref_tryget_live+0x290/0x290 [ 1969.584737][T19912] ? cgroup_file_notify+0x140/0x1b0 [ 1969.589947][T19912] ? blkcg_maybe_throttle_current+0x5fe/0x1030 [ 1969.596199][T19912] __x64_sys_clone+0x18d/0x250 [ 1969.600987][T19912] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1969.607268][T19912] ? __ia32_sys_vfork+0xc0/0xc0 [ 1969.614574][T19912] ? trace_hardirqs_off_caller+0x65/0x230 [ 1969.620607][T19912] ? trace_hardirqs_on+0x67/0x240 [ 1969.627044][T19912] do_syscall_64+0xfa/0x760 [ 1969.631930][T19912] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1969.637878][T19912] RIP: 0033:0x45c1f9 [ 1969.641773][T19912] Code: ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c fe 8d fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 1969.661647][T19912] RSP: 002b:00007ffd41fb7008 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1969.670087][T19912] RAX: ffffffffffffffda RBX: 00007f35763f9700 RCX: 000000000045c1f9 [ 1969.678231][T19912] RDX: 00007f35763f99d0 RSI: 00007f35763f8db0 RDI: 00000000003d0f00 [ 1969.686204][T19912] RBP: 00007ffd41fb7220 R08: 00007f35763f9700 R09: 00007f35763f9700 [ 1969.694188][T19912] R10: 00007f35763f99d0 R11: 0000000000000202 R12: 0000000000000000 [ 1969.702163][T19912] R13: 00007ffd41fb70bf R14: 00007f35763f99c0 R15: 000000000075bfd4 [ 1969.711894][T19912] memory: usage 306948kB, limit 307200kB, failcnt 103495 [ 1969.719475][T19912] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1969.726471][T19912] Memory cgroup stats for /syz0: [ 1969.726583][T19912] anon 82673664 [ 1969.726583][T19912] file 4096 [ 1969.726583][T19912] kernel_stack 36372480 [ 1969.726583][T19912] slab 45350912 [ 1969.726583][T19912] sock 4096 [ 1969.726583][T19912] shmem 0 [ 1969.726583][T19912] file_mapped 0 [ 1969.726583][T19912] file_dirty 0 [ 1969.726583][T19912] file_writeback 0 [ 1969.726583][T19912] anon_thp 0 [ 1969.726583][T19912] inactive_anon 0 [ 1969.726583][T19912] active_anon 82526208 [ 1969.726583][T19912] inactive_file 32768 [ 1969.726583][T19912] active_file 61440 [ 1969.726583][T19912] unevictable 0 [ 1969.726583][T19912] slab_reclaimable 5812224 [ 1969.726583][T19912] slab_unreclaimable 39538688 [ 1969.726583][T19912] pgfault 157443 [ 1969.726583][T19912] pgmajfault 0 [ 1969.726583][T19912] workingset_refault 528 [ 1969.726583][T19912] workingset_activate 396 [ 1969.726583][T19912] workingset_nodereclaim 0 [ 1969.726583][T19912] pgrefill 23878 [ 1969.726583][T19912] pgscan 24269 [ 1969.726583][T19912] pgsteal 1363 04:20:43 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x88000000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:43 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000948000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:43 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c6752a0d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:43 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455ca, 0x0) 04:20:43 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xec00) 04:20:43 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r1) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r1, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(0xffffffffffffffff, 0x0, r1, 0x0, 0x80000001, 0x0) [ 1969.820359][T19912] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=19898,uid=0 [ 1969.837614][T19912] Memory cgroup out of memory: Killed process 19898 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1969.854155][ T1057] oom_reaper: reaped process 19898 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1969.872704][T19949] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:43 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c6752b0d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1969.958903][ T26] audit: type=1400 audit(1564374043.739:1337): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C6752A0D4C2E9AF281FA937D1B01 pid=20161 comm="syz-executor.1" 04:20:43 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000a48000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:43 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x800455cc, 0x0) [ 1970.056490][T20177] syz-executor.0 invoked oom-killer: gfp_mask=0x402cc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 1970.070847][T20177] CPU: 0 PID: 20177 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1970.079988][T20177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1970.090232][T20177] Call Trace: [ 1970.093538][T20177] dump_stack+0x172/0x1f0 [ 1970.097886][T20177] dump_header+0x177/0x1152 [ 1970.102409][T20177] ? ___ratelimit+0xf8/0x595 [ 1970.107022][T20177] ? trace_hardirqs_on+0x67/0x240 [ 1970.112059][T20177] ? mark_oom_victim.cold+0x18/0x18 [ 1970.117268][T20177] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1970.123088][T20177] ? ___ratelimit+0x60/0x595 [ 1970.127688][T20177] ? do_raw_spin_unlock+0x57/0x270 [ 1970.132818][T20177] oom_kill_process.cold+0x10/0x15 [ 1970.137944][T20177] out_of_memory+0x79a/0x12c0 [ 1970.142629][T20177] ? lock_downgrade+0x920/0x920 [ 1970.147593][T20177] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1970.153846][T20177] ? oom_killer_disable+0x280/0x280 [ 1970.159056][T20177] ? __kasan_check_read+0x11/0x20 [ 1970.164105][T20177] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1970.169659][T20177] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1970.169679][T20177] ? do_raw_spin_unlock+0x57/0x270 [ 1970.169694][T20177] ? _raw_spin_unlock+0x2d/0x50 [ 1970.169714][T20177] try_charge+0xf4b/0x1440 [ 1970.180450][T20177] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1970.195243][T20177] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1970.195259][T20177] ? __kasan_check_read+0x11/0x20 [ 1970.195280][T20177] ? lock_downgrade+0x920/0x920 [ 1970.195309][T20177] ? percpu_ref_tryget_live+0x111/0x290 [ 1970.205863][T20177] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1970.205878][T20177] ? memcg_kmem_put_cache+0x50/0x50 [ 1970.205894][T20177] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1970.205909][T20177] __memcg_kmem_charge+0x13a/0x3a0 [ 1970.205931][T20177] __alloc_pages_nodemask+0x4f4/0x900 [ 1970.216345][T20177] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1970.216366][T20177] ? kasan_unpoison_shadow+0x35/0x50 [ 1970.216391][T20177] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1970.228801][T20177] alloc_pages_current+0x107/0x210 [ 1970.228823][T20177] __vmalloc_node_range+0x4a9/0x7d0 [ 1970.228844][T20177] __vmalloc+0x44/0x50 [ 1970.228858][T20177] ? do_replace+0x1d0/0x420 [ 1970.228872][T20177] do_replace+0x1d0/0x420 [ 1970.228886][T20177] ? compat_target_to_user+0x340/0x340 [ 1970.228901][T20177] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1970.228935][T20177] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1970.304256][T20177] ? ns_capable_common+0x93/0x100 [ 1970.309297][T20177] do_ebt_set_ctl+0xec/0x110 [ 1970.313915][T20177] nf_setsockopt+0x77/0xd0 [ 1970.318363][T20177] ip_setsockopt+0xdf/0x100 [ 1970.322887][T20177] udp_setsockopt+0x68/0xb0 [ 1970.327405][T20177] sock_common_setsockopt+0x94/0xd0 [ 1970.332629][T20177] __sys_setsockopt+0x261/0x4c0 [ 1970.337506][T20177] ? sock_create_kern+0x50/0x50 [ 1970.342496][T20177] ? __x64_sys_clock_gettime+0x16d/0x240 [ 1970.348153][T20177] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1970.354239][T20177] __x64_sys_setsockopt+0xbe/0x150 [ 1970.359367][T20177] do_syscall_64+0xfa/0x760 [ 1970.363897][T20177] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1970.369878][T20177] RIP: 0033:0x459829 [ 1970.373873][T20177] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1970.393575][T20177] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1970.402000][T20177] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1970.409983][T20177] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000003 [ 1970.417964][T20177] RBP: 000000000075bf20 R08: 0000000000000220 R09: 0000000000000000 [ 1970.426070][T20177] R10: 0000000020000080 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1970.434056][T20177] R13: 00000000004c792f R14: 00000000004dd280 R15: 00000000ffffffff 04:20:44 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xec03) 04:20:44 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c6752d0d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:44 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c6752e0d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1970.444460][ T26] audit: type=1400 audit(1564374043.849:1338): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C6752B0D4C2E9AF281FA937D1B01 pid=20291 comm="syz-executor.1" [ 1970.446374][T20177] memory: usage 307200kB, limit 307200kB, failcnt 103531 [ 1970.510353][ T26] audit: type=1400 audit(1564374043.849:1339): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C6752D0D4C2E9AF281FA937D1B01 pid=20297 comm="syz-executor.1" [ 1970.544334][T20177] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1970.572483][T20177] Memory cgroup stats for /syz0: [ 1970.572599][T20177] anon 82534400 [ 1970.572599][T20177] file 4096 [ 1970.572599][T20177] kernel_stack 36372480 [ 1970.572599][T20177] slab 45350912 [ 1970.572599][T20177] sock 4096 [ 1970.572599][T20177] shmem 0 [ 1970.572599][T20177] file_mapped 0 [ 1970.572599][T20177] file_dirty 0 [ 1970.572599][T20177] file_writeback 0 [ 1970.572599][T20177] anon_thp 0 [ 1970.572599][T20177] inactive_anon 0 [ 1970.572599][T20177] active_anon 82661376 [ 1970.572599][T20177] inactive_file 32768 [ 1970.572599][T20177] active_file 61440 [ 1970.572599][T20177] unevictable 0 [ 1970.572599][T20177] slab_reclaimable 5812224 [ 1970.572599][T20177] slab_unreclaimable 39538688 [ 1970.572599][T20177] pgfault 157542 [ 1970.572599][T20177] pgmajfault 0 [ 1970.572599][T20177] workingset_refault 528 [ 1970.572599][T20177] workingset_activate 396 [ 1970.572599][T20177] workingset_nodereclaim 0 [ 1970.572599][T20177] pgrefill 23878 [ 1970.572599][T20177] pgscan 24269 [ 1970.572599][T20177] pgsteal 1363 [ 1970.683000][ T26] audit: type=1400 audit(1564374044.459:1340): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C6752E0D4C2E9AF281FA937D1B01 pid=20407 comm="syz-executor.1" [ 1970.729506][T20177] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=20158,uid=0 [ 1970.745979][T20177] Memory cgroup out of memory: Killed process 20158 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1970.774572][T20177] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:44 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0xfeffff07, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:44 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80086301, 0x0) 04:20:44 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000b48000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:44 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xf401) 04:20:44 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675300d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:44 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x80000001, 0x0) [ 1970.807538][T20413] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1970.888506][ T26] audit: type=1400 audit(1564374044.669:1341): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675300D4C2E9AF281FA937D1B01 pid=20417 comm="syz-executor.1" 04:20:44 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x80e85411, 0x0) 04:20:44 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000c48000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1970.996957][T20430] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1971.026198][T20430] CPU: 0 PID: 20430 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1971.035524][T20430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 04:20:44 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x8138ae83, 0x0) [ 1971.045587][T20430] Call Trace: [ 1971.048894][T20430] dump_stack+0x172/0x1f0 [ 1971.053237][T20430] dump_header+0x177/0x1152 [ 1971.057757][T20430] ? ___ratelimit+0xf8/0x595 [ 1971.062397][T20430] ? trace_hardirqs_on+0x67/0x240 [ 1971.067463][T20430] ? mark_oom_victim.cold+0x18/0x18 [ 1971.072683][T20430] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1971.078510][T20430] ? ___ratelimit+0x60/0x595 [ 1971.083110][T20430] ? do_raw_spin_unlock+0x57/0x270 [ 1971.088262][T20430] oom_kill_process.cold+0x10/0x15 [ 1971.093386][T20430] out_of_memory+0x79a/0x12c0 [ 1971.098343][T20430] ? lock_downgrade+0x920/0x920 [ 1971.103211][T20430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1971.109896][T20430] ? oom_killer_disable+0x280/0x280 [ 1971.109922][T20430] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1971.109944][T20430] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1971.126323][T20430] ? do_raw_spin_unlock+0x57/0x270 [ 1971.131450][T20430] ? _raw_spin_unlock+0x2d/0x50 [ 1971.131469][T20430] try_charge+0xf4b/0x1440 [ 1971.131499][T20430] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1971.146297][T20430] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1971.151860][T20430] ? __kasan_check_read+0x11/0x20 [ 1971.156899][T20430] ? lock_downgrade+0x920/0x920 [ 1971.161761][T20430] ? percpu_ref_tryget_live+0x111/0x290 [ 1971.167328][T20430] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1971.172794][T20430] ? memcg_kmem_put_cache+0x50/0x50 [ 1971.178016][T20430] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1971.183569][T20430] __memcg_kmem_charge+0x13a/0x3a0 [ 1971.188694][T20430] __alloc_pages_nodemask+0x4f4/0x900 04:20:44 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000e48000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1971.194071][T20430] ? __lockdep_free_key_range+0x120/0x120 [ 1971.199797][T20430] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1971.205526][T20430] ? __pte_alloc+0x1b5/0x310 [ 1971.210124][T20430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1971.216383][T20430] ? copy_page_range+0x10c2/0x2120 [ 1971.216397][T20430] ? __kasan_check_read+0x11/0x20 [ 1971.216416][T20430] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1971.216438][T20430] alloc_pages_current+0x107/0x210 [ 1971.237909][T20430] pte_alloc_one+0x1b/0x1a0 [ 1971.242429][T20430] __pte_alloc+0x20/0x310 04:20:45 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000f48000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1971.246777][T20430] copy_page_range+0x1610/0x2120 [ 1971.251722][T20430] ? perf_trace_lock+0xeb/0x4c0 [ 1971.256640][T20430] ? __pmd_alloc+0x460/0x460 [ 1971.261235][T20430] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1971.266801][T20430] ? __rb_insert_augmented+0x20c/0xd90 [ 1971.272267][T20430] ? validate_mm_rb+0xa3/0xc0 [ 1971.277139][T20430] ? __vma_link_rb+0x275/0x370 [ 1971.281907][T20430] ? __kasan_check_write+0x14/0x20 [ 1971.287119][T20430] dup_mm+0xa67/0x1430 [ 1971.291209][T20430] ? vm_area_dup+0x170/0x170 04:20:45 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00001048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1971.295823][T20430] ? debug_mutex_init+0x2d/0x5a [ 1971.300690][T20430] copy_process+0x28b7/0x6b00 [ 1971.305383][T20430] ? perf_trace_lock+0xeb/0x4c0 [ 1971.310257][T20430] ? __cleanup_sighand+0x60/0x60 [ 1971.315217][T20430] ? __kasan_check_read+0x11/0x20 [ 1971.320251][T20430] ? do_raw_spin_unlock+0x57/0x270 [ 1971.325373][T20430] _do_fork+0x146/0xfa0 [ 1971.329551][T20430] ? copy_init_mm+0x20/0x20 [ 1971.334083][T20430] ? __kasan_check_read+0x11/0x20 [ 1971.339117][T20430] ? _copy_to_user+0x118/0x160 [ 1971.343891][T20430] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1971.350139][T20430] ? put_timespec64+0xda/0x140 [ 1971.354918][T20430] __x64_sys_clone+0x18d/0x250 [ 1971.359699][T20430] ? __ia32_sys_vfork+0xc0/0xc0 [ 1971.364567][T20430] ? trace_hardirqs_off_caller+0x65/0x230 [ 1971.370294][T20430] ? trace_hardirqs_on+0x67/0x240 [ 1971.375346][T20430] do_syscall_64+0xfa/0x760 [ 1971.379862][T20430] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1971.385756][T20430] RIP: 0033:0x459829 [ 1971.389656][T20430] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1971.409273][T20430] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1971.417711][T20430] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1971.425782][T20430] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1971.433760][T20430] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1971.441733][T20430] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1971.441741][T20430] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1971.456031][T20430] memory: usage 307200kB, limit 307200kB, failcnt 103557 [ 1971.466834][T20430] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1971.475565][T20430] Memory cgroup stats for /syz0: [ 1971.475848][T20430] anon 82534400 [ 1971.475848][T20430] file 4096 [ 1971.475848][T20430] kernel_stack 36372480 [ 1971.475848][T20430] slab 45350912 [ 1971.475848][T20430] sock 4096 [ 1971.475848][T20430] shmem 0 [ 1971.475848][T20430] file_mapped 0 [ 1971.475848][T20430] file_dirty 0 [ 1971.475848][T20430] file_writeback 0 [ 1971.475848][T20430] anon_thp 0 [ 1971.475848][T20430] inactive_anon 0 [ 1971.475848][T20430] active_anon 82661376 [ 1971.475848][T20430] inactive_file 32768 [ 1971.475848][T20430] active_file 61440 [ 1971.475848][T20430] unevictable 0 [ 1971.475848][T20430] slab_reclaimable 5812224 [ 1971.475848][T20430] slab_unreclaimable 39538688 [ 1971.475848][T20430] pgfault 157608 [ 1971.475848][T20430] pgmajfault 0 [ 1971.475848][T20430] workingset_refault 528 [ 1971.475848][T20430] workingset_activate 396 [ 1971.475848][T20430] workingset_nodereclaim 0 [ 1971.475848][T20430] pgrefill 23878 [ 1971.475848][T20430] pgscan 24269 [ 1971.475848][T20430] pgsteal 1363 [ 1971.575388][T20430] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=20412,uid=0 [ 1971.591789][T20430] Memory cgroup out of memory: Killed process 20412 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1971.632294][T20430] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1971.650657][T20430] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1971.664597][T20430] CPU: 0 PID: 20430 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1971.673725][T20430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1971.683871][T20430] Call Trace: [ 1971.687335][T20430] dump_stack+0x172/0x1f0 [ 1971.691675][T20430] dump_header+0x177/0x1152 [ 1971.696186][T20430] ? ___ratelimit+0xf8/0x595 [ 1971.700779][T20430] ? trace_hardirqs_on+0x67/0x240 [ 1971.705813][T20430] ? mark_oom_victim.cold+0x18/0x18 [ 1971.711029][T20430] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1971.716844][T20430] ? ___ratelimit+0x60/0x595 [ 1971.721443][T20430] ? do_raw_spin_unlock+0x57/0x270 [ 1971.726572][T20430] oom_kill_process.cold+0x10/0x15 [ 1971.731698][T20430] out_of_memory+0x79a/0x12c0 [ 1971.736389][T20430] ? lock_downgrade+0x920/0x920 [ 1971.741252][T20430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1971.747512][T20430] ? oom_killer_disable+0x280/0x280 [ 1971.752734][T20430] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1971.758309][T20430] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1971.763964][T20430] ? do_raw_spin_unlock+0x57/0x270 [ 1971.769108][T20430] ? _raw_spin_unlock+0x2d/0x50 [ 1971.773970][T20430] try_charge+0xf4b/0x1440 [ 1971.778406][T20430] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1971.784314][T20430] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1971.789865][T20430] ? __kasan_check_read+0x11/0x20 [ 1971.794901][T20430] ? lock_downgrade+0x920/0x920 [ 1971.799762][T20430] ? percpu_ref_tryget_live+0x111/0x290 [ 1971.805321][T20430] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1971.810792][T20430] ? memcg_kmem_put_cache+0x50/0x50 [ 1971.815998][T20430] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1971.821553][T20430] __memcg_kmem_charge+0x13a/0x3a0 [ 1971.826682][T20430] __alloc_pages_nodemask+0x4f4/0x900 [ 1971.832080][T20430] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1971.837803][T20430] ? __pmd_alloc+0x377/0x460 [ 1971.842397][T20430] ? __kasan_check_read+0x11/0x20 [ 1971.847458][T20430] ? lock_downgrade+0x920/0x920 [ 1971.852314][T20430] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1971.861201][T20430] alloc_pages_current+0x107/0x210 [ 1971.866328][T20430] pte_alloc_one+0x1b/0x1a0 [ 1971.870837][T20430] __pte_alloc+0x20/0x310 [ 1971.875176][T20430] copy_page_range+0x1610/0x2120 [ 1971.880119][T20430] ? perf_trace_lock+0xeb/0x4c0 [ 1971.884995][T20430] ? __pmd_alloc+0x460/0x460 [ 1971.890020][T20430] ? lock_downgrade+0x920/0x920 [ 1971.894989][T20430] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1971.900813][T20430] ? validate_mm_rb+0xa3/0xc0 [ 1971.905586][T20430] ? __vma_link_rb+0x275/0x370 [ 1971.910352][T20430] ? __kasan_check_write+0x14/0x20 [ 1971.915476][T20430] dup_mm+0xa67/0x1430 [ 1971.919555][T20430] ? vm_area_dup+0x170/0x170 [ 1971.924158][T20430] ? debug_mutex_init+0x2d/0x5a [ 1971.929019][T20430] copy_process+0x28b7/0x6b00 [ 1971.933698][T20430] ? perf_trace_lock+0xeb/0x4c0 [ 1971.938570][T20430] ? __cleanup_sighand+0x60/0x60 [ 1971.943531][T20430] _do_fork+0x146/0xfa0 [ 1971.947696][T20430] ? copy_init_mm+0x20/0x20 [ 1971.952299][T20430] ? __kasan_check_read+0x11/0x20 [ 1971.957491][T20430] ? _copy_to_user+0x118/0x160 [ 1971.962266][T20430] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1971.968510][T20430] ? put_timespec64+0xda/0x140 [ 1971.973289][T20430] __x64_sys_clone+0x18d/0x250 [ 1971.978156][T20430] ? __ia32_sys_vfork+0xc0/0xc0 [ 1971.983020][T20430] ? trace_hardirqs_off_caller+0x65/0x230 [ 1971.988749][T20430] ? trace_hardirqs_on+0x67/0x240 [ 1971.993791][T20430] do_syscall_64+0xfa/0x760 [ 1971.998315][T20430] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1972.004212][T20430] RIP: 0033:0x459829 [ 1972.008111][T20430] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1972.027731][T20430] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1972.036151][T20430] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1972.044216][T20430] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1972.052196][T20430] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1972.060170][T20430] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1972.068163][T20430] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1972.084082][T20430] memory: usage 307196kB, limit 307200kB, failcnt 103587 [ 1972.091188][T20430] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1972.099140][T20430] Memory cgroup stats for /syz0: [ 1972.099258][T20430] anon 82534400 [ 1972.099258][T20430] file 4096 [ 1972.099258][T20430] kernel_stack 36438016 [ 1972.099258][T20430] slab 45350912 [ 1972.099258][T20430] sock 4096 [ 1972.099258][T20430] shmem 0 [ 1972.099258][T20430] file_mapped 0 [ 1972.099258][T20430] file_dirty 0 [ 1972.099258][T20430] file_writeback 0 [ 1972.099258][T20430] anon_thp 0 [ 1972.099258][T20430] inactive_anon 0 [ 1972.099258][T20430] active_anon 82661376 [ 1972.099258][T20430] inactive_file 32768 [ 1972.099258][T20430] active_file 61440 [ 1972.099258][T20430] unevictable 0 [ 1972.099258][T20430] slab_reclaimable 5812224 [ 1972.099258][T20430] slab_unreclaimable 39538688 [ 1972.099258][T20430] pgfault 157674 [ 1972.099258][T20430] pgmajfault 0 [ 1972.099258][T20430] workingset_refault 528 [ 1972.099258][T20430] workingset_activate 396 [ 1972.099258][T20430] workingset_nodereclaim 0 [ 1972.099258][T20430] pgrefill 23878 [ 1972.099258][T20430] pgscan 24269 [ 1972.099258][T20430] pgsteal 1363 [ 1972.193783][T20430] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=10999,uid=0 [ 1972.209605][T20430] Memory cgroup out of memory: Killed process 10999 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1972.228556][ T1057] oom_reaper: reaped process 10999 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1972.232166][T20430] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1972.252163][T20430] CPU: 0 PID: 20430 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1972.261272][T20430] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1972.271325][T20430] Call Trace: [ 1972.274624][T20430] dump_stack+0x172/0x1f0 [ 1972.278960][T20430] dump_header+0x177/0x1152 [ 1972.283477][T20430] ? ___ratelimit+0xf8/0x595 [ 1972.288079][T20430] ? trace_hardirqs_on+0x67/0x240 [ 1972.293094][T20430] ? mark_oom_victim.cold+0x18/0x18 [ 1972.298281][T20430] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1972.304082][T20430] ? ___ratelimit+0x60/0x595 [ 1972.308674][T20430] ? do_raw_spin_unlock+0x57/0x270 [ 1972.313776][T20430] oom_kill_process.cold+0x10/0x15 [ 1972.318874][T20430] out_of_memory+0x79a/0x12c0 [ 1972.323545][T20430] ? lock_downgrade+0x920/0x920 [ 1972.328395][T20430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1972.334645][T20430] ? oom_killer_disable+0x280/0x280 [ 1972.339837][T20430] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1972.345387][T20430] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1972.351025][T20430] ? do_raw_spin_unlock+0x57/0x270 [ 1972.356214][T20430] ? _raw_spin_unlock+0x2d/0x50 [ 1972.361136][T20430] try_charge+0xf4b/0x1440 [ 1972.365547][T20430] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1972.371105][T20430] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1972.376652][T20430] ? __kasan_check_read+0x11/0x20 [ 1972.381682][T20430] ? lock_downgrade+0x920/0x920 [ 1972.386527][T20430] ? percpu_ref_tryget_live+0x111/0x290 [ 1972.392079][T20430] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1972.397544][T20430] ? memcg_kmem_put_cache+0x50/0x50 [ 1972.402731][T20430] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1972.408265][T20430] __memcg_kmem_charge+0x13a/0x3a0 [ 1972.413372][T20430] __alloc_pages_nodemask+0x4f4/0x900 [ 1972.418765][T20430] ? save_stack+0x5c/0x90 [ 1972.423080][T20430] ? save_stack+0x23/0x90 [ 1972.427403][T20430] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1972.433108][T20430] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1972.438907][T20430] ? kasan_slab_alloc+0xf/0x20 [ 1972.443669][T20430] ? kmem_cache_alloc+0x121/0x710 [ 1972.448708][T20430] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1972.454946][T20430] ? debug_smp_processor_id+0x3c/0x214 [ 1972.460410][T20430] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1972.466981][T20430] alloc_pages_current+0x107/0x210 [ 1972.472455][T20430] pte_alloc_one+0x1b/0x1a0 [ 1972.476956][T20430] __pte_alloc+0x20/0x310 [ 1972.481289][T20430] copy_page_range+0x1610/0x2120 [ 1972.486232][T20430] ? percpu_ref_put_many+0x94/0x190 [ 1972.491425][T20430] ? lock_downgrade+0x920/0x920 [ 1972.496267][T20430] ? __pmd_alloc+0x460/0x460 [ 1972.501114][T20430] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1972.506678][T20430] ? validate_mm_rb+0xa3/0xc0 [ 1972.511339][T20430] ? __vma_link_rb+0x275/0x370 [ 1972.516100][T20430] dup_mm+0xa67/0x1430 [ 1972.520188][T20430] ? vm_area_dup+0x170/0x170 [ 1972.524769][T20430] ? debug_mutex_init+0x2d/0x5a [ 1972.529623][T20430] copy_process+0x28b7/0x6b00 [ 1972.534301][T20430] ? perf_trace_lock+0xeb/0x4c0 [ 1972.539147][T20430] ? __cleanup_sighand+0x60/0x60 [ 1972.544101][T20430] _do_fork+0x146/0xfa0 [ 1972.548254][T20430] ? copy_init_mm+0x20/0x20 [ 1972.552874][T20430] ? __kasan_check_read+0x11/0x20 [ 1972.557887][T20430] ? _copy_to_user+0x118/0x160 [ 1972.562689][T20430] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1972.568924][T20430] ? put_timespec64+0xda/0x140 [ 1972.573674][T20430] __x64_sys_clone+0x18d/0x250 [ 1972.578426][T20430] ? __ia32_sys_vfork+0xc0/0xc0 [ 1972.583375][T20430] ? trace_hardirqs_off_caller+0x65/0x230 [ 1972.589110][T20430] ? trace_hardirqs_on+0x67/0x240 [ 1972.594127][T20430] do_syscall_64+0xfa/0x760 [ 1972.598652][T20430] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1972.604630][T20430] RIP: 0033:0x459829 [ 1972.608536][T20430] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1972.628473][T20430] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1972.637250][T20430] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1972.645573][T20430] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1972.653556][T20430] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1972.661724][T20430] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1972.669798][T20430] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1972.678562][T20430] memory: usage 306952kB, limit 307200kB, failcnt 103595 [ 1972.685650][T20430] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1972.692498][T20430] Memory cgroup stats for /syz0: [ 1972.692629][T20430] anon 82534400 [ 1972.692629][T20430] file 4096 [ 1972.692629][T20430] kernel_stack 36438016 [ 1972.692629][T20430] slab 45350912 [ 1972.692629][T20430] sock 4096 [ 1972.692629][T20430] shmem 0 [ 1972.692629][T20430] file_mapped 0 [ 1972.692629][T20430] file_dirty 0 [ 1972.692629][T20430] file_writeback 0 [ 1972.692629][T20430] anon_thp 0 [ 1972.692629][T20430] inactive_anon 0 [ 1972.692629][T20430] active_anon 82661376 [ 1972.692629][T20430] inactive_file 32768 [ 1972.692629][T20430] active_file 61440 [ 1972.692629][T20430] unevictable 0 [ 1972.692629][T20430] slab_reclaimable 5812224 [ 1972.692629][T20430] slab_unreclaimable 39538688 [ 1972.692629][T20430] pgfault 157674 [ 1972.692629][T20430] pgmajfault 0 [ 1972.692629][T20430] workingset_refault 528 [ 1972.692629][T20430] workingset_activate 396 [ 1972.692629][T20430] workingset_nodereclaim 0 [ 1972.692629][T20430] pgrefill 23878 [ 1972.692629][T20430] pgscan 24269 [ 1972.692629][T20430] pgsteal 1363 [ 1972.786259][T20430] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=3083,uid=0 04:20:46 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x20000000000000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:46 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00001148000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:46 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x0) 04:20:46 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675580d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:46 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xf903) 04:20:46 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x80000001, 0x0) [ 1972.802361][T20430] Memory cgroup out of memory: Killed process 3083 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1972.823705][T20562] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1972.874640][ T26] audit: type=1400 audit(1564374046.659:1342): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675580D4C2E9AF281FA937D1B01 pid=20565 comm="syz-executor.1" 04:20:46 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675630d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:46 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0045878, 0x0) 04:20:46 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00001248000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:46 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00001348000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:46 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675640d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:46 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xfa03) [ 1973.099822][ T26] audit: type=1400 audit(1564374046.879:1343): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675630D4C2E9AF281FA937D1B01 pid=20689 comm="syz-executor.1" [ 1973.177074][T20608] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1973.269627][ T26] audit: type=1400 audit(1564374047.009:1344): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675640D4C2E9AF281FA937D1B01 pid=20696 comm="syz-executor.1" [ 1973.292840][T20608] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1973.340820][T20608] CPU: 1 PID: 20608 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1973.349980][T20608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1973.360050][T20608] Call Trace: [ 1973.363359][T20608] dump_stack+0x172/0x1f0 [ 1973.367704][T20608] dump_header+0x177/0x1152 [ 1973.372219][T20608] ? ___ratelimit+0xf8/0x595 [ 1973.376826][T20608] ? trace_hardirqs_on+0x67/0x240 [ 1973.381948][T20608] ? mark_oom_victim.cold+0x18/0x18 [ 1973.387153][T20608] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1973.393058][T20608] ? ___ratelimit+0x60/0x595 [ 1973.397660][T20608] ? do_raw_spin_unlock+0x57/0x270 [ 1973.402796][T20608] oom_kill_process.cold+0x10/0x15 [ 1973.407924][T20608] out_of_memory+0x79a/0x12c0 [ 1973.412598][T20608] ? lock_downgrade+0x920/0x920 [ 1973.417456][T20608] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1973.417472][T20608] ? oom_killer_disable+0x280/0x280 [ 1973.417497][T20608] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1973.417519][T20608] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1973.428952][T20608] ? do_raw_spin_unlock+0x57/0x270 [ 1973.428967][T20608] ? _raw_spin_unlock+0x2d/0x50 [ 1973.428984][T20608] try_charge+0xf4b/0x1440 [ 1973.429005][T20608] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1973.429019][T20608] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1973.429031][T20608] ? __kasan_check_read+0x11/0x20 [ 1973.429058][T20608] ? lock_downgrade+0x920/0x920 [ 1973.476599][T20608] ? percpu_ref_tryget_live+0x111/0x290 [ 1973.482221][T20608] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1973.487944][T20608] ? memcg_kmem_put_cache+0x50/0x50 [ 1973.493129][T20608] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1973.498696][T20608] __memcg_kmem_charge+0x13a/0x3a0 [ 1973.503813][T20608] __alloc_pages_nodemask+0x4f4/0x900 [ 1973.509183][T20608] ? stack_trace_consume_entry+0x190/0x190 [ 1973.514999][T20608] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1973.520706][T20608] ? debug_smp_processor_id+0x3c/0x214 [ 1973.526190][T20608] ? save_stack+0x5c/0x90 [ 1973.530506][T20608] ? save_stack+0x23/0x90 [ 1973.534831][T20608] ? __kasan_kmalloc.constprop.0+0xcf/0xe0 [ 1973.540627][T20608] ? kasan_slab_alloc+0xf/0x20 [ 1973.545375][T20608] ? kmem_cache_alloc+0x121/0x710 [ 1973.550392][T20608] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1973.556631][T20608] alloc_pages_current+0x107/0x210 [ 1973.561729][T20608] get_zeroed_page+0x14/0x50 [ 1973.566318][T20608] __pud_alloc+0x3b/0x250 [ 1973.570642][T20608] pud_alloc+0xde/0x150 [ 1973.574796][T20608] copy_page_range+0x383/0x2120 [ 1973.579651][T20608] ? perf_trace_lock+0xeb/0x4c0 [ 1973.584505][T20608] ? __lockdep_free_key_range+0x120/0x120 [ 1973.590213][T20608] ? mark_held_locks+0xf0/0xf0 [ 1973.595052][T20608] ? anon_vma_fork+0x371/0x4a0 [ 1973.599814][T20608] ? dup_mm+0x7cd/0x1430 [ 1973.604056][T20608] ? __kasan_check_read+0x11/0x20 [ 1973.609263][T20608] ? __pmd_alloc+0x460/0x460 [ 1973.613950][T20608] ? lock_downgrade+0x920/0x920 [ 1973.618793][T20608] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1973.624546][T20608] ? validate_mm_rb+0xa3/0xc0 [ 1973.629211][T20608] ? __vma_link_rb+0x275/0x370 [ 1973.633961][T20608] ? __kasan_check_write+0x14/0x20 [ 1973.639086][T20608] dup_mm+0xa67/0x1430 [ 1973.643152][T20608] ? vm_area_dup+0x170/0x170 [ 1973.647741][T20608] ? debug_mutex_init+0x2d/0x5a [ 1973.652582][T20608] copy_process+0x28b7/0x6b00 [ 1973.657247][T20608] ? perf_trace_lock+0xeb/0x4c0 [ 1973.662087][T20608] ? __cleanup_sighand+0x60/0x60 [ 1973.667021][T20608] _do_fork+0x146/0xfa0 [ 1973.671166][T20608] ? copy_init_mm+0x20/0x20 [ 1973.675673][T20608] ? __kasan_check_read+0x11/0x20 [ 1973.680706][T20608] ? _copy_to_user+0x118/0x160 [ 1973.685496][T20608] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1973.691753][T20608] ? put_timespec64+0xda/0x140 [ 1973.696543][T20608] __x64_sys_clone+0x18d/0x250 [ 1973.701321][T20608] ? __ia32_sys_vfork+0xc0/0xc0 [ 1973.706190][T20608] ? trace_hardirqs_off_caller+0x65/0x230 [ 1973.711925][T20608] ? trace_hardirqs_on+0x67/0x240 [ 1973.716962][T20608] do_syscall_64+0xfa/0x760 [ 1973.721477][T20608] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1973.727379][T20608] RIP: 0033:0x459829 [ 1973.731285][T20608] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1973.750912][T20608] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1973.759333][T20608] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1973.767380][T20608] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1973.775340][T20608] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1973.783383][T20608] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1973.791342][T20608] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1973.801550][T20608] memory: usage 307200kB, limit 307200kB, failcnt 103623 [ 1973.808665][T20608] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1973.815697][T20608] Memory cgroup stats for /syz0: [ 1973.815828][T20608] anon 82534400 [ 1973.815828][T20608] file 4096 [ 1973.815828][T20608] kernel_stack 36438016 [ 1973.815828][T20608] slab 45350912 [ 1973.815828][T20608] sock 4096 [ 1973.815828][T20608] shmem 0 [ 1973.815828][T20608] file_mapped 0 [ 1973.815828][T20608] file_dirty 0 [ 1973.815828][T20608] file_writeback 0 [ 1973.815828][T20608] anon_thp 0 [ 1973.815828][T20608] inactive_anon 0 [ 1973.815828][T20608] active_anon 82661376 [ 1973.815828][T20608] inactive_file 32768 [ 1973.815828][T20608] active_file 61440 [ 1973.815828][T20608] unevictable 0 [ 1973.815828][T20608] slab_reclaimable 5812224 [ 1973.815828][T20608] slab_unreclaimable 39538688 [ 1973.815828][T20608] pgfault 157740 [ 1973.815828][T20608] pgmajfault 0 [ 1973.815828][T20608] workingset_refault 528 [ 1973.815828][T20608] workingset_activate 396 [ 1973.815828][T20608] workingset_nodereclaim 0 [ 1973.815828][T20608] pgrefill 23944 [ 1973.815828][T20608] pgscan 24302 [ 1973.815828][T20608] pgsteal 1363 [ 1973.911603][T20608] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=20561,uid=0 [ 1973.927526][T20608] Memory cgroup out of memory: Killed process 20561 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1973.943064][ T1057] oom_reaper: reaped process 20561 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1973.963055][T20608] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1973.975371][T20608] CPU: 0 PID: 20608 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1973.984499][T20608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1973.994558][T20608] Call Trace: [ 1973.997849][T20608] dump_stack+0x172/0x1f0 [ 1974.002232][T20608] dump_header+0x177/0x1152 [ 1974.006740][T20608] ? ___ratelimit+0xf8/0x595 [ 1974.011363][T20608] ? trace_hardirqs_on+0x67/0x240 [ 1974.016386][T20608] ? mark_oom_victim.cold+0x18/0x18 [ 1974.021569][T20608] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1974.027401][T20608] ? ___ratelimit+0x60/0x595 [ 1974.033496][T20608] ? do_raw_spin_unlock+0x57/0x270 [ 1974.038598][T20608] oom_kill_process.cold+0x10/0x15 [ 1974.043694][T20608] out_of_memory+0x79a/0x12c0 [ 1974.048368][T20608] ? lock_downgrade+0x920/0x920 [ 1974.053256][T20608] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1974.059487][T20608] ? oom_killer_disable+0x280/0x280 [ 1974.065021][T20608] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1974.070563][T20608] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1974.076219][T20608] ? do_raw_spin_unlock+0x57/0x270 [ 1974.081342][T20608] ? _raw_spin_unlock+0x2d/0x50 [ 1974.086191][T20608] try_charge+0xf4b/0x1440 [ 1974.090609][T20608] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1974.096137][T20608] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1974.101679][T20608] ? __kasan_check_read+0x11/0x20 [ 1974.106727][T20608] ? lock_downgrade+0x920/0x920 [ 1974.111576][T20608] ? percpu_ref_tryget_live+0x111/0x290 [ 1974.117118][T20608] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1974.122576][T20608] ? memcg_kmem_put_cache+0x50/0x50 [ 1974.127759][T20608] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1974.133290][T20608] __memcg_kmem_charge+0x13a/0x3a0 [ 1974.138408][T20608] __alloc_pages_nodemask+0x4f4/0x900 [ 1974.143764][T20608] ? __lockdep_free_key_range+0x120/0x120 [ 1974.149475][T20608] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1974.155215][T20608] ? copy_page_range+0x10c2/0x2120 [ 1974.160316][T20608] ? __kasan_check_read+0x11/0x20 [ 1974.165345][T20608] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1974.171590][T20608] alloc_pages_current+0x107/0x210 [ 1974.176688][T20608] pte_alloc_one+0x1b/0x1a0 [ 1974.181181][T20608] __pte_alloc+0x20/0x310 [ 1974.185496][T20608] copy_page_range+0x1610/0x2120 [ 1974.190426][T20608] ? perf_trace_lock+0xeb/0x4c0 [ 1974.195290][T20608] ? __pmd_alloc+0x460/0x460 [ 1974.199910][T20608] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1974.205439][T20608] ? __rb_insert_augmented+0x20c/0xd90 [ 1974.210886][T20608] ? validate_mm_rb+0xa3/0xc0 [ 1974.215656][T20608] ? __vma_link_rb+0x275/0x370 [ 1974.220403][T20608] ? __kasan_check_write+0x14/0x20 [ 1974.225502][T20608] dup_mm+0xa67/0x1430 [ 1974.229565][T20608] ? vm_area_dup+0x170/0x170 [ 1974.234165][T20608] ? debug_mutex_init+0x2d/0x5a [ 1974.239019][T20608] copy_process+0x28b7/0x6b00 [ 1974.243681][T20608] ? perf_trace_lock+0xeb/0x4c0 [ 1974.248542][T20608] ? __cleanup_sighand+0x60/0x60 [ 1974.253492][T20608] _do_fork+0x146/0xfa0 [ 1974.257654][T20608] ? copy_init_mm+0x20/0x20 [ 1974.262162][T20608] ? __kasan_check_read+0x11/0x20 [ 1974.267177][T20608] ? _copy_to_user+0x118/0x160 [ 1974.271940][T20608] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1974.278183][T20608] ? put_timespec64+0xda/0x140 [ 1974.282937][T20608] __x64_sys_clone+0x18d/0x250 [ 1974.287686][T20608] ? __ia32_sys_vfork+0xc0/0xc0 [ 1974.292557][T20608] ? trace_hardirqs_off_caller+0x65/0x230 [ 1974.298280][T20608] ? trace_hardirqs_on+0x67/0x240 [ 1974.303331][T20608] do_syscall_64+0xfa/0x760 [ 1974.307831][T20608] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1974.313726][T20608] RIP: 0033:0x459829 [ 1974.317605][T20608] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1974.337197][T20608] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1974.345782][T20608] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1974.353756][T20608] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1974.361727][T20608] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1974.369683][T20608] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1974.377641][T20608] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1974.385998][T20608] memory: usage 307032kB, limit 307200kB, failcnt 103656 [ 1974.393031][T20608] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1974.399921][T20608] Memory cgroup stats for /syz0: [ 1974.400030][T20608] anon 82534400 [ 1974.400030][T20608] file 4096 [ 1974.400030][T20608] kernel_stack 36438016 [ 1974.400030][T20608] slab 45350912 [ 1974.400030][T20608] sock 4096 [ 1974.400030][T20608] shmem 0 [ 1974.400030][T20608] file_mapped 0 [ 1974.400030][T20608] file_dirty 0 [ 1974.400030][T20608] file_writeback 0 [ 1974.400030][T20608] anon_thp 0 [ 1974.400030][T20608] inactive_anon 0 [ 1974.400030][T20608] active_anon 82661376 [ 1974.400030][T20608] inactive_file 32768 [ 1974.400030][T20608] active_file 61440 [ 1974.400030][T20608] unevictable 0 [ 1974.400030][T20608] slab_reclaimable 5812224 [ 1974.400030][T20608] slab_unreclaimable 39538688 [ 1974.400030][T20608] pgfault 157740 [ 1974.400030][T20608] pgmajfault 0 [ 1974.400030][T20608] workingset_refault 528 [ 1974.400030][T20608] workingset_activate 396 [ 1974.400030][T20608] workingset_nodereclaim 0 [ 1974.400030][T20608] pgrefill 23944 [ 1974.400030][T20608] pgscan 24302 [ 1974.400030][T20608] pgsteal 1363 04:20:48 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x100000000000000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:48 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc008ae05, 0x0) 04:20:48 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00001448000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:48 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675690d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:48 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xfc00) 04:20:48 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x80000001, 0x0) [ 1974.493810][T20608] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=2615,uid=0 [ 1974.509236][T20608] Memory cgroup out of memory: Killed process 2615 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1974.525489][ T1057] oom_reaper: reaped process 2615 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1974.534800][T20811] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:48 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c6756c0d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1974.590236][ T26] audit: type=1400 audit(1564374048.369:1345): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675690D4C2E9AF281FA937D1B01 pid=20819 comm="syz-executor.1" 04:20:48 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0185500, 0x0) 04:20:48 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00006048000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:48 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c6756f0d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1974.760204][T20831] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1974.772571][ T26] audit: type=1400 audit(1564374048.449:1346): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C6756C0D4C2E9AF281FA937D1B01 pid=20824 comm="syz-executor.1" 04:20:48 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xfcff) 04:20:48 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675700d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1974.891961][ T26] audit: type=1400 audit(1564374048.599:1347): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C6756F0D4C2E9AF281FA937D1B01 pid=20918 comm="syz-executor.1" [ 1974.931315][T20831] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1974.967560][ T26] audit: type=1400 audit(1564374048.749:1348): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675700D4C2E9AF281FA937D1B01 pid=20959 comm="syz-executor.1" [ 1974.984831][T20831] CPU: 0 PID: 20831 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1975.010507][T20831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1975.020834][T20831] Call Trace: [ 1975.024144][T20831] dump_stack+0x172/0x1f0 [ 1975.028670][T20831] dump_header+0x177/0x1152 [ 1975.033179][T20831] ? ___ratelimit+0xf8/0x595 [ 1975.037774][T20831] ? trace_hardirqs_on+0x67/0x240 [ 1975.037796][T20831] ? mark_oom_victim.cold+0x18/0x18 [ 1975.048023][T20831] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1975.048038][T20831] ? ___ratelimit+0x60/0x595 [ 1975.048053][T20831] ? do_raw_spin_unlock+0x57/0x270 [ 1975.048071][T20831] oom_kill_process.cold+0x10/0x15 [ 1975.048091][T20831] out_of_memory+0x79a/0x12c0 [ 1975.073652][T20831] ? lock_downgrade+0x920/0x920 [ 1975.078519][T20831] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1975.084770][T20831] ? oom_killer_disable+0x280/0x280 [ 1975.089986][T20831] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1975.095625][T20831] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1975.101272][T20831] ? do_raw_spin_unlock+0x57/0x270 [ 1975.106406][T20831] ? _raw_spin_unlock+0x2d/0x50 [ 1975.111271][T20831] try_charge+0xf4b/0x1440 [ 1975.115712][T20831] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1975.121269][T20831] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1975.126869][T20831] ? __kasan_check_read+0x11/0x20 [ 1975.131911][T20831] ? lock_downgrade+0x920/0x920 [ 1975.136771][T20831] ? percpu_ref_tryget_live+0x111/0x290 [ 1975.142334][T20831] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1975.147804][T20831] ? memcg_kmem_put_cache+0x50/0x50 [ 1975.153014][T20831] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1975.158580][T20831] __memcg_kmem_charge+0x13a/0x3a0 [ 1975.163708][T20831] __alloc_pages_nodemask+0x4f4/0x900 [ 1975.169080][T20831] ? __lockdep_free_key_range+0x120/0x120 [ 1975.174785][T20831] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1975.180503][T20831] ? __pte_alloc+0x1b5/0x310 [ 1975.185093][T20831] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1975.191321][T20831] ? copy_page_range+0x10c2/0x2120 [ 1975.196533][T20831] ? __kasan_check_read+0x11/0x20 [ 1975.201570][T20831] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1975.207819][T20831] alloc_pages_current+0x107/0x210 [ 1975.212942][T20831] pte_alloc_one+0x1b/0x1a0 [ 1975.217451][T20831] __pte_alloc+0x20/0x310 [ 1975.221768][T20831] copy_page_range+0x1610/0x2120 [ 1975.226687][T20831] ? perf_trace_lock+0xeb/0x4c0 [ 1975.231532][T20831] ? __pmd_alloc+0x460/0x460 [ 1975.236201][T20831] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1975.241787][T20831] ? __rb_insert_augmented+0x20c/0xd90 [ 1975.247419][T20831] ? validate_mm_rb+0xa3/0xc0 [ 1975.252119][T20831] ? __vma_link_rb+0x275/0x370 [ 1975.256878][T20831] ? __kasan_check_write+0x14/0x20 [ 1975.262009][T20831] dup_mm+0xa67/0x1430 [ 1975.266117][T20831] ? vm_area_dup+0x170/0x170 [ 1975.270739][T20831] ? debug_mutex_init+0x2d/0x5a [ 1975.275585][T20831] copy_process+0x28b7/0x6b00 [ 1975.280250][T20831] ? perf_trace_lock+0xeb/0x4c0 [ 1975.285095][T20831] ? __cleanup_sighand+0x60/0x60 [ 1975.290026][T20831] _do_fork+0x146/0xfa0 [ 1975.294200][T20831] ? copy_init_mm+0x20/0x20 [ 1975.298713][T20831] ? __kasan_check_read+0x11/0x20 [ 1975.303735][T20831] ? _copy_to_user+0x118/0x160 [ 1975.308817][T20831] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1975.315104][T20831] ? put_timespec64+0xda/0x140 [ 1975.319873][T20831] __x64_sys_clone+0x18d/0x250 [ 1975.324658][T20831] ? __ia32_sys_vfork+0xc0/0xc0 [ 1975.329510][T20831] ? trace_hardirqs_off_caller+0x65/0x230 [ 1975.335239][T20831] ? trace_hardirqs_on+0x67/0x240 [ 1975.340287][T20831] do_syscall_64+0xfa/0x760 [ 1975.344800][T20831] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1975.350672][T20831] RIP: 0033:0x459829 [ 1975.354547][T20831] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1975.374162][T20831] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1975.382753][T20831] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1975.390736][T20831] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1975.398709][T20831] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1975.406869][T20831] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1975.414946][T20831] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1975.431492][T20831] memory: usage 307200kB, limit 307200kB, failcnt 103688 [ 1975.438766][T20831] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1975.446891][T20831] Memory cgroup stats for /syz0: [ 1975.447006][T20831] anon 82534400 [ 1975.447006][T20831] file 4096 [ 1975.447006][T20831] kernel_stack 36438016 [ 1975.447006][T20831] slab 45350912 [ 1975.447006][T20831] sock 4096 [ 1975.447006][T20831] shmem 0 [ 1975.447006][T20831] file_mapped 0 [ 1975.447006][T20831] file_dirty 0 [ 1975.447006][T20831] file_writeback 0 [ 1975.447006][T20831] anon_thp 0 [ 1975.447006][T20831] inactive_anon 0 [ 1975.447006][T20831] active_anon 82526208 [ 1975.447006][T20831] inactive_file 32768 [ 1975.447006][T20831] active_file 61440 [ 1975.447006][T20831] unevictable 0 [ 1975.447006][T20831] slab_reclaimable 5812224 [ 1975.447006][T20831] slab_unreclaimable 39538688 [ 1975.447006][T20831] pgfault 157872 [ 1975.447006][T20831] pgmajfault 0 [ 1975.447006][T20831] workingset_refault 561 [ 1975.447006][T20831] workingset_activate 429 [ 1975.447006][T20831] workingset_nodereclaim 0 [ 1975.447006][T20831] pgrefill 23977 [ 1975.447006][T20831] pgscan 24368 [ 1975.447006][T20831] pgsteal 1363 [ 1975.544246][T20831] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=20812,uid=0 [ 1975.559983][T20831] Memory cgroup out of memory: Killed process 20812 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1975.579885][ T1057] oom_reaper: reaped process 20812 (syz-executor.0), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 1975.611630][T21092] syz-executor.0 invoked oom-killer: gfp_mask=0x402cc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN), order=0, oom_score_adj=1000 [ 1975.625506][T21092] CPU: 1 PID: 21092 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1975.634631][T21092] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1975.644679][T21092] Call Trace: [ 1975.647991][T21092] dump_stack+0x172/0x1f0 [ 1975.652342][T21092] dump_header+0x177/0x1152 [ 1975.656854][T21092] ? ___ratelimit+0xf8/0x595 [ 1975.661442][T21092] ? trace_hardirqs_on+0x67/0x240 [ 1975.666464][T21092] ? mark_oom_victim.cold+0x18/0x18 [ 1975.671658][T21092] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1975.677824][T21092] ? ___ratelimit+0x60/0x595 [ 1975.682521][T21092] ? do_raw_spin_unlock+0x57/0x270 [ 1975.687665][T21092] oom_kill_process.cold+0x10/0x15 [ 1975.692782][T21092] out_of_memory+0x79a/0x12c0 [ 1975.697469][T21092] ? lock_downgrade+0x920/0x920 [ 1975.702416][T21092] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1975.708669][T21092] ? oom_killer_disable+0x280/0x280 [ 1975.713877][T21092] ? __kasan_check_read+0x11/0x20 [ 1975.718918][T21092] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1975.724471][T21092] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1975.730639][T21092] ? do_raw_spin_unlock+0x57/0x270 [ 1975.735756][T21092] ? _raw_spin_unlock+0x2d/0x50 [ 1975.740607][T21092] try_charge+0xf4b/0x1440 [ 1975.745032][T21092] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1975.750576][T21092] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1975.756128][T21092] ? __kasan_check_read+0x11/0x20 [ 1975.761378][T21092] ? lock_downgrade+0x920/0x920 [ 1975.766236][T21092] ? percpu_ref_tryget_live+0x111/0x290 [ 1975.771792][T21092] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1975.777260][T21092] ? memcg_kmem_put_cache+0x50/0x50 [ 1975.782547][T21092] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1975.788118][T21092] __memcg_kmem_charge+0x13a/0x3a0 [ 1975.793237][T21092] __alloc_pages_nodemask+0x4f4/0x900 [ 1975.798616][T21092] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1975.804347][T21092] ? kasan_unpoison_shadow+0x35/0x50 [ 1975.809641][T21092] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1975.816081][T21092] alloc_pages_current+0x107/0x210 [ 1975.821203][T21092] __vmalloc_node_range+0x4a9/0x7d0 [ 1975.826414][T21092] __vmalloc+0x44/0x50 [ 1975.830488][T21092] ? do_replace+0x252/0x420 [ 1975.834987][T21092] do_replace+0x252/0x420 [ 1975.839401][T21092] ? compat_target_to_user+0x340/0x340 [ 1975.845015][T21092] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1975.851270][T21092] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1975.857509][T21092] ? ns_capable_common+0x93/0x100 [ 1975.864374][T21092] do_ebt_set_ctl+0xec/0x110 [ 1975.868981][T21092] nf_setsockopt+0x77/0xd0 [ 1975.873412][T21092] ip_setsockopt+0xdf/0x100 [ 1975.877930][T21092] udp_setsockopt+0x68/0xb0 [ 1975.882452][T21092] sock_common_setsockopt+0x94/0xd0 [ 1975.887669][T21092] __sys_setsockopt+0x261/0x4c0 [ 1975.892518][T21092] ? sock_create_kern+0x50/0x50 [ 1975.897378][T21092] ? __x64_sys_clock_gettime+0x16d/0x240 [ 1975.903010][T21092] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 1975.909085][T21092] __x64_sys_setsockopt+0xbe/0x150 [ 1975.914291][T21092] do_syscall_64+0xfa/0x760 [ 1975.918817][T21092] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1975.924709][T21092] RIP: 0033:0x459829 [ 1975.928872][T21092] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1975.948482][T21092] RSP: 002b:00007f35763f8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 1975.956915][T21092] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1975.964888][T21092] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000003 [ 1975.972865][T21092] RBP: 000000000075bfc8 R08: 0000000000000220 R09: 0000000000000000 [ 1975.980854][T21092] R10: 0000000020000080 R11: 0000000000000246 R12: 00007f35763f96d4 [ 1975.988840][T21092] R13: 00000000004c792f R14: 00000000004dd280 R15: 00000000ffffffff [ 1976.001120][T21092] memory: usage 307160kB, limit 307200kB, failcnt 103726 [ 1976.008289][T21092] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1976.015761][T21092] Memory cgroup stats for /syz0: [ 1976.015890][T21092] anon 82669568 [ 1976.015890][T21092] file 4096 [ 1976.015890][T21092] kernel_stack 36372480 [ 1976.015890][T21092] slab 45350912 [ 1976.015890][T21092] sock 4096 [ 1976.015890][T21092] shmem 0 [ 1976.015890][T21092] file_mapped 0 [ 1976.015890][T21092] file_dirty 0 [ 1976.015890][T21092] file_writeback 0 [ 1976.015890][T21092] anon_thp 0 [ 1976.015890][T21092] inactive_anon 0 [ 1976.015890][T21092] active_anon 82526208 [ 1976.015890][T21092] inactive_file 32768 [ 1976.015890][T21092] active_file 61440 [ 1976.015890][T21092] unevictable 0 [ 1976.015890][T21092] slab_reclaimable 5812224 [ 1976.015890][T21092] slab_unreclaimable 39538688 [ 1976.015890][T21092] pgfault 157905 [ 1976.015890][T21092] pgmajfault 0 [ 1976.015890][T21092] workingset_refault 561 [ 1976.015890][T21092] workingset_activate 429 [ 1976.015890][T21092] workingset_nodereclaim 0 [ 1976.015890][T21092] pgrefill 23977 [ 1976.015890][T21092] pgscan 24368 [ 1976.015890][T21092] pgsteal 1363 04:20:49 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x200000000000000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:49 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000049000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:49 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675730d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:49 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0189436, 0x0) 04:20:49 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xfe80) 04:20:49 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x0, 0x0) [ 1976.109692][T21092] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=20830,uid=0 [ 1976.127374][T21092] Memory cgroup out of memory: Killed process 21092 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:35788kB, shmem-rss:0kB, UID:0 [ 1976.142447][T21092] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1976.151298][ T1057] oom_reaper: reaped process 21092 (syz-executor.0), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB 04:20:50 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675780d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1976.210441][ T26] audit: type=1400 audit(1564374049.989:1349): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675730D4C2E9AF281FA937D1B01 pid=21102 comm="syz-executor.1" 04:20:50 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc0000006b000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:50 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc020660b, 0x0) 04:20:50 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0585605, 0x0) 04:20:50 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c67575124c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1976.415078][ T26] audit: type=1400 audit(1564374050.199:1350): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675780D4C2E9AF281FA937D1B01 pid=21115 comm="syz-executor.1" 04:20:50 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc0000000f000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1976.529471][T21108] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1976.613988][T21108] CPU: 1 PID: 21108 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1976.623180][T21108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1976.624508][ T26] audit: type=1400 audit(1564374050.389:1351): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C67575124C2E9AF281FA937D1B01 pid=21237 comm="syz-executor.1" [ 1976.633255][T21108] Call Trace: [ 1976.669891][T21108] dump_stack+0x172/0x1f0 [ 1976.674233][T21108] dump_header+0x177/0x1152 [ 1976.678743][T21108] ? ___ratelimit+0xf8/0x595 [ 1976.683341][T21108] ? trace_hardirqs_on+0x67/0x240 [ 1976.688480][T21108] ? mark_oom_victim.cold+0x18/0x18 [ 1976.693683][T21108] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1976.699493][T21108] ? ___ratelimit+0x60/0x595 [ 1976.704088][T21108] ? do_raw_spin_unlock+0x57/0x270 [ 1976.709214][T21108] oom_kill_process.cold+0x10/0x15 [ 1976.709236][T21108] out_of_memory+0x79a/0x12c0 [ 1976.709251][T21108] ? lock_downgrade+0x920/0x920 [ 1976.709268][T21108] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1976.709282][T21108] ? oom_killer_disable+0x280/0x280 [ 1976.709297][T21108] ? __kasan_check_read+0x11/0x20 [ 1976.709316][T21108] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1976.709332][T21108] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1976.709352][T21108] ? do_raw_spin_unlock+0x57/0x270 [ 1976.723972][T21108] ? _raw_spin_unlock+0x2d/0x50 [ 1976.761740][T21108] try_charge+0xf4b/0x1440 [ 1976.766168][T21108] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1976.771724][T21108] ? percpu_ref_tryget_live+0x111/0x290 [ 1976.777486][T21108] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1976.782972][T21108] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1976.788515][T21108] mem_cgroup_try_charge+0x136/0x590 [ 1976.793823][T21108] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1976.799451][T21108] __handle_mm_fault+0x1e3a/0x3f20 [ 1976.804569][T21108] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1976.810125][T21108] ? __kasan_check_read+0x11/0x20 [ 1976.815159][T21108] ? trace_hardirqs_on+0x67/0x240 [ 1976.820189][T21108] handle_mm_fault+0x1b5/0x6b0 [ 1976.824966][T21108] __do_page_fault+0x536/0xdd0 [ 1976.829742][T21108] do_page_fault+0x38/0x590 [ 1976.834241][T21108] page_fault+0x39/0x40 [ 1976.838384][T21108] RIP: 0033:0x45c1dd [ 1976.842265][T21108] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 30 8e fb ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 1976.868316][T21108] RSP: 002b:00007ffd41fb7008 EFLAGS: 00010202 [ 1976.874376][T21108] RAX: ffffffffffffffea RBX: 00007f35763f9700 RCX: 00007f35763f9700 [ 1976.882446][T21108] RDX: 00000000003d0f00 RSI: 00007f35763f8db0 RDI: 0000000000410560 [ 1976.890489][T21108] RBP: 00007ffd41fb7220 R08: 00007f35763f99d0 R09: 00007f35763f9700 [ 1976.898473][T21108] R10: 00007f35763f8dc0 R11: 0000000000000246 R12: 0000000000000000 [ 1976.906432][T21108] R13: 00007ffd41fb70bf R14: 00007f35763f99c0 R15: 000000000075bfd4 [ 1976.919698][T21108] memory: usage 307200kB, limit 307200kB, failcnt 103783 [ 1976.931402][T21108] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1976.938935][T21108] Memory cgroup stats for /syz0: [ 1976.939052][T21108] anon 82530304 [ 1976.939052][T21108] file 4096 [ 1976.939052][T21108] kernel_stack 36372480 [ 1976.939052][T21108] slab 45350912 [ 1976.939052][T21108] sock 4096 [ 1976.939052][T21108] shmem 0 [ 1976.939052][T21108] file_mapped 0 [ 1976.939052][T21108] file_dirty 0 [ 1976.939052][T21108] file_writeback 0 [ 1976.939052][T21108] anon_thp 0 [ 1976.939052][T21108] inactive_anon 0 [ 1976.939052][T21108] active_anon 82526208 [ 1976.939052][T21108] inactive_file 32768 [ 1976.939052][T21108] active_file 61440 [ 1976.939052][T21108] unevictable 0 [ 1976.939052][T21108] slab_reclaimable 5812224 [ 1976.939052][T21108] slab_unreclaimable 39538688 [ 1976.939052][T21108] pgfault 157938 [ 1976.939052][T21108] pgmajfault 0 [ 1976.939052][T21108] workingset_refault 561 [ 1976.939052][T21108] workingset_activate 462 [ 1976.939052][T21108] workingset_nodereclaim 0 [ 1976.939052][T21108] pgrefill 24010 [ 1976.939052][T21108] pgscan 24368 [ 1976.939052][T21108] pgsteal 1363 [ 1977.034586][T21108] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=21091,uid=0 [ 1977.051239][T21108] Memory cgroup out of memory: Killed process 21091 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1977.067501][ T1057] oom_reaper: reaped process 21091 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1977.082729][T21120] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1977.105060][T21120] CPU: 1 PID: 21120 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1977.114305][T21120] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1977.124487][T21120] Call Trace: [ 1977.127790][T21120] dump_stack+0x172/0x1f0 [ 1977.132115][T21120] dump_header+0x177/0x1152 [ 1977.136616][T21120] ? ___ratelimit+0xf8/0x595 [ 1977.141199][T21120] ? trace_hardirqs_on+0x67/0x240 [ 1977.146208][T21120] ? mark_oom_victim.cold+0x18/0x18 [ 1977.151409][T21120] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1977.157214][T21120] ? ___ratelimit+0x60/0x595 [ 1977.161795][T21120] ? do_raw_spin_unlock+0x57/0x270 [ 1977.166923][T21120] oom_kill_process.cold+0x10/0x15 [ 1977.172054][T21120] out_of_memory+0x79a/0x12c0 [ 1977.176736][T21120] ? lock_downgrade+0x920/0x920 [ 1977.182100][T21120] ? oom_killer_disable+0x280/0x280 [ 1977.187580][T21120] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1977.193108][T21120] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1977.198756][T21120] ? do_raw_spin_unlock+0x57/0x270 [ 1977.203870][T21120] ? _raw_spin_unlock+0x2d/0x50 [ 1977.208710][T21120] try_charge+0xa2d/0x1440 [ 1977.213112][T21120] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1977.218642][T21120] ? percpu_ref_tryget_live+0x111/0x290 [ 1977.224299][T21120] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1977.229749][T21120] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1977.235298][T21120] mem_cgroup_try_charge+0x136/0x590 [ 1977.240670][T21120] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1977.246287][T21120] wp_page_copy+0x421/0x15e0 [ 1977.250868][T21120] ? page_trans_huge_mapcount+0x166/0x450 [ 1977.256676][T21120] ? pmd_pfn+0x1d0/0x1d0 [ 1977.260918][T21120] ? lock_downgrade+0x920/0x920 [ 1977.265753][T21120] ? swp_swapcount+0x540/0x540 [ 1977.270500][T21120] ? __kasan_check_read+0x11/0x20 [ 1977.275516][T21120] ? do_raw_spin_unlock+0x57/0x270 [ 1977.280621][T21120] do_wp_page+0x499/0x14d0 [ 1977.285044][T21120] ? finish_mkwrite_fault+0x570/0x570 [ 1977.290407][T21120] __handle_mm_fault+0x22f7/0x3f20 [ 1977.295520][T21120] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1977.301059][T21120] ? __kasan_check_read+0x11/0x20 [ 1977.306072][T21120] ? trace_hardirqs_on+0x67/0x240 [ 1977.311130][T21120] handle_mm_fault+0x1b5/0x6b0 [ 1977.316075][T21120] __do_page_fault+0x536/0xdd0 [ 1977.320838][T21120] do_page_fault+0x38/0x590 [ 1977.325330][T21120] page_fault+0x39/0x40 [ 1977.329470][T21120] RIP: 0033:0x404f08 [ 1977.333365][T21120] Code: 85 02 00 00 80 3d 8f b5 66 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 7c b5 66 00 39 45 24 0f 84 e7 01 00 00 44 8b a5 80 00 00 00 b3 d5 ff ff 48 2b 05 fc 30 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 1977.353137][T21120] RSP: 002b:00007f3576419c90 EFLAGS: 00010246 [ 1977.359190][T21120] RAX: 00007f357841b000 RBX: 0000000000001f1d RCX: 0000000000459829 [ 1977.367174][T21120] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 [ 1977.375148][T21120] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1977.383117][T21120] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1977.391341][T21120] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1977.400069][T21120] memory: usage 307036kB, limit 307200kB, failcnt 103801 [ 1977.407209][T21120] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1977.414059][T21120] Memory cgroup stats for /syz0: [ 1977.414148][T21120] anon 82530304 [ 1977.414148][T21120] file 4096 [ 1977.414148][T21120] kernel_stack 36438016 [ 1977.414148][T21120] slab 45350912 [ 1977.414148][T21120] sock 4096 [ 1977.414148][T21120] shmem 0 [ 1977.414148][T21120] file_mapped 0 [ 1977.414148][T21120] file_dirty 0 [ 1977.414148][T21120] file_writeback 0 [ 1977.414148][T21120] anon_thp 0 [ 1977.414148][T21120] inactive_anon 0 [ 1977.414148][T21120] active_anon 82526208 [ 1977.414148][T21120] inactive_file 32768 [ 1977.414148][T21120] active_file 61440 [ 1977.414148][T21120] unevictable 0 [ 1977.414148][T21120] slab_reclaimable 5812224 [ 1977.414148][T21120] slab_unreclaimable 39538688 [ 1977.414148][T21120] pgfault 157971 [ 1977.414148][T21120] pgmajfault 0 [ 1977.414148][T21120] workingset_refault 561 [ 1977.414148][T21120] workingset_activate 462 [ 1977.414148][T21120] workingset_nodereclaim 0 [ 1977.414148][T21120] pgrefill 24010 [ 1977.414148][T21120] pgscan 24368 [ 1977.414148][T21120] pgsteal 1363 [ 1977.508345][T21120] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=14917,uid=0 [ 1977.524108][T21120] Memory cgroup out of memory: Killed process 14917 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1977.540000][ T1057] oom_reaper: reaped process 14917 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1977.543279][T21210] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1977.564008][T21210] CPU: 0 PID: 21210 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1977.573152][T21210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1977.583233][T21210] Call Trace: [ 1977.586529][T21210] dump_stack+0x172/0x1f0 [ 1977.591210][T21210] dump_header+0x177/0x1152 [ 1977.595728][T21210] ? ___ratelimit+0xf8/0x595 [ 1977.600427][T21210] ? trace_hardirqs_on+0x67/0x240 [ 1977.605722][T21210] ? mark_oom_victim.cold+0x18/0x18 [ 1977.610913][T21210] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1977.616713][T21210] ? ___ratelimit+0x60/0x595 [ 1977.621294][T21210] ? do_raw_spin_unlock+0x57/0x270 [ 1977.626406][T21210] oom_kill_process.cold+0x10/0x15 [ 1977.631523][T21210] out_of_memory+0x79a/0x12c0 [ 1977.636293][T21210] ? lock_downgrade+0x920/0x920 [ 1977.641174][T21210] ? oom_killer_disable+0x280/0x280 [ 1977.646367][T21210] ? __kasan_check_read+0x11/0x20 [ 1977.651389][T21210] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1977.656923][T21210] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1977.662565][T21210] ? do_raw_spin_unlock+0x57/0x270 [ 1977.667685][T21210] ? _raw_spin_unlock+0x2d/0x50 [ 1977.672540][T21210] try_charge+0xa2d/0x1440 [ 1977.676961][T21210] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1977.682853][T21210] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1977.689084][T21210] ? __kasan_check_read+0x11/0x20 [ 1977.694103][T21210] ? lock_downgrade+0x920/0x920 [ 1977.698958][T21210] ? percpu_ref_tryget_live+0x111/0x290 [ 1977.704513][T21210] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1977.709966][T21210] ? memcg_kmem_put_cache+0x50/0x50 [ 1977.715155][T21210] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1977.720722][T21210] __memcg_kmem_charge+0x13a/0x3a0 [ 1977.725869][T21210] __alloc_pages_nodemask+0x4f4/0x900 [ 1977.731255][T21210] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1977.737086][T21210] ? record_times+0x1e/0x2b0 [ 1977.742124][T21210] ? lock_downgrade+0x920/0x920 [ 1977.747077][T21210] ? rwlock_bug.part.0+0x90/0x90 [ 1977.752103][T21210] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1977.758345][T21210] ? debug_smp_processor_id+0x3c/0x214 [ 1977.763822][T21210] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1977.770083][T21210] alloc_pages_current+0x107/0x210 [ 1977.775231][T21210] pte_alloc_one+0x1b/0x1a0 [ 1977.779734][T21210] __handle_mm_fault+0x34dd/0x3f20 [ 1977.784925][T21210] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1977.790653][T21210] ? __kasan_check_read+0x11/0x20 [ 1977.795691][T21210] ? trace_hardirqs_on+0x67/0x240 [ 1977.800717][T21210] handle_mm_fault+0x1b5/0x6b0 [ 1977.805484][T21210] __do_page_fault+0x536/0xdd0 [ 1977.810235][T21210] ? page_fault+0x16/0x40 [ 1977.814562][T21210] do_page_fault+0x38/0x590 [ 1977.819061][T21210] page_fault+0x39/0x40 [ 1977.823215][T21210] RIP: 0033:0x459829 [ 1977.827364][T21210] Code: Bad RIP value. [ 1977.831439][T21210] RSP: 002b:00007f3576419c78 EFLAGS: 00010246 [ 1977.837525][T21210] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000459829 [ 1977.845833][T21210] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1977.853795][T21210] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1977.861828][T21210] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1977.869891][T21210] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1977.879225][T21210] memory: usage 306792kB, limit 307200kB, failcnt 103801 [ 1977.886453][T21210] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1977.893342][T21210] Memory cgroup stats for /syz0: [ 1977.893473][T21210] anon 82530304 [ 1977.893473][T21210] file 4096 [ 1977.893473][T21210] kernel_stack 36438016 [ 1977.893473][T21210] slab 45350912 [ 1977.893473][T21210] sock 4096 [ 1977.893473][T21210] shmem 0 [ 1977.893473][T21210] file_mapped 0 [ 1977.893473][T21210] file_dirty 0 [ 1977.893473][T21210] file_writeback 0 [ 1977.893473][T21210] anon_thp 0 [ 1977.893473][T21210] inactive_anon 0 [ 1977.893473][T21210] active_anon 82526208 [ 1977.893473][T21210] inactive_file 32768 [ 1977.893473][T21210] active_file 61440 [ 1977.893473][T21210] unevictable 0 [ 1977.893473][T21210] slab_reclaimable 5812224 [ 1977.893473][T21210] slab_unreclaimable 39538688 [ 1977.893473][T21210] pgfault 157971 [ 1977.893473][T21210] pgmajfault 0 [ 1977.893473][T21210] workingset_refault 561 [ 1977.893473][T21210] workingset_activate 462 [ 1977.893473][T21210] workingset_nodereclaim 0 [ 1977.893473][T21210] pgrefill 24010 [ 1977.893473][T21210] pgscan 24368 [ 1977.893473][T21210] pgsteal 1363 [ 1977.987139][T21210] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=946,uid=0 [ 1978.002470][T21210] Memory cgroup out of memory: Killed process 946 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1978.018195][ T1057] oom_reaper: reaped process 946 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1978.022275][T21108] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1978.039733][T21108] CPU: 0 PID: 21108 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1978.048840][T21108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1978.058969][T21108] Call Trace: [ 1978.062268][T21108] dump_stack+0x172/0x1f0 [ 1978.066606][T21108] dump_header+0x177/0x1152 [ 1978.071110][T21108] ? ___ratelimit+0xf8/0x595 [ 1978.075686][T21108] ? trace_hardirqs_on+0x67/0x240 [ 1978.080702][T21108] ? mark_oom_victim.cold+0x18/0x18 [ 1978.085906][T21108] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1978.091737][T21108] ? ___ratelimit+0x60/0x595 [ 1978.096349][T21108] ? do_raw_spin_unlock+0x57/0x270 [ 1978.101805][T21108] oom_kill_process.cold+0x10/0x15 [ 1978.106913][T21108] out_of_memory+0x79a/0x12c0 [ 1978.111583][T21108] ? lock_downgrade+0x920/0x920 [ 1978.116431][T21108] ? oom_killer_disable+0x280/0x280 [ 1978.121627][T21108] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1978.127213][T21108] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1978.132853][T21108] ? do_raw_spin_unlock+0x57/0x270 [ 1978.137981][T21108] ? _raw_spin_unlock+0x2d/0x50 [ 1978.142836][T21108] try_charge+0xf4b/0x1440 [ 1978.147367][T21108] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1978.152901][T21108] ? percpu_ref_tryget_live+0x111/0x290 [ 1978.158439][T21108] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1978.163906][T21108] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1978.169466][T21108] mem_cgroup_try_charge+0x136/0x590 [ 1978.174773][T21108] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1978.180432][T21108] wp_page_copy+0x421/0x15e0 [ 1978.185007][T21108] ? lock_downgrade+0x920/0x920 [ 1978.189864][T21108] ? pmd_pfn+0x1d0/0x1d0 [ 1978.194117][T21108] ? lock_downgrade+0x920/0x920 [ 1978.198970][T21108] ? vm_normal_page+0x15d/0x3c0 [ 1978.203844][T21108] ? __pte_alloc_kernel+0x210/0x210 [ 1978.209388][T21108] ? psi_memstall_leave+0x12e/0x180 [ 1978.214599][T21108] ? __kasan_check_read+0x11/0x20 [ 1978.219633][T21108] ? do_raw_spin_unlock+0x57/0x270 [ 1978.224755][T21108] do_wp_page+0x499/0x14d0 [ 1978.229177][T21108] ? do_raw_spin_lock+0x12a/0x2e0 [ 1978.234190][T21108] ? rwlock_bug.part.0+0x90/0x90 [ 1978.239135][T21108] ? finish_mkwrite_fault+0x570/0x570 [ 1978.244505][T21108] ? add_mm_counter_fast.part.0+0x40/0x40 [ 1978.250217][T21108] __handle_mm_fault+0x22f7/0x3f20 [ 1978.255520][T21108] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1978.261058][T21108] ? __kasan_check_read+0x11/0x20 [ 1978.266086][T21108] ? trace_hardirqs_on+0x67/0x240 [ 1978.271112][T21108] handle_mm_fault+0x1b5/0x6b0 [ 1978.275868][T21108] __do_page_fault+0x536/0xdd0 [ 1978.280632][T21108] do_page_fault+0x38/0x590 [ 1978.285126][T21108] page_fault+0x39/0x40 [ 1978.289262][T21108] RIP: 0033:0x40e9c8 [ 1978.293143][T21108] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 35 ee 4b 00 31 c0 e8 63 33 ff ff 31 ff e8 ac 2f ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 9e 1a 66 00 [ 1978.312842][T21108] RSP: 002b:00007ffd41fb7070 EFLAGS: 00010246 [ 1978.318897][T21108] RAX: 0000000058be5825 RBX: 000000009220e90b RCX: 0000001b33220000 [ 1978.326879][T21108] RDX: 0000000000000000 RSI: 0000000000001825 RDI: ffffffff58be5825 [ 1978.334843][T21108] RBP: 0000000000000017 R08: 0000000058be5825 R09: 0000000058be5829 [ 1978.342898][T21108] R10: 00007ffd41fb7210 R11: 0000000000000246 R12: 000000000075c050 [ 1978.350898][T21108] R13: 0000000080000000 R14: 00007f357821b008 R15: 0000000000000017 [ 1978.359134][T21108] memory: usage 306544kB, limit 307200kB, failcnt 103801 [ 1978.366258][T21108] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1978.373106][T21108] Memory cgroup stats for /syz0: [ 1978.373233][T21108] anon 82395136 [ 1978.373233][T21108] file 4096 [ 1978.373233][T21108] kernel_stack 36372480 [ 1978.373233][T21108] slab 45350912 [ 1978.373233][T21108] sock 4096 [ 1978.373233][T21108] shmem 0 [ 1978.373233][T21108] file_mapped 0 [ 1978.373233][T21108] file_dirty 0 [ 1978.373233][T21108] file_writeback 0 [ 1978.373233][T21108] anon_thp 0 [ 1978.373233][T21108] inactive_anon 0 [ 1978.373233][T21108] active_anon 82391040 [ 1978.373233][T21108] inactive_file 32768 [ 1978.373233][T21108] active_file 61440 [ 1978.373233][T21108] unevictable 0 [ 1978.373233][T21108] slab_reclaimable 5812224 [ 1978.373233][T21108] slab_unreclaimable 39538688 [ 1978.373233][T21108] pgfault 157971 [ 1978.373233][T21108] pgmajfault 0 [ 1978.373233][T21108] workingset_refault 561 [ 1978.373233][T21108] workingset_activate 462 [ 1978.373233][T21108] workingset_nodereclaim 0 [ 1978.373233][T21108] pgrefill 24010 [ 1978.373233][T21108] pgscan 24368 [ 1978.373233][T21108] pgsteal 1363 [ 1978.467712][T21108] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=1011,uid=0 [ 1978.483108][T21108] Memory cgroup out of memory: Killed process 1011 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1978.499266][ T1057] oom_reaper: reaped process 1011 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1978.502975][T21120] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:52 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x600000000000000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:52 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xfec0) 04:20:52 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000049000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:52 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0xc0d05640, 0x0) 04:20:52 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c67575594c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:52 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x0, 0x0) [ 1978.531928][T21246] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:52 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x2) [ 1978.574403][ T26] audit: type=1400 audit(1564374052.349:1352): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C67575594C2E9AF281FA937D1B01 pid=21253 comm="syz-executor.1" 04:20:52 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc0000006b000700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:52 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675755d4c2e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:52 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000048020700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1978.778256][ T26] audit: type=1400 audit(1564374052.559:1353): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675755D4C2E9AF281FA937D1B01 pid=21271 comm="syz-executor.1" [ 1978.803231][T21270] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:20:52 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d592e9af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:52 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x3) 04:20:52 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x800000000000000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:52 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xff00) [ 1978.944632][ T26] audit: type=1400 audit(1564374052.729:1354): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D592E9AF281FA937D1B01 pid=21400 comm="syz-executor.1" 04:20:52 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c229af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:52 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000048030700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:52 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x4) [ 1979.159089][ T26] audit: type=1400 audit(1564374052.919:1355): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C229AF281FA937D1B01 pid=21413 comm="syz-executor.1" [ 1979.237865][T21410] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1979.284486][ T7] Bluetooth: hci0: Frame reassembly failed (-84) [ 1979.286847][T21410] CPU: 1 PID: 21410 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1979.299994][T21410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1979.310147][T21410] Call Trace: [ 1979.313450][T21410] dump_stack+0x172/0x1f0 [ 1979.317796][T21410] dump_header+0x177/0x1152 [ 1979.322417][T21410] ? ___ratelimit+0xf8/0x595 [ 1979.327032][T21410] ? trace_hardirqs_on+0x67/0x240 [ 1979.332075][T21410] ? mark_oom_victim.cold+0x18/0x18 [ 1979.337295][T21410] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1979.343124][T21410] ? ___ratelimit+0x60/0x595 [ 1979.347734][T21410] ? do_raw_spin_unlock+0x57/0x270 [ 1979.352869][T21410] oom_kill_process.cold+0x10/0x15 [ 1979.358001][T21410] out_of_memory+0x79a/0x12c0 [ 1979.362683][T21410] ? lock_downgrade+0x920/0x920 [ 1979.367541][T21410] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1979.373794][T21410] ? oom_killer_disable+0x280/0x280 [ 1979.379018][T21410] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1979.384662][T21410] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1979.390299][T21410] ? do_raw_spin_unlock+0x57/0x270 [ 1979.395416][T21410] ? _raw_spin_unlock+0x2d/0x50 [ 1979.400264][T21410] try_charge+0xf4b/0x1440 [ 1979.404684][T21410] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1979.410237][T21410] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1979.415849][T21410] ? __kasan_check_read+0x11/0x20 [ 1979.420865][T21410] ? lock_downgrade+0x920/0x920 [ 1979.425714][T21410] ? percpu_ref_tryget_live+0x111/0x290 [ 1979.431263][T21410] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1979.436714][T21410] ? memcg_kmem_put_cache+0x50/0x50 [ 1979.441921][T21410] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1979.447477][T21410] __memcg_kmem_charge+0x13a/0x3a0 [ 1979.452598][T21410] __alloc_pages_nodemask+0x4f4/0x900 [ 1979.457976][T21410] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1979.463689][T21410] ? __pmd_alloc+0x377/0x460 [ 1979.468391][T21410] ? __kasan_check_read+0x11/0x20 [ 1979.473430][T21410] ? lock_downgrade+0x920/0x920 [ 1979.478305][T21410] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1979.484564][T21410] alloc_pages_current+0x107/0x210 [ 1979.489697][T21410] pte_alloc_one+0x1b/0x1a0 [ 1979.494321][T21410] __pte_alloc+0x20/0x310 [ 1979.498652][T21410] copy_page_range+0x1610/0x2120 [ 1979.503585][T21410] ? percpu_ref_put_many+0x94/0x190 [ 1979.508856][T21410] ? lock_downgrade+0x920/0x920 [ 1979.513726][T21410] ? __pmd_alloc+0x460/0x460 [ 1979.518408][T21410] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1979.523949][T21410] ? validate_mm_rb+0xa3/0xc0 [ 1979.528628][T21410] ? __vma_link_rb+0x275/0x370 [ 1979.533392][T21410] dup_mm+0xa67/0x1430 [ 1979.537458][T21410] ? vm_area_dup+0x170/0x170 [ 1979.542152][T21410] ? debug_mutex_init+0x2d/0x5a [ 1979.547188][T21410] copy_process+0x28b7/0x6b00 [ 1979.551874][T21410] ? perf_trace_lock+0xeb/0x4c0 [ 1979.556727][T21410] ? __cleanup_sighand+0x60/0x60 [ 1979.561674][T21410] ? __kasan_check_read+0x11/0x20 [ 1979.566704][T21410] ? do_raw_spin_unlock+0x57/0x270 [ 1979.571814][T21410] _do_fork+0x146/0xfa0 [ 1979.575984][T21410] ? copy_init_mm+0x20/0x20 [ 1979.580496][T21410] ? __kasan_check_read+0x11/0x20 [ 1979.585531][T21410] ? _copy_to_user+0x118/0x160 [ 1979.590292][T21410] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1979.596542][T21410] ? put_timespec64+0xda/0x140 [ 1979.601933][T21410] __x64_sys_clone+0x18d/0x250 [ 1979.606709][T21410] ? __ia32_sys_vfork+0xc0/0xc0 [ 1979.611640][T21410] ? trace_hardirqs_off_caller+0x65/0x230 [ 1979.617366][T21410] ? trace_hardirqs_on+0x67/0x240 [ 1979.622489][T21410] do_syscall_64+0xfa/0x760 [ 1979.627269][T21410] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1979.633152][T21410] RIP: 0033:0x459829 [ 1979.637049][T21410] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1979.656803][T21410] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1979.665252][T21410] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1979.673249][T21410] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 04:20:53 executing program 5: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") close(r2) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x0, 0x20}, 0xc) write$binfmt_misc(r2, &(0x7f0000000000)={'syz1'}, 0xfcfb) splice(r0, 0x0, r2, 0x0, 0x0, 0x0) 04:20:53 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c259af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:53 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xff14) [ 1979.681242][T21410] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1979.689323][T21410] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1979.697306][T21410] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1979.717023][T21410] memory: usage 307200kB, limit 307200kB, failcnt 103839 04:20:53 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000048040700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1979.736175][ T26] audit: type=1400 audit(1564374053.519:1356): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C259AF281FA937D1B01 pid=21542 comm="syz-executor.1" [ 1979.784467][T21410] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1979.839648][T21410] Memory cgroup stats for /syz0: [ 1979.839768][T21410] anon 82530304 [ 1979.839768][T21410] file 4096 [ 1979.839768][T21410] kernel_stack 36438016 [ 1979.839768][T21410] slab 45350912 [ 1979.839768][T21410] sock 4096 [ 1979.839768][T21410] shmem 0 [ 1979.839768][T21410] file_mapped 0 [ 1979.839768][T21410] file_dirty 0 [ 1979.839768][T21410] file_writeback 0 [ 1979.839768][T21410] anon_thp 0 [ 1979.839768][T21410] inactive_anon 0 [ 1979.839768][T21410] active_anon 82661376 [ 1979.839768][T21410] inactive_file 32768 [ 1979.839768][T21410] active_file 61440 [ 1979.839768][T21410] unevictable 0 [ 1979.839768][T21410] slab_reclaimable 5812224 [ 1979.839768][T21410] slab_unreclaimable 39538688 [ 1979.839768][T21410] pgfault 158103 [ 1979.839768][T21410] pgmajfault 0 [ 1979.839768][T21410] workingset_refault 561 [ 1979.839768][T21410] workingset_activate 462 [ 1979.839768][T21410] workingset_nodereclaim 0 [ 1979.839768][T21410] pgrefill 24076 [ 1979.839768][T21410] pgscan 24434 [ 1979.839768][T21410] pgsteal 1363 04:20:53 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c599af281fa937d1b0100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1979.921851][ T26] audit: type=1400 audit(1564374053.699:1357): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C599AF281FA937D1B01 pid=21552 comm="syz-executor.1" [ 1979.948242][T21410] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=21361,uid=0 04:20:53 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000048050700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:20:53 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d590100008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1979.985572][T21410] Memory cgroup out of memory: Killed process 21361 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1980.069207][T21410] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1980.101317][ T26] audit: type=1400 audit(1564374053.879:1358): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D5901 pid=21674 comm="syz-executor.1" [ 1980.133961][T21410] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1980.155747][T21410] CPU: 1 PID: 21410 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1980.164898][T21410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1980.174966][T21410] Call Trace: [ 1980.178268][T21410] dump_stack+0x172/0x1f0 [ 1980.182605][T21410] dump_header+0x177/0x1152 [ 1980.182624][T21410] ? ___ratelimit+0xf8/0x595 [ 1980.182641][T21410] ? trace_hardirqs_on+0x67/0x240 [ 1980.182661][T21410] ? mark_oom_victim.cold+0x18/0x18 [ 1980.201949][T21410] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1980.207777][T21410] ? ___ratelimit+0x60/0x595 [ 1980.212385][T21410] ? do_raw_spin_unlock+0x57/0x270 [ 1980.217705][T21410] oom_kill_process.cold+0x10/0x15 [ 1980.222924][T21410] out_of_memory+0x79a/0x12c0 [ 1980.227622][T21410] ? lock_downgrade+0x920/0x920 [ 1980.232498][T21410] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1980.238937][T21410] ? oom_killer_disable+0x280/0x280 [ 1980.244166][T21410] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1980.249720][T21410] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1980.255641][T21410] ? do_raw_spin_unlock+0x57/0x270 [ 1980.260784][T21410] ? _raw_spin_unlock+0x2d/0x50 [ 1980.265665][T21410] try_charge+0xf4b/0x1440 [ 1980.270083][T21410] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1980.275646][T21410] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1980.281190][T21410] ? __kasan_check_read+0x11/0x20 [ 1980.286217][T21410] ? lock_downgrade+0x920/0x920 [ 1980.291065][T21410] ? percpu_ref_tryget_live+0x111/0x290 [ 1980.296626][T21410] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1980.302100][T21410] ? memcg_kmem_put_cache+0x50/0x50 [ 1980.307321][T21410] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1980.312865][T21410] __memcg_kmem_charge+0x13a/0x3a0 [ 1980.318058][T21410] __alloc_pages_nodemask+0x4f4/0x900 [ 1980.323418][T21410] ? __lockdep_free_key_range+0x120/0x120 [ 1980.329129][T21410] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1980.334895][T21410] ? __pte_alloc+0x1b5/0x310 [ 1980.339502][T21410] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1980.345754][T21410] ? copy_page_range+0x10c2/0x2120 [ 1980.350972][T21410] ? __kasan_check_read+0x11/0x20 [ 1980.356103][T21410] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1980.362355][T21410] alloc_pages_current+0x107/0x210 [ 1980.367469][T21410] pte_alloc_one+0x1b/0x1a0 [ 1980.371983][T21410] __pte_alloc+0x20/0x310 [ 1980.376326][T21410] copy_page_range+0x1610/0x2120 [ 1980.381419][T21410] ? perf_trace_lock+0xeb/0x4c0 [ 1980.386309][T21410] ? __pmd_alloc+0x460/0x460 [ 1980.390910][T21410] ? lock_downgrade+0x920/0x920 [ 1980.395817][T21410] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1980.401588][T21410] ? vma_compute_subtree_gap+0x158/0x230 [ 1980.407248][T21410] ? validate_mm_rb+0xa3/0xc0 [ 1980.411928][T21410] ? __vma_link_rb+0x275/0x370 [ 1980.416686][T21410] ? __kasan_check_write+0x14/0x20 [ 1980.421803][T21410] dup_mm+0xa67/0x1430 [ 1980.425891][T21410] ? vm_area_dup+0x170/0x170 [ 1980.430487][T21410] ? debug_mutex_init+0x2d/0x5a [ 1980.435329][T21410] copy_process+0x28b7/0x6b00 [ 1980.440007][T21410] ? perf_trace_lock+0xeb/0x4c0 [ 1980.444870][T21410] ? __cleanup_sighand+0x60/0x60 [ 1980.449827][T21410] _do_fork+0x146/0xfa0 [ 1980.454011][T21410] ? copy_init_mm+0x20/0x20 [ 1980.458528][T21410] ? __kasan_check_read+0x11/0x20 [ 1980.463550][T21410] ? _copy_to_user+0x118/0x160 [ 1980.468324][T21410] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1980.474580][T21410] ? put_timespec64+0xda/0x140 [ 1980.479346][T21410] __x64_sys_clone+0x18d/0x250 [ 1980.484103][T21410] ? __ia32_sys_vfork+0xc0/0xc0 [ 1980.488953][T21410] ? trace_hardirqs_off_caller+0x65/0x230 [ 1980.494674][T21410] ? trace_hardirqs_on+0x67/0x240 [ 1980.499740][T21410] do_syscall_64+0xfa/0x760 [ 1980.504276][T21410] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1980.510176][T21410] RIP: 0033:0x459829 [ 1980.514099][T21410] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1980.533728][T21410] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1980.542148][T21410] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1980.550132][T21410] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1980.558210][T21410] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1980.566192][T21410] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1980.574167][T21410] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1980.584517][T21410] memory: usage 307192kB, limit 307200kB, failcnt 103876 [ 1980.591707][T21410] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1980.599503][T21410] Memory cgroup stats for /syz0: [ 1980.599624][T21410] anon 82530304 [ 1980.599624][T21410] file 4096 [ 1980.599624][T21410] kernel_stack 36438016 [ 1980.599624][T21410] slab 45350912 [ 1980.599624][T21410] sock 4096 [ 1980.599624][T21410] shmem 0 [ 1980.599624][T21410] file_mapped 0 [ 1980.599624][T21410] file_dirty 0 [ 1980.599624][T21410] file_writeback 0 [ 1980.599624][T21410] anon_thp 0 [ 1980.599624][T21410] inactive_anon 0 [ 1980.599624][T21410] active_anon 82526208 [ 1980.599624][T21410] inactive_file 32768 [ 1980.599624][T21410] active_file 61440 [ 1980.599624][T21410] unevictable 0 [ 1980.599624][T21410] slab_reclaimable 5812224 [ 1980.599624][T21410] slab_unreclaimable 39538688 [ 1980.599624][T21410] pgfault 158169 [ 1980.599624][T21410] pgmajfault 0 [ 1980.599624][T21410] workingset_refault 561 [ 1980.599624][T21410] workingset_activate 462 [ 1980.599624][T21410] workingset_nodereclaim 0 [ 1980.599624][T21410] pgrefill 24076 [ 1980.599624][T21410] pgscan 24434 [ 1980.599624][T21410] pgsteal 1363 [ 1980.599643][T21410] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=21247,uid=0 [ 1980.696456][T21410] Memory cgroup out of memory: Killed process 21247 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 04:20:54 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x1100000000000000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:20:54 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xffe0) 04:20:54 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0200008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:20:54 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000048060700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1980.756355][T21681] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1980.817561][ T26] audit: type=1400 audit(1564374054.599:1359): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B02 pid=21685 comm="syz-executor.1" [ 1980.891651][T21691] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1980.906462][T21691] CPU: 1 PID: 21691 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1980.915605][T21691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1980.915611][T21691] Call Trace: [ 1980.915639][T21691] dump_stack+0x172/0x1f0 [ 1980.915656][T21691] dump_header+0x177/0x1152 [ 1980.915670][T21691] ? ___ratelimit+0xf8/0x595 [ 1980.915686][T21691] ? trace_hardirqs_on+0x67/0x240 [ 1980.915700][T21691] ? mark_oom_victim.cold+0x18/0x18 [ 1980.915714][T21691] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1980.915728][T21691] ? ___ratelimit+0x60/0x595 [ 1980.915741][T21691] ? do_raw_spin_unlock+0x57/0x270 [ 1980.915757][T21691] oom_kill_process.cold+0x10/0x15 [ 1980.915772][T21691] out_of_memory+0x79a/0x12c0 [ 1980.915787][T21691] ? lock_downgrade+0x920/0x920 [ 1980.915806][T21691] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1980.915831][T21691] ? oom_killer_disable+0x280/0x280 [ 1980.915855][T21691] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1980.915870][T21691] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1980.915890][T21691] ? do_raw_spin_unlock+0x57/0x270 [ 1980.929261][T21691] ? _raw_spin_unlock+0x2d/0x50 [ 1980.929281][T21691] try_charge+0xf4b/0x1440 [ 1981.020671][T21691] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1981.026224][T21691] ? percpu_ref_tryget_live+0x111/0x290 [ 1981.031767][T21691] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1981.037341][T21691] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1981.042874][T21691] mem_cgroup_try_charge+0x136/0x590 [ 1981.048347][T21691] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1981.054241][T21691] wp_page_copy+0x421/0x15e0 [ 1981.058835][T21691] ? lock_downgrade+0x920/0x920 [ 1981.063701][T21691] ? pmd_pfn+0x1d0/0x1d0 [ 1981.067953][T21691] ? lock_downgrade+0x920/0x920 [ 1981.072791][T21691] ? vm_normal_page+0x15d/0x3c0 [ 1981.077719][T21691] ? __pte_alloc_kernel+0x210/0x210 [ 1981.083082][T21691] ? psi_memstall_leave+0x12e/0x180 [ 1981.088274][T21691] ? __kasan_check_read+0x11/0x20 [ 1981.093284][T21691] ? do_raw_spin_unlock+0x57/0x270 [ 1981.098470][T21691] do_wp_page+0x499/0x14d0 [ 1981.102870][T21691] ? do_raw_spin_lock+0x12a/0x2e0 [ 1981.107886][T21691] ? rwlock_bug.part.0+0x90/0x90 [ 1981.112821][T21691] ? finish_mkwrite_fault+0x570/0x570 [ 1981.118180][T21691] ? add_mm_counter_fast.part.0+0x40/0x40 [ 1981.123884][T21691] __handle_mm_fault+0x22f7/0x3f20 [ 1981.128981][T21691] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1981.134536][T21691] ? __kasan_check_read+0x11/0x20 [ 1981.139547][T21691] ? trace_hardirqs_on+0x67/0x240 [ 1981.144556][T21691] handle_mm_fault+0x1b5/0x6b0 [ 1981.149308][T21691] __do_page_fault+0x536/0xdd0 [ 1981.154078][T21691] do_page_fault+0x38/0x590 [ 1981.158600][T21691] page_fault+0x39/0x40 [ 1981.162733][T21691] RIP: 0033:0x40e9c8 [ 1981.166632][T21691] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 35 ee 4b 00 31 c0 e8 63 33 ff ff 31 ff e8 ac 2f ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d 9e 1a 66 00 [ 1981.186316][T21691] RSP: 002b:00007ffd41fb7070 EFLAGS: 00010246 [ 1981.192362][T21691] RAX: 000000004adaec9f RBX: 000000000eaa9f5c RCX: 0000001b33220000 [ 1981.200427][T21691] RDX: 0000000000000000 RSI: 0000000000000c9f RDI: ffffffff4adaec9f [ 1981.208384][T21691] RBP: 0000000000000017 R08: 000000004adaec9f R09: 000000004adaeca3 [ 1981.216418][T21691] R10: 00007ffd41fb7210 R11: 0000000000000246 R12: 000000000075bfa8 [ 1981.224417][T21691] R13: 0000000080000000 R14: 00007f357841b008 R15: 0000000000000017 [ 1981.235205][T21691] memory: usage 307200kB, limit 307200kB, failcnt 103905 [ 1981.242801][T21691] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1981.250165][T21691] Memory cgroup stats for /syz0: [ 1981.250264][T21691] anon 82526208 [ 1981.250264][T21691] file 4096 [ 1981.250264][T21691] kernel_stack 36372480 [ 1981.250264][T21691] slab 45350912 [ 1981.250264][T21691] sock 4096 [ 1981.250264][T21691] shmem 0 [ 1981.250264][T21691] file_mapped 0 [ 1981.250264][T21691] file_dirty 0 [ 1981.250264][T21691] file_writeback 0 [ 1981.250264][T21691] anon_thp 0 [ 1981.250264][T21691] inactive_anon 0 [ 1981.250264][T21691] active_anon 82661376 [ 1981.250264][T21691] inactive_file 32768 [ 1981.250264][T21691] active_file 61440 [ 1981.250264][T21691] unevictable 0 [ 1981.250264][T21691] slab_reclaimable 5812224 [ 1981.250264][T21691] slab_unreclaimable 39538688 [ 1981.250264][T21691] pgfault 158268 [ 1981.250264][T21691] pgmajfault 0 [ 1981.250264][T21691] workingset_refault 561 [ 1981.250264][T21691] workingset_activate 462 [ 1981.250264][T21691] workingset_nodereclaim 0 [ 1981.250264][T21691] pgrefill 24076 [ 1981.250264][T21691] pgscan 24434 [ 1981.250264][T21691] pgsteal 1363 [ 1981.343962][T12305] Bluetooth: hci0: command 0x1003 tx timeout [ 1981.350171][T11933] Bluetooth: hci0: sending frame failed (-49) [ 1981.350595][T21691] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=21682,uid=0 [ 1981.371729][T21691] Memory cgroup out of memory: Killed process 21682 (syz-executor.0) total-vm:72708kB, anon-rss:172kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1981.387264][ T1057] oom_reaper: reaped process 21682 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1981.397923][T21694] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1981.415102][T21693] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 [ 1981.415201][T21694] CPU: 0 PID: 21694 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1981.432908][T21694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1981.442968][T21694] Call Trace: [ 1981.446527][T21694] dump_stack+0x172/0x1f0 [ 1981.450864][T21694] dump_header+0x177/0x1152 [ 1981.455365][T21694] ? ___ratelimit+0xf8/0x595 [ 1981.459958][T21694] ? trace_hardirqs_on+0x67/0x240 [ 1981.464986][T21694] ? mark_oom_victim.cold+0x18/0x18 [ 1981.470206][T21694] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1981.476016][T21694] ? ___ratelimit+0x60/0x595 [ 1981.480607][T21694] ? do_raw_spin_unlock+0x57/0x270 [ 1981.485811][T21694] oom_kill_process.cold+0x10/0x15 [ 1981.490928][T21694] out_of_memory+0x79a/0x12c0 [ 1981.495609][T21694] ? lock_downgrade+0x920/0x920 [ 1981.500462][T21694] ? oom_killer_disable+0x280/0x280 [ 1981.505663][T21694] ? __kasan_check_read+0x11/0x20 [ 1981.510704][T21694] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1981.516264][T21694] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1981.521905][T21694] ? do_raw_spin_unlock+0x57/0x270 [ 1981.527024][T21694] ? _raw_spin_unlock+0x2d/0x50 [ 1981.531875][T21694] try_charge+0xa2d/0x1440 [ 1981.536297][T21694] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1981.541853][T21694] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1981.547395][T21694] ? __kasan_check_read+0x11/0x20 [ 1981.552432][T21694] ? lock_downgrade+0x920/0x920 [ 1981.557288][T21694] ? percpu_ref_tryget_live+0x111/0x290 [ 1981.562873][T21694] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1981.568338][T21694] ? memcg_kmem_put_cache+0x50/0x50 [ 1981.573537][T21694] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1981.579181][T21694] __memcg_kmem_charge+0x13a/0x3a0 [ 1981.584557][T21694] __alloc_pages_nodemask+0x4f4/0x900 [ 1981.589934][T21694] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1981.595669][T21694] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1981.601921][T21694] ? debug_smp_processor_id+0x3c/0x214 [ 1981.607387][T21694] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1981.613632][T21694] alloc_pages_current+0x107/0x210 [ 1981.618755][T21694] pte_alloc_one+0x1b/0x1a0 [ 1981.623266][T21694] __handle_mm_fault+0x34dd/0x3f20 [ 1981.628389][T21694] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1981.633934][T21694] ? __kasan_check_read+0x11/0x20 [ 1981.638971][T21694] ? trace_hardirqs_on+0x67/0x240 [ 1981.644011][T21694] handle_mm_fault+0x1b5/0x6b0 [ 1981.648789][T21694] __do_page_fault+0x536/0xdd0 [ 1981.653566][T21694] ? page_fault+0x16/0x40 [ 1981.657914][T21694] do_page_fault+0x38/0x590 [ 1981.662437][T21694] page_fault+0x39/0x40 [ 1981.666589][T21694] RIP: 0033:0x459829 [ 1981.670493][T21694] Code: Bad RIP value. [ 1981.674556][T21694] RSP: 002b:00007f3576419c78 EFLAGS: 00010246 [ 1981.680620][T21694] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000459829 [ 1981.688592][T21694] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1981.696570][T21694] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1981.704637][T21694] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1981.712604][T21694] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1981.722238][T21694] memory: usage 307200kB, limit 307200kB, failcnt 103927 [ 1981.729842][T21694] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1981.737180][T21694] Memory cgroup stats for /syz0: [ 1981.737303][T21694] anon 82526208 [ 1981.737303][T21694] file 4096 [ 1981.737303][T21694] kernel_stack 36372480 [ 1981.737303][T21694] slab 45350912 [ 1981.737303][T21694] sock 4096 [ 1981.737303][T21694] shmem 0 [ 1981.737303][T21694] file_mapped 0 [ 1981.737303][T21694] file_dirty 0 [ 1981.737303][T21694] file_writeback 0 [ 1981.737303][T21694] anon_thp 0 [ 1981.737303][T21694] inactive_anon 0 [ 1981.737303][T21694] active_anon 82526208 [ 1981.737303][T21694] inactive_file 32768 [ 1981.737303][T21694] active_file 61440 [ 1981.737303][T21694] unevictable 0 [ 1981.737303][T21694] slab_reclaimable 5812224 [ 1981.737303][T21694] slab_unreclaimable 39538688 [ 1981.737303][T21694] pgfault 158301 [ 1981.737303][T21694] pgmajfault 0 [ 1981.737303][T21694] workingset_refault 561 [ 1981.737303][T21694] workingset_activate 462 [ 1981.737303][T21694] workingset_nodereclaim 0 [ 1981.737303][T21694] pgrefill 24076 [ 1981.737303][T21694] pgscan 24434 [ 1981.737303][T21694] pgsteal 1363 [ 1981.832235][T21694] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=30815,uid=0 [ 1981.847851][T21694] Memory cgroup out of memory: Killed process 30815 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1981.865452][ T1057] oom_reaper: reaped process 30815 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1981.879464][T21691] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1981.893442][T21691] CPU: 0 PID: 21691 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1981.902559][T21691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1981.912612][T21691] Call Trace: [ 1981.915908][T21691] dump_stack+0x172/0x1f0 [ 1981.920231][T21691] dump_header+0x177/0x1152 [ 1981.924724][T21691] ? ___ratelimit+0xf8/0x595 [ 1981.929296][T21691] ? trace_hardirqs_on+0x67/0x240 [ 1981.934334][T21691] ? mark_oom_victim.cold+0x18/0x18 [ 1981.939574][T21691] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1981.945466][T21691] ? ___ratelimit+0x60/0x595 [ 1981.950044][T21691] ? do_raw_spin_unlock+0x57/0x270 [ 1981.955155][T21691] oom_kill_process.cold+0x10/0x15 [ 1981.960275][T21691] out_of_memory+0x79a/0x12c0 [ 1981.964964][T21691] ? lock_downgrade+0x920/0x920 [ 1981.969801][T21691] ? oom_killer_disable+0x280/0x280 [ 1981.974992][T21691] ? __kasan_check_read+0x11/0x20 [ 1981.980018][T21691] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1981.985563][T21691] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1981.991195][T21691] ? do_raw_spin_unlock+0x57/0x270 [ 1981.996297][T21691] ? _raw_spin_unlock+0x2d/0x50 [ 1982.001144][T21691] try_charge+0xf4b/0x1440 [ 1982.005553][T21691] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1982.011145][T21691] ? percpu_ref_tryget_live+0x111/0x290 [ 1982.016697][T21691] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1982.022167][T21691] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1982.027703][T21691] mem_cgroup_try_charge+0x136/0x590 [ 1982.032979][T21691] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1982.038705][T21691] __handle_mm_fault+0x1e3a/0x3f20 [ 1982.043846][T21691] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1982.049395][T21691] ? __kasan_check_read+0x11/0x20 [ 1982.054438][T21691] ? trace_hardirqs_on+0x67/0x240 [ 1982.059477][T21691] handle_mm_fault+0x1b5/0x6b0 [ 1982.064256][T21691] __do_page_fault+0x536/0xdd0 [ 1982.069008][T21691] do_page_fault+0x38/0x590 [ 1982.073499][T21691] page_fault+0x39/0x40 [ 1982.077655][T21691] RIP: 0033:0x45c1dd [ 1982.081559][T21691] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 30 8e fb ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 1982.101150][T21691] RSP: 002b:00007ffd41fb7008 EFLAGS: 00010202 [ 1982.107289][T21691] RAX: ffffffffffffffea RBX: 00007f35763f9700 RCX: 00007f35763f9700 [ 1982.115270][T21691] RDX: 00000000003d0f00 RSI: 00007f35763f8db0 RDI: 0000000000410560 [ 1982.123235][T21691] RBP: 00007ffd41fb7220 R08: 00007f35763f99d0 R09: 00007f35763f9700 [ 1982.131192][T21691] R10: 00007f35763f8dc0 R11: 0000000000000246 R12: 0000000000000000 [ 1982.139147][T21691] R13: 00007ffd41fb70bf R14: 00007f35763f99c0 R15: 000000000075bfd4 [ 1982.150399][T21691] memory: usage 306956kB, limit 307200kB, failcnt 103927 [ 1982.157475][T21691] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1982.164325][T21691] Memory cgroup stats for /syz0: [ 1982.165634][T21691] anon 82526208 [ 1982.165634][T21691] file 4096 [ 1982.165634][T21691] kernel_stack 36372480 [ 1982.165634][T21691] slab 45350912 [ 1982.165634][T21691] sock 4096 [ 1982.165634][T21691] shmem 0 [ 1982.165634][T21691] file_mapped 0 [ 1982.165634][T21691] file_dirty 0 [ 1982.165634][T21691] file_writeback 0 [ 1982.165634][T21691] anon_thp 0 [ 1982.165634][T21691] inactive_anon 0 [ 1982.165634][T21691] active_anon 82526208 [ 1982.165634][T21691] inactive_file 32768 [ 1982.165634][T21691] active_file 61440 [ 1982.165634][T21691] unevictable 0 [ 1982.165634][T21691] slab_reclaimable 5812224 [ 1982.165634][T21691] slab_unreclaimable 39538688 [ 1982.165634][T21691] pgfault 158301 [ 1982.165634][T21691] pgmajfault 0 [ 1982.165634][T21691] workingset_refault 561 [ 1982.165634][T21691] workingset_activate 462 [ 1982.165634][T21691] workingset_nodereclaim 0 [ 1982.165634][T21691] pgrefill 24076 [ 1982.165634][T21691] pgscan 24434 [ 1982.165634][T21691] pgsteal 1363 [ 1982.259351][T21691] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=21691,uid=0 [ 1982.275142][T21691] Memory cgroup out of memory: Killed process 21691 (syz-executor.0) total-vm:72708kB, anon-rss:168kB, file-rss:35792kB, shmem-rss:0kB, UID:0 [ 1982.290616][ T1057] oom_reaper: reaped process 21691 (syz-executor.0), now anon-rss:0kB, file-rss:34832kB, shmem-rss:0kB [ 1983.404651][ T12] Bluetooth: hci0: command 0x1001 tx timeout [ 1983.410745][T11933] Bluetooth: hci0: sending frame failed (-49) [ 1985.484570][ T12] Bluetooth: hci0: command 0x1009 tx timeout 04:21:03 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x5) 04:21:03 executing program 5: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x2000000050000}]}) r0 = openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0) ioctl$TIOCSSERIAL(r0, 0x541f, 0x0) 04:21:03 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000048080700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:21:03 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b5900008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:21:03 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0xfffc) 04:21:03 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x4000000000000000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) [ 1989.876025][ T26] audit: type=1400 audit(1564374063.659:1360): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B59 pid=21814 comm="syz-executor.1" 04:21:03 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc00000048090700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:21:03 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1bb301008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) [ 1989.953761][T21817] x_tables: eb_tables: 802_3.0 match: invalid size 8 (kernel) != (user) 0 04:21:03 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x6) [ 1990.039919][T21817] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 04:21:03 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc000000480a0700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1990.118405][ T26] audit: type=1400 audit(1564374063.899:1361): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1BB301 pid=21896 comm="syz-executor.1" [ 1990.160637][T21817] CPU: 0 PID: 21817 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1990.169782][T21817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1990.169788][T21817] Call Trace: [ 1990.169813][T21817] dump_stack+0x172/0x1f0 [ 1990.169832][T21817] dump_header+0x177/0x1152 [ 1990.169846][T21817] ? ___ratelimit+0xf8/0x595 [ 1990.169862][T21817] ? trace_hardirqs_on+0x67/0x240 [ 1990.169883][T21817] ? mark_oom_victim.cold+0x18/0x18 [ 1990.196643][T21817] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1990.196658][T21817] ? ___ratelimit+0x60/0x595 [ 1990.196673][T21817] ? do_raw_spin_unlock+0x57/0x270 [ 1990.196690][T21817] oom_kill_process.cold+0x10/0x15 [ 1990.196706][T21817] out_of_memory+0x79a/0x12c0 [ 1990.196720][T21817] ? lock_downgrade+0x920/0x920 [ 1990.196739][T21817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1990.196760][T21817] ? oom_killer_disable+0x280/0x280 [ 1990.196785][T21817] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1990.196806][T21817] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1990.196825][T21817] ? do_raw_spin_unlock+0x57/0x270 [ 1990.196839][T21817] ? _raw_spin_unlock+0x2d/0x50 [ 1990.196859][T21817] try_charge+0xf4b/0x1440 [ 1990.274265][T21817] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1990.279822][T21817] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1990.285379][T21817] ? __kasan_check_read+0x11/0x20 [ 1990.285400][T21817] ? lock_downgrade+0x920/0x920 [ 1990.285414][T21817] ? percpu_ref_tryget_live+0x111/0x290 [ 1990.285430][T21817] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1990.285442][T21817] ? memcg_kmem_put_cache+0x50/0x50 [ 1990.285456][T21817] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1990.285473][T21817] __memcg_kmem_charge+0x13a/0x3a0 [ 1990.285491][T21817] __alloc_pages_nodemask+0x4f4/0x900 [ 1990.285507][T21817] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1990.285521][T21817] ? __pmd_alloc+0x377/0x460 [ 1990.285534][T21817] ? __kasan_check_read+0x11/0x20 [ 1990.285556][T21817] ? lock_downgrade+0x920/0x920 [ 1990.347804][T21817] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1990.354149][T21817] alloc_pages_current+0x107/0x210 [ 1990.359275][T21817] pte_alloc_one+0x1b/0x1a0 [ 1990.359294][T21817] __pte_alloc+0x20/0x310 [ 1990.359319][T21817] copy_page_range+0x1610/0x2120 [ 1990.359343][T21817] ? perf_trace_lock+0xeb/0x4c0 [ 1990.373115][T21817] ? __pmd_alloc+0x460/0x460 [ 1990.382527][T21817] ? lock_downgrade+0x920/0x920 [ 1990.387393][T21817] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 1990.393131][T21817] ? validate_mm_rb+0xa3/0xc0 [ 1990.397856][T21817] ? __vma_link_rb+0x275/0x370 [ 1990.402636][T21817] ? __kasan_check_write+0x14/0x20 [ 1990.407771][T21817] dup_mm+0xa67/0x1430 [ 1990.411864][T21817] ? vm_area_dup+0x170/0x170 [ 1990.416912][T21817] ? debug_mutex_init+0x2d/0x5a [ 1990.421779][T21817] copy_process+0x28b7/0x6b00 [ 1990.426468][T21817] ? perf_trace_lock+0xeb/0x4c0 [ 1990.431350][T21817] ? __cleanup_sighand+0x60/0x60 [ 1990.436311][T21817] _do_fork+0x146/0xfa0 [ 1990.440486][T21817] ? copy_init_mm+0x20/0x20 [ 1990.445000][T21817] ? __kasan_check_read+0x11/0x20 [ 1990.450061][T21817] ? _copy_to_user+0x118/0x160 [ 1990.454864][T21817] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1990.461121][T21817] ? put_timespec64+0xda/0x140 04:21:04 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc000000480b0700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:21:04 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b0003008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:21:04 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x1fff8) 04:21:04 executing program 5: r0 = socket$kcm(0x29, 0x5, 0x0) sendmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000400)="86", 0x1}], 0x1}}, {{&(0x7f0000000680)=@x25={0x9, @remote={[], 0x1}}, 0x80, 0x0}}], 0x2, 0x0) 04:21:04 executing program 5: r0 = open(&(0x7f00000002c0)='./file1\x00', 0x800143042, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) add_key(&(0x7f0000000300)='rxrpc_s\x00', &(0x7f0000000340)={'syz', 0x1}, &(0x7f0000000380), 0x0, 0xfffffffffffffff9) write$P9_RRENAME(0xffffffffffffffff, 0x0, 0xffffffffffffff45) ptrace$setsig(0x4203, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) write$P9_RREMOVE(0xffffffffffffffff, &(0x7f0000000080)={0x7, 0x7b, 0x2}, 0x7) ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x483, 0x0, &(0x7f0000000140)) mkdir(0x0, 0x0) getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, 0x0, 0x0) ioctl$sock_inet_SIOCDARP(0xffffffffffffffff, 0x8953, &(0x7f0000000480)={{0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x12}}, {0x306, @remote}, 0x56, {0x2, 0x4e21, @multicast2}, 'bond_slave_0\x00'}) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) r1 = gettid() fcntl$notify(0xffffffffffffffff, 0x402, 0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000500)={{{@in6=@loopback, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@empty}}, 0x0) fchownat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', r2, 0x0, 0x1000) keyctl$assume_authority(0x10, 0x0) tkill(r1, 0x1000000000014) 04:21:04 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc000000480c0700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) [ 1990.465897][T21817] __x64_sys_clone+0x18d/0x250 [ 1990.470671][T21817] ? __ia32_sys_vfork+0xc0/0xc0 [ 1990.475545][T21817] ? trace_hardirqs_off_caller+0x65/0x230 [ 1990.481289][T21817] ? trace_hardirqs_on+0x67/0x240 [ 1990.486351][T21817] do_syscall_64+0xfa/0x760 [ 1990.490870][T21817] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1990.496769][T21817] RIP: 0033:0x459829 [ 1990.500673][T21817] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1990.520287][T21817] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1990.528719][T21817] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1990.536708][T21817] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1990.544693][T21817] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1990.552684][T21817] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1990.560666][T21817] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff 04:21:04 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x7) [ 1990.614561][T21817] memory: usage 307200kB, limit 307200kB, failcnt 103947 [ 1990.622254][T21817] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1990.629766][T21817] Memory cgroup stats for /syz0: [ 1990.629890][T21817] anon 82526208 [ 1990.629890][T21817] file 4096 [ 1990.629890][T21817] kernel_stack 36438016 [ 1990.629890][T21817] slab 45215744 [ 1990.629890][T21817] sock 4096 [ 1990.629890][T21817] shmem 0 [ 1990.629890][T21817] file_mapped 0 [ 1990.629890][T21817] file_dirty 0 [ 1990.629890][T21817] file_writeback 0 [ 1990.629890][T21817] anon_thp 0 [ 1990.629890][T21817] inactive_anon 0 [ 1990.629890][T21817] active_anon 82526208 [ 1990.629890][T21817] inactive_file 32768 [ 1990.629890][T21817] active_file 61440 [ 1990.629890][T21817] unevictable 0 [ 1990.629890][T21817] slab_reclaimable 5812224 [ 1990.629890][T21817] slab_unreclaimable 39403520 [ 1990.629890][T21817] pgfault 158367 [ 1990.629890][T21817] pgmajfault 0 [ 1990.629890][T21817] workingset_refault 561 [ 1990.629890][T21817] workingset_activate 462 [ 1990.629890][T21817] workingset_nodereclaim 0 [ 1990.629890][T21817] pgrefill 24175 [ 1990.629890][T21817] pgscan 24533 [ 1990.629890][T21817] pgsteal 1363 [ 1990.770048][T21817] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=21804,uid=0 [ 1990.819263][T21817] Memory cgroup out of memory: Killed process 21804 (syz-executor.0) total-vm:72576kB, anon-rss:164kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1990.845498][ T1057] oom_reaper: reaped process 21804 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1990.890261][T21817] syz-executor.0 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1990.910843][T21817] CPU: 0 PID: 21817 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1990.919985][T21817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1990.930044][T21817] Call Trace: [ 1990.933354][T21817] dump_stack+0x172/0x1f0 [ 1990.937693][T21817] dump_header+0x177/0x1152 [ 1990.942210][T21817] ? ___ratelimit+0xf8/0x595 [ 1990.946817][T21817] ? trace_hardirqs_on+0x67/0x240 [ 1990.951857][T21817] ? mark_oom_victim.cold+0x18/0x18 [ 1990.957073][T21817] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1990.962885][T21817] ? ___ratelimit+0x60/0x595 [ 1990.968482][T21817] ? do_raw_spin_unlock+0x57/0x270 [ 1990.973583][T21817] oom_kill_process.cold+0x10/0x15 [ 1990.978686][T21817] out_of_memory+0x79a/0x12c0 [ 1990.983380][T21817] ? lock_downgrade+0x920/0x920 [ 1990.988219][T21817] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1990.994660][T21817] ? oom_killer_disable+0x280/0x280 [ 1990.999861][T21817] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1991.005395][T21817] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1991.011023][T21817] ? do_raw_spin_unlock+0x57/0x270 [ 1991.016131][T21817] ? _raw_spin_unlock+0x2d/0x50 [ 1991.020978][T21817] try_charge+0xf4b/0x1440 [ 1991.025379][T21817] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1991.031284][T21817] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1991.036826][T21817] ? __kasan_check_read+0x11/0x20 [ 1991.041849][T21817] ? lock_downgrade+0x920/0x920 [ 1991.046678][T21817] ? percpu_ref_tryget_live+0x111/0x290 [ 1991.052330][T21817] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1991.057781][T21817] ? memcg_kmem_put_cache+0x50/0x50 [ 1991.063058][T21817] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1991.068635][T21817] __memcg_kmem_charge+0x13a/0x3a0 [ 1991.073734][T21817] __alloc_pages_nodemask+0x4f4/0x900 [ 1991.079099][T21817] ? __lockdep_free_key_range+0x120/0x120 [ 1991.084977][T21817] ? __alloc_pages_slowpath+0x2520/0x2520 [ 1991.090684][T21817] ? copy_page_range+0x10c2/0x2120 [ 1991.095792][T21817] ? __kasan_check_read+0x11/0x20 [ 1991.100811][T21817] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1991.107035][T21817] alloc_pages_current+0x107/0x210 [ 1991.112124][T21817] pte_alloc_one+0x1b/0x1a0 [ 1991.116631][T21817] __pte_alloc+0x20/0x310 [ 1991.120957][T21817] copy_page_range+0x1610/0x2120 [ 1991.125877][T21817] ? perf_trace_lock+0xeb/0x4c0 [ 1991.130746][T21817] ? __pmd_alloc+0x460/0x460 [ 1991.135338][T21817] ? vma_gap_callbacks_rotate+0x62/0x80 [ 1991.140880][T21817] ? __rb_insert_augmented+0x20c/0xd90 [ 1991.146334][T21817] ? validate_mm_rb+0xa3/0xc0 [ 1991.151013][T21817] ? __vma_link_rb+0x275/0x370 [ 1991.155776][T21817] ? __kasan_check_write+0x14/0x20 [ 1991.160888][T21817] dup_mm+0xa67/0x1430 [ 1991.164972][T21817] ? vm_area_dup+0x170/0x170 [ 1991.169546][T21817] ? debug_mutex_init+0x2d/0x5a [ 1991.174378][T21817] copy_process+0x28b7/0x6b00 [ 1991.179044][T21817] ? perf_trace_lock+0xeb/0x4c0 [ 1991.183903][T21817] ? __cleanup_sighand+0x60/0x60 [ 1991.188837][T21817] _do_fork+0x146/0xfa0 [ 1991.192980][T21817] ? copy_init_mm+0x20/0x20 [ 1991.197485][T21817] ? __kasan_check_read+0x11/0x20 [ 1991.202509][T21817] ? _copy_to_user+0x118/0x160 [ 1991.207265][T21817] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1991.213751][T21817] ? put_timespec64+0xda/0x140 [ 1991.218511][T21817] __x64_sys_clone+0x18d/0x250 [ 1991.223277][T21817] ? __ia32_sys_vfork+0xc0/0xc0 [ 1991.228135][T21817] ? trace_hardirqs_off_caller+0x65/0x230 [ 1991.233844][T21817] ? trace_hardirqs_on+0x67/0x240 [ 1991.238863][T21817] do_syscall_64+0xfa/0x760 [ 1991.243350][T21817] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1991.249224][T21817] RIP: 0033:0x459829 [ 1991.253098][T21817] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1991.272695][T21817] RSP: 002b:00007f3576419c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1991.281095][T21817] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000459829 [ 1991.289063][T21817] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 1991.297024][T21817] RBP: 000000000075bf20 R08: ffffffffffffffff R09: 0000000000000000 [ 1991.305162][T21817] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1991.313117][T21817] R13: 00000000004bfce6 R14: 00000000004d1958 R15: 00000000ffffffff [ 1991.321799][T21817] memory: usage 307036kB, limit 307200kB, failcnt 103974 [ 1991.329027][T21817] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1991.336463][T21817] Memory cgroup stats for /syz0: [ 1991.336584][T21817] anon 82526208 [ 1991.336584][T21817] file 4096 [ 1991.336584][T21817] kernel_stack 36438016 [ 1991.336584][T21817] slab 45215744 [ 1991.336584][T21817] sock 4096 [ 1991.336584][T21817] shmem 0 [ 1991.336584][T21817] file_mapped 0 [ 1991.336584][T21817] file_dirty 0 [ 1991.336584][T21817] file_writeback 0 [ 1991.336584][T21817] anon_thp 0 [ 1991.336584][T21817] inactive_anon 0 [ 1991.336584][T21817] active_anon 82526208 [ 1991.336584][T21817] inactive_file 32768 [ 1991.336584][T21817] active_file 61440 [ 1991.336584][T21817] unevictable 0 [ 1991.336584][T21817] slab_reclaimable 5812224 [ 1991.336584][T21817] slab_unreclaimable 39403520 [ 1991.336584][T21817] pgfault 158367 [ 1991.336584][T21817] pgmajfault 0 [ 1991.336584][T21817] workingset_refault 561 [ 1991.336584][T21817] workingset_activate 462 [ 1991.336584][T21817] workingset_nodereclaim 0 [ 1991.336584][T21817] pgrefill 24175 [ 1991.336584][T21817] pgscan 24533 [ 1991.336584][T21817] pgsteal 1363 04:21:05 executing program 0: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000080)=@nat={'%at\x00', 0x19, 0x1, 0x1a8, [0x200005c0, 0x0, 0x4800000000000000, 0x200005f0, 0x20000620], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="000000000077ee000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000200000000feffffff010000000900000000000000000064756d6d7930000000000000000000007465616d5f736c6176655f300000000073797a6b616c6c657230000040000000726f7365300000000000000000000000aaaaaaaaaa000000000000000180c20000000000e3000000e700e0000000e0000000180100003830325f33000000000000000000000000000000000000000000000800000000000000000000000000000074696d6500040000000000000000000000000000000000000000000000000000180000000000000000000000000000000000000c89cca68544329100000200000000000000000000000000000000000010000000000000000000000000000000fdffffff00"/424]}, 0x220) 04:21:05 executing program 1: r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000200)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) write$apparmor_exec(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="6578656320262609d09cd372c2ef5509db8ab24e300d5944df8f346497da98f0b453ad6d8a2fcb127375b2ae8bfc030e9a230514289d300b06774494f1ee8ad5379dfed204dd4ee8d1bb83d594cc2086c675750d4c2e9af281fa937d1b9c06008000000000baec73620bc183a1a0689c60948f3cd9c5f318fe02a98cbefad7c7e6f3f4cd05f5f1e0d23b6e3d245fc76153e613ae187222e4d5f2352378cf0443fcd24b9a4c42931dc0bc58c3bf53ca2b0f34d84557f9ba4d79a9e877734d42aa63a9d670026ea166ae325820354f616deb57144f837f5839b0b3901c315f72c8733dc6b5b3"], 0xe5) 04:21:05 executing program 5: r0 = socket$inet6(0xa, 0x80003, 0x2a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x7}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x3e, &(0x7f00000000c0)=ANY=[@ANYBLOB="000200000000000086b02719476ee242d0e24f114b152c2e"], 0x18) sendmmsg(r0, &(0x7f00000002c0)=[{{0x0, 0xfffffdad, &(0x7f0000000200)=[{&(0x7f0000000cc0)="daad4b7c92178d1a26b350b93b783a84998db40f950e879bde33881b75e21c443cbded78f04309fbd3f5956c4dea2bb4e54745212f3a04c7606ed8d47019f075c6333d38cc3f5a1ce08e2d6bc5811c52f355f55512a69a022758c658940b2511cff14889e44164081c0eb3285ced1d9f4801584f9ef67ea265c670d8e65ea4aaae719bdf532af1f479fd7ae18187db3d7ff0634d8cfa78221b85fb1a6707d9d72f2ff05e726d20dc860d65b2dc05d289c26204a962d04c630e6faa7f6787e8b9edc526c80f8fc700156a4c0063580ded06d493fdb47d7c513e747ff2cae32434a3cbf771422319180483ae9acd7ec6093087f20aae574de2d9565f872ae0bba7e53947dba9099abb647749211faf4ccb48eed133fc9da2a59295a318cf5b07436b7a823269d7640d5717ca258f0823ea1b67259efbabbbdc8d46442aa3e6987f9dbcc1d922f457ac912609769f4daa33c11c23a0586d8ba9949bd9154da7d7375136d6ea97520fd90f06f3f3f051b867d1386ae7c4e8a61397b5614104a0984e82be7d128ed072c2122cbe16d0b70a86cf6009a6f931c98f57837aa655002e0b15d3e443288a8dea765b638ae165e54597e9af938018ca0c2c787c9cbe515fc810284a43b3a5017746e81f197e0b532443391f61bded2276379d7c359cfa1a6dc1fe5782d2807479de6c0869043574ea41dee8b59822f3b3afd9d29c1680689796da7d75618a8045dc9aea24eb86e844f361cbd2407f55ecf5e6c533c219061ee162f7dbb126e01a238454fbf2fd5e0946a09780c955e4daf4b948eb4431088f2cca8299188235b5c3e2d1842598cf51c44f86f6858ef60d94bd5799fb34e885e10d98b6b7e588b25ce454158e882c70c506466cf81fedee0d982168d50c96f525beb05a2acde479082c21ae2c2f557e95c8e0ac4c9398d231eb012e30c12dd1ba0d98d5e6534daa1d85ef3f27725321610a29f6e9c38cb5423db4f8960676b437df7294d5e421e71be0a1d88adcf0a8ca6977e83a3147673eb6c1067723b50196de19738cafe29b74b27ffdbd7837995d244ce37d4aa290fed9867071dd0ca41a323d5b23b9fe7ac1158baea1e80a2afa9b83df46aded8fb4871952acd340d60a1929da61077f6a5742e7298bcf070cf27560ab592d781f8ea2761ede163202d53e12d9a4e36de95da353166a0b3a39171ed531f165650f0b2269fb64e040b48b0c2a2fff20495a84dddf774947ff3174b2409553598a1a4700fd237095cc97eb4739af435d2c4506d7beb070f9f6b15d4a5cab06e6aa71c04c56c595c5aff23a56a103a0a43f29f83a61a17cdbf5efedddadf14272fce245f79b3de7ffa9a45837f4c048f99d9cbc3630a4494e6e47eca2c6377d7bf8b89d7c22a579232a7367477b06b9acf45a93fccd92be82a985619f8512a4553e3a1fef58d5feeb834d6c4167756d0b3519eb626468d55623a48dc9c5bd74edc62bf23db24a0001b11a5244df368547253378d4a0975dfff8840f297be7c8837eb608d3778423a63cc80b4af8322ccda6568b970c7b53530073e1bef3abfc97961dc330406a97d2a3d013949436bb72ab42a9f64754824d25331656de6bae550d3f414a11a1914f65e1946b8df2bb3474ae9f9bfbef21ce9f123882c70304283721fe4fc203e27988237cdfe4752e3c9b6d5491d17c5d64167341c04c279197b1d4e74fd45cd56560d6fc869364d7ca2459c69a0c29c513706eab9fa4eddf36e8aa35de9e06b0df4494059dfcf00562f500e5be2b4ed5cea1c03b47f4c899517f2545952bfd54eb536392fa756b65f2005cc00f2e7f47", 0x53c}], 0x1}}], 0x28e, 0x0) 04:21:05 executing program 4: r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x14) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23, 0x0, @ipv4}, 0x1c) listen(r0, 0x1d7) r1 = socket$inet_sctp(0x2, 0x801, 0x84) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") sendmsg(r1, &(0x7f0000000180)={&(0x7f0000000000)=@in={0x2, 0x4e23, @local}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)='#', 0xffe0}], 0x1}, 0x1000000) 04:21:05 executing program 3: r0 = socket(0x30002000000010, 0x3, 0x0) write(r0, &(0x7f0000000800)="fc000000480e0700ab092500090007000aab07ff010000000000769321000100ff0100000005d0000000000009039815fa2c1ec28656aaa79b0c8d59fe000000bc00020000036c6c256f1a272f2e117c22ebc21121400000006000c821a4a6f9607668bfcb5d7bd5afaaa934d0730700000020d7d5bbc91a3e2e80772c05defd5a32e280fc83ab1afad60ce9c0bfb8fe082038f4f8b29d3ef3d92c83170e5b37d1fc85fcb0da9aba3c698745b0ba4a463ae4f5566f46660da80b76b6825bbd16460000941591cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2e87abd43cd16b17e583df150c3b880f41e54d38d882f7c4605587e658", 0xfc) 04:21:05 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r0, 0x400455c8, 0x8) [ 1991.429955][T21817] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz0,mems_allowed=0-1,oom_memcg=/syz0,task_memcg=/syz0,task=syz-executor.0,pid=27535,uid=0 [ 1991.445809][T21817] Memory cgroup out of memory: Killed process 27535 (syz-executor.0) total-vm:72708kB, anon-rss:136kB, file-rss:34816kB, shmem-rss:0kB, UID:0 [ 1991.464060][ T1057] oom_reaper: reaped process 27535 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1991.524781][ T26] audit: type=1400 audit(1564374065.309:1362): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=262609D09CD372C2EF5509DB8AB24E300D5944DF8F346497DA98F0B453AD6D8A2FCB127375B2AE8BFC030E9A230514289D300B06774494F1EE8AD5379DFED204DD4EE8D1BB83D594CC2086C675750D4C2E9AF281FA937D1B9C06 pid=22100 comm="syz-executor.1" [ 1991.587767][T15364] ------------[ cut here ]------------ [ 1991.593678][T15364] WARNING: CPU: 1 PID: 15364 at drivers/tty/tty_ioctl.c:319 tty_set_termios.cold+0x11/0x23 [ 1991.603665][T15364] Kernel panic - not syncing: panic_on_warn set ... [ 1991.610272][T15364] CPU: 1 PID: 15364 Comm: kworker/u5:2 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1991.619233][T15364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1991.629307][T15364] Workqueue: hci0 hci_power_on [ 1991.634070][T15364] Call Trace: [ 1991.637391][T15364] dump_stack+0x172/0x1f0 [ 1991.641743][T15364] ? tty_unthrottle_safe+0x90/0x17d [ 1991.646948][T15364] panic+0x2dc/0x755 [ 1991.650858][T15364] ? add_taint.cold+0x16/0x16 [ 1991.655549][T15364] ? __kasan_check_write+0x14/0x20 [ 1991.660695][T15364] ? __warn.cold+0x5/0x4c [ 1991.665032][T15364] ? __warn+0xe7/0x1e0 [ 1991.669110][T15364] ? tty_set_termios.cold+0x11/0x23 [ 1991.673381][ T3908] kobject: 'loop5' (00000000a30f5622): kobject_uevent_env [ 1991.674324][T15364] __warn.cold+0x20/0x4c [ 1991.685668][T15364] ? tty_set_termios.cold+0x11/0x23 [ 1991.690883][T15364] report_bug+0x263/0x2b0 [ 1991.691108][ T3908] kobject: 'loop5' (00000000a30f5622): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1991.695226][T15364] do_error_trap+0x11b/0x200 [ 1991.695243][T15364] do_invalid_op+0x37/0x50 [ 1991.695258][T15364] ? tty_set_termios.cold+0x11/0x23 [ 1991.695274][T15364] invalid_op+0x23/0x30 [ 1991.695296][T15364] RIP: 0010:tty_set_termios.cold+0x11/0x23 [ 1991.729575][T15364] Code: ef e8 06 cd 2b fe e9 e8 fe ff ff e8 fc cc 2b fe eb ae e8 f5 cc 2b fe eb 84 e8 de 5c f1 fd 48 c7 c7 c0 e9 d0 87 e8 d6 eb da fd <0f> 0b e9 d5 d5 ff ff 90 90 90 90 90 90 90 90 90 90 90 55 48 89 e5 [ 1991.749183][T15364] RSP: 0018:ffff88805bba7978 EFLAGS: 00010282 [ 1991.755254][T15364] RAX: 0000000000000024 RBX: ffff88805bba7a38 RCX: 0000000000000000 [ 1991.763232][T15364] RDX: 0000000000000000 RSI: ffffffff815c6f46 RDI: ffffed100b774f21 [ 1991.771210][T15364] RBP: ffff88805bba7a60 R08: 0000000000000024 R09: ffffed1015d260d1 [ 1991.779286][T15364] R10: ffffed1015d260d0 R11: ffff8880ae930687 R12: ffff88805bba7aa0 [ 1991.787269][T15364] R13: 0000000000010004 R14: 1ffff1100b774f4e R15: ffff88801919c0c0 [ 1991.795273][T15364] ? vprintk_func+0x86/0x189 [ 1991.799883][T15364] ? tty_set_termios.cold+0x11/0x23 [ 1991.805113][T15364] ? hci_dev_do_open+0xa7/0x1940 [ 1991.807729][ T3908] kobject: 'loop5' (00000000a30f5622): kobject_uevent_env [ 1991.810060][T15364] ? tty_wait_until_sent+0x580/0x580 [ 1991.822460][T15364] ? __mutex_lock+0x45d/0x13c0 [ 1991.827415][T15364] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1991.829100][ T3908] kobject: 'loop5' (00000000a30f5622): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 1991.833661][T15364] ? tty_termios_encode_baud_rate+0x3ca/0x4e0 [ 1991.833685][T15364] hci_uart_set_baudrate+0x157/0x1c0 [ 1991.833706][T15364] ? hci_uart_set_speeds+0x90/0x90 [ 1991.862267][T15364] ? __lockdep_free_key_range+0x120/0x120 [ 1991.868001][T15364] ? cpuacct_charge+0x1db/0x360 [ 1991.872952][T15364] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1991.879204][T15364] ? debug_smp_processor_id+0x3c/0x214 [ 1991.884678][T15364] hci_uart_setup+0xa2/0x4a0 [ 1991.889281][T15364] ? hci_uart_set_baudrate+0x1c0/0x1c0 [ 1991.894747][T15364] hci_dev_do_open+0x3e3/0x1940 [ 1991.899618][T15364] ? __lockdep_free_key_range+0x120/0x120 [ 1991.901866][T22227] syz-executor.0 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1991.905347][T15364] ? hci_rx_work+0xae0/0xae0 [ 1991.905362][T15364] ? trace_hardirqs_off+0x62/0x240 [ 1991.905377][T15364] ? __kasan_check_read+0x11/0x20 [ 1991.905400][T15364] ? process_one_work+0x89d/0x1740 [ 1991.935365][T15364] ? mark_held_locks+0xf0/0xf0 [ 1991.940135][T15364] hci_power_on+0x12d/0x680 [ 1991.944647][T15364] ? hci_error_reset+0xf0/0xf0 [ 1991.949423][T15364] ? lock_acquire+0x190/0x410 [ 1991.954107][T15364] ? process_one_work+0x8c1/0x1740 [ 1991.959258][T15364] ? trace_hardirqs_on+0x67/0x240 [ 1991.964295][T15364] process_one_work+0x9af/0x1740 [ 1991.969247][T15364] ? pwq_dec_nr_in_flight+0x320/0x320 [ 1991.974622][T15364] ? lock_acquire+0x190/0x410 [ 1991.979347][T15364] worker_thread+0x98/0xe40 [ 1991.983853][T15364] ? trace_hardirqs_on+0x67/0x240 [ 1991.988893][T15364] kthread+0x361/0x430 [ 1991.992972][T15364] ? process_one_work+0x1740/0x1740 [ 1991.998180][T15364] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 1992.004429][T15364] ret_from_fork+0x24/0x30 [ 1992.008866][T22227] CPU: 0 PID: 22227 Comm: syz-executor.0 Not tainted 5.3.0-rc1-next-20190726 #53 [ 1992.017996][T22227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1992.028048][T22227] Call Trace: [ 1992.031369][T22227] dump_stack+0x172/0x1f0 [ 1992.035704][T22227] dump_header+0x177/0x1152 [ 1992.040201][T22227] ? ___ratelimit+0xf8/0x595 [ 1992.044793][T22227] ? trace_hardirqs_on+0x67/0x240 [ 1992.049821][T22227] ? mark_oom_victim.cold+0x18/0x18 [ 1992.055029][T22227] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1992.060834][T22227] ? ___ratelimit+0x60/0x595 [ 1992.065420][T22227] ? do_raw_spin_unlock+0x57/0x270 [ 1992.070533][T22227] oom_kill_process.cold+0x10/0x15 [ 1992.075648][T22227] out_of_memory+0x79a/0x12c0 [ 1992.080328][T22227] ? lock_downgrade+0x920/0x920 [ 1992.085181][T22227] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1992.091445][T22227] ? oom_killer_disable+0x280/0x280 [ 1992.096656][T22227] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1992.102200][T22227] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1992.107841][T22227] ? do_raw_spin_unlock+0x57/0x270 [ 1992.112951][T22227] ? _raw_spin_unlock+0x2d/0x50 [ 1992.117800][T22227] try_charge+0xf4b/0x1440 [ 1992.122223][T22227] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1992.127766][T22227] ? percpu_ref_tryget_live+0x111/0x290 [ 1992.133589][T22227] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1992.139050][T22227] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1992.144595][T22227] mem_cgroup_try_charge+0x136/0x590 [ 1992.149879][T22227] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1992.155513][T22227] wp_page_copy+0x421/0x15e0 [ 1992.160125][T22227] ? page_trans_huge_mapcount+0x166/0x450 [ 1992.165848][T22227] ? pmd_pfn+0x1d0/0x1d0 [ 1992.170088][T22227] ? lock_downgrade+0x920/0x920 [ 1992.174939][T22227] ? swp_swapcount+0x540/0x540 [ 1992.179702][T22227] ? __kasan_check_read+0x11/0x20 [ 1992.184720][T22227] ? do_raw_spin_unlock+0x57/0x270 [ 1992.189831][T22227] do_wp_page+0x499/0x14d0 [ 1992.194253][T22227] ? finish_mkwrite_fault+0x570/0x570 [ 1992.199630][T22227] __handle_mm_fault+0x22f7/0x3f20 [ 1992.204745][T22227] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1992.210282][T22227] ? __kasan_check_read+0x11/0x20 [ 1992.215320][T22227] ? trace_hardirqs_on+0x67/0x240 [ 1992.220357][T22227] handle_mm_fault+0x1b5/0x6b0 [ 1992.225125][T22227] __do_page_fault+0x536/0xdd0 [ 1992.229895][T22227] do_page_fault+0x38/0x590 [ 1992.234400][T22227] page_fault+0x39/0x40 [ 1992.238559][T22227] RIP: 0033:0x404e59 [ 1992.242451][T22227] Code: 66 00 39 45 24 0f 84 a6 01 00 00 80 3d 47 b6 66 00 00 74 0e 48 8b 85 90 00 00 00 48 c7 00 00 00 00 00 e8 ca f2 00 00 49 89 c4 00 00 00 00 00 49 8b 46 10 48 85 c0 0f 84 3c 01 00 00 48 83 ec [ 1992.262058][T22227] RSP: 002b:00007f3576419c90 EFLAGS: 00010207 [ 1992.268130][T22227] RAX: 00007f357641a6d4 RBX: 0000000000000003 RCX: 0000000000000003 [ 1992.276097][T22227] RDX: 00000000001b298c RSI: 0000000000000088 RDI: 00000000004be16e [ 1992.284073][T22227] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1992.292040][T22227] R10: 0000000000001f37 R11: 0000000000000246 R12: 00007f357641a6d4 [ 1992.300005][T22227] R13: 00000000004c8569 R14: 00000000004df080 R15: 00000000ffffffff [ 1992.309077][T15364] Kernel Offset: disabled [ 1992.313418][T15364] Rebooting in 86400 seconds..