.207058][T10315] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 296.207073][T10315] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 296.207081][T10315] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 296.207090][T10315] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 296.207099][T10315] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 296.207108][T10315] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 296.279358][T10315] memory: usage 307200kB, limit 307200kB, failcnt 20 [ 296.289683][T10315] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 12:46:52 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0xd0070000}, 0x8) [ 296.320926][T10331] overlayfs: workdir and upperdir must be separate subtrees [ 296.351016][T10315] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 296.397517][T10315] Memory cgroup stats for /syz2: cache:0KB rss:297088KB rss_huge:266240KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:163444KB active_anon:6676KB inactive_file:12KB active_file:0KB unevictable:127060KB [ 296.464956][T10315] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10314,uid=0 [ 296.484911][T10315] Memory cgroup out of memory: Killed process 10314 (syz-executor.2) total-vm:72448kB, anon-rss:16328kB, file-rss:37044kB, shmem-rss:0kB 12:46:52 executing program 2: mlockall(0xc) r0 = accept4(0xffffffffffffff9c, &(0x7f00000000c0)=@x25, &(0x7f0000000000)=0x80, 0x800) ioctl$sock_inet_SIOCGIFADDR(r0, 0x8915, &(0x7f0000000140)={'bridge0\x00', {0x2, 0x4e23, @multicast1}}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:46:52 executing program 0: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x101000, 0x0) ioctl$FIONREAD(r0, 0x541b, &(0x7f00000000c0)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:46:52 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=.']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:46:52 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, 0x0, 0x0) 12:46:52 executing program 3: mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x0, 0xc80) mlockall(0x3) 12:46:52 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x100000000000000}, 0x8) [ 296.585252][T10344] overlayfs: workdir and upperdir must be separate subtrees [ 296.620317][T10340] device nr0 entered promiscuous mode 12:46:52 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./fi']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 296.783104][T10358] overlayfs: failed to resolve './fi': -2 12:46:52 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./fi']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:46:52 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x200000000000000}, 0x8) [ 297.049654][T10364] overlayfs: failed to resolve './fi': -2 12:46:53 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./fi']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:46:53 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x3f00000000000000}, 0x8) [ 297.284073][T10372] overlayfs: failed to resolve './fi': -2 12:46:53 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 297.370762][T10350] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 297.404841][T10350] CPU: 0 PID: 10350 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 297.412848][T10350] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 297.422926][T10350] Call Trace: [ 297.426232][T10350] dump_stack+0x172/0x1f0 [ 297.430577][T10350] dump_header+0x10f/0xb6c [ 297.435013][T10350] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 297.440840][T10350] ? ___ratelimit+0x60/0x595 [ 297.445447][T10350] ? do_raw_spin_unlock+0x57/0x270 [ 297.450576][T10350] oom_kill_process.cold+0x10/0x15 [ 297.455699][T10350] out_of_memory+0x79a/0x1280 [ 297.460384][T10350] ? lock_downgrade+0x880/0x880 [ 297.465241][T10350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 297.471502][T10350] ? oom_killer_disable+0x280/0x280 [ 297.477259][T10350] ? find_held_lock+0x35/0x130 [ 297.482039][T10350] mem_cgroup_out_of_memory+0x1ca/0x230 [ 297.487585][T10350] ? memcg_event_wake+0x230/0x230 [ 297.492621][T10350] ? do_raw_spin_unlock+0x57/0x270 [ 297.497739][T10350] ? _raw_spin_unlock+0x2d/0x50 [ 297.502596][T10350] try_charge+0x102c/0x15c0 [ 297.507104][T10350] ? find_held_lock+0x35/0x130 [ 297.511883][T10350] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 297.517435][T10350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 297.523685][T10350] ? kasan_check_read+0x11/0x20 [ 297.528552][T10350] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 297.534118][T10350] mem_cgroup_try_charge+0x24d/0x5e0 [ 297.539434][T10350] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 297.545071][T10350] __handle_mm_fault+0x1e1f/0x3ec0 [ 297.550188][T10350] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 297.555735][T10350] ? find_held_lock+0x35/0x130 [ 297.560760][T10350] ? handle_mm_fault+0x322/0xb30 [ 297.565706][T10350] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 297.571956][T10350] ? kasan_check_read+0x11/0x20 [ 297.576829][T10350] handle_mm_fault+0x43f/0xb30 [ 297.581622][T10350] __get_user_pages+0x7b6/0x1a40 [ 297.586570][T10350] ? follow_page_mask+0x19a0/0x19a0 [ 297.591778][T10350] ? retint_kernel+0x2d/0x2d [ 297.596993][T10350] populate_vma_page_range+0x20d/0x2a0 [ 297.602460][T10350] __mm_populate+0x204/0x380 [ 297.607053][T10350] ? populate_vma_page_range+0x2a0/0x2a0 [ 297.612698][T10350] __x64_sys_mlockall+0x35c/0x520 [ 297.617746][T10350] do_syscall_64+0x103/0x610 [ 297.622520][T10350] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 297.628412][T10350] RIP: 0033:0x458da9 [ 297.632310][T10350] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 297.664897][T10350] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 297.673319][T10350] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 297.681290][T10350] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 297.689267][T10350] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 297.697256][T10350] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 297.705227][T10350] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 297.758831][T10381] overlayfs: failed to resolve './file': -2 [ 297.949105][T10350] memory: usage 307132kB, limit 307200kB, failcnt 68 [ 297.961691][T10350] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 297.969695][T10350] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 297.982247][T10350] Memory cgroup stats for /syz2: cache:0KB rss:296936KB rss_huge:266240KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:163444KB active_anon:8808KB inactive_file:0KB active_file:0KB unevictable:124772KB [ 298.010597][T10350] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10087,uid=0 [ 298.027166][T10350] Memory cgroup out of memory: Killed process 10087 (syz-executor.2) total-vm:72712kB, anon-rss:18368kB, file-rss:34816kB, shmem-rss:0kB [ 298.048180][ T1043] oom_reaper: reaped process 10087 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:46:54 executing program 2: mprotect(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x6) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x3, 0x40000) ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f0000001440)={0x3, &(0x7f00000000c0)=""/204, &(0x7f00000013c0)=[{0x80000000, 0xe0, 0x7, &(0x7f00000001c0)=""/224}, {0x4, 0x1000, 0x0, &(0x7f00000002c0)=""/4096}, {0x7fffffff, 0xce, 0x3, &(0x7f00000012c0)=""/206}]}) mlockall(0x3) 12:46:54 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240), 0x0) 12:46:54 executing program 3: mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x0, 0xc80) mlockall(0x3) 12:46:54 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x5000000000000000}, 0x8) 12:46:54 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:46:54 executing program 0: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) [ 298.201871][T10389] overlayfs: failed to resolve './file': -2 [ 298.230110][T10395] device nr0 entered promiscuous mode 12:46:54 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 298.360642][T10400] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 298.383155][T10400] CPU: 0 PID: 10400 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 298.391193][T10400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 298.401255][T10400] Call Trace: [ 298.402864][T10404] overlayfs: failed to resolve './file': -2 [ 298.404562][T10400] dump_stack+0x172/0x1f0 [ 298.404592][T10400] dump_header+0x10f/0xb6c [ 298.419394][T10400] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 298.425207][T10400] ? ___ratelimit+0x60/0x595 [ 298.429803][T10400] ? do_raw_spin_unlock+0x57/0x270 [ 298.429831][T10400] oom_kill_process.cold+0x10/0x15 [ 298.440042][T10400] out_of_memory+0x79a/0x1280 [ 298.444730][T10400] ? lock_downgrade+0x880/0x880 [ 298.449682][T10400] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 298.455938][T10400] ? oom_killer_disable+0x280/0x280 [ 298.461152][T10400] ? find_held_lock+0x35/0x130 [ 298.465936][T10400] mem_cgroup_out_of_memory+0x1ca/0x230 [ 298.471484][T10400] ? memcg_event_wake+0x230/0x230 [ 298.476522][T10400] ? do_raw_spin_unlock+0x57/0x270 [ 298.481637][T10400] ? _raw_spin_unlock+0x2d/0x50 [ 298.486594][T10400] try_charge+0x102c/0x15c0 [ 298.491105][T10400] ? find_held_lock+0x35/0x130 [ 298.495892][T10400] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 298.495912][T10400] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 298.495934][T10400] ? kasan_check_read+0x11/0x20 [ 298.507739][T10400] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 298.507756][T10400] mem_cgroup_try_charge+0x24d/0x5e0 [ 298.507777][T10400] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 298.507799][T10400] __handle_mm_fault+0x1e1f/0x3ec0 [ 298.534210][T10400] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 298.539768][T10400] ? find_held_lock+0x35/0x130 [ 298.544552][T10400] ? handle_mm_fault+0x322/0xb30 [ 298.549503][T10400] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 298.555757][T10400] ? kasan_check_read+0x11/0x20 [ 298.560622][T10400] handle_mm_fault+0x43f/0xb30 [ 298.565400][T10400] __get_user_pages+0x7b6/0x1a40 [ 298.570353][T10400] ? follow_page_mask+0x19a0/0x19a0 [ 298.575561][T10400] ? __vma_adjust+0x1840/0x1840 [ 298.580433][T10400] ? lock_acquire+0x16f/0x3f0 [ 298.585123][T10400] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 298.591383][T10400] populate_vma_page_range+0x20d/0x2a0 [ 298.596860][T10400] __mm_populate+0x204/0x380 [ 298.601465][T10400] ? populate_vma_page_range+0x2a0/0x2a0 [ 298.607119][T10400] __x64_sys_mlockall+0x35c/0x520 [ 298.612157][T10400] do_syscall_64+0x103/0x610 [ 298.616759][T10400] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 298.624165][T10400] RIP: 0033:0x458da9 [ 298.628070][T10400] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 298.647706][T10400] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 12:46:54 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0xd007000000000000}, 0x8) 12:46:54 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:46:54 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 298.656127][T10400] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 298.664104][T10400] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 298.672089][T10400] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 298.680070][T10400] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 298.688045][T10400] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 298.718535][T10400] memory: usage 307200kB, limit 307200kB, failcnt 114 [ 298.725498][T10400] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 298.733565][T10400] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 298.740567][T10400] Memory cgroup stats for /syz2: cache:0KB rss:297036KB rss_huge:264192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:163324KB active_anon:8828KB inactive_file:4KB active_file:4KB unevictable:124928KB [ 298.764325][T10400] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10172,uid=0 [ 298.780547][T10400] Memory cgroup out of memory: Killed process 10172 (syz-executor.2) total-vm:72712kB, anon-rss:18368kB, file-rss:34816kB, shmem-rss:0kB 12:46:54 executing program 3: mlockall(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x0, 0xc80) mlockall(0x3) 12:46:54 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 299.316210][T10400] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 299.326627][T10400] CPU: 0 PID: 10400 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 299.334612][T10400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 299.344695][T10400] Call Trace: [ 299.347999][T10400] dump_stack+0x172/0x1f0 [ 299.352373][T10400] dump_header+0x10f/0xb6c [ 299.356855][T10400] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 299.362677][T10400] ? ___ratelimit+0x60/0x595 [ 299.367272][T10400] ? do_raw_spin_unlock+0x57/0x270 [ 299.372428][T10400] oom_kill_process.cold+0x10/0x15 [ 299.377569][T10400] out_of_memory+0x79a/0x1280 [ 299.382251][T10400] ? lock_downgrade+0x880/0x880 [ 299.387103][T10400] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 299.393366][T10400] ? oom_killer_disable+0x280/0x280 [ 299.398571][T10400] ? find_held_lock+0x35/0x130 [ 299.403354][T10400] mem_cgroup_out_of_memory+0x1ca/0x230 [ 299.408908][T10400] ? memcg_event_wake+0x230/0x230 [ 299.413944][T10400] ? do_raw_spin_unlock+0x57/0x270 [ 299.413960][T10400] ? _raw_spin_unlock+0x2d/0x50 [ 299.413976][T10400] try_charge+0x102c/0x15c0 [ 299.413989][T10400] ? find_held_lock+0x35/0x130 [ 299.414010][T10400] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 299.438764][T10400] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 299.445035][T10400] ? kasan_check_read+0x11/0x20 [ 299.449908][T10400] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 299.455569][T10400] mem_cgroup_try_charge+0x24d/0x5e0 [ 299.460916][T10400] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 299.466591][T10400] wp_page_copy+0x408/0x1740 [ 299.471226][T10400] ? find_held_lock+0x35/0x130 [ 299.476010][T10400] ? pmd_pfn+0x1d0/0x1d0 [ 299.480273][T10400] ? lock_downgrade+0x880/0x880 [ 299.485142][T10400] ? swp_swapcount+0x540/0x540 [ 299.489923][T10400] ? kasan_check_read+0x11/0x20 [ 299.494821][T10400] ? do_raw_spin_unlock+0x57/0x270 [ 299.499952][T10400] do_wp_page+0x48e/0x1500 [ 299.504373][T10400] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 299.509787][T10400] __handle_mm_fault+0x22e8/0x3ec0 [ 299.514893][T10400] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 299.520439][T10400] ? find_held_lock+0x35/0x130 [ 299.525215][T10400] ? handle_mm_fault+0x322/0xb30 [ 299.530140][T10400] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 299.536382][T10400] ? kasan_check_read+0x11/0x20 [ 299.541221][T10400] handle_mm_fault+0x43f/0xb30 [ 299.546085][T10400] __get_user_pages+0x7b6/0x1a40 [ 299.551041][T10400] ? follow_page_mask+0x19a0/0x19a0 [ 299.556225][T10400] ? retint_kernel+0x2d/0x2d [ 299.560799][T10400] populate_vma_page_range+0x20d/0x2a0 [ 299.566274][T10400] __mm_populate+0x204/0x380 [ 299.570870][T10400] ? populate_vma_page_range+0x2a0/0x2a0 [ 299.576487][T10400] __x64_sys_mlockall+0x35c/0x520 [ 299.581495][T10400] do_syscall_64+0x103/0x610 [ 299.586090][T10400] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 299.591984][T10400] RIP: 0033:0x458da9 [ 299.595882][T10400] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 299.615490][T10400] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 299.623940][T10400] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 299.632045][T10400] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 299.640010][T10400] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 299.647985][T10400] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 299.663488][T10400] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 299.673457][T10400] memory: usage 307200kB, limit 307200kB, failcnt 154 [ 299.680243][T10400] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 299.687848][T10400] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 299.694736][T10400] Memory cgroup stats for /syz2: cache:0KB rss:296792KB rss_huge:260096KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:147088KB active_anon:8812KB inactive_file:0KB active_file:0KB unevictable:141116KB [ 299.717012][T10400] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10398,uid=0 [ 299.732626][T10400] Memory cgroup out of memory: Killed process 10398 (syz-executor.2) total-vm:72580kB, anon-rss:18184kB, file-rss:54328kB, shmem-rss:0kB [ 299.746921][ T1043] oom_reaper: reaped process 10398 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB 12:46:55 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0xffffffff00000000}, 0x8) 12:46:55 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240), 0x0) 12:46:55 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(0x0, &(0x7f0000000580)) 12:46:55 executing program 3: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$dspn(0x0, 0x0, 0xc80) mlockall(0x3) 12:46:55 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000001300)='/dev/sequencer2\x00', 0x625652c78f7f266e, 0x0) ioctl$KVM_SET_IDENTITY_MAP_ADDR(r0, 0x4008ae48, &(0x7f0000001340)=0x3000) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg(0xffffffffffffff9c, &(0x7f0000001280)={&(0x7f00000000c0)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000140)=""/197, 0xc5}, {&(0x7f0000000000)=""/31, 0x1f}], 0x2, &(0x7f0000000280)=""/4096, 0x1000}, 0x141) connect$can_bcm(r1, &(0x7f00000012c0)={0x1d, r2}, 0x10) mlockall(0x3) 12:46:55 executing program 0: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) [ 299.851772][T10437] device nr0 entered promiscuous mode 12:46:55 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(0x0, &(0x7f0000000580)) 12:46:55 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x2}, 0x8) 12:46:56 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(0x0, &(0x7f0000000580)) [ 300.061271][T10442] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 300.092849][T10442] CPU: 0 PID: 10442 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 300.100907][T10442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.110971][T10442] Call Trace: [ 300.114271][T10442] dump_stack+0x172/0x1f0 [ 300.118623][T10442] dump_header+0x10f/0xb6c [ 300.123051][T10442] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 300.128862][T10442] ? ___ratelimit+0x60/0x595 [ 300.133454][T10442] ? do_raw_spin_unlock+0x57/0x270 [ 300.138572][T10442] oom_kill_process.cold+0x10/0x15 [ 300.143692][T10442] out_of_memory+0x79a/0x1280 [ 300.148377][T10442] ? lock_downgrade+0x880/0x880 [ 300.153230][T10442] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 300.159476][T10442] ? oom_killer_disable+0x280/0x280 [ 300.164671][T10442] ? find_held_lock+0x35/0x130 [ 300.169449][T10442] mem_cgroup_out_of_memory+0x1ca/0x230 [ 300.174993][T10442] ? memcg_event_wake+0x230/0x230 [ 300.180032][T10442] ? do_raw_spin_unlock+0x57/0x270 [ 300.185151][T10442] ? _raw_spin_unlock+0x2d/0x50 [ 300.190012][T10442] try_charge+0x102c/0x15c0 [ 300.194516][T10442] ? find_held_lock+0x35/0x130 [ 300.199824][T10442] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 300.205383][T10442] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 300.211628][T10442] ? kasan_check_read+0x11/0x20 [ 300.216489][T10442] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 300.222040][T10442] mem_cgroup_try_charge+0x24d/0x5e0 [ 300.227338][T10442] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 300.232982][T10442] __handle_mm_fault+0x1e1f/0x3ec0 [ 300.238105][T10442] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 300.243657][T10442] ? find_held_lock+0x35/0x130 [ 300.248423][T10442] ? handle_mm_fault+0x322/0xb30 [ 300.253377][T10442] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 300.259626][T10442] ? kasan_check_read+0x11/0x20 [ 300.264486][T10442] handle_mm_fault+0x43f/0xb30 [ 300.269260][T10442] __get_user_pages+0x7b6/0x1a40 [ 300.274218][T10442] ? follow_page_mask+0x19a0/0x19a0 [ 300.279414][T10442] ? __vma_adjust+0x1840/0x1840 [ 300.284276][T10442] ? lock_acquire+0x16f/0x3f0 [ 300.289098][T10442] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 300.295352][T10442] populate_vma_page_range+0x20d/0x2a0 [ 300.300831][T10442] __mm_populate+0x204/0x380 [ 300.305450][T10442] ? populate_vma_page_range+0x2a0/0x2a0 [ 300.311098][T10442] __x64_sys_mlockall+0x35c/0x520 [ 300.316138][T10442] do_syscall_64+0x103/0x610 [ 300.320738][T10442] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 300.326627][T10442] RIP: 0033:0x458da9 [ 300.330523][T10442] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 300.350155][T10442] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 300.358572][T10442] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 300.366546][T10442] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 300.374520][T10442] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 300.382509][T10442] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 300.390479][T10442] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff 12:46:56 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', 0x0) [ 300.542330][T10442] memory: usage 307200kB, limit 307200kB, failcnt 191 [ 300.556893][T10442] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 300.581418][T10442] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 300.596302][T10442] Memory cgroup stats for /syz2: cache:0KB rss:297004KB rss_huge:260096KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:150908KB active_anon:8828KB inactive_file:0KB active_file:4KB unevictable:137340KB [ 300.619475][T10442] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10260,uid=0 [ 300.640650][T10442] Memory cgroup out of memory: Killed process 10260 (syz-executor.2) total-vm:72712kB, anon-rss:18368kB, file-rss:34816kB, shmem-rss:0kB 12:46:56 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240), 0x0) 12:46:56 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x50}, 0x8) [ 300.787069][T10464] device nr0 entered promiscuous mode 12:46:56 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', 0x0) [ 300.946496][T10466] syz-executor.4 invoked oom-killer: gfp_mask=0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), order=3, oom_score_adj=1000 [ 300.978453][T10466] CPU: 1 PID: 10466 Comm: syz-executor.4 Not tainted 5.1.0-rc6+ #88 [ 300.986512][T10466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.996576][T10466] Call Trace: [ 300.999973][T10466] dump_stack+0x172/0x1f0 [ 301.004325][T10466] dump_header+0x10f/0xb6c [ 301.008753][T10466] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 301.014579][T10466] ? ___ratelimit+0x60/0x595 [ 301.019190][T10466] ? do_raw_spin_unlock+0x57/0x270 [ 301.024313][T10466] oom_kill_process.cold+0x10/0x15 [ 301.029441][T10466] out_of_memory+0x79a/0x1280 [ 301.032350][T10471] overlayfs: failed to resolve './file1': -2 [ 301.034214][T10466] ? lock_downgrade+0x880/0x880 [ 301.034295][T10466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 301.051828][T10466] ? oom_killer_disable+0x280/0x280 [ 301.057218][T10466] ? find_held_lock+0x35/0x130 [ 301.062090][T10466] mem_cgroup_out_of_memory+0x1ca/0x230 [ 301.067924][T10466] ? memcg_event_wake+0x230/0x230 [ 301.072974][T10466] ? do_raw_spin_unlock+0x57/0x270 [ 301.079371][T10466] ? _raw_spin_unlock+0x2d/0x50 [ 301.084345][T10466] try_charge+0x102c/0x15c0 [ 301.088857][T10466] ? find_held_lock+0x35/0x130 [ 301.093642][T10466] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 301.099200][T10466] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 301.104757][T10466] ? find_held_lock+0x35/0x130 [ 301.109540][T10466] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 301.115109][T10466] __memcg_kmem_charge_memcg+0x7c/0x130 [ 301.120669][T10466] ? memcg_kmem_put_cache+0xb0/0xb0 [ 301.125900][T10466] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 301.131472][T10466] __memcg_kmem_charge+0x136/0x300 [ 301.136599][T10466] __alloc_pages_nodemask+0x4bf/0x8d0 [ 301.141982][T10466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 301.148235][T10466] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 301.154044][T10466] ? copy_process.part.0+0x1d08/0x7980 [ 301.159605][T10466] ? lockdep_hardirqs_on+0x418/0x5d0 [ 301.164979][T10466] ? trace_hardirqs_on+0x67/0x230 [ 301.170027][T10466] copy_process.part.0+0x3e0/0x7980 [ 301.175237][T10466] ? __lockdep_free_key_range+0x120/0x120 [ 301.181015][T10466] ? sched_clock+0x2e/0x50 [ 301.185450][T10466] ? psi_memstall_leave+0x12e/0x180 [ 301.190664][T10466] ? find_held_lock+0x35/0x130 [ 301.195439][T10466] ? psi_memstall_leave+0x12e/0x180 [ 301.200666][T10466] ? __cleanup_sighand+0x60/0x60 [ 301.205649][T10466] ? perf_trace_lock+0xeb/0x510 [ 301.210599][T10466] ? __lockdep_free_key_range+0x120/0x120 [ 301.216388][T10466] _do_fork+0x257/0xfd0 [ 301.220559][T10466] ? fork_idle+0x1d0/0x1d0 [ 301.225075][T10466] ? blkcg_maybe_throttle_current+0x5e2/0xfc0 [ 301.231150][T10466] ? lock_downgrade+0x880/0x880 [ 301.236005][T10466] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 301.242265][T10466] ? blkcg_exit_queue+0x30/0x30 [ 301.247123][T10466] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 301.252593][T10466] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 301.258071][T10466] ? do_syscall_64+0x26/0x610 [ 301.262760][T10466] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 301.268848][T10466] ? do_syscall_64+0x26/0x610 [ 301.273542][T10466] __x64_sys_clone+0xbf/0x150 [ 301.278229][T10466] do_syscall_64+0x103/0x610 [ 301.282842][T10466] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 301.288740][T10466] RIP: 0033:0x45b779 12:46:57 executing program 0: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) [ 301.292642][T10466] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 301.312255][T10466] RSP: 002b:00007ffcd9ff6e08 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 301.320684][T10466] RAX: ffffffffffffffda RBX: 00007fe8adfaf700 RCX: 000000000045b779 [ 301.328670][T10466] RDX: 00007fe8adfaf9d0 RSI: 00007fe8adfaedb0 RDI: 00000000003d0f00 [ 301.336654][T10466] RBP: 00007ffcd9ff7020 R08: 00007fe8adfaf700 R09: 00007fe8adfaf700 12:46:57 executing program 3: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$dspn(0x0, 0x0, 0xc80) mlockall(0x3) 12:46:57 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', 0x0) [ 301.344640][T10466] R10: 00007fe8adfaf9d0 R11: 0000000000000202 R12: 0000000000000000 [ 301.352628][T10466] R13: 00007ffcd9ff6ebf R14: 00007fe8adfaf9c0 R15: 000000000073bfac [ 301.361317][T10466] memory: usage 307184kB, limit 307200kB, failcnt 917 [ 301.383741][T10466] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 301.408177][T10466] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 301.423144][T10466] Memory cgroup stats for /syz4: cache:0KB rss:296740KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:244672KB active_anon:4928KB inactive_file:0KB active_file:0KB unevictable:47104KB [ 301.481640][T10466] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9302,uid=0 [ 301.531350][T10466] Memory cgroup out of memory: Killed process 9302 (syz-executor.4) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 301.586077][ T1043] oom_reaper: reaped process 9302 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 12:46:57 executing program 2: mlockall(0x3) prctl$PR_SET_PDEATHSIG(0x1, 0x18) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) socketpair(0x11, 0x7, 0x5, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e21, 0x9, @loopback, 0x10000}}, 0x1, 0xffffffff, 0x8000000000, 0x4, 0x40}, &(0x7f0000000180)=0x98) setsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f00000001c0)={r2, 0x4, 0x3}, 0x10) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000200)={r2, @in6={{0xa, 0x4e20, 0xb749, @remote, 0x81}}, 0x2, 0x7, 0xbf22, 0x478d, 0x7fffffff}, &(0x7f00000002c0)=0x98) 12:46:57 executing program 1: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x0, 0xc80) mlockall(0x3) 12:46:57 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{0x0}], 0x1) 12:46:57 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x7d0}, 0x8) [ 301.894940][T10493] device nr0 entered promiscuous mode 12:46:58 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3f00}, 0x8) 12:46:58 executing program 0: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x4) [ 302.124456][T10500] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 302.173946][T10500] CPU: 1 PID: 10500 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 302.181962][T10500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.192028][T10500] Call Trace: [ 302.195378][T10500] dump_stack+0x172/0x1f0 [ 302.199730][T10500] dump_header+0x10f/0xb6c [ 302.204185][T10500] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 302.210019][T10500] ? ___ratelimit+0x60/0x595 [ 302.214630][T10500] ? do_raw_spin_unlock+0x57/0x270 [ 302.219813][T10500] oom_kill_process.cold+0x10/0x15 [ 302.225044][T10500] out_of_memory+0x79a/0x1280 [ 302.229736][T10500] ? lock_downgrade+0x880/0x880 [ 302.234599][T10500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 302.240862][T10500] ? oom_killer_disable+0x280/0x280 [ 302.246074][T10500] ? find_held_lock+0x35/0x130 [ 302.250873][T10500] mem_cgroup_out_of_memory+0x1ca/0x230 [ 302.256453][T10500] ? memcg_event_wake+0x230/0x230 [ 302.261531][T10500] ? do_raw_spin_unlock+0x57/0x270 [ 302.266656][T10500] ? _raw_spin_unlock+0x2d/0x50 [ 302.271518][T10500] try_charge+0x102c/0x15c0 [ 302.276028][T10500] ? find_held_lock+0x35/0x130 [ 302.280819][T10500] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 302.286382][T10500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 302.292728][T10500] ? kasan_check_read+0x11/0x20 [ 302.297595][T10500] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 302.303163][T10500] mem_cgroup_try_charge+0x24d/0x5e0 [ 302.308493][T10500] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 302.314142][T10500] __handle_mm_fault+0x1e1f/0x3ec0 [ 302.319275][T10500] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 302.324844][T10500] ? find_held_lock+0x35/0x130 [ 302.329629][T10500] ? handle_mm_fault+0x322/0xb30 [ 302.334586][T10500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 302.340852][T10500] ? kasan_check_read+0x11/0x20 [ 302.345722][T10500] handle_mm_fault+0x43f/0xb30 [ 302.350501][T10500] __get_user_pages+0x7b6/0x1a40 [ 302.355457][T10500] ? follow_page_mask+0x19a0/0x19a0 [ 302.360664][T10500] ? __vma_adjust+0x1840/0x1840 [ 302.365529][T10500] ? lock_acquire+0x16f/0x3f0 [ 302.370224][T10500] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 302.376486][T10500] populate_vma_page_range+0x20d/0x2a0 [ 302.381969][T10500] __mm_populate+0x204/0x380 [ 302.386584][T10500] ? populate_vma_page_range+0x2a0/0x2a0 [ 302.392251][T10500] __x64_sys_mlockall+0x35c/0x520 [ 302.397300][T10500] do_syscall_64+0x103/0x610 [ 302.401917][T10500] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 302.407833][T10500] RIP: 0033:0x458da9 [ 302.411739][T10500] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 302.431442][T10500] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 302.439864][T10500] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 302.447857][T10500] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 302.455852][T10500] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 302.463840][T10500] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 302.471836][T10500] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 302.480491][T10500] memory: usage 307200kB, limit 307200kB, failcnt 243 [ 302.489974][T10500] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 302.497708][T10500] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 12:46:58 executing program 3: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$dspn(0x0, 0x0, 0xc80) mlockall(0x3) [ 302.497721][T10500] Memory cgroup stats for /syz2: cache:0KB rss:296992KB rss_huge:258048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:150780KB active_anon:8828KB inactive_file:0KB active_file:0KB unevictable:137508KB [ 302.526945][T10500] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10301,uid=0 [ 302.542711][T10500] Memory cgroup out of memory: Killed process 10301 (syz-executor.2) total-vm:72712kB, anon-rss:18368kB, file-rss:34816kB, shmem-rss:0kB 12:46:58 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x5000}, 0x8) 12:46:58 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{0x0}], 0x1) [ 302.778036][T10517] device nr0 entered promiscuous mode 12:46:58 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0xd007}, 0x8) 12:46:59 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x1000000}, 0x8) 12:46:59 executing program 1: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x0, 0xc80) mlockall(0x3) 12:47:00 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) setsockopt$bt_hci_HCI_DATA_DIR(r0, 0x0, 0x1, &(0x7f00000000c0)=0x200, 0x4) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cachefiles\x00', 0x200, 0x0) write$P9_RVERSION(r0, &(0x7f0000000100)={0xf, 0x65, 0xffff, 0x7, 0x8, '9P2000.L'}, 0x15) mlockall(0x3) 12:47:00 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{0x0}], 0x1) 12:47:00 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x2000000}, 0x8) 12:47:00 executing program 3: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x0, 0x0) mlockall(0x3) 12:47:00 executing program 0: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x4) 12:47:00 executing program 1 (fault-call:5 fault-nth:0): mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 304.183848][T10551] device nr0 entered promiscuous mode [ 304.207890][T10549] FAULT_INJECTION: forcing a failure. [ 304.207890][T10549] name failslab, interval 1, probability 0, space 0, times 1 [ 304.239850][T10549] CPU: 0 PID: 10549 Comm: syz-executor.1 Not tainted 5.1.0-rc6+ #88 [ 304.247873][T10549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.258291][T10549] Call Trace: [ 304.261606][T10549] dump_stack+0x172/0x1f0 [ 304.266047][T10549] should_fail.cold+0xa/0x15 [ 304.270659][T10549] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 304.276487][T10549] ? ___might_sleep+0x163/0x280 [ 304.281377][T10549] __should_failslab+0x121/0x190 [ 304.286330][T10549] should_failslab+0x9/0x14 [ 304.290862][T10549] kmem_cache_alloc+0x2b2/0x6f0 [ 304.295795][T10549] ? __f_unlock_pos+0x19/0x20 [ 304.300714][T10549] getname_flags+0xd6/0x5b0 [ 304.305236][T10549] user_path_at_empty+0x2f/0x50 [ 304.310099][T10549] vfs_statx+0x129/0x200 [ 304.314359][T10549] ? vfs_statx_fd+0xc0/0xc0 [ 304.318877][T10549] ? kasan_check_write+0x14/0x20 [ 304.323833][T10549] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 304.329397][T10549] __do_sys_newstat+0xa4/0x130 [ 304.334167][T10549] ? cp_new_stat+0x5f0/0x5f0 [ 304.338766][T10549] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 304.345009][T10549] ? fput_many+0x12c/0x1a0 [ 304.349433][T10549] ? fput+0x1b/0x20 [ 304.353252][T10549] ? ksys_write+0x1f1/0x2d0 [ 304.357775][T10549] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 304.363428][T10549] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 304.368924][T10549] ? do_syscall_64+0x26/0x610 [ 304.373610][T10549] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 304.379773][T10549] ? do_syscall_64+0x26/0x610 [ 304.384474][T10549] ? lockdep_hardirqs_on+0x418/0x5d0 [ 304.389772][T10549] __x64_sys_newstat+0x54/0x80 [ 304.394554][T10549] do_syscall_64+0x103/0x610 [ 304.399158][T10549] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 304.405053][T10549] RIP: 0033:0x458da9 [ 304.408955][T10549] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 304.428566][T10549] RSP: 002b:00007fcf6eb6ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 304.437073][T10549] RAX: ffffffffffffffda RBX: 00007fcf6eb6ec90 RCX: 0000000000458da9 [ 304.445054][T10549] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000020000240 [ 304.453039][T10549] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 304.461019][T10549] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcf6eb6f6d4 [ 304.469018][T10549] R13: 00000000004e413b R14: 00000000004dd4d8 R15: 0000000000000004 [ 304.479662][T10554] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 304.508405][T10554] CPU: 1 PID: 10554 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 304.516445][T10554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.526510][T10554] Call Trace: [ 304.529832][T10554] dump_stack+0x172/0x1f0 [ 304.534183][T10554] dump_header+0x10f/0xb6c [ 304.538624][T10554] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 304.544447][T10554] ? ___ratelimit+0x60/0x595 [ 304.549050][T10554] ? do_raw_spin_unlock+0x57/0x270 [ 304.554181][T10554] oom_kill_process.cold+0x10/0x15 [ 304.559305][T10554] out_of_memory+0x79a/0x1280 [ 304.563996][T10554] ? lock_downgrade+0x880/0x880 [ 304.568855][T10554] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 304.575110][T10554] ? oom_killer_disable+0x280/0x280 [ 304.580308][T10554] ? find_held_lock+0x35/0x130 [ 304.585091][T10554] mem_cgroup_out_of_memory+0x1ca/0x230 [ 304.590648][T10554] ? memcg_event_wake+0x230/0x230 [ 304.595690][T10554] ? do_raw_spin_unlock+0x57/0x270 [ 304.600828][T10554] ? _raw_spin_unlock+0x2d/0x50 [ 304.605692][T10554] try_charge+0x102c/0x15c0 [ 304.610198][T10554] ? find_held_lock+0x35/0x130 [ 304.614977][T10554] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 304.620626][T10554] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 304.628067][T10554] ? kasan_check_read+0x11/0x20 [ 304.632934][T10554] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 304.638494][T10554] mem_cgroup_try_charge+0x24d/0x5e0 [ 304.643795][T10554] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 304.649540][T10554] __handle_mm_fault+0x1e1f/0x3ec0 [ 304.660359][T10554] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 304.666527][T10554] ? find_held_lock+0x35/0x130 [ 304.671310][T10554] ? handle_mm_fault+0x322/0xb30 [ 304.676265][T10554] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 304.682525][T10554] ? kasan_check_read+0x11/0x20 [ 304.687398][T10554] handle_mm_fault+0x43f/0xb30 [ 304.692185][T10554] __get_user_pages+0x7b6/0x1a40 [ 304.697144][T10554] ? follow_page_mask+0x19a0/0x19a0 [ 304.702354][T10554] ? __vma_adjust+0x1840/0x1840 [ 304.707217][T10554] ? lock_acquire+0x16f/0x3f0 [ 304.711898][T10554] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 304.718163][T10554] populate_vma_page_range+0x20d/0x2a0 [ 304.723643][T10554] __mm_populate+0x204/0x380 [ 304.728248][T10554] ? populate_vma_page_range+0x2a0/0x2a0 [ 304.733898][T10554] __x64_sys_mlockall+0x35c/0x520 [ 304.738927][T10554] do_syscall_64+0x103/0x610 [ 304.743524][T10554] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 304.749412][T10554] RIP: 0033:0x458da9 [ 304.753305][T10554] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 304.774451][T10554] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 304.782891][T10554] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 304.790966][T10554] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 304.799031][T10554] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 12:47:00 executing program 1 (fault-call:5 fault-nth:1): mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:47:00 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3f000000}, 0x8) [ 304.807011][T10554] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 304.814994][T10554] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 304.942856][T10564] FAULT_INJECTION: forcing a failure. [ 304.942856][T10564] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 304.956110][T10564] CPU: 1 PID: 10564 Comm: syz-executor.1 Not tainted 5.1.0-rc6+ #88 [ 304.964119][T10564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.974204][T10564] Call Trace: [ 304.977514][T10564] dump_stack+0x172/0x1f0 [ 304.981863][T10564] should_fail.cold+0xa/0x15 [ 304.986473][T10564] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 304.992316][T10564] ? __lock_acquire+0x548/0x3fb0 [ 304.997262][T10564] ? is_dynamic_key+0x1c0/0x1c0 [ 305.002799][T10564] should_fail_alloc_page+0x50/0x60 [ 305.002827][T10564] __alloc_pages_nodemask+0x1a1/0x8d0 [ 305.002848][T10564] ? __alloc_pages_slowpath+0x28b0/0x28b0 [ 305.002862][T10564] ? find_held_lock+0x35/0x130 12:47:01 executing program 1 (fault-call:5 fault-nth:2): mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 305.002881][T10564] ? __lock_acquire+0x548/0x3fb0 [ 305.002900][T10564] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 305.002921][T10564] cache_grow_begin+0x9c/0x860 12:47:01 executing program 5 (fault-call:4 fault-nth:0): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) [ 305.002937][T10564] ? getname_flags+0xd6/0x5b0 [ 305.002953][T10564] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 305.002973][T10564] kmem_cache_alloc+0x62d/0x6f0 [ 305.002990][T10564] ? __f_unlock_pos+0x19/0x20 12:47:01 executing program 3: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x0, 0x0) mlockall(0x3) [ 305.003010][T10564] getname_flags+0xd6/0x5b0 [ 305.003029][T10564] user_path_at_empty+0x2f/0x50 [ 305.003047][T10564] vfs_statx+0x129/0x200 [ 305.003065][T10564] ? vfs_statx_fd+0xc0/0xc0 12:47:01 executing program 1 (fault-call:5 fault-nth:3): mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 305.003081][T10564] ? kasan_check_write+0x14/0x20 [ 305.003099][T10564] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 305.003121][T10564] __do_sys_newstat+0xa4/0x130 [ 305.003136][T10564] ? cp_new_stat+0x5f0/0x5f0 [ 305.003153][T10564] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 305.003165][T10564] ? fput_many+0x12c/0x1a0 [ 305.003179][T10564] ? fput+0x1b/0x20 [ 305.003195][T10564] ? ksys_write+0x1f1/0x2d0 [ 305.003216][T10564] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 305.003231][T10564] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 305.003246][T10564] ? do_syscall_64+0x26/0x610 [ 305.003261][T10564] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 305.003276][T10564] ? do_syscall_64+0x26/0x610 [ 305.003291][T10564] ? lockdep_hardirqs_on+0x418/0x5d0 [ 305.003310][T10564] __x64_sys_newstat+0x54/0x80 [ 305.003327][T10564] do_syscall_64+0x103/0x610 [ 305.003345][T10564] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 305.003357][T10564] RIP: 0033:0x458da9 [ 305.003372][T10564] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 305.003381][T10564] RSP: 002b:00007fcf6eb6ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 305.003396][T10564] RAX: ffffffffffffffda RBX: 00007fcf6eb6ec90 RCX: 0000000000458da9 [ 305.003405][T10564] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000020000240 [ 305.003414][T10564] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 305.003423][T10564] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcf6eb6f6d4 [ 305.003432][T10564] R13: 00000000004e413b R14: 00000000004dd4d8 R15: 0000000000000004 [ 305.152529][T10554] memory: usage 307200kB, limit 307200kB, failcnt 273 [ 305.152543][T10554] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 305.152552][T10554] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 305.152559][T10554] Memory cgroup stats for /syz2: cache:0KB rss:297564KB rss_huge:256000KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:148604KB active_anon:8828KB inactive_file:0KB active_file:4KB unevictable:140192KB [ 305.152641][T10554] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9754,uid=0 [ 305.152742][T10554] Memory cgroup out of memory: Killed process 9754 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 305.372347][T10570] FAULT_INJECTION: forcing a failure. [ 305.372347][T10570] name failslab, interval 1, probability 0, space 0, times 0 [ 305.372700][T10570] CPU: 0 PID: 10570 Comm: syz-executor.1 Not tainted 5.1.0-rc6+ #88 [ 305.372708][T10570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.372713][T10570] Call Trace: [ 305.372737][T10570] dump_stack+0x172/0x1f0 [ 305.372756][T10570] should_fail.cold+0xa/0x15 [ 305.372775][T10570] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 305.372796][T10570] ? ___might_sleep+0x163/0x280 [ 305.372827][T10570] __should_failslab+0x121/0x190 [ 305.372845][T10570] should_failslab+0x9/0x14 [ 305.372863][T10570] kmem_cache_alloc+0x2b2/0x6f0 [ 305.372882][T10570] ? __lock_acquire+0x548/0x3fb0 [ 305.372900][T10570] __d_alloc+0x2e/0x8c0 [ 305.372918][T10570] d_alloc+0x4d/0x2b0 [ 305.372938][T10570] d_alloc_parallel+0xf4/0x1bc0 [ 305.372960][T10570] ? __lock_acquire+0x548/0x3fb0 [ 305.372977][T10570] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 305.373061][T10570] ? smack_log+0x415/0x540 [ 305.373078][T10570] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 305.373104][T10570] ? __d_lookup_rcu+0x6c0/0x6c0 [ 305.373127][T10570] ? find_held_lock+0x35/0x130 [ 305.373150][T10570] ? lockdep_init_map+0x1be/0x6d0 [ 305.373167][T10570] ? lockdep_init_map+0x1be/0x6d0 [ 305.373189][T10570] __lookup_slow+0x1ab/0x500 [ 305.373206][T10570] ? vfs_unlink+0x560/0x560 [ 305.373218][T10570] ? __d_lookup+0x433/0x760 [ 305.373258][T10570] lookup_slow+0x58/0x80 [ 305.373275][T10570] walk_component+0x74b/0x2000 [ 305.373288][T10570] ? inode_permission+0xb4/0x570 [ 305.373307][T10570] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 305.373326][T10570] ? path_init+0x18f0/0x18f0 [ 305.373344][T10570] ? walk_component+0x2000/0x2000 [ 305.373361][T10570] ? __kasan_kmalloc.constprop.0+0xb0/0xe0 [ 305.373385][T10570] path_lookupat.isra.0+0x1f5/0x8d0 [ 305.373404][T10570] ? path_parentat.isra.0+0x160/0x160 [ 305.373421][T10570] ? cache_grow_end+0xa4/0x190 [ 305.373438][T10570] ? find_held_lock+0x35/0x130 [ 305.373454][T10570] ? cache_grow_end+0xa4/0x190 [ 305.373477][T10570] filename_lookup+0x1b0/0x410 [ 305.373494][T10570] ? nd_jump_link+0x1d0/0x1d0 [ 305.373519][T10570] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 305.373595][T10570] ? __phys_addr_symbol+0x30/0x70 [ 305.373611][T10570] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 305.373627][T10570] ? __check_object_size+0x3d/0x42f [ 305.373648][T10570] ? strncpy_from_user+0x2a8/0x380 [ 305.373668][T10570] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 305.373682][T10570] ? getname_flags+0x277/0x5b0 [ 305.373703][T10570] user_path_at_empty+0x43/0x50 [ 305.373722][T10570] vfs_statx+0x129/0x200 [ 305.373741][T10570] ? vfs_statx_fd+0xc0/0xc0 [ 305.373758][T10570] ? kasan_check_write+0x14/0x20 [ 305.373775][T10570] ? __mutex_unlock_slowpath+0xf8/0x6b0 12:47:02 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x3, 0x0) r1 = semget$private(0x0, 0x2, 0x408) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) getgroups(0x1, &(0x7f0000000200)=[0x0]) ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f0000000300)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xc75, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={'nr', 0x0}, 0x4, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default]}) getresuid(&(0x7f0000000240)=0x0, &(0x7f0000000280), &(0x7f00000002c0)) lstat(&(0x7f0000000380)='./file0\x00', &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) semctl$IPC_SET(r1, 0x0, 0x1, &(0x7f00000003c0)={{0x3, r2, r3, r4, r5, 0x40, 0x12}, 0x6, 0x2}) ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f00000000c0)) 12:47:02 executing program 0: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x4) 12:47:02 executing program 1 (fault-call:5 fault-nth:4): mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:47:02 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x50000000}, 0x8) [ 305.373798][T10570] __do_sys_newstat+0xa4/0x130 [ 305.373825][T10570] ? cp_new_stat+0x5f0/0x5f0 [ 305.373843][T10570] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 305.373857][T10570] ? fput_many+0x12c/0x1a0 [ 305.373870][T10570] ? fput+0x1b/0x20 [ 305.373887][T10570] ? ksys_write+0x1f1/0x2d0 [ 305.373909][T10570] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 305.373925][T10570] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 305.373940][T10570] ? do_syscall_64+0x26/0x610 [ 305.373957][T10570] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 305.373971][T10570] ? do_syscall_64+0x26/0x610 [ 305.373987][T10570] ? lockdep_hardirqs_on+0x418/0x5d0 [ 305.374009][T10570] __x64_sys_newstat+0x54/0x80 [ 305.374027][T10570] do_syscall_64+0x103/0x610 [ 305.374048][T10570] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 305.374060][T10570] RIP: 0033:0x458da9 [ 305.374075][T10570] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 12:47:02 executing program 3: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x0, 0x0) mlockall(0x3) [ 305.374084][T10570] RSP: 002b:00007fcf6eb6ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 305.374101][T10570] RAX: ffffffffffffffda RBX: 00007fcf6eb6ec90 RCX: 0000000000458da9 [ 305.374110][T10570] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000020000240 [ 305.374126][T10570] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 305.374137][T10570] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcf6eb6f6d4 [ 305.374146][T10570] R13: 00000000004e413b R14: 00000000004dd4d8 R15: 0000000000000004 [ 305.399504][T10572] device nr0 entered promiscuous mode [ 305.636068][T10578] FAULT_INJECTION: forcing a failure. [ 305.636068][T10578] name failslab, interval 1, probability 0, space 0, times 0 [ 305.636132][T10578] CPU: 0 PID: 10578 Comm: syz-executor.1 Not tainted 5.1.0-rc6+ #88 [ 305.636142][T10578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.636147][T10578] Call Trace: [ 305.636171][T10578] dump_stack+0x172/0x1f0 [ 305.636194][T10578] should_fail.cold+0xa/0x15 [ 305.636214][T10578] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 305.636236][T10578] ? ___might_sleep+0x163/0x280 [ 305.636257][T10578] __should_failslab+0x121/0x190 [ 305.636273][T10578] should_failslab+0x9/0x14 [ 305.636289][T10578] kmem_cache_alloc+0x2b2/0x6f0 [ 305.636307][T10578] ? __lock_acquire+0x548/0x3fb0 [ 305.636328][T10578] __d_alloc+0x2e/0x8c0 [ 305.636346][T10578] d_alloc+0x4d/0x2b0 [ 305.636366][T10578] d_alloc_parallel+0xf4/0x1bc0 [ 305.636382][T10578] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 305.636397][T10578] ? smack_log+0x415/0x540 [ 305.636420][T10578] ? __lock_acquire+0x548/0x3fb0 [ 305.636439][T10578] ? __d_lookup_rcu+0x6c0/0x6c0 [ 305.636460][T10578] ? lockdep_init_map+0x1be/0x6d0 [ 305.636485][T10578] ? lockdep_init_map+0x1be/0x6d0 [ 305.636508][T10578] __lookup_slow+0x1ab/0x500 [ 305.636525][T10578] ? vfs_unlink+0x560/0x560 [ 305.636569][T10578] lookup_slow+0x58/0x80 [ 305.636587][T10578] lookup_one_len_unlocked+0xf6/0x100 [ 305.636602][T10578] ? lookup_slow+0x80/0x80 [ 305.636692][T10578] ovl_lookup_single+0x63/0x880 [ 305.636741][T10578] ovl_lookup_layer+0x40d/0x4c0 [ 305.636760][T10578] ? d_alloc_parallel+0x7b0/0x1bc0 [ 305.636777][T10578] ? ovl_lookup_single+0x880/0x880 [ 305.636796][T10578] ? kasan_check_write+0x14/0x20 [ 305.636848][T10578] ? override_creds+0x144/0x180 [ 305.636869][T10578] ovl_lookup+0x43e/0x1a10 [ 305.636884][T10578] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 305.636913][T10578] ? ovl_path_next+0x2e0/0x2e0 [ 305.636929][T10578] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 305.636954][T10578] ? __d_lookup_rcu+0x690/0x6c0 [ 305.636968][T10578] ? find_held_lock+0x35/0x130 [ 305.636988][T10578] ? lockdep_init_map+0x1be/0x6d0 [ 305.637005][T10578] ? lockdep_init_map+0x1be/0x6d0 [ 305.637026][T10578] __lookup_slow+0x27e/0x500 [ 305.637042][T10578] ? vfs_unlink+0x560/0x560 [ 305.637054][T10578] ? __d_lookup+0x433/0x760 [ 305.637095][T10578] lookup_slow+0x58/0x80 [ 305.637120][T10578] walk_component+0x74b/0x2000 [ 305.637134][T10578] ? inode_permission+0xb4/0x570 [ 305.637152][T10578] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 305.637170][T10578] ? path_init+0x18f0/0x18f0 [ 305.637188][T10578] ? walk_component+0x2000/0x2000 [ 305.637203][T10578] ? __kasan_kmalloc.constprop.0+0xb0/0xe0 [ 305.637224][T10578] path_lookupat.isra.0+0x1f5/0x8d0 [ 305.637240][T10578] ? path_parentat.isra.0+0x160/0x160 [ 305.637255][T10578] ? cache_grow_end+0xa4/0x190 [ 305.637271][T10578] ? find_held_lock+0x35/0x130 [ 305.637287][T10578] ? cache_grow_end+0xa4/0x190 [ 305.637306][T10578] filename_lookup+0x1b0/0x410 [ 305.637320][T10578] ? nd_jump_link+0x1d0/0x1d0 [ 305.637341][T10578] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 305.637358][T10578] ? __phys_addr_symbol+0x30/0x70 [ 305.637373][T10578] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 305.637386][T10578] ? __check_object_size+0x3d/0x42f [ 305.637406][T10578] ? strncpy_from_user+0x2a8/0x380 [ 305.637423][T10578] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 305.637436][T10578] ? getname_flags+0x277/0x5b0 [ 305.637455][T10578] user_path_at_empty+0x43/0x50 [ 305.637474][T10578] vfs_statx+0x129/0x200 [ 305.637489][T10578] ? vfs_statx_fd+0xc0/0xc0 [ 305.637503][T10578] ? kasan_check_write+0x14/0x20 [ 305.637519][T10578] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 305.637541][T10578] __do_sys_newstat+0xa4/0x130 [ 305.637557][T10578] ? cp_new_stat+0x5f0/0x5f0 [ 305.637572][T10578] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 305.637583][T10578] ? fput_many+0x12c/0x1a0 [ 305.637596][T10578] ? fput+0x1b/0x20 [ 305.637612][T10578] ? ksys_write+0x1f1/0x2d0 [ 305.637632][T10578] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 305.637648][T10578] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 305.637662][T10578] ? do_syscall_64+0x26/0x610 [ 305.637675][T10578] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 305.637688][T10578] ? do_syscall_64+0x26/0x610 [ 305.637702][T10578] ? lockdep_hardirqs_on+0x418/0x5d0 [ 305.637723][T10578] __x64_sys_newstat+0x54/0x80 [ 305.637739][T10578] do_syscall_64+0x103/0x610 [ 305.637757][T10578] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 305.637768][T10578] RIP: 0033:0x458da9 [ 305.637785][T10578] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 305.637794][T10578] RSP: 002b:00007fcf6eb6ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 305.637823][T10578] RAX: ffffffffffffffda RBX: 00007fcf6eb6ec90 RCX: 0000000000458da9 [ 305.637834][T10578] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000020000240 [ 305.637845][T10578] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 305.637855][T10578] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcf6eb6f6d4 [ 305.637866][T10578] R13: 00000000004e413b R14: 00000000004dd4d8 R15: 0000000000000004 [ 306.283467][T10588] FAULT_INJECTION: forcing a failure. [ 306.283467][T10588] name failslab, interval 1, probability 0, space 0, times 0 [ 306.498738][T10593] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 306.514775][T10588] CPU: 1 PID: 10588 Comm: syz-executor.1 Not tainted 5.1.0-rc6+ #88 [ 306.844742][T10588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.844750][T10588] Call Trace: [ 306.844780][T10588] dump_stack+0x172/0x1f0 [ 306.844802][T10588] should_fail.cold+0xa/0x15 [ 306.844833][T10588] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 306.844855][T10588] ? ___might_sleep+0x163/0x280 [ 306.844876][T10588] __should_failslab+0x121/0x190 [ 306.844892][T10588] should_failslab+0x9/0x14 [ 306.844908][T10588] __kmalloc+0x2dc/0x740 [ 306.844924][T10588] ? ovl_lookup_single+0x880/0x880 [ 306.844943][T10588] ? kasan_check_write+0x14/0x20 [ 306.844958][T10588] ? ovl_lookup+0xc02/0x1a10 [ 306.844977][T10588] ovl_lookup+0xc02/0x1a10 [ 306.845009][T10588] ? ovl_path_next+0x2e0/0x2e0 [ 306.845023][T10588] ? perf_trace_lock+0xeb/0x510 [ 306.845051][T10588] ? __d_lookup_rcu+0x690/0x6c0 [ 306.845066][T10588] ? find_held_lock+0x35/0x130 [ 306.845086][T10588] ? lockdep_init_map+0x1be/0x6d0 [ 306.845103][T10588] ? lockdep_init_map+0x1be/0x6d0 [ 306.845126][T10588] __lookup_slow+0x27e/0x500 [ 306.845143][T10588] ? vfs_unlink+0x560/0x560 [ 306.845155][T10588] ? __d_lookup+0x433/0x760 [ 306.845200][T10588] lookup_slow+0x58/0x80 [ 306.845217][T10588] walk_component+0x74b/0x2000 [ 306.845229][T10588] ? inode_permission+0xb4/0x570 [ 306.845249][T10588] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 306.845268][T10588] ? path_init+0x18f0/0x18f0 [ 306.845287][T10588] ? walk_component+0x2000/0x2000 [ 306.845304][T10588] ? __kasan_kmalloc.constprop.0+0xb0/0xe0 [ 306.845328][T10588] path_lookupat.isra.0+0x1f5/0x8d0 [ 306.845348][T10588] ? path_parentat.isra.0+0x160/0x160 [ 306.845366][T10588] ? cache_grow_end+0xa4/0x190 [ 306.845381][T10588] ? find_held_lock+0x35/0x130 [ 306.845398][T10588] ? cache_grow_end+0xa4/0x190 [ 306.845420][T10588] filename_lookup+0x1b0/0x410 [ 306.845436][T10588] ? nd_jump_link+0x1d0/0x1d0 [ 306.845462][T10588] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 306.845479][T10588] ? __phys_addr_symbol+0x30/0x70 [ 306.845493][T10588] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 306.845508][T10588] ? __check_object_size+0x3d/0x42f [ 306.845532][T10588] ? strncpy_from_user+0x2a8/0x380 [ 306.845551][T10588] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 306.845565][T10588] ? getname_flags+0x277/0x5b0 [ 306.845585][T10588] user_path_at_empty+0x43/0x50 [ 306.845604][T10588] vfs_statx+0x129/0x200 [ 306.845627][T10588] ? vfs_statx_fd+0xc0/0xc0 [ 306.845644][T10588] ? kasan_check_write+0x14/0x20 [ 306.845661][T10588] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 306.845684][T10588] __do_sys_newstat+0xa4/0x130 [ 306.845700][T10588] ? cp_new_stat+0x5f0/0x5f0 [ 306.845717][T10588] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 306.845730][T10588] ? fput_many+0x12c/0x1a0 [ 306.845745][T10588] ? fput+0x1b/0x20 [ 306.845762][T10588] ? ksys_write+0x1f1/0x2d0 [ 306.845783][T10588] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 306.845799][T10588] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 306.845823][T10588] ? do_syscall_64+0x26/0x610 [ 306.845839][T10588] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 306.845854][T10588] ? do_syscall_64+0x26/0x610 [ 306.845869][T10588] ? lockdep_hardirqs_on+0x418/0x5d0 [ 306.845890][T10588] __x64_sys_newstat+0x54/0x80 [ 306.845907][T10588] do_syscall_64+0x103/0x610 [ 306.845926][T10588] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 306.845940][T10588] RIP: 0033:0x458da9 [ 306.845957][T10588] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 306.845965][T10588] RSP: 002b:00007fcf6eb6ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000004 [ 306.845981][T10588] RAX: ffffffffffffffda RBX: 00007fcf6eb6ec90 RCX: 0000000000458da9 [ 306.845991][T10588] RDX: 0000000000000000 RSI: 0000000020000580 RDI: 0000000020000240 [ 306.846000][T10588] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 306.846010][T10588] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcf6eb6f6d4 [ 306.846019][T10588] R13: 00000000004e413b R14: 00000000004dd4d8 R15: 0000000000000004 [ 306.862509][T10593] CPU: 1 PID: 10593 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 306.880466][T10593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 306.880473][T10593] Call Trace: [ 306.880501][T10593] dump_stack+0x172/0x1f0 [ 306.880523][T10593] dump_header+0x10f/0xb6c [ 306.880545][T10593] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 306.904221][T10593] ? ___ratelimit+0x60/0x595 [ 306.904240][T10593] ? do_raw_spin_unlock+0x57/0x270 [ 306.904261][T10593] oom_kill_process.cold+0x10/0x15 [ 306.904279][T10593] out_of_memory+0x79a/0x1280 [ 306.904295][T10593] ? lock_downgrade+0x880/0x880 [ 306.904310][T10593] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 306.904325][T10593] ? oom_killer_disable+0x280/0x280 [ 306.904337][T10593] ? find_held_lock+0x35/0x130 [ 306.904363][T10593] mem_cgroup_out_of_memory+0x1ca/0x230 [ 306.904377][T10593] ? memcg_event_wake+0x230/0x230 [ 306.904398][T10593] ? do_raw_spin_unlock+0x57/0x270 [ 306.904419][T10593] ? _raw_spin_unlock+0x2d/0x50 [ 306.923045][T10593] try_charge+0x102c/0x15c0 [ 306.923062][T10593] ? find_held_lock+0x35/0x130 [ 306.923086][T10593] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 306.923105][T10593] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 306.923124][T10593] ? kasan_check_read+0x11/0x20 [ 306.923144][T10593] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 306.923164][T10593] mem_cgroup_try_charge+0x24d/0x5e0 [ 306.923189][T10593] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 306.923211][T10593] __handle_mm_fault+0x1e1f/0x3ec0 [ 306.938089][T10593] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 306.956650][T10593] ? find_held_lock+0x35/0x130 [ 306.956672][T10593] ? handle_mm_fault+0x322/0xb30 [ 306.956701][T10593] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 306.956721][T10593] ? kasan_check_read+0x11/0x20 [ 306.956744][T10593] handle_mm_fault+0x43f/0xb30 [ 306.965742][T10593] __get_user_pages+0x7b6/0x1a40 [ 306.965772][T10593] ? follow_page_mask+0x19a0/0x19a0 [ 306.965787][T10593] ? perf_trace_lock+0xeb/0x510 [ 306.965801][T10593] ? __vma_adjust+0x1840/0x1840 [ 306.965831][T10593] ? lock_acquire+0x16f/0x3f0 [ 306.965847][T10593] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 306.965869][T10593] populate_vma_page_range+0x20d/0x2a0 [ 306.965890][T10593] __mm_populate+0x204/0x380 [ 306.965910][T10593] ? populate_vma_page_range+0x2a0/0x2a0 [ 306.965935][T10593] __x64_sys_mlockall+0x35c/0x520 [ 306.965954][T10593] do_syscall_64+0x103/0x610 [ 306.965977][T10593] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 306.977126][T10593] RIP: 0033:0x458da9 [ 306.977145][T10593] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 307.496205][T10593] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 307.504630][T10593] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 307.512709][T10593] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 307.520688][T10593] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 307.528693][T10593] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 307.536679][T10593] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff 12:47:03 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) [ 307.677039][T10593] memory: usage 306832kB, limit 307200kB, failcnt 308 12:47:03 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0xd0070000}, 0x8) [ 307.736857][T10604] device nr0 entered promiscuous mode 12:47:03 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 307.914717][T10593] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 307.922578][T10593] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 307.929706][T10593] Memory cgroup stats for /syz2: cache:0KB rss:297424KB rss_huge:253952KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:162940KB active_anon:8828KB inactive_file:4KB active_file:0KB unevictable:125752KB [ 307.956544][T10593] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9868,uid=0 [ 307.974147][T10593] Memory cgroup out of memory: Killed process 9868 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB 12:47:04 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:04 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x100000000000000}, 0x8) 12:47:04 executing program 3: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x0, 0xc80) mlockall(0x0) 12:47:04 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 308.291636][T10619] overlayfs: './file0' not a directory [ 308.491264][T10624] overlayfs: './file0' not a directory [ 308.558071][T10628] cgroup: fork rejected by pids controller in /syz3 12:47:05 executing program 2: mlockall(0x3) r0 = dup2(0xffffffffffffff9c, 0xffffffffffffffff) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000000), &(0x7f00000000c0)=0x4) socket$kcm(0x2, 0x6, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0x29, 0x2, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SIOCNRDECOBS(0xffffffffffffffff, 0x89e2) r2 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882) write$binfmt_aout(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000d50104000000000100000000dcdf6c68a94a86be9084baa5b5db07000000680000010000000000"], 0x2b) syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(r2, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) read$rfkill(r2, 0x0, 0x0) r3 = dup3(r1, 0xffffffffffffffff, 0x0) munlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000) getsockopt$inet_sctp_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000080), &(0x7f00000000c0)=0xb) close(r3) mlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:47:05 executing program 0 (fault-call:6 fault-nth:0): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15}) 12:47:05 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0x3}], 0x1) 12:47:05 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x200000000000000}, 0x8) 12:47:05 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:05 executing program 3: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x0, 0xc80) mlockall(0x0) [ 309.607141][T10635] device nr0 entered promiscuous mode 12:47:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15}) [ 309.700037][T10648] overlayfs: './file0' not a directory 12:47:05 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3f00000000000000}, 0x8) 12:47:05 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 309.773579][T10646] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 309.814895][T10646] CPU: 0 PID: 10646 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 309.822913][T10646] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.832972][T10646] Call Trace: [ 309.836275][T10646] dump_stack+0x172/0x1f0 [ 309.840612][T10646] dump_header+0x10f/0xb6c [ 309.845034][T10646] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 309.850853][T10646] ? ___ratelimit+0x60/0x595 [ 309.855445][T10646] ? do_raw_spin_unlock+0x57/0x270 [ 309.860567][T10646] oom_kill_process.cold+0x10/0x15 [ 309.865685][T10646] out_of_memory+0x79a/0x1280 [ 309.870364][T10646] ? lock_downgrade+0x880/0x880 [ 309.875219][T10646] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 309.881458][T10646] ? oom_killer_disable+0x280/0x280 [ 309.886660][T10646] ? find_held_lock+0x35/0x130 [ 309.891434][T10646] mem_cgroup_out_of_memory+0x1ca/0x230 [ 309.897071][T10646] ? memcg_event_wake+0x230/0x230 [ 309.902120][T10646] ? do_raw_spin_unlock+0x57/0x270 [ 309.907251][T10646] ? _raw_spin_unlock+0x2d/0x50 [ 309.912117][T10646] try_charge+0x102c/0x15c0 [ 309.916620][T10646] ? find_held_lock+0x35/0x130 [ 309.921391][T10646] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 309.926939][T10646] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 309.933274][T10646] ? kasan_check_read+0x11/0x20 [ 309.938231][T10646] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 309.943788][T10646] mem_cgroup_try_charge+0x24d/0x5e0 [ 309.949089][T10646] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 309.954730][T10646] __handle_mm_fault+0x1e1f/0x3ec0 [ 309.959854][T10646] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 309.965404][T10646] ? find_held_lock+0x35/0x130 [ 309.970171][T10646] ? handle_mm_fault+0x322/0xb30 [ 309.975130][T10646] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 309.981384][T10646] ? kasan_check_read+0x11/0x20 [ 309.986268][T10646] handle_mm_fault+0x43f/0xb30 [ 309.991044][T10646] __get_user_pages+0x7b6/0x1a40 [ 309.995998][T10646] ? follow_page_mask+0x19a0/0x19a0 [ 310.001205][T10646] ? __vma_adjust+0x1840/0x1840 [ 310.006067][T10646] ? lock_acquire+0x16f/0x3f0 [ 310.010760][T10646] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 310.017022][T10646] populate_vma_page_range+0x20d/0x2a0 [ 310.022494][T10646] __mm_populate+0x204/0x380 [ 310.027091][T10646] ? populate_vma_page_range+0x2a0/0x2a0 [ 310.032740][T10646] __x64_sys_mlockall+0x35c/0x520 [ 310.037769][T10646] do_syscall_64+0x103/0x610 [ 310.042369][T10646] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 310.048261][T10646] RIP: 0033:0x458da9 [ 310.052152][T10646] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 310.071764][T10646] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 310.080189][T10646] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 310.088162][T10646] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 310.096137][T10646] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 310.104109][T10646] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 310.112091][T10646] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 310.131393][T10646] memory: usage 307200kB, limit 307200kB, failcnt 324 [ 310.150668][T10646] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 12:47:06 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x2, &(0x7f0000000040)={0x15}) [ 310.161347][T10646] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 310.183453][T10646] Memory cgroup stats for /syz2: cache:0KB rss:297836KB rss_huge:251904KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB [ 310.197787][T10646] inactive_anon:162940KB active_anon:8828KB inactive_file:0KB active_file:0KB unevictable:126128KB [ 310.234943][T10646] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=9908,uid=0 [ 310.273477][T10646] Memory cgroup out of memory: Killed process 9908 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 310.300981][ T1043] oom_reaper: reaped process 9908 (syz-executor.2), now anon-rss:0kB, file-rss:34692kB, shmem-rss:0kB [ 310.333481][T10661] overlayfs: './file0' not a directory 12:47:06 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5409, &(0x7f0000000040)={0x15}) 12:47:06 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 310.515800][T10676] overlayfs: './file0' not a directory [ 310.631454][T10646] sg_write: data in/out 262577/1 bytes for SCSI command 0x0-- guessing data in; [ 310.631454][T10646] program syz-executor.2 not setting count and/or reply_len properly [ 310.929434][T10681] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 310.939732][T10681] CPU: 1 PID: 10681 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 310.947740][T10681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 310.957952][T10681] Call Trace: [ 310.961242][T10681] dump_stack+0x172/0x1f0 [ 310.965561][T10681] dump_header+0x10f/0xb6c [ 310.970061][T10681] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 310.975883][T10681] ? ___ratelimit+0x60/0x595 [ 310.980454][T10681] ? do_raw_spin_unlock+0x57/0x270 [ 310.985547][T10681] oom_kill_process.cold+0x10/0x15 [ 310.990771][T10681] out_of_memory+0x79a/0x1280 [ 310.995439][T10681] ? lock_downgrade+0x880/0x880 [ 311.000279][T10681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 311.006500][T10681] ? oom_killer_disable+0x280/0x280 [ 311.011684][T10681] ? find_held_lock+0x35/0x130 [ 311.016455][T10681] mem_cgroup_out_of_memory+0x1ca/0x230 [ 311.021986][T10681] ? memcg_event_wake+0x230/0x230 [ 311.026994][T10681] ? do_raw_spin_unlock+0x57/0x270 [ 311.032085][T10681] ? _raw_spin_unlock+0x2d/0x50 [ 311.037005][T10681] try_charge+0x102c/0x15c0 [ 311.041488][T10681] ? find_held_lock+0x35/0x130 [ 311.046519][T10681] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 311.052048][T10681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 311.058274][T10681] ? kasan_check_read+0x11/0x20 [ 311.063118][T10681] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 311.068650][T10681] mem_cgroup_try_charge+0x24d/0x5e0 [ 311.073918][T10681] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 311.079531][T10681] wp_page_copy+0x408/0x1740 [ 311.084104][T10681] ? find_held_lock+0x35/0x130 [ 311.088855][T10681] ? pmd_pfn+0x1d0/0x1d0 [ 311.093083][T10681] ? lock_downgrade+0x880/0x880 [ 311.097950][T10681] ? swp_swapcount+0x540/0x540 [ 311.102717][T10681] ? kasan_check_read+0x11/0x20 [ 311.107553][T10681] ? do_raw_spin_unlock+0x57/0x270 [ 311.112668][T10681] do_wp_page+0x48e/0x1500 [ 311.117081][T10681] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 311.122466][T10681] __handle_mm_fault+0x22e8/0x3ec0 [ 311.127577][T10681] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 311.133112][T10681] ? find_held_lock+0x35/0x130 [ 311.137866][T10681] ? handle_mm_fault+0x322/0xb30 [ 311.142825][T10681] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 311.149057][T10681] ? kasan_check_read+0x11/0x20 [ 311.153913][T10681] handle_mm_fault+0x43f/0xb30 [ 311.158661][T10681] __get_user_pages+0x7b6/0x1a40 [ 311.163602][T10681] ? follow_page_mask+0x19a0/0x19a0 [ 311.168795][T10681] ? retint_kernel+0x2d/0x2d [ 311.173404][T10681] ? populate_vma_page_range+0x37/0x2a0 [ 311.178934][T10681] populate_vma_page_range+0x20d/0x2a0 [ 311.184377][T10681] __mm_populate+0x204/0x380 [ 311.188952][T10681] ? populate_vma_page_range+0x2a0/0x2a0 [ 311.194568][T10681] __x64_sys_mlockall+0x35c/0x520 [ 311.199576][T10681] do_syscall_64+0x103/0x610 [ 311.204150][T10681] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 311.210022][T10681] RIP: 0033:0x458da9 [ 311.213904][T10681] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 311.233491][T10681] RSP: 002b:00007f32eb5c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 311.241902][T10681] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 311.249858][T10681] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 311.257830][T10681] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 311.265794][T10681] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5c16d4 [ 311.273754][T10681] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 311.282297][T10681] memory: usage 307200kB, limit 307200kB, failcnt 336 [ 311.289134][T10681] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 311.296666][T10681] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 311.303558][T10681] Memory cgroup stats for /syz2: cache:0KB rss:297792KB rss_huge:249856KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:149976KB active_anon:10868KB inactive_file:0KB active_file:0KB unevictable:137020KB [ 311.325920][T10681] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10645,uid=0 [ 311.341336][T10681] Memory cgroup out of memory: Killed process 10645 (syz-executor.2) total-vm:72580kB, anon-rss:18088kB, file-rss:54324kB, shmem-rss:0kB [ 311.355712][ T1043] oom_reaper: reaped process 10645 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB 12:47:07 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x540b, &(0x7f0000000040)={0x15}) 12:47:07 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0x4}], 0x1) 12:47:07 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x5000000000000000}, 0x8) 12:47:07 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:07 executing program 2: mlockall(0x3) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VIDIOC_G_OUTPUT(r0, 0x8004562e, &(0x7f0000000040)) clone(0x80, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x0, 0x0) mlockall(0x3) 12:47:07 executing program 3: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x0, 0xc80) mlockall(0x0) [ 311.477977][T10693] device nr0 entered promiscuous mode 12:47:07 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x540c, &(0x7f0000000040)={0x15}) [ 311.539712][T10692] overlayfs: './file0' not a directory 12:47:07 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:07 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0xd007000000000000}, 0x8) [ 311.714512][T10697] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 311.748408][T10697] CPU: 0 PID: 10697 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 311.756434][T10697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 311.766496][T10697] Call Trace: [ 311.769804][T10697] dump_stack+0x172/0x1f0 [ 311.774154][T10697] dump_header+0x10f/0xb6c [ 311.778585][T10697] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 311.784401][T10697] ? ___ratelimit+0x60/0x595 [ 311.788994][T10697] ? do_raw_spin_unlock+0x57/0x270 [ 311.794117][T10697] oom_kill_process.cold+0x10/0x15 [ 311.799235][T10697] out_of_memory+0x79a/0x1280 [ 311.803920][T10697] ? lock_downgrade+0x880/0x880 [ 311.808772][T10697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 311.815028][T10697] ? oom_killer_disable+0x280/0x280 [ 311.820229][T10697] ? find_held_lock+0x35/0x130 [ 311.825019][T10697] mem_cgroup_out_of_memory+0x1ca/0x230 [ 311.830570][T10697] ? memcg_event_wake+0x230/0x230 [ 311.835611][T10697] ? do_raw_spin_unlock+0x57/0x270 [ 311.840728][T10697] ? _raw_spin_unlock+0x2d/0x50 [ 311.845586][T10697] try_charge+0x102c/0x15c0 [ 311.850097][T10697] ? find_held_lock+0x35/0x130 [ 311.854916][T10697] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 311.860489][T10697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 311.866736][T10697] ? kasan_check_read+0x11/0x20 [ 311.871615][T10697] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 311.877168][T10697] mem_cgroup_try_charge+0x24d/0x5e0 [ 311.882465][T10697] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 311.888213][T10697] __handle_mm_fault+0x1e1f/0x3ec0 [ 311.893343][T10697] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 311.898900][T10697] ? find_held_lock+0x35/0x130 [ 311.903676][T10697] ? handle_mm_fault+0x322/0xb30 [ 311.908630][T10697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 12:47:07 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 311.914883][T10697] ? kasan_check_read+0x11/0x20 [ 311.919741][T10697] handle_mm_fault+0x43f/0xb30 [ 311.924514][T10697] __get_user_pages+0x7b6/0x1a40 [ 311.929471][T10697] ? follow_page_mask+0x19a0/0x19a0 [ 311.934677][T10697] ? __vma_adjust+0x1840/0x1840 [ 311.939537][T10697] ? lock_acquire+0x16f/0x3f0 [ 311.944217][T10697] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 311.950466][T10697] populate_vma_page_range+0x20d/0x2a0 [ 311.955938][T10697] __mm_populate+0x204/0x380 [ 311.960536][T10697] ? populate_vma_page_range+0x2a0/0x2a0 [ 311.966181][T10697] __x64_sys_mlockall+0x35c/0x520 [ 311.971214][T10697] do_syscall_64+0x103/0x610 [ 311.975823][T10697] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 311.981715][T10697] RIP: 0033:0x458da9 [ 311.985610][T10697] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 312.005226][T10697] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 312.013666][T10697] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 312.021642][T10697] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 312.029612][T10697] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 312.037588][T10697] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 312.045562][T10697] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 312.058182][T10697] memory: usage 307200kB, limit 307200kB, failcnt 368 [ 312.069110][T10697] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 312.076762][T10697] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 312.084552][T10697] Memory cgroup stats for /syz2: cache:0KB rss:297744KB rss_huge:249856KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:150644KB active_anon:10884KB inactive_file:4KB active_file:0KB unevictable:136380KB 12:47:08 executing program 3: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$dspn(&(0x7f00000000c0)='/dev/dsp#\x00', 0x0, 0xc80) mlockall(0x0) [ 312.108834][T10697] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10039,uid=0 [ 312.129958][T10697] Memory cgroup out of memory: Killed process 10039 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 312.186472][ T1043] oom_reaper: reaped process 10039 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 312.198986][T10693] device nr0 entered promiscuous mode 12:47:08 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x540d, &(0x7f0000000040)={0x15}) 12:47:08 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0xffffffff00000000}, 0x8) [ 312.277758][T10715] overlayfs: './file0' not a directory 12:47:08 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:08 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:08 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2}, 0x8) 12:47:08 executing program 2: r0 = dup2(0xffffffffffffff9c, 0xffffffffffffff9c) accept$alg(r0, 0x0, 0x0) mlockall(0x3) clone(0x8000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x1) 12:47:08 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5413, &(0x7f0000000040)={0x15}) 12:47:08 executing program 3: mlockall(0x3) r0 = dup2(0xffffffffffffff9c, 0xffffffffffffffff) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000000), &(0x7f00000000c0)=0x4) socket$kcm(0x2, 0x6, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0x29, 0x2, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SIOCNRDECOBS(0xffffffffffffffff, 0x89e2) r2 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882) write$binfmt_aout(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000d50104000000000100000000dcdf6c68a94a86be9084baa5b5db07000000680000010000000000"], 0x2b) syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(r2, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) read$rfkill(r2, 0x0, 0x0) r3 = dup3(r1, 0xffffffffffffffff, 0x0) munlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000) getsockopt$inet_sctp_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000080), &(0x7f00000000c0)=0xb) close(r3) mlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 312.823756][T10734] overlayfs: './file0' not a directory [ 312.867835][T10744] device nr0 entered promiscuous mode 12:47:08 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:08 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5414, &(0x7f0000000040)={0x15}) 12:47:08 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x50}, 0x8) 12:47:09 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 313.068399][T10755] overlayfs: './file0' not a directory 12:47:09 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x7d0}, 0x8) [ 313.226244][T10764] overlayfs: './file0' not a directory 12:47:09 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 313.556180][T10744] device nr0 entered promiscuous mode [ 313.601251][T10775] overlayfs: './file0' not a directory [ 313.645535][T10739] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 313.733253][T10739] CPU: 0 PID: 10739 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 313.741268][T10739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 313.751326][T10739] Call Trace: [ 313.754626][T10739] dump_stack+0x172/0x1f0 [ 313.758962][T10739] dump_header+0x10f/0xb6c [ 313.763490][T10739] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 313.769297][T10739] ? ___ratelimit+0x60/0x595 [ 313.773891][T10739] ? do_raw_spin_unlock+0x57/0x270 [ 313.779014][T10739] oom_kill_process.cold+0x10/0x15 [ 313.784132][T10739] out_of_memory+0x79a/0x1280 [ 313.788819][T10739] ? lock_downgrade+0x880/0x880 [ 313.793679][T10739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 313.799924][T10739] ? oom_killer_disable+0x280/0x280 [ 313.805124][T10739] ? find_held_lock+0x35/0x130 [ 313.809899][T10739] mem_cgroup_out_of_memory+0x1ca/0x230 [ 313.815445][T10739] ? memcg_event_wake+0x230/0x230 [ 313.820478][T10739] ? do_raw_spin_unlock+0x57/0x270 [ 313.825596][T10739] ? _raw_spin_unlock+0x2d/0x50 [ 313.830455][T10739] try_charge+0x102c/0x15c0 [ 313.834962][T10739] ? find_held_lock+0x35/0x130 [ 313.839737][T10739] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 313.845290][T10739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 313.851535][T10739] ? kasan_check_read+0x11/0x20 [ 313.856400][T10739] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 313.861954][T10739] mem_cgroup_try_charge+0x24d/0x5e0 [ 313.867252][T10739] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 313.872893][T10739] wp_page_copy+0x408/0x1740 [ 313.877486][T10739] ? find_held_lock+0x35/0x130 [ 313.882260][T10739] ? pmd_pfn+0x1d0/0x1d0 [ 313.886503][T10739] ? lock_downgrade+0x880/0x880 [ 313.891358][T10739] ? swp_swapcount+0x540/0x540 [ 313.896148][T10739] ? kasan_check_read+0x11/0x20 [ 313.901008][T10739] ? do_raw_spin_unlock+0x57/0x270 [ 313.906136][T10739] do_wp_page+0x48e/0x1500 [ 313.910562][T10739] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 313.915944][T10739] __handle_mm_fault+0x22e8/0x3ec0 [ 313.921064][T10739] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 313.926609][T10739] ? find_held_lock+0x35/0x130 [ 313.931384][T10739] ? handle_mm_fault+0x322/0xb30 [ 313.936334][T10739] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 313.942582][T10739] ? kasan_check_read+0x11/0x20 [ 313.947442][T10739] handle_mm_fault+0x43f/0xb30 [ 313.952217][T10739] __get_user_pages+0x7b6/0x1a40 [ 313.957174][T10739] ? follow_page_mask+0x19a0/0x19a0 [ 313.962376][T10739] ? retint_kernel+0x2d/0x2d [ 313.966985][T10739] populate_vma_page_range+0x20d/0x2a0 [ 313.972447][T10739] __mm_populate+0x204/0x380 [ 313.977040][T10739] ? populate_vma_page_range+0x2a0/0x2a0 [ 313.982677][T10739] __x64_sys_mlockall+0x35c/0x520 [ 313.982694][T10739] do_syscall_64+0x103/0x610 [ 313.982713][T10739] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 313.982724][T10739] RIP: 0033:0x458da9 [ 313.982739][T10739] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 313.982746][T10739] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 313.982760][T10739] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 313.982769][T10739] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 313.982777][T10739] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 313.982786][T10739] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 313.982795][T10739] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 313.983899][T10739] memory: usage 307200kB, limit 307200kB, failcnt 386 [ 314.089879][T10739] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 314.097516][T10739] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 314.104409][T10739] Memory cgroup stats for /syz2: cache:0KB rss:297816KB rss_huge:249856KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:137984KB active_anon:10868KB inactive_file:0KB active_file:0KB unevictable:149080KB [ 314.135839][T10739] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10738,uid=0 [ 314.153447][T10739] Memory cgroup out of memory: Killed process 10738 (syz-executor.2) total-vm:72580kB, anon-rss:18184kB, file-rss:54328kB, shmem-rss:0kB [ 314.174303][ T1043] oom_reaper: reaped process 10738 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB 12:47:10 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0x3e}], 0x1) 12:47:10 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3f00}, 0x8) 12:47:10 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5415, &(0x7f0000000040)={0x15}) [ 314.301085][T10787] device nr0 entered promiscuous mode 12:47:10 executing program 2: mlockall(0x3) r0 = fcntl$dupfd(0xffffffffffffff9c, 0x406, 0xffffffffffffffff) getsockopt$packet_int(r0, 0x107, 0x3, &(0x7f0000000140), &(0x7f0000000180)=0x4) clone(0x80020000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:47:10 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:10 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5416, &(0x7f0000000040)={0x15}) 12:47:10 executing program 3: mlockall(0x3) r0 = dup2(0xffffffffffffff9c, 0xffffffffffffffff) getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000000), &(0x7f00000000c0)=0x4) socket$kcm(0x2, 0x6, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0x29, 0x2, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SIOCNRDECOBS(0xffffffffffffffff, 0x89e2) r2 = syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882) write$binfmt_aout(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="00000000d50104000000000100000000dcdf6c68a94a86be9084baa5b5db07000000680000010000000000"], 0x2b) syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_LINK_SET(r2, 0x0, 0x0) setsockopt$SO_RDS_TRANSPORT(r1, 0x114, 0x8, &(0x7f0000000040)=0xffffffffffffffff, 0x4) read$rfkill(r2, 0x0, 0x0) r3 = dup3(r1, 0xffffffffffffffff, 0x0) munlock(&(0x7f0000ffc000/0x1000)=nil, 0x1000) getsockopt$inet_sctp_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000080), &(0x7f00000000c0)=0xb) close(r3) mlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:47:10 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x5000}, 0x8) [ 314.480436][T10793] overlayfs: './file0' not a directory 12:47:10 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:10 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5418, &(0x7f0000000040)={0x15}) [ 314.636832][T10787] device nr0 entered promiscuous mode [ 314.650339][T10803] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 314.702599][T10803] CPU: 1 PID: 10803 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 314.710642][T10803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 314.720701][T10803] Call Trace: [ 314.724014][T10803] dump_stack+0x172/0x1f0 [ 314.728368][T10803] dump_header+0x10f/0xb6c [ 314.732794][T10803] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 314.738621][T10803] ? ___ratelimit+0x60/0x595 [ 314.743218][T10803] ? do_raw_spin_unlock+0x57/0x270 [ 314.748336][T10803] oom_kill_process.cold+0x10/0x15 [ 314.753459][T10803] out_of_memory+0x79a/0x1280 [ 314.759621][T10803] ? lock_downgrade+0x880/0x880 [ 314.764485][T10803] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 314.770750][T10803] ? oom_killer_disable+0x280/0x280 [ 314.775977][T10803] ? find_held_lock+0x35/0x130 [ 314.780756][T10803] mem_cgroup_out_of_memory+0x1ca/0x230 [ 314.786307][T10803] ? memcg_event_wake+0x230/0x230 [ 314.792000][T10803] ? do_raw_spin_unlock+0x57/0x270 [ 314.797122][T10803] ? _raw_spin_unlock+0x2d/0x50 [ 314.801986][T10803] try_charge+0x102c/0x15c0 [ 314.806492][T10803] ? find_held_lock+0x35/0x130 [ 314.811269][T10803] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 314.816829][T10803] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 314.823079][T10803] ? kasan_check_read+0x11/0x20 [ 314.827943][T10803] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 314.833499][T10803] mem_cgroup_try_charge+0x24d/0x5e0 [ 314.838804][T10803] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 314.844463][T10803] __handle_mm_fault+0x1e1f/0x3ec0 [ 314.849595][T10803] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 314.855153][T10803] ? find_held_lock+0x35/0x130 [ 314.859926][T10803] ? handle_mm_fault+0x322/0xb30 [ 314.864963][T10803] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 314.871212][T10803] ? kasan_check_read+0x11/0x20 [ 314.876077][T10803] handle_mm_fault+0x43f/0xb30 [ 314.880863][T10803] __get_user_pages+0x7b6/0x1a40 [ 314.885839][T10803] ? follow_page_mask+0x19a0/0x19a0 [ 314.891045][T10803] ? __vma_adjust+0x1840/0x1840 [ 314.895906][T10803] ? lock_acquire+0x16f/0x3f0 [ 314.900598][T10803] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 314.906859][T10803] populate_vma_page_range+0x20d/0x2a0 [ 314.912330][T10803] __mm_populate+0x204/0x380 [ 314.916928][T10803] ? populate_vma_page_range+0x2a0/0x2a0 [ 314.922697][T10803] __x64_sys_mlockall+0x35c/0x520 [ 314.927730][T10803] do_syscall_64+0x103/0x610 [ 314.932326][T10803] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 314.938218][T10803] RIP: 0033:0x458da9 [ 314.942122][T10803] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 314.961737][T10803] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 314.970157][T10803] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 314.978134][T10803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 314.986131][T10803] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 314.994126][T10803] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 315.002106][T10803] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 315.021081][T10811] overlayfs: filesystem on './file0' not supported as upperdir 12:47:11 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 315.086159][T10803] memory: usage 307200kB, limit 307200kB, failcnt 415 [ 315.093364][T10803] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 315.101129][T10803] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 315.108538][T10803] Memory cgroup stats for /syz2: cache:0KB rss:297892KB rss_huge:249856KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:140404KB active_anon:10884KB inactive_file:0KB active_file:0KB unevictable:146712KB 12:47:11 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xd007}, 0x8) [ 315.167764][T10803] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10086,uid=0 [ 315.212640][T10803] Memory cgroup out of memory: Killed process 10086 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 315.266597][ T1043] oom_reaper: reaped process 10086 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:47:11 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0x200003f8}], 0x1) 12:47:11 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x541d, &(0x7f0000000040)={0x15}) 12:47:11 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1000000}, 0x8) [ 315.427060][T10824] overlayfs: './file0' not a directory [ 315.496536][T10833] device nr0 entered promiscuous mode [ 315.791425][T10803] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 315.805545][T10803] CPU: 0 PID: 10803 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 315.813532][T10803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 315.823679][T10803] Call Trace: [ 315.826985][T10803] dump_stack+0x172/0x1f0 [ 315.831329][T10803] dump_header+0x10f/0xb6c [ 315.835756][T10803] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 315.841567][T10803] ? ___ratelimit+0x60/0x595 [ 315.846141][T10803] ? do_raw_spin_unlock+0x57/0x270 [ 315.851352][T10803] oom_kill_process.cold+0x10/0x15 [ 315.856519][T10803] out_of_memory+0x79a/0x1280 [ 315.861281][T10803] ? lock_downgrade+0x880/0x880 [ 315.866124][T10803] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 315.872351][T10803] ? oom_killer_disable+0x280/0x280 [ 315.877540][T10803] ? find_held_lock+0x35/0x130 [ 315.882301][T10803] mem_cgroup_out_of_memory+0x1ca/0x230 [ 315.887885][T10803] ? memcg_event_wake+0x230/0x230 [ 315.893012][T10803] ? do_raw_spin_unlock+0x57/0x270 [ 315.898139][T10803] ? _raw_spin_unlock+0x2d/0x50 [ 315.903008][T10803] try_charge+0x102c/0x15c0 [ 315.907512][T10803] ? find_held_lock+0x35/0x130 [ 315.912264][T10803] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 315.917792][T10803] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 315.924025][T10803] ? kasan_check_read+0x11/0x20 [ 315.928860][T10803] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 315.934400][T10803] mem_cgroup_try_charge+0x24d/0x5e0 [ 315.939689][T10803] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 315.945337][T10803] wp_page_copy+0x408/0x1740 [ 315.949908][T10803] ? find_held_lock+0x35/0x130 [ 315.954658][T10803] ? pmd_pfn+0x1d0/0x1d0 [ 315.958888][T10803] ? lock_downgrade+0x880/0x880 [ 315.963737][T10803] ? swp_swapcount+0x540/0x540 [ 315.968501][T10803] ? kasan_check_read+0x11/0x20 [ 315.973342][T10803] ? do_raw_spin_unlock+0x57/0x270 [ 315.978449][T10803] do_wp_page+0x48e/0x1500 [ 315.982873][T10803] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 315.988241][T10803] __handle_mm_fault+0x22e8/0x3ec0 [ 315.993334][T10803] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 315.998861][T10803] ? find_held_lock+0x35/0x130 [ 316.003700][T10803] ? handle_mm_fault+0x322/0xb30 [ 316.008642][T10803] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 316.014885][T10803] ? kasan_check_read+0x11/0x20 [ 316.019728][T10803] handle_mm_fault+0x43f/0xb30 [ 316.024485][T10803] __get_user_pages+0x7b6/0x1a40 [ 316.029411][T10803] ? follow_page_mask+0x19a0/0x19a0 [ 316.034595][T10803] ? retint_kernel+0x2d/0x2d [ 316.039188][T10803] populate_vma_page_range+0x20d/0x2a0 [ 316.044653][T10803] __mm_populate+0x204/0x380 [ 316.049253][T10803] ? populate_vma_page_range+0x2a0/0x2a0 [ 316.054872][T10803] __x64_sys_mlockall+0x35c/0x520 [ 316.059892][T10803] do_syscall_64+0x103/0x610 [ 316.064495][T10803] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 316.070375][T10803] RIP: 0033:0x458da9 [ 316.074254][T10803] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 316.093845][T10803] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 316.102248][T10803] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 316.110214][T10803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 316.118194][T10803] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 316.126239][T10803] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 316.134198][T10803] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 316.146190][T10803] memory: usage 307076kB, limit 307200kB, failcnt 441 [ 316.153392][T10803] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 316.160862][T10803] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 316.167794][T10803] Memory cgroup stats for /syz2: cache:0KB rss:297820KB rss_huge:247808KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:141764KB active_anon:10868KB inactive_file:0KB active_file:0KB unevictable:145212KB [ 316.190065][T10803] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10800,uid=0 [ 316.205546][T10803] Memory cgroup out of memory: Killed process 10800 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 316.219834][ T1043] oom_reaper: reaped process 10800 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB [ 316.236363][T10833] device nr0 entered promiscuous mode 12:47:12 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x3fe, 0x4000) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r0) 12:47:12 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:12 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x541e, &(0x7f0000000040)={0x15}) 12:47:12 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000000}, 0x8) 12:47:12 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:12 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 316.418558][T10849] overlayfs: './file0' not a directory [ 316.527946][T10854] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 316.539146][T10854] CPU: 0 PID: 10854 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 316.547129][T10854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.557174][T10854] Call Trace: [ 316.560537][T10854] dump_stack+0x172/0x1f0 [ 316.564883][T10854] dump_header+0x10f/0xb6c [ 316.569427][T10854] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 316.575243][T10854] ? ___ratelimit+0x60/0x595 [ 316.579938][T10854] ? do_raw_spin_unlock+0x57/0x270 [ 316.585057][T10854] oom_kill_process.cold+0x10/0x15 [ 316.590243][T10854] out_of_memory+0x79a/0x1280 [ 316.594916][T10854] ? lock_downgrade+0x880/0x880 [ 316.599786][T10854] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 316.606038][T10854] ? oom_killer_disable+0x280/0x280 [ 316.611248][T10854] ? find_held_lock+0x35/0x130 [ 316.616027][T10854] mem_cgroup_out_of_memory+0x1ca/0x230 [ 316.621566][T10854] ? memcg_event_wake+0x230/0x230 [ 316.628105][T10854] ? do_raw_spin_unlock+0x57/0x270 [ 316.633248][T10854] ? _raw_spin_unlock+0x2d/0x50 [ 316.638098][T10854] try_charge+0x102c/0x15c0 [ 316.642620][T10854] ? find_held_lock+0x35/0x130 [ 316.647489][T10854] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 316.653043][T10854] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 316.659299][T10854] ? kasan_check_read+0x11/0x20 [ 316.664180][T10854] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 316.669742][T10854] mem_cgroup_try_charge+0x24d/0x5e0 [ 316.675039][T10854] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 316.680716][T10854] __handle_mm_fault+0x1e1f/0x3ec0 [ 316.685856][T10854] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 316.691394][T10854] ? find_held_lock+0x35/0x130 [ 316.696245][T10854] ? handle_mm_fault+0x322/0xb30 [ 316.701285][T10854] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 316.707550][T10854] ? kasan_check_read+0x11/0x20 [ 316.712403][T10854] handle_mm_fault+0x43f/0xb30 [ 316.717183][T10854] __get_user_pages+0x7b6/0x1a40 [ 316.722195][T10854] ? follow_page_mask+0x19a0/0x19a0 [ 316.727402][T10854] ? __vma_adjust+0x1840/0x1840 [ 316.732373][T10854] ? lock_acquire+0x16f/0x3f0 [ 316.737068][T10854] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 316.743327][T10854] populate_vma_page_range+0x20d/0x2a0 [ 316.748814][T10854] __mm_populate+0x204/0x380 [ 316.753406][T10854] ? populate_vma_page_range+0x2a0/0x2a0 [ 316.759917][T10854] __x64_sys_mlockall+0x35c/0x520 [ 316.764944][T10854] do_syscall_64+0x103/0x610 [ 316.769630][T10854] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 316.775534][T10854] RIP: 0033:0x458da9 [ 316.779452][T10854] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 316.799060][T10854] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 316.807475][T10854] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 316.815441][T10854] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 316.823596][T10854] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 316.831566][T10854] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 316.839618][T10854] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 316.851542][T10854] memory: usage 307200kB, limit 307200kB, failcnt 473 [ 316.869208][T10854] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 12:47:12 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3f000000}, 0x8) [ 316.870990][T10855] device nr0 entered promiscuous mode [ 316.881088][T10854] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 12:47:12 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x541f, &(0x7f0000000040)={0x15}) 12:47:12 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0x7ffff000}], 0x1) [ 316.932837][T10854] Memory cgroup stats for /syz2: cache:0KB rss:298076KB rss_huge:247808KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:144500KB active_anon:10884KB inactive_file:0KB active_file:0KB unevictable:142736KB [ 317.012180][T10962] overlayfs: './file0' not a directory [ 317.032770][T10854] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10114,uid=0 12:47:13 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 317.067721][T10854] Memory cgroup out of memory: Killed process 10114 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 317.113566][ T1043] oom_reaper: reaped process 10114 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:47:13 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x50000000}, 0x8) 12:47:13 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 317.218721][T10980] overlayfs: './file0' not a directory [ 317.345196][T10974] device nr0 entered promiscuous mode [ 317.414363][T10989] overlayfs: './file0' not a directory [ 317.640439][T10854] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 317.658307][T10854] CPU: 0 PID: 10854 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 317.666292][T10854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.676444][T10854] Call Trace: [ 317.679750][T10854] dump_stack+0x172/0x1f0 [ 317.684096][T10854] dump_header+0x10f/0xb6c [ 317.688526][T10854] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 317.694340][T10854] ? ___ratelimit+0x60/0x595 [ 317.699031][T10854] ? do_raw_spin_unlock+0x57/0x270 [ 317.704245][T10854] oom_kill_process.cold+0x10/0x15 [ 317.709372][T10854] out_of_memory+0x79a/0x1280 [ 317.714059][T10854] ? lock_downgrade+0x880/0x880 [ 317.718913][T10854] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 317.725169][T10854] ? oom_killer_disable+0x280/0x280 [ 317.730375][T10854] ? find_held_lock+0x35/0x130 [ 317.735175][T10854] mem_cgroup_out_of_memory+0x1ca/0x230 [ 317.740815][T10854] ? memcg_event_wake+0x230/0x230 [ 317.745858][T10854] ? do_raw_spin_unlock+0x57/0x270 [ 317.750967][T10854] ? _raw_spin_unlock+0x2d/0x50 [ 317.755835][T10854] try_charge+0x102c/0x15c0 [ 317.760334][T10854] ? find_held_lock+0x35/0x130 [ 317.765178][T10854] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 317.770728][T10854] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 317.776969][T10854] ? kasan_check_read+0x11/0x20 [ 317.781844][T10854] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 317.787376][T10854] mem_cgroup_try_charge+0x24d/0x5e0 [ 317.792665][T10854] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 317.798305][T10854] wp_page_copy+0x408/0x1740 [ 317.802890][T10854] ? find_held_lock+0x35/0x130 [ 317.807652][T10854] ? pmd_pfn+0x1d0/0x1d0 [ 317.811880][T10854] ? lock_downgrade+0x880/0x880 [ 317.816821][T10854] ? swp_swapcount+0x540/0x540 [ 317.821589][T10854] ? kasan_check_read+0x11/0x20 [ 317.826430][T10854] ? do_raw_spin_unlock+0x57/0x270 [ 317.831565][T10854] do_wp_page+0x48e/0x1500 [ 317.836003][T10854] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 317.841378][T10854] __handle_mm_fault+0x22e8/0x3ec0 [ 317.846489][T10854] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 317.852019][T10854] ? find_held_lock+0x35/0x130 [ 317.856781][T10854] ? handle_mm_fault+0x322/0xb30 [ 317.861755][T10854] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 317.867993][T10854] ? kasan_check_read+0x11/0x20 [ 317.872850][T10854] handle_mm_fault+0x43f/0xb30 [ 317.878059][T10854] __get_user_pages+0x7b6/0x1a40 [ 317.882998][T10854] ? follow_page_mask+0x19a0/0x19a0 [ 317.888198][T10854] ? retint_kernel+0x2d/0x2d [ 317.892815][T10854] populate_vma_page_range+0x20d/0x2a0 [ 317.898288][T10854] __mm_populate+0x204/0x380 [ 317.902883][T10854] ? populate_vma_page_range+0x2a0/0x2a0 [ 317.909204][T10854] __x64_sys_mlockall+0x35c/0x520 [ 317.914241][T10854] do_syscall_64+0x103/0x610 [ 317.918837][T10854] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 317.924722][T10854] RIP: 0033:0x458da9 [ 317.928643][T10854] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 317.948256][T10854] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 317.956662][T10854] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 317.964632][T10854] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 317.972604][T10854] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 317.980576][T10854] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 317.988531][T10854] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 317.997897][T10854] memory: usage 307200kB, limit 307200kB, failcnt 516 [ 318.004855][T10854] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 318.012315][T10854] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 318.012323][T10854] Memory cgroup stats for /syz2: cache:0KB rss:297836KB rss_huge:243712KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:146076KB active_anon:10868KB inactive_file:0KB active_file:0KB unevictable:141116KB [ 318.041501][T10854] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10853,uid=0 [ 318.056969][T10854] Memory cgroup out of memory: Killed process 10853 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB 12:47:14 executing program 2: r0 = syz_open_dev$vivid(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x2) ioctl$VIDIOC_RESERVED(r0, 0x5601, 0x0) mlockall(0x2) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = syz_open_dev$vcsn(&(0x7f00000000c0)='/dev/vcs#\x00', 0x0, 0x103500) setsockopt$inet_group_source_req(r1, 0x0, 0x0, &(0x7f0000000100)={0x3, {{0x2, 0x4e23, @multicast2}}, {{0x2, 0x4e21, @multicast1}}}, 0x108) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:47:14 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xd0070000}, 0x8) 12:47:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5421, &(0x7f0000000040)={0x15}) 12:47:14 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:14 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 318.142272][T10971] device nr0 entered promiscuous mode [ 318.330002][T11113] overlayfs: './file0' not a directory 12:47:14 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:14 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x100000000000000}, 0x8) [ 318.497401][T11005] device nr0 entered promiscuous mode 12:47:14 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x2) 12:47:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5423, &(0x7f0000000040)={0x15}) 12:47:14 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:14 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x200000000000000}, 0x8) [ 318.929137][T11142] overlayfs: './file0' not a directory [ 318.993832][T11006] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 319.004867][T11006] CPU: 0 PID: 11006 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 319.012850][T11006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 319.022905][T11006] Call Trace: [ 319.026213][T11006] dump_stack+0x172/0x1f0 [ 319.030557][T11006] dump_header+0x10f/0xb6c [ 319.035010][T11006] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 319.040929][T11006] ? ___ratelimit+0x60/0x595 [ 319.045546][T11006] ? do_raw_spin_unlock+0x57/0x270 [ 319.050675][T11006] oom_kill_process.cold+0x10/0x15 [ 319.055789][T11006] out_of_memory+0x79a/0x1280 [ 319.060481][T11006] ? lock_downgrade+0x880/0x880 [ 319.065592][T11006] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 319.071849][T11006] ? oom_killer_disable+0x280/0x280 [ 319.077045][T11006] ? find_held_lock+0x35/0x130 [ 319.081824][T11006] mem_cgroup_out_of_memory+0x1ca/0x230 [ 319.087371][T11006] ? memcg_event_wake+0x230/0x230 [ 319.092400][T11006] ? do_raw_spin_unlock+0x57/0x270 [ 319.097526][T11006] ? _raw_spin_unlock+0x2d/0x50 [ 319.102506][T11006] try_charge+0x102c/0x15c0 [ 319.107008][T11006] ? find_held_lock+0x35/0x130 [ 319.111777][T11006] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 319.117346][T11006] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 319.123776][T11006] ? kasan_check_read+0x11/0x20 [ 319.128639][T11006] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 319.134214][T11006] mem_cgroup_try_charge+0x24d/0x5e0 [ 319.139513][T11006] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 319.145160][T11006] __handle_mm_fault+0x1e1f/0x3ec0 [ 319.150293][T11006] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 319.155858][T11006] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 319.161345][T11006] handle_mm_fault+0x43f/0xb30 [ 319.166155][T11006] __get_user_pages+0x7b6/0x1a40 [ 319.171120][T11006] ? follow_page_mask+0x19a0/0x19a0 [ 319.176333][T11006] ? retint_kernel+0x2d/0x2d [ 319.180938][T11006] populate_vma_page_range+0x20d/0x2a0 [ 319.186406][T11006] __mm_populate+0x204/0x380 [ 319.190999][T11006] ? populate_vma_page_range+0x2a0/0x2a0 [ 319.196640][T11006] __x64_sys_mlockall+0x35c/0x520 [ 319.201760][T11006] do_syscall_64+0x103/0x610 [ 319.206353][T11006] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 319.212248][T11006] RIP: 0033:0x458da9 [ 319.216148][T11006] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 319.235758][T11006] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 12:47:15 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 319.244259][T11006] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 319.252235][T11006] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 319.260216][T11006] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 319.268204][T11006] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 319.276181][T11006] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 319.306102][T11006] memory: usage 307200kB, limit 307200kB, failcnt 528 [ 319.313322][T11006] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 319.321058][T11006] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 319.328475][T11006] Memory cgroup stats for /syz2: cache:0KB rss:297884KB rss_huge:243712KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:148596KB active_anon:13016KB inactive_file:0KB active_file:0KB unevictable:136356KB [ 319.351191][T11006] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10159,uid=0 [ 319.367223][T11006] Memory cgroup out of memory: Killed process 10159 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 319.406043][T11129] device nr0 entered promiscuous mode [ 319.512234][T11149] overlayfs: './file0' not a directory 12:47:15 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x84000, 0x0) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x541b, &(0x7f00000000c0)) mlockall(0x3) 12:47:15 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3f00000000000000}, 0x8) 12:47:15 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5424, &(0x7f0000000040)={0x15}) 12:47:15 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 319.801497][T11168] overlayfs: './file0' not a directory 12:47:15 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:15 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5425, &(0x7f0000000040)={0x15}) [ 319.846879][T11125] device nr0 entered promiscuous mode [ 319.884565][T11166] device nr0 entered promiscuous mode [ 319.965781][T11179] overlayfs: './file0' not a directory 12:47:16 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x8) 12:47:16 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x5000000000000000}, 0x8) 12:47:16 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:16 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5427, &(0x7f0000000040)={0x15}) 12:47:16 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) socket$kcm(0x29, 0x2, 0x0) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 320.568194][T11191] device nr0 entered promiscuous mode [ 320.584645][T11194] overlayfs: './file0' not a directory [ 320.634454][T11165] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 320.670482][T11165] CPU: 0 PID: 11165 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 320.678497][T11165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 320.688577][T11165] Call Trace: [ 320.691868][T11165] dump_stack+0x172/0x1f0 [ 320.696196][T11165] dump_header+0x10f/0xb6c [ 320.700612][T11165] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 320.706421][T11165] ? ___ratelimit+0x60/0x595 [ 320.711017][T11165] ? do_raw_spin_unlock+0x57/0x270 [ 320.716143][T11165] oom_kill_process.cold+0x10/0x15 [ 320.721260][T11165] out_of_memory+0x79a/0x1280 [ 320.725941][T11165] ? lock_downgrade+0x880/0x880 [ 320.730791][T11165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 320.737047][T11165] ? oom_killer_disable+0x280/0x280 [ 320.742252][T11165] ? find_held_lock+0x35/0x130 [ 320.747027][T11165] mem_cgroup_out_of_memory+0x1ca/0x230 [ 320.752577][T11165] ? memcg_event_wake+0x230/0x230 [ 320.758292][T11165] ? do_raw_spin_unlock+0x57/0x270 [ 320.763407][T11165] ? _raw_spin_unlock+0x2d/0x50 [ 320.768283][T11165] try_charge+0x102c/0x15c0 [ 320.772793][T11165] ? find_held_lock+0x35/0x130 [ 320.777586][T11165] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 320.783146][T11165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 320.789393][T11165] ? kasan_check_read+0x11/0x20 [ 320.794257][T11165] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 320.799816][T11165] mem_cgroup_try_charge+0x24d/0x5e0 [ 320.805123][T11165] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 320.810766][T11165] wp_page_copy+0x408/0x1740 [ 320.815358][T11165] ? find_held_lock+0x35/0x130 [ 320.820140][T11165] ? pmd_pfn+0x1d0/0x1d0 [ 320.824389][T11165] ? lock_downgrade+0x880/0x880 [ 320.829246][T11165] ? swp_swapcount+0x540/0x540 [ 320.834020][T11165] ? kasan_check_read+0x11/0x20 [ 320.838874][T11165] ? do_raw_spin_unlock+0x57/0x270 [ 320.844009][T11165] do_wp_page+0x48e/0x1500 [ 320.848434][T11165] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 320.853834][T11165] __handle_mm_fault+0x22e8/0x3ec0 [ 320.858959][T11165] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 320.864522][T11165] ? find_held_lock+0x35/0x130 [ 320.869293][T11165] ? handle_mm_fault+0x322/0xb30 [ 320.874273][T11165] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 320.880526][T11165] ? kasan_check_read+0x11/0x20 [ 320.885390][T11165] handle_mm_fault+0x43f/0xb30 [ 320.890161][T11165] __get_user_pages+0x7b6/0x1a40 [ 320.895137][T11165] ? follow_page_mask+0x19a0/0x19a0 [ 320.900358][T11165] ? __get_user_pages+0x6/0x1a40 [ 320.905310][T11165] populate_vma_page_range+0x20d/0x2a0 [ 320.910769][T11165] __mm_populate+0x204/0x380 [ 320.916081][T11165] ? populate_vma_page_range+0x2a0/0x2a0 [ 320.921721][T11165] __x64_sys_mlockall+0x35c/0x520 [ 320.926745][T11165] do_syscall_64+0x103/0x610 [ 320.931332][T11165] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 320.937219][T11165] RIP: 0033:0x458da9 [ 320.941124][T11165] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 320.960890][T11165] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 320.969301][T11165] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 320.977269][T11165] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 320.985230][T11165] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 320.993192][T11165] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 321.001169][T11165] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 321.010249][T11165] memory: usage 307200kB, limit 307200kB, failcnt 563 [ 321.021824][T11165] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 321.036142][T11165] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 321.045278][T11165] Memory cgroup stats for /syz2: cache:0KB rss:297800KB rss_huge:243712KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:135936KB active_anon:13016KB inactive_file:0KB active_file:0KB unevictable:149100KB [ 321.067798][T11165] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11164,uid=0 [ 321.084033][T11165] Memory cgroup out of memory: Killed process 11164 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 321.117138][T11191] device nr0 entered promiscuous mode 12:47:17 executing program 2: mlockall(0x3) clone(0x2800, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = semget$private(0x0, 0x5, 0x4) semctl$SETVAL(r0, 0x2, 0x10, &(0x7f0000000000)=0x6) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:47:17 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xd007000000000000}, 0x8) 12:47:17 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5428, &(0x7f0000000040)={0x15}) [ 321.292564][T11214] overlayfs: './file0' not a directory [ 321.326842][T11213] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 321.337333][T11213] CPU: 0 PID: 11213 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 321.345324][T11213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 321.355373][T11213] Call Trace: [ 321.358669][T11213] dump_stack+0x172/0x1f0 [ 321.363021][T11213] dump_header+0x10f/0xb6c [ 321.367525][T11213] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 321.373335][T11213] ? ___ratelimit+0x60/0x595 [ 321.377929][T11213] ? do_raw_spin_unlock+0x57/0x270 [ 321.383048][T11213] oom_kill_process.cold+0x10/0x15 [ 321.388166][T11213] out_of_memory+0x79a/0x1280 [ 321.392864][T11213] ? lock_downgrade+0x880/0x880 [ 321.397723][T11213] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 321.403969][T11213] ? oom_killer_disable+0x280/0x280 [ 321.409254][T11213] ? find_held_lock+0x35/0x130 [ 321.414030][T11213] mem_cgroup_out_of_memory+0x1ca/0x230 [ 321.419620][T11213] ? memcg_event_wake+0x230/0x230 [ 321.424655][T11213] ? do_raw_spin_unlock+0x57/0x270 [ 321.429772][T11213] ? _raw_spin_unlock+0x2d/0x50 [ 321.434641][T11213] try_charge+0x102c/0x15c0 12:47:17 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 321.439151][T11213] ? find_held_lock+0x35/0x130 [ 321.443930][T11213] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 321.449573][T11213] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 321.455830][T11213] ? kasan_check_read+0x11/0x20 [ 321.460693][T11213] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 321.466249][T11213] mem_cgroup_try_charge+0x24d/0x5e0 [ 321.471712][T11213] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 321.477332][T11213] __handle_mm_fault+0x1e1f/0x3ec0 [ 321.482448][T11213] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 321.487998][T11213] ? find_held_lock+0x35/0x130 [ 321.492767][T11213] ? handle_mm_fault+0x322/0xb30 [ 321.497760][T11213] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 321.504000][T11213] ? kasan_check_read+0x11/0x20 [ 321.508880][T11213] handle_mm_fault+0x43f/0xb30 [ 321.513655][T11213] __get_user_pages+0x7b6/0x1a40 [ 321.518581][T11213] ? follow_page_mask+0x19a0/0x19a0 [ 321.523770][T11213] ? __vma_adjust+0x1840/0x1840 [ 321.528634][T11213] ? lock_acquire+0x16f/0x3f0 [ 321.533321][T11213] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 321.539551][T11213] populate_vma_page_range+0x20d/0x2a0 [ 321.545013][T11213] __mm_populate+0x204/0x380 [ 321.549633][T11213] ? populate_vma_page_range+0x2a0/0x2a0 [ 321.555360][T11213] __x64_sys_mlockall+0x35c/0x520 [ 321.560366][T11213] do_syscall_64+0x103/0x610 [ 321.564975][T11213] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 321.570861][T11213] RIP: 0033:0x458da9 [ 321.574737][T11213] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 321.594338][T11213] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 321.602738][T11213] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 321.610713][T11213] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 321.618671][T11213] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 321.626774][T11213] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 321.634863][T11213] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 321.644927][T11213] memory: usage 307200kB, limit 307200kB, failcnt 580 [ 321.651916][T11213] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 321.659562][T11213] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 321.666777][T11213] Memory cgroup stats for /syz2: cache:0KB rss:297932KB rss_huge:243712KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:140404KB active_anon:13032KB inactive_file:0KB active_file:0KB unevictable:144688KB [ 321.689358][T11213] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10206,uid=0 12:47:17 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0xffffffff00000000}, 0x8) 12:47:17 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) socket$kcm(0x29, 0x2, 0x0) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 321.769690][T11213] Memory cgroup out of memory: Killed process 10206 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 321.802025][T11220] overlayfs: './file0' not a directory 12:47:17 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x10) 12:47:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5437, &(0x7f0000000040)={0x15}) 12:47:17 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:17 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x2}, 0x8) [ 321.927346][T11233] device nr0 entered promiscuous mode 12:47:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5441, &(0x7f0000000040)={0x15}) [ 322.083430][T11245] overlayfs: './file0' not a directory [ 322.376256][T11251] device nr0 entered promiscuous mode 12:47:18 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:18 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x50}, 0x8) 12:47:18 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) io_setup(0xffffffffffffffff, &(0x7f0000000140)=0x0) r2 = dup3(r0, r0, 0x80000) io_cancel(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000180)="edb02a7b49a12a11a5cd71ea62a5e9e057c275ce3af1b879fe91aa9863b4512027696b4e80ec862dd24299633c9cf8857defea1737400c3f", 0x38, 0x50000000000000, 0x0, 0x2, r2}, &(0x7f0000000200)) mlockall(0x3) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0xc800, 0x0) setsockopt$inet6_MRT6_ADD_MFC(r3, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x4e24, 0x4, @empty, 0x9c}, {0xa, 0x4e20, 0x3f, @empty, 0x2}, 0xff, [0xb97, 0x1, 0x4, 0x1, 0x9, 0x3, 0x7fffffff, 0x101]}, 0x5c) getegid() 12:47:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5450, &(0x7f0000000040)={0x15}) 12:47:18 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1f4) [ 322.656274][T11264] device nr0 entered promiscuous mode [ 322.672570][T11266] overlayfs: './file0' not a directory 12:47:18 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) socket$kcm(0x29, 0x2, 0x0) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:18 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5451, &(0x7f0000000040)={0x15}) 12:47:18 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x7d0}, 0x8) [ 322.860571][T11278] overlayfs: './file0' not a directory 12:47:18 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:18 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x3f00}, 0x8) 12:47:18 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 323.013513][T11291] overlayfs: './file0' not a directory 12:47:19 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5452, &(0x7f0000000040)={0x15}) [ 323.295895][T11303] overlayfs: './file0' not a directory 12:47:19 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:19 executing program 2: mlockall(0x3) r0 = openat$cgroup_procs(0xffffffffffffff9c, &(0x7f0000000000)='tasks\x00', 0x2, 0x0) r1 = getpid() setxattr$security_smack_entry(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='security.SMACK64MMAP\x00', &(0x7f0000000100)='tasks\x00', 0x6, 0x2) fcntl$lock(r0, 0x27, &(0x7f0000000040)={0x1, 0x7, 0x800, 0x6, r1}) r2 = accept$inet6(0xffffffffffffff9c, 0x0, &(0x7f0000000140)) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, &(0x7f0000000180)={&(0x7f0000ffb000/0x2000)=nil, 0x2000}, &(0x7f00000001c0)=0x10) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dlm_plock\x00', 0x80000, 0x0) ioctl$NBD_CLEAR_SOCK(r3, 0xab04) tee(r0, r0, 0xffff, 0x4) 12:47:19 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x5000}, 0x8) 12:47:19 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:19 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x300) 12:47:19 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x545d, &(0x7f0000000040)={0x15}) 12:47:20 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 324.050165][T11323] overlayfs: './file0' not a directory [ 324.057448][T11318] device nr0 entered promiscuous mode 12:47:20 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5460, &(0x7f0000000040)={0x15}) 12:47:20 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xd007}, 0x8) [ 324.138542][T11330] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 324.187101][T11330] CPU: 1 PID: 11330 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 324.195116][T11330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 324.205183][T11330] Call Trace: [ 324.208485][T11330] dump_stack+0x172/0x1f0 [ 324.212843][T11330] dump_header+0x10f/0xb6c [ 324.217283][T11330] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 324.223186][T11330] ? ___ratelimit+0x60/0x595 [ 324.227789][T11330] ? do_raw_spin_unlock+0x57/0x270 [ 324.232922][T11330] oom_kill_process.cold+0x10/0x15 [ 324.238051][T11330] out_of_memory+0x79a/0x1280 [ 324.242832][T11330] ? lock_downgrade+0x880/0x880 [ 324.247686][T11330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 324.253932][T11330] ? oom_killer_disable+0x280/0x280 [ 324.259134][T11330] ? find_held_lock+0x35/0x130 [ 324.263919][T11330] mem_cgroup_out_of_memory+0x1ca/0x230 [ 324.269463][T11330] ? memcg_event_wake+0x230/0x230 [ 324.274498][T11330] ? do_raw_spin_unlock+0x57/0x270 [ 324.279609][T11330] ? _raw_spin_unlock+0x2d/0x50 [ 324.284476][T11330] try_charge+0x102c/0x15c0 [ 324.288981][T11330] ? find_held_lock+0x35/0x130 [ 324.293762][T11330] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 324.299330][T11330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 324.305582][T11330] ? kasan_check_read+0x11/0x20 [ 324.310445][T11330] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 324.316004][T11330] mem_cgroup_try_charge+0x24d/0x5e0 [ 324.321313][T11330] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 324.326958][T11330] __handle_mm_fault+0x1e1f/0x3ec0 [ 324.332081][T11330] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 324.337632][T11330] ? find_held_lock+0x35/0x130 [ 324.342396][T11330] ? handle_mm_fault+0x322/0xb30 [ 324.347353][T11330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 324.353601][T11330] ? kasan_check_read+0x11/0x20 [ 324.358462][T11330] handle_mm_fault+0x43f/0xb30 [ 324.363251][T11330] __get_user_pages+0x7b6/0x1a40 [ 324.368209][T11330] ? follow_page_mask+0x19a0/0x19a0 [ 324.373410][T11330] ? __vma_adjust+0x1840/0x1840 [ 324.378284][T11330] ? lock_acquire+0x16f/0x3f0 [ 324.382971][T11330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 324.389238][T11330] populate_vma_page_range+0x20d/0x2a0 [ 324.394706][T11330] __mm_populate+0x204/0x380 [ 324.399307][T11330] ? populate_vma_page_range+0x2a0/0x2a0 [ 324.404961][T11330] __x64_sys_mlockall+0x35c/0x520 [ 324.409994][T11330] do_syscall_64+0x103/0x610 [ 324.414590][T11330] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 324.420485][T11330] RIP: 0033:0x458da9 [ 324.424386][T11330] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 324.444434][T11330] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 324.452851][T11330] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 324.460837][T11330] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 324.468834][T11330] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 324.476897][T11330] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 324.484875][T11330] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 324.525245][T11330] memory: usage 307136kB, limit 307200kB, failcnt 639 [ 324.532515][T11330] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 324.541669][T11339] overlayfs: './file0' not a directory [ 324.547700][T11330] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 324.555035][T11330] Memory cgroup stats for /syz2: cache:0KB rss:297952KB rss_huge:243712KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:154744KB active_anon:13032KB inactive_file:0KB active_file:0KB unevictable:130336KB 12:47:20 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 324.619577][T11330] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10215,uid=0 [ 324.647664][T11330] Memory cgroup out of memory: Killed process 10215 (syz-executor.2) total-vm:72712kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 324.702350][ T1043] oom_reaper: reaped process 10215 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:47:20 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x40049409, &(0x7f0000000040)={0x15}) 12:47:20 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:20 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0xffffff1f) [ 324.916849][T11352] overlayfs: './file0' not a directory [ 325.038882][T11362] device nr0 entered promiscuous mode [ 325.104879][T11330] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 325.115460][T11330] CPU: 1 PID: 11330 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 325.123447][T11330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.133500][T11330] Call Trace: [ 325.136804][T11330] dump_stack+0x172/0x1f0 [ 325.141156][T11330] dump_header+0x10f/0xb6c [ 325.145581][T11330] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 325.151407][T11330] ? ___ratelimit+0x60/0x595 [ 325.156007][T11330] ? do_raw_spin_unlock+0x57/0x270 [ 325.161155][T11330] oom_kill_process.cold+0x10/0x15 [ 325.166277][T11330] out_of_memory+0x79a/0x1280 [ 325.170957][T11330] ? lock_downgrade+0x880/0x880 [ 325.175823][T11330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 325.182344][T11330] ? oom_killer_disable+0x280/0x280 [ 325.187540][T11330] ? find_held_lock+0x35/0x130 [ 325.192321][T11330] mem_cgroup_out_of_memory+0x1ca/0x230 [ 325.197870][T11330] ? memcg_event_wake+0x230/0x230 [ 325.202906][T11330] ? do_raw_spin_unlock+0x57/0x270 [ 325.208019][T11330] ? _raw_spin_unlock+0x2d/0x50 [ 325.212875][T11330] try_charge+0x102c/0x15c0 [ 325.217383][T11330] ? find_held_lock+0x35/0x130 [ 325.222159][T11330] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 325.227706][T11330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 325.233952][T11330] ? kasan_check_read+0x11/0x20 [ 325.238933][T11330] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 325.244489][T11330] mem_cgroup_try_charge+0x24d/0x5e0 [ 325.249826][T11330] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 325.255446][T11330] wp_page_copy+0x408/0x1740 [ 325.260018][T11330] ? find_held_lock+0x35/0x130 [ 325.264766][T11330] ? pmd_pfn+0x1d0/0x1d0 [ 325.268987][T11330] ? lock_downgrade+0x880/0x880 [ 325.273838][T11330] ? swp_swapcount+0x540/0x540 [ 325.278600][T11330] ? kasan_check_read+0x11/0x20 [ 325.283436][T11330] ? do_raw_spin_unlock+0x57/0x270 [ 325.288535][T11330] do_wp_page+0x48e/0x1500 [ 325.292946][T11330] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 325.298312][T11330] __handle_mm_fault+0x22e8/0x3ec0 [ 325.303412][T11330] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 325.309045][T11330] ? find_held_lock+0x35/0x130 [ 325.313797][T11330] ? handle_mm_fault+0x322/0xb30 [ 325.318740][T11330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 325.324966][T11330] ? kasan_check_read+0x11/0x20 [ 325.329825][T11330] handle_mm_fault+0x43f/0xb30 [ 325.334577][T11330] __get_user_pages+0x7b6/0x1a40 [ 325.339502][T11330] ? follow_page_mask+0x19a0/0x19a0 [ 325.344689][T11330] ? lock_acquire+0x16f/0x3f0 [ 325.349349][T11330] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 325.355597][T11330] populate_vma_page_range+0x20d/0x2a0 [ 325.361072][T11330] __mm_populate+0x204/0x380 [ 325.365657][T11330] ? populate_vma_page_range+0x2a0/0x2a0 [ 325.371279][T11330] __x64_sys_mlockall+0x35c/0x520 [ 325.376824][T11330] do_syscall_64+0x103/0x610 [ 325.381434][T11330] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 325.387317][T11330] RIP: 0033:0x458da9 [ 325.391292][T11330] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 325.410993][T11330] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 325.419527][T11330] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 325.427599][T11330] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 325.435598][T11330] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 325.443695][T11330] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 325.451686][T11330] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 325.467861][T11330] memory: usage 307200kB, limit 307200kB, failcnt 657 [ 325.474737][T11330] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 325.482193][T11330] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 325.492340][T11330] Memory cgroup stats for /syz2: cache:0KB rss:298008KB rss_huge:241664KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:141924KB active_anon:13016KB inactive_file:0KB active_file:0KB unevictable:143164KB [ 325.515160][T11330] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11324,uid=0 [ 325.530616][T11330] Memory cgroup out of memory: Killed process 11324 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 325.549119][T11362] device nr0 entered promiscuous mode 12:47:21 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x8) 12:47:21 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x4020940d, &(0x7f0000000040)={0x15}) 12:47:21 executing program 2: r0 = syz_open_dev$adsp(&(0x7f00000000c0)='/dev/adsp#\x00', 0x451, 0x4000) faccessat(r0, &(0x7f0000000100)='./file0\x00', 0x80, 0x100) mlockall(0x3) clone(0x27fffffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) unlink(&(0x7f0000000000)='./file0\x00') perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x4, 0x100) mlockall(0x3) 12:47:21 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:21 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 325.705722][T11369] overlayfs: './file0' not a directory [ 325.770494][T11373] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 325.781137][T11373] CPU: 0 PID: 11373 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 325.789129][T11373] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 325.799188][T11373] Call Trace: [ 325.802496][T11373] dump_stack+0x172/0x1f0 [ 325.806847][T11373] dump_header+0x10f/0xb6c [ 325.811273][T11373] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 325.817085][T11373] ? ___ratelimit+0x60/0x595 [ 325.821679][T11373] ? do_raw_spin_unlock+0x57/0x270 [ 325.826974][T11373] oom_kill_process.cold+0x10/0x15 [ 325.832093][T11373] out_of_memory+0x79a/0x1280 [ 325.836778][T11373] ? lock_downgrade+0x880/0x880 [ 325.841615][T11373] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 325.847870][T11373] ? oom_killer_disable+0x280/0x280 [ 325.853063][T11373] ? find_held_lock+0x35/0x130 [ 325.857841][T11373] mem_cgroup_out_of_memory+0x1ca/0x230 [ 325.863401][T11373] ? memcg_event_wake+0x230/0x230 [ 325.868414][T11373] ? do_raw_spin_unlock+0x57/0x270 [ 325.873512][T11373] ? _raw_spin_unlock+0x2d/0x50 [ 325.878351][T11373] try_charge+0x102c/0x15c0 [ 325.882837][T11373] ? find_held_lock+0x35/0x130 [ 325.887615][T11373] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 325.893156][T11373] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 325.899396][T11373] ? kasan_check_read+0x11/0x20 [ 325.904274][T11373] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 325.909820][T11373] mem_cgroup_try_charge+0x24d/0x5e0 [ 325.915105][T11373] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 325.920761][T11373] __handle_mm_fault+0x1e1f/0x3ec0 [ 325.925860][T11373] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 325.931501][T11373] ? find_held_lock+0x35/0x130 [ 325.936252][T11373] ? handle_mm_fault+0x322/0xb30 [ 325.941205][T11373] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 325.947482][T11373] ? kasan_check_read+0x11/0x20 [ 325.952326][T11373] handle_mm_fault+0x43f/0xb30 [ 325.957078][T11373] __get_user_pages+0x7b6/0x1a40 [ 325.962026][T11373] ? follow_page_mask+0x19a0/0x19a0 [ 325.967219][T11373] ? __vma_adjust+0x1840/0x1840 [ 325.972058][T11373] ? lock_acquire+0x16f/0x3f0 [ 325.976750][T11373] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 325.983007][T11373] populate_vma_page_range+0x20d/0x2a0 [ 325.988452][T11373] __mm_populate+0x204/0x380 [ 325.993052][T11373] ? populate_vma_page_range+0x2a0/0x2a0 [ 325.998693][T11373] __x64_sys_mlockall+0x35c/0x520 [ 326.003884][T11373] do_syscall_64+0x103/0x610 [ 326.008547][T11373] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 326.014417][T11373] RIP: 0033:0x458da9 [ 326.018302][T11373] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 326.038188][T11373] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 326.046600][T11373] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 326.054596][T11373] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 326.062561][T11373] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 326.070522][T11373] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 326.078492][T11373] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 326.088244][T11373] memory: usage 307200kB, limit 307200kB, failcnt 669 [ 326.095422][T11373] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 326.109398][T11373] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 326.119635][T11373] Memory cgroup stats for /syz2: cache:0KB rss:298020KB rss_huge:241664KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:146552KB active_anon:13032KB inactive_file:0KB active_file:0KB unevictable:138592KB 12:47:22 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x8) 12:47:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x80045432, &(0x7f0000000040)={0x15}) 12:47:22 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000001700)='/dev/net/tun\x00', 0x8040, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/150, 0x96}, {&(0x7f00000000c0)=""/196, 0xc4}, {&(0x7f0000000440)=""/163, 0xa3}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000001500)=""/244, 0xf4}], 0x5) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dlm_plock\x00', 0x12002, 0x0) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f0000001600)={0x3, 0x0, @ioapic={0xf000, 0x8, 0x8000, 0x80000001, 0x0, [{0xffff, 0x80000001, 0x81, [], 0x40}, {0x86, 0x9, 0x615a9fd0, [], 0x42c0}, {0x1, 0x2, 0x10001, [], 0x6ac}, {0x1, 0x2, 0x2}, {0x0, 0x100000000, 0xb3, [], 0x40}, {0x0, 0x27, 0x8, [], 0x3}, {0xe7b, 0x81, 0x8, [], 0x85}, {0x1, 0x87, 0x9, [], 0x7}, {0x2, 0x3, 0xf3, [], 0x8000}, {0x3, 0xffff, 0x5, [], 0x5}, {0x7, 0x0, 0x9, [], 0x4}, {0x40, 0x8001, 0x7, [], 0x9a}, {0x7f0e4243, 0x7fff, 0x7, [], 0x1}, {0x6, 0x4, 0x6, [], 0x3ff}, {0xffffffff, 0x100000001, 0x3, [], 0xba}, {0x6e0a, 0x81, 0x200, [], 0x6}, {0x9, 0x7, 0x2, [], 0x5c01}, {0x10000, 0x8, 0x7ff, [], 0x3}, {0x7, 0x0, 0x400, [], 0x1}, {0x0, 0x3, 0x6}, {0x0, 0x7fff, 0x0, [], 0x80000000000000}, {0x7fff, 0x80, 0x7, [], 0xa61}, {0x5, 0x8000, 0x3, [], 0x20}, {0x4c2, 0x5e3c, 0x8, [], 0x7fffffff}]}}) [ 326.162360][T11373] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2 [ 326.192721][T11373] ,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10250,uid=0 12:47:22 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 326.241085][T11385] overlayfs: './file0' not a directory [ 326.258713][T11373] Memory cgroup out of memory: Killed process 10250 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB 12:47:22 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x80045440, &(0x7f0000000040)={0x15}) 12:47:22 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x3f000000}, 0x8) [ 326.333306][T11396] device nr0 entered promiscuous mode 12:47:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0xc0045878, &(0x7f0000000040)={0x15}) 12:47:22 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) [ 326.470107][T11405] overlayfs: './file0' not a directory [ 326.634280][T11415] overlayfs: './file0' not a directory 12:47:22 executing program 2: mlockall(0x1000001) clone(0xfffffffffffffffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x1000000000000000, 0xffffffff, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffff, 0x0, 0x0, 0x0, 0x3, 0xfffffffffffffffe, 0xffffffffffffffff, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xfffffffffffffffd) r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x408002, 0x0) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f00000000c0)={&(0x7f0000ffc000/0x3000)=nil, 0x3000}) mlockall(0x3) ioctl$KVM_GET_PIT2(r0, 0x8070ae9f, &(0x7f0000000100)) 12:47:22 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x50000000}, 0x8) 12:47:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0xc0045878, &(0x7f0000000040)={0x15}) 12:47:22 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:22 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0xc0189436, &(0x7f0000000040)={0x15}) [ 326.876278][T11427] overlayfs: './file0' not a directory 12:47:23 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0x8) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x2, 0xc40) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x0, @mcast2, 0x7}, @in={0x2, 0x4e22, @broadcast}, @in6={0xa, 0x4e22, 0xffffffffffffff88, @loopback}, @in6={0xa, 0x4e22, 0x7ff, @empty, 0x3}], 0x64) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000180)=ANY=[@ANYRES32=0x0, @ANYBLOB="00ee18ca7c7f60b7ff27da05761d6107000100ddff5602"], &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r1, 0x84, 0x71, &(0x7f0000000140)={r2, 0x1f}, 0x8) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) 12:47:23 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0xc020660b, &(0x7f0000000040)={0x15}) 12:47:23 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xd0070000}, 0x8) 12:47:23 executing program 2: mlockall(0x4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x3, 0x2) ioctl$TCSETS(r0, 0x5402, &(0x7f00000000c0)={0x100000000, 0x2, 0x9, 0x2, 0x14, 0x100, 0x80000001, 0xffffffffffff1882, 0x6bf999e3, 0x3e, 0x7f, 0xfc}) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x4) 12:47:23 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x3}) [ 327.437738][T11456] overlayfs: './file0' not a directory 12:47:23 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:23 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:23 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/fib_trie\x00') getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f00000000c0), &(0x7f0000000100)=0xffffff24) 12:47:23 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x7, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x200000, 0x0) r3 = getpid() sendmsg$nl_generic(r2, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x27a058082981adef}, 0xc, &(0x7f00000000c0)={&(0x7f0000001b80)={0x15b0, 0x41, 0x400, 0x70bd25, 0x25dfdbfd, {0x12}, [@nested={0x1370, 0xd, [@typed={0x98, 0x14, @binary="e249a6bc366fd0a5d527567b52b35ad7244a7caf38541fbd819b936a0d67b3a627f0eabe6c8b91c360c256c567929d626b8402d37c69aa45ead0bd7659354eb5ab3ffc58590748f29d95cca47afcb89e9d4d4d5451ebbbb85e403c39c39bfd12b542888d19a58d2cef2ea1d6a2588ea54a6616e9d9d60dd9a41d2c96abdc54a4d1250c3345ab54d43b86f854298c80263f"}, @generic="4e003751759530f65ae0ec62d0e171f0c1a166b39eeea524f3d6dbf40e8ccaad194e07b86d357159ba782f7884ba9c042a9eadb91e3170c9be0e986b56c656a1f2a9619cac65d88f8f71e413291144f06315ac", @typed={0x8, 0x62, @fd=r1}, @generic="b5f377b3737e5e1d800baca84f1dacc069040825c7d3e4515f960f8e129437ab927fe81f316af541b94b4071213bb11bbec56fb36d86eea58fb0b1aeb367f6876829c8c1733a53751abd6111f6a3864d9c9d7b8107e78625ea5eb9a0fceeae81dc7fc1eccf73c50ccc70a7ee05d3f1759d3894089dfd9f30a3d0b3b5c3d4f8506fabf12218329a210e2acfde8c9e9c5053f1e1eeb4f219", @typed={0xf8, 0x96, @binary="d6af2ff239a104b2ad9aadcc4ee5570a3e5f7e91243b3ca182ae9af9f6ddf0b9c3f965ab409fd2d19c8897bdf3a5b3eae3a80784ce3281acd2c8c83254b155564a7897250be4156a3513f1fd10ae40cc50e3ce06926299a36474e1116bca688cca5006e00a4507ad8947d9f30d1e4c3039e1d6a9eb5346d108dab6a60b55df04e892b62feeb4ef024574fa0966fb4b7f19bd3a74fcc44099843cf3ff55fb2b51bb7502cd484fd22653065db6b267c85b83d37b4fb10334bb5d08e0aad559b1fc550d71da051cb4ef9be9a3aae4f1ac25971326ee17bf2647cb39828329cabdf515a33167ac975777daa6ad9265db006e51e56ff7"}, @typed={0x8, 0x1f, @pid=r3}, @generic="5056e2fc668dd66619916b7cd36d3659a250fae8011e3aa110687f9b", @generic="384e56c53627139b6b1da9f19b3c4d982d781b029e8096cab38d8e01d59e30aa86267df8d4fb78ff062a92d070ec4e98653ba9b789454b10e59142e513c460734efc7345e6d2d20d301c2bb8f52ad4e120fcbc1511860d5b25059e6e522f646382bf56c377bad0a90299231a0280edfc4c5a590cca9cfb105de72c7f95c9036da853c39681e4636ba81a50c5ac842d80495428df0cf56ba6df7cce023199d0bcafdc0b7ab4a014d962d7c428f1c33a9c2b430130204e3d63d9cc57010968a7", @typed={0x4, 0x6f}, @generic="5d49052a419d35fb8ea3c2e28c38e411bf15bd83deeadb0eb6357f3db3469753d018bc4d44907e420d9852e8053188a0dddd48a723ec5e9f56cfaaae651ecc5b2573ee112abd8697bf8c8d35db8bbc4b78680c04ba9eefd387aba141811afe6ccb5529278b2ca4199ef4dddac1c3aa8d524a12d65783d72ba21a23f1c17738009c15d1aa0d3fdcafc3c7f316916336c9a6b3bc8453d3052cc14508ada5f32062e60f55871ef5cc6c26004c12ba3f0e650267826e4a0ada4a3bddadcbfa85282c9d100cc8a5a7edaecbf8726b57a6b7c9342dd29b01d31913b8d6195da5ac1ded178db8b7c121c0f5f3de4b697b57e077299e71b8fc39874a88e3f3899176062ce7fc83d45c0740986c41f5e6666adb25c9839c0c88f8509dc3ea27965edce9e8467a73c56488bf35bfb28a8daf8e4bb308bfb4a5f0ef746fef322f660ff34847c624a88129a615295c4be54edfcdcb64b29c4d95bfbd2361972ede72a5d28d71f706a26f932bb7a9d2be7761b3ea8d5d881cac0c23f1ba7b7fb78649569530e0e7f49a0dbf59a112ccb382a28d79ccf739eb6c96e13453771ae070e5b1cdb1cef71fcebf22d369cfdf4ed409834323cae80d8d4e5c1a6dcb7350921d82a78da6ca3d1139f78f55eb2fcd1f93dfbfe69c7b998352ae777afadee8232a61827a99ea31eae8ad87e17438bd7587b0d511806fd6e37b2f7bf169f88d01656bfb44ddc484f77e83983597a7700f731f5a7a73d53bc01a56406aab408791bb92ea975b6f1eab7c187d63f67d40b92ac7f7aca5982285ed7a059c98989676b27e73c9e8df4cc1e4c63e2dd849bc89316f789bac475d8db06cc6e80463cdaf81e1b5c429adb8c78f33f5b9b1055a106aab8ae34c87b48a81596e396dde51fc2aa74a3e5d754469f09da134c813d2a08b7ade350dbd2f9cbef91df8f7e17761e8c159d5f26a27fd975468cc1204a7164b706e1929360424885d11a7f17a818f552482b0ee201234197b00340cbf502a53e02d34dff0dd1468bdcebbf80553bee00b17bf83b14c4491928b263ec1d2feb48e974b214ca7b53dbbb2b3a2ba416b1b7ad037f790c55e0271fbe8186a449fbca57961464546f242885de27075553c0af948861784e20465c243ee36a4b3f2e9614ab4cc8941baac4f31901ccd969e5ed7e5e4c33351da470f3afb9077e300f1095feaf2865104be1e4d88b5bc3d461ba776a583a8cb32eab7ac5f544558b315ecbcdb8eac49c4508783927c9b2df06e46947229c7fa7aee0a19a4f92069dfabb9f3fe461d29ea59e0111124fa4338b07fc326fb3266b1c6650f465543c6c640b58dbd888fb8bdbc5477ca6340e21abb1dfddf1030d973b7b414bb79aff2e34340b1df380bcc1f580b357cb3c4469a80e8110d1cd48bead3c25fe188ab88f64b5ad80ff96e1ee226c6e502411e31b7b0823f6643401b66d811258293f08e4bee5f9d9b20041d13bb1cdfc75b68fc622263321f2b845680e9d2de49123e94e81cc9dfe501b10834b3dd3c3dcd1fc7dd536bdbe39efd732a673331a6c9d9421d4e33e865549a16cc0ac300a4f31e78496bed4e3cae777ed0875653e53026cbb0667521e97abf69e5882a2258a0dcd714460084184aac57c6ddcdeb790fbd5457b866f23a0b4c4de8f5f3a7b23c90971c5d1e82dbdd92df0eb0980dea5ae08474a8281a6f6d59bf161d8c4d14aa22f248a7f57ab66a405748f0b10e28cfbe514dc545014a66c5ba5bcd26ee829acbab1c8b8d7e0f557c74bdbcf940fd8f8664d1155f1e1ecb4c704ae4f1ba57c3ff0c71b7a52fca7a216bb5368e92f807e9357c281e9b699d4765a3c4eab916fc157fe46f700f8cbc3338378ebc50eb87ac9250424f9812100999bf3db88dd64f65fd75f3338962974ef599c63e047bffa01e7c6bebb7fc2f46b3b0e51ae7d3610a445d981f6bdff51af9183e05ab190e38bd34efe54e9481f56ac059e539c35a8562d6a9aefc396e5cc3cea7cb1959fc53cec07590b450a18c6603160f5e0747a55bb32e9d4bb66d5c2794f72fee382920908826bd0975622f969d2cfe20c3a697269f1c1ece9e18398ba9cec9eca25a03d6083463d10963b405a7d074448ac4fdaec0935ab82b116040a865e6cae7a204aa57d67e8cc42c7f66ce9ecd0b64f8d2be1550d886195031fd36aff337109b89c54c274562b75a32de280aad59f639ea04f09a26fdac9977bb1c58d8a532c5eef8c3242050479788529042c43804afcd471339535db4e79cf36c819c9a1582d75b48cfcc4383d1b5301c5fac4145993058cefeaa52fb3d4aad8bc10a9c7bc3ef5532bc35ba8be4132eb4351dcc07810b9ae09822057a19d8755492372e4b02ef6e7ea08994feea769177ace409e778c431222c5174534e14b6ce3747b527e18ac3aae61702a05084293157f8d4e256a16afc7674fab8ede0ff1ef47fe451e972488c153e08495e811e14d4f1228d7f31171c08b87b1cb6ba7ae375bbee5448185466268694c3775e48359c0d98067839200876585a69560c8d1766abb865447d47673e6b47f47210481ac3fd07e1328dd26d42a2fccdf8b17bcfda18d629b48a37c9369b70647253d28942465a3ffe710b8351a22fa5c30c460e8a82c2c88a149e5c735772280158e6d85d3cf45d158e4913eefe96bda43c6a67abf1a4482ecead81ec9a14ef42a2ee71757a20999043d3c5a3ccc277be1d4abd71860953b4145cdd2f30351683b297b20c200e7db1ff6461b22aec2b4ce01058b5b05f088896409c0ee34da49901c59be91f1a163225e75bc951f6f8ba4a9d68360311e21a14d659e2c5097bad57a158032e433fd64c48f13b127776a52150c6e0ee4a1ee14df28cadbc091da81dbe91f2d4c335faa4cc8303713d02209ff240658b45c22708c246c67fcebd99eda9b916876f5efd6b1d63860c0a5f2dfeb917e3b0a062e5089607d014ab5f81fe594b441ea39a26624acb24eec681c4b2fb38700d2dfd43a9c8e202dd665c242adae4dc95e6ba9a4929ef34f971c359fe8e96cb954c8fe6dbdb705850b6f1f08365741404e8de3232bf47a7e946ad67febe46491bade6888806f8e6f3135aff10ae8d81a98bb820fb2895318ce51cb2771f184fa63590550c48332ef5adbde07cfc6f04f6f6f939e0643e4760de8aee478d87a6869bdd068858a49184dddb0be8fed285030a92eeb4f46f7be73f225423ab34903179452e44cae87bcf1062ed3799fcaaead5c3e312701fdd211057325fecf6d8a7fca5bfbd4eb39a06118e864ad04a38396d9c64910538bbc038bb9e980b9e39fbd859d045f832a28f5568e14b138d08053d1f94fc259ebf4c30611afce1cf073272ebb37ac97152b8b23ee00de798450814a53764b23e3b5d46bd68b242419094fb2b37e1b1675b7cede3d3a2185294d3777f1db9481e12551dafa36b523f8ceb2d9c6869fcf5e3184db8003987018ca45aac57940b579a1699d666461f3810437115ccbf579beda3b4e674994f7c5444034b1f9e1f3632c4b351fa4ae4a861a93e25c7e66151d95b50212dddb80202c7202b21da4dfb7053fb9cf856a570598e56bfa74a91249fb1fec2d5ebd6b8549eaf2a4493a67d1267fb5c42fd8f4ead09f25e5923af7e032bc5aa59f7fbd516f2be2ecaa719170591feccd823b2074d491c88b03bebe7fec43ce5133ff10ecc7c3aafa5183733451a06fb8a3211f37c53241e6d8789d35bc96ad97ed88dd3a3cb686c8f7ffecde38fbad3ddd24d4d238bca3baef9ab78be091ae0aa126c58c8fff3f9965545377365dc1ae28db9fc0235355c88b3c01933beb49fadfdb6975d2f8554ffb33521e4aa99126bfc72f70ebaa29e5520760e340172bd01412afbcef6fd0c5ff6ae8c945e670ee403301a12a1d3ea26fb0f7886e8b6a3d45fbff8ac49877058872e093a1f09b720ec24021db0aea8b427d234ef84aefbada6e3271ae44777bacfe0c3b085cdb039f404255e8a2f05378cc6d473bf24dbd93f6d9444a3032c3ebe62f6dfe1b6b4f1e67fa15cb1d0c5b6234caa9be26c09b4d7f6380a58dc0a3ca5aa67cf3de79008be74814046c269f37001b203557cf332232ebcde52160730dda667f56b219c386acf667b9f70272add3298d3f51d411eae1d868691272fcdb4326638f6c5b878b6b0a553a159c33f8e88e8c7c9cebe66f51bc2024054ca58ad528065631fce9b8eccbdc9d01b38cfc82587d996e87a205294b8002260d903085eb16b7bbedb704382ba90ca2235ee105d0a0982423ab0fd56c4ee8a20f0a46e1a21cda497590f279e4be3dae6f0da557c112188d809f1a8edb0a7785c053dc07f6d4a885b1441ccdff36a8bfa1436126acd66656b424a8971586962d54ea456c3f99926111e26bde7ce3d83c8cb12a00f3b522f03e392a9e981697ddcf1a0041fbdfe977e65605a474fc761188354cec94918cd00bc7bde76c820ef7007fc9aed1319feb2bef1c271dcc6d0b0702bdf5ca992ba157a943340e5583ace3bcf43f5372ad1c1f564d0b66bcfa219d86ab89b302b74dcd8f86ac47d228e50fedc76c2cd02cdc458f078e99716275ec151e281ad49cf3d9ea729627088313daab8cd950816946ac64c6e9fb844cb5e0ed3ae801dbb855b69eddc9b4bba83c3b98a3448d16fe69d24c869f958f924e6a8a464874ddf82434556c5befc7b692ee5a30f7661bbbb9b4305639ffc6b4917b226b3ceb36ebc465c566bc8aeea6898590ae59fff2cce744f467ba483f93d4dfc4ab3cf49e14fcae57ee5b69418c5f4215240a94a5b5be623cfb6ab06321725911873380e41ac922c0c438161340ed9d25234917acfe67e3ab07f04d5534ff5a894c36f61d33eda8bfe5e56b67fc9fdef2e8dd63b8b496f066113d59d9629ff855e1bee911a97db76cd5a09c1c4acac567d14206b6e1304e4966cec05c3e5f7446edd29c6227fc0f77c1f34c7e92d2e8f9ff74976186a6c7609768fdd10f9596888ea6669fd34d588756af426496bfa2bc20614b913803ed41f9e82efec13460248121c0f9b3ea4041ae32cfb994eee3f56f6e4edb1ff50dfd4238388cd96a1fdaec9974ff8a435bc969a1ba01ecb231aba8565392f2c98b69fd92658780d9e866968efa9816e09244d9c40920e1a2df16b64d59cee79a9d90c1c319a6effb5ce76cf52cad33365d7cbbd67527f8e1d635198e082979cc1d3f8ec37eced2e220fe5bc02f8e03a28c9c322d86e38299e99fe57bc0887e45c0149e52d943948940f8f3dc8296b8e2c01af4a953e1a731aa0897dd9ec2899fd3bd114aad023dc2f0124475e38386ecf80c30d350cf534ecf4de5cf143c5d43db1b9eefbfa989a9d596ffca1db312ee500aa4a5be818de3429ab7e22903abf2a3a592bd5c4c8634464e45e37402eef58373fe41ba47e3d1222790adf1fdc5f96947c037b4222f7103f21d7a32ebdee9ef80936940cba0b415acb44d1aee4626b812a36535f6c7cd9f6c93ba220bf8b9686933b24e1db3cc629bab13a5f8f1f93d18e46f43ab7f4c2d156f3b1b51e31bf009fcb19ac039de559deec300e856e776b3b6bb9d29c964143161f4c4e3fdef8173ec09a215485872df584bc2fc6548a6f4467a5d2ac8625e84ccea19e5851c9dae7ff7946592e6ae6503988238451b2fcb85b51c75640043313c28c1a99bbc5097f5276dedefcaf8236b6c22d1fb7a98000c8e3895ceadc80b84dbdc481a0603c100fa47bc49589cce746382c24a03547137fe7f211186392459a0f3c281636f79562ed9a7075b9c27904c9a55333d4efa4"]}, @generic="8976818100a2d0029e9d5613b4b1cb646f5187b0376a4dbc982a64a76e9814a4051473c94431adcfe2baebe0ec1f5d9ccb67a89cfdddf5b6a1fe60b524152b11f5213f0e3bd7c0d59d3423adb4ba428d88a63418c73ae163b46f1093242253e643a59b9322753c28b2ba2a0e05560cd89dbfb1fcc87c597b7bd89598f16518132ff20cf195e42e3d9ecf79d70b84fab3ecd977914d226b8f18022bd6f7199ae8450ffde0b6a3045b57ea297eba1faed05673a355cbf34524b75a8ebdf5b63e630d010c943f39aea36748806ca2d9371bb2fa83dbd7745645a8dea1a9213d", @generic="58a5190aaf6fa3bb51a2e491a8be02662bb8ed101e8638d52552070c3f331076a077dd09d73d021423b398fcda37de13766a60def1e695d6dc4f1001afab63ff0dabf7acd8467eea7e2a0ef1ca812d823a3d1f4867c2e88f0df4440cc2e326ff0fcc8cfb341e23a5f9369f9940baa94e0744b9191bf69d3534c99fb12ffd658599e656ef6b689e52536719cab82f0df184ff66d7f424208b1e3c554558b6795576b67a386b9d1807115e28d41646f350f51bc7a3d044bd5c31a1071e00beb2a8afabcd84", @generic="c1d703caa210c69d862a68dbcce7b18acacf5564ea73f14b6798b7ba7517418402b072cd7e90d893e9942e0119fb6875f7f2b7c4d448abe3a1d8e3d0a97913af9772b989a99b84fd0c2e3ff65292d2f4f56d4e5b40e37014426a5fcbb09d3920f49a2ed15a821e110d2522ad94cc045cb9bda3b461df6393c8eff623ae9bb5673537185f20a52a70f9"]}, 0x15b0}, 0x1, 0x0, 0x0, 0x1}, 0x44041) 12:47:23 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x7}) 12:47:23 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x100000000000000}, 0x8) [ 327.659783][T11480] device nr0 entered promiscuous mode 12:47:23 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 327.740708][T11490] overlayfs: './file0' not a directory 12:47:23 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x200000000000000}, 0x8) 12:47:23 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0}) 12:47:23 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 327.959903][T11504] overlayfs: './file0' not a directory 12:47:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0xa}) 12:47:24 executing program 3: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 328.132596][T11480] device nr0 entered promiscuous mode 12:47:24 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x3f00000000000000}, 0x8) [ 328.204016][T11516] overlayfs: './file0' not a directory 12:47:24 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 328.458945][T11531] overlayfs: './file0' not a directory [ 328.468602][T11476] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 328.486394][T11476] CPU: 1 PID: 11476 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 328.494405][T11476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 328.504468][T11476] Call Trace: [ 328.507786][T11476] dump_stack+0x172/0x1f0 [ 328.512132][T11476] dump_header+0x10f/0xb6c [ 328.516556][T11476] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 328.522367][T11476] ? ___ratelimit+0x60/0x595 [ 328.526967][T11476] ? do_raw_spin_unlock+0x57/0x270 [ 328.532084][T11476] oom_kill_process.cold+0x10/0x15 [ 328.537286][T11476] out_of_memory+0x79a/0x1280 [ 328.541977][T11476] ? lock_downgrade+0x880/0x880 [ 328.546856][T11476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 328.553108][T11476] ? oom_killer_disable+0x280/0x280 [ 328.558319][T11476] ? find_held_lock+0x35/0x130 [ 328.563103][T11476] mem_cgroup_out_of_memory+0x1ca/0x230 [ 328.568667][T11476] ? memcg_event_wake+0x230/0x230 [ 328.573696][T11476] ? do_raw_spin_unlock+0x57/0x270 [ 328.578821][T11476] ? _raw_spin_unlock+0x2d/0x50 [ 328.583661][T11476] try_charge+0x102c/0x15c0 [ 328.588276][T11476] ? find_held_lock+0x35/0x130 [ 328.593044][T11476] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 328.598577][T11476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 328.604815][T11476] ? kasan_check_read+0x11/0x20 [ 328.609667][T11476] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 328.615235][T11476] mem_cgroup_try_charge+0x24d/0x5e0 [ 328.620516][T11476] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 328.627558][T11476] wp_page_copy+0x408/0x1740 [ 328.632157][T11476] ? find_held_lock+0x35/0x130 [ 328.636926][T11476] ? pmd_pfn+0x1d0/0x1d0 [ 328.641189][T11476] ? lock_downgrade+0x880/0x880 [ 328.646110][T11476] ? swp_swapcount+0x540/0x540 [ 328.650864][T11476] ? kasan_check_read+0x11/0x20 [ 328.655717][T11476] ? do_raw_spin_unlock+0x57/0x270 [ 328.660834][T11476] do_wp_page+0x48e/0x1500 [ 328.665351][T11476] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 328.670711][T11476] __handle_mm_fault+0x22e8/0x3ec0 [ 328.675818][T11476] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 328.681348][T11476] ? find_held_lock+0x35/0x130 [ 328.686108][T11476] ? handle_mm_fault+0x322/0xb30 [ 328.691037][T11476] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 328.697259][T11476] ? kasan_check_read+0x11/0x20 [ 328.702117][T11476] handle_mm_fault+0x43f/0xb30 [ 328.706959][T11476] __get_user_pages+0x7b6/0x1a40 [ 328.711883][T11476] ? follow_page_mask+0x19a0/0x19a0 [ 328.717099][T11476] ? retint_kernel+0x2d/0x2d [ 328.721703][T11476] populate_vma_page_range+0x20d/0x2a0 [ 328.727167][T11476] __mm_populate+0x204/0x380 [ 328.732057][T11476] ? populate_vma_page_range+0x2a0/0x2a0 [ 328.737678][T11476] __x64_sys_mlockall+0x35c/0x520 [ 328.742689][T11476] do_syscall_64+0x103/0x610 [ 328.747269][T11476] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 328.753152][T11476] RIP: 0033:0x458da9 [ 328.757028][T11476] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 328.776954][T11476] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 328.785371][T11476] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 328.793332][T11476] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 328.801293][T11476] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 328.809258][T11476] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 328.817209][T11476] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 328.838974][T11476] memory: usage 307180kB, limit 307200kB, failcnt 699 [ 328.846104][T11476] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 328.870305][T11476] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 328.887066][T11476] Memory cgroup stats for /syz2: cache:0KB rss:297636KB rss_huge:241664KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:148228KB active_anon:15256KB inactive_file:0KB active_file:0KB unevictable:134288KB [ 328.916275][T11476] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11475,uid=0 [ 328.932320][T11476] Memory cgroup out of memory: Killed process 11475 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 328.953754][ T1043] oom_reaper: reaped process 11475 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB 12:47:24 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) openat$userio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/userio\x00', 0x40, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x640000, 0x0) getsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev={0xfe, 0x80, [], 0x11}, 0x101, 0x2, 0x2, 0x1, 0x1f, 0x2e9}, &(0x7f0000000100)=0x20) 12:47:24 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x5000000000000000}, 0x8) 12:47:24 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:24 executing program 3: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:24 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0xd}) 12:47:24 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) ioctl$RTC_PIE_ON(r2, 0x7005) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) [ 329.099781][T11542] device nr0 entered promiscuous mode [ 329.115229][T11551] overlayfs: './file0' not a directory 12:47:25 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:25 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xd007000000000000}, 0x8) [ 329.198452][T11550] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 329.244042][T11550] CPU: 1 PID: 11550 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 329.252067][T11550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 329.262124][T11550] Call Trace: [ 329.265423][T11550] dump_stack+0x172/0x1f0 [ 329.269769][T11550] dump_header+0x10f/0xb6c [ 329.274209][T11550] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 329.280025][T11550] ? ___ratelimit+0x60/0x595 [ 329.284627][T11550] ? do_raw_spin_unlock+0x57/0x270 [ 329.289756][T11550] oom_kill_process.cold+0x10/0x15 [ 329.294876][T11550] out_of_memory+0x79a/0x1280 [ 329.300163][T11550] ? lock_downgrade+0x880/0x880 [ 329.305016][T11550] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 329.311260][T11550] ? oom_killer_disable+0x280/0x280 [ 329.316464][T11550] ? find_held_lock+0x35/0x130 [ 329.321241][T11550] mem_cgroup_out_of_memory+0x1ca/0x230 [ 329.326796][T11550] ? memcg_event_wake+0x230/0x230 [ 329.331853][T11550] ? do_raw_spin_unlock+0x57/0x270 [ 329.336969][T11550] ? _raw_spin_unlock+0x2d/0x50 [ 329.341847][T11550] try_charge+0x102c/0x15c0 [ 329.346354][T11550] ? find_held_lock+0x35/0x130 [ 329.351134][T11550] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 329.356710][T11550] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 329.363158][T11550] ? kasan_check_read+0x11/0x20 [ 329.368027][T11550] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 329.373583][T11550] mem_cgroup_try_charge+0x24d/0x5e0 [ 329.379766][T11550] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 329.385412][T11550] __handle_mm_fault+0x1e1f/0x3ec0 [ 329.390549][T11550] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 329.396109][T11550] ? find_held_lock+0x35/0x130 [ 329.400880][T11550] ? handle_mm_fault+0x322/0xb30 [ 329.405843][T11550] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 329.412193][T11550] ? kasan_check_read+0x11/0x20 [ 329.417061][T11550] handle_mm_fault+0x43f/0xb30 [ 329.421847][T11550] __get_user_pages+0x7b6/0x1a40 [ 329.426824][T11550] ? follow_page_mask+0x19a0/0x19a0 [ 329.432025][T11550] ? __vma_adjust+0x1840/0x1840 [ 329.436891][T11550] ? lock_acquire+0x16f/0x3f0 [ 329.441570][T11550] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 329.447838][T11550] populate_vma_page_range+0x20d/0x2a0 [ 329.453323][T11550] __mm_populate+0x204/0x380 [ 329.457921][T11550] ? populate_vma_page_range+0x2a0/0x2a0 [ 329.463590][T11550] __x64_sys_mlockall+0x35c/0x520 [ 329.468630][T11550] do_syscall_64+0x103/0x610 [ 329.473232][T11550] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 329.479122][T11550] RIP: 0033:0x458da9 [ 329.483023][T11550] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 329.502634][T11550] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 329.511054][T11550] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 329.519115][T11550] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 329.527103][T11550] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 329.535078][T11550] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 329.543055][T11550] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 329.580932][T11564] overlayfs: './file0' not a directory 12:47:25 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 329.613307][T11550] memory: usage 307200kB, limit 307200kB, failcnt 714 [ 329.628918][T11550] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 329.648430][T11550] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 329.661137][T11550] Memory cgroup stats for /syz2: cache:0KB rss:297856KB rss_huge:241664KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:154744KB active_anon:15272KB inactive_file:0KB active_file:0KB unevictable:127852KB [ 329.691601][T11550] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10298,uid=0 12:47:25 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x11}) [ 329.709939][T11550] Memory cgroup out of memory: Killed process 10298 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 329.747928][ T1043] oom_reaper: reaped process 10298 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:47:25 executing program 3: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 329.792626][T11542] device nr0 entered promiscuous mode [ 329.806695][T11569] overlayfs: './file0' not a directory 12:47:25 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}, 0x8) [ 330.307128][T11550] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 330.317371][T11550] CPU: 0 PID: 11550 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 330.325342][T11550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 330.335490][T11550] Call Trace: [ 330.338787][T11550] dump_stack+0x172/0x1f0 [ 330.343139][T11550] dump_header+0x10f/0xb6c [ 330.347575][T11550] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 330.353615][T11550] ? ___ratelimit+0x60/0x595 [ 330.358202][T11550] ? do_raw_spin_unlock+0x57/0x270 [ 330.363303][T11550] oom_kill_process.cold+0x10/0x15 [ 330.368406][T11550] out_of_memory+0x79a/0x1280 [ 330.373070][T11550] ? lock_downgrade+0x880/0x880 [ 330.378081][T11550] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 330.384329][T11550] ? oom_killer_disable+0x280/0x280 [ 330.389522][T11550] ? find_held_lock+0x35/0x130 [ 330.394496][T11550] mem_cgroup_out_of_memory+0x1ca/0x230 [ 330.400036][T11550] ? memcg_event_wake+0x230/0x230 [ 330.405050][T11550] ? do_raw_spin_unlock+0x57/0x270 [ 330.410146][T11550] ? _raw_spin_unlock+0x2d/0x50 [ 330.414980][T11550] try_charge+0x102c/0x15c0 [ 330.419470][T11550] ? find_held_lock+0x35/0x130 [ 330.425039][T11550] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 330.430579][T11550] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 330.436840][T11550] ? kasan_check_read+0x11/0x20 [ 330.441694][T11550] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 330.447252][T11550] mem_cgroup_try_charge+0x24d/0x5e0 [ 330.452551][T11550] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 330.458173][T11550] wp_page_copy+0x408/0x1740 [ 330.462745][T11550] ? find_held_lock+0x35/0x130 [ 330.467580][T11550] ? pmd_pfn+0x1d0/0x1d0 [ 330.471802][T11550] ? lock_downgrade+0x880/0x880 [ 330.476646][T11550] ? swp_swapcount+0x540/0x540 [ 330.481400][T11550] ? kasan_check_read+0x11/0x20 [ 330.491982][T11550] ? do_raw_spin_unlock+0x57/0x270 [ 330.497088][T11550] do_wp_page+0x48e/0x1500 [ 330.501509][T11550] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 330.506875][T11550] __handle_mm_fault+0x22e8/0x3ec0 [ 330.511974][T11550] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 330.517502][T11550] ? find_held_lock+0x35/0x130 [ 330.522252][T11550] ? handle_mm_fault+0x322/0xb30 [ 330.527212][T11550] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 330.533880][T11550] ? kasan_check_read+0x11/0x20 [ 330.538723][T11550] handle_mm_fault+0x43f/0xb30 [ 330.543478][T11550] __get_user_pages+0x7b6/0x1a40 [ 330.548422][T11550] ? follow_page_mask+0x19a0/0x19a0 [ 330.553609][T11550] ? check_memory_region+0x21/0x190 [ 330.558794][T11550] populate_vma_page_range+0x20d/0x2a0 [ 330.564273][T11550] __mm_populate+0x204/0x380 [ 330.568850][T11550] ? populate_vma_page_range+0x2a0/0x2a0 [ 330.574577][T11550] __x64_sys_mlockall+0x35c/0x520 [ 330.579586][T11550] do_syscall_64+0x103/0x610 [ 330.584188][T11550] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 330.590064][T11550] RIP: 0033:0x458da9 [ 330.593955][T11550] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 330.613642][T11550] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 330.622039][T11550] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 330.629996][T11550] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 330.637952][T11550] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 330.646025][T11550] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 330.661007][T11550] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 330.671459][T11550] memory: usage 307192kB, limit 307200kB, failcnt 757 [ 330.678380][T11550] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 330.685935][T11550] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 330.692861][T11550] Memory cgroup stats for /syz2: cache:0KB rss:297724KB rss_huge:239616KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:155756KB active_anon:15256KB inactive_file:0KB active_file:0KB unevictable:126780KB [ 330.715349][T11550] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11549,uid=0 [ 330.730804][T11550] Memory cgroup out of memory: Killed process 11549 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 330.745229][ T1043] oom_reaper: reaped process 11549 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB 12:47:26 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = dup2(0xffffffffffffffff, 0xffffffffffffff9c) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x485, 0x0, 0x0) r1 = open(&(0x7f0000000000)='./file0\x00', 0x80000, 0x41) r2 = syz_genetlink_get_family_id$net_dm(&(0x7f0000000100)='NET_DM\x00') sendmsg$NET_DM_CMD_STOP(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r2, 0x800, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", ""]}, 0x14}}, 0x40041) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:47:26 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:26 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x50) 12:47:26 executing program 3: r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x13}) 12:47:26 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x40000, 0x0) setsockopt$ax25_int(r2, 0x101, 0xb, &(0x7f0000000040)=0x4, 0x4) [ 330.853673][T11595] device nr0 entered promiscuous mode [ 330.887167][T11607] overlayfs: './file0' not a directory 12:47:26 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x17}) 12:47:26 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:26 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x20000088) [ 331.043469][T11609] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 331.062595][T11609] CPU: 1 PID: 11609 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 331.070628][T11609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 331.071156][T11620] overlayfs: './file0' not a directory [ 331.081154][T11609] Call Trace: [ 331.081181][T11609] dump_stack+0x172/0x1f0 [ 331.081202][T11609] dump_header+0x10f/0xb6c [ 331.081218][T11609] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 331.081232][T11609] ? ___ratelimit+0x60/0x595 [ 331.081247][T11609] ? do_raw_spin_unlock+0x57/0x270 [ 331.081262][T11609] oom_kill_process.cold+0x10/0x15 [ 331.081278][T11609] out_of_memory+0x79a/0x1280 [ 331.081293][T11609] ? lock_downgrade+0x880/0x880 [ 331.081309][T11609] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 331.081324][T11609] ? oom_killer_disable+0x280/0x280 12:47:27 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 331.081344][T11609] ? find_held_lock+0x35/0x130 [ 331.145453][T11609] mem_cgroup_out_of_memory+0x1ca/0x230 [ 331.145470][T11609] ? memcg_event_wake+0x230/0x230 [ 331.145493][T11609] ? do_raw_spin_unlock+0x57/0x270 [ 331.145511][T11609] ? _raw_spin_unlock+0x2d/0x50 [ 331.145530][T11609] try_charge+0x102c/0x15c0 [ 331.145543][T11609] ? find_held_lock+0x35/0x130 [ 331.145566][T11609] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 331.145585][T11609] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 331.145605][T11609] ? kasan_check_read+0x11/0x20 [ 331.145632][T11609] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 331.145653][T11609] mem_cgroup_try_charge+0x24d/0x5e0 [ 331.145675][T11609] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 331.145696][T11609] __handle_mm_fault+0x1e1f/0x3ec0 [ 331.145719][T11609] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 331.145733][T11609] ? find_held_lock+0x35/0x130 [ 331.145750][T11609] ? handle_mm_fault+0x322/0xb30 [ 331.145774][T11609] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 331.145794][T11609] ? kasan_check_read+0x11/0x20 [ 331.145824][T11609] handle_mm_fault+0x43f/0xb30 [ 331.145846][T11609] __get_user_pages+0x7b6/0x1a40 [ 331.145899][T11609] ? follow_page_mask+0x19a0/0x19a0 [ 331.145914][T11609] ? __vma_adjust+0x1840/0x1840 [ 331.145935][T11609] ? lock_acquire+0x16f/0x3f0 [ 331.145950][T11609] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 331.145970][T11609] populate_vma_page_range+0x20d/0x2a0 [ 331.145992][T11609] __mm_populate+0x204/0x380 [ 331.146012][T11609] ? populate_vma_page_range+0x2a0/0x2a0 [ 331.146036][T11609] __x64_sys_mlockall+0x35c/0x520 12:47:27 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:27 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000080)='/dev/input/mouse#\x00', 0x88, 0x381000) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5386, &(0x7f00000000c0)) r1 = syz_open_dev$midi(&(0x7f0000000300)='/dev/midi#\x00', 0x8000, 0x88000) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fsetxattr$trusted_overlay_origin(r0, &(0x7f0000000100)='trusted.overlay.origin\x00', &(0x7f00000001c0)='y\x00', 0x2, 0xfffffffffffffffc) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000440)='TIPCv2\x00') sendmsg$TIPC_NL_SOCK_GET(r1, &(0x7f00000005c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000580)={&(0x7f0000000480)={0xcc, r2, 0xc08, 0x70bd2d, 0x25dfdbfe, {}, [@TIPC_NLA_NODE={0x2c, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1000}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8000}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}]}, @TIPC_NLA_SOCK={0x34, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x3f}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8000}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}]}, @TIPC_NLA_NODE={0x14, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_SOCK={0x14, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x800}, @TIPC_NLA_SOCK_REF={0x8}]}, @TIPC_NLA_NODE={0x30, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x4000000}, 0x8804) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={0x0, r0, 0x0, 0x2, &(0x7f0000000280)='y\x00', 0xffffffffffffffff}, 0x30) write$P9_RLOCK(r1, &(0x7f0000000880)={0x8, 0x35, 0x1}, 0x8) sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000840)={&(0x7f0000000600), 0xc, &(0x7f0000000800)={&(0x7f0000000640)={0x194, r2, 0x310, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x3c, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x6}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xffffffffffff4673}, @TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xe70}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8000}]}, @TIPC_NLA_BEARER={0x18, 0x1, [@TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8}]}]}, @TIPC_NLA_MEDIA={0x7c, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x400}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1b}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x101}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffff47871c6}]}]}, @TIPC_NLA_LINK={0xb0, 0x4, [@TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7fff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffffffffffa}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}]}]}, 0x194}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) perf_event_open(&(0x7f0000000200)={0x7, 0x70, 0x1f, 0x386c26db, 0x6, 0xe4b, 0x0, 0xc813, 0x40, 0xa, 0x5, 0x2, 0x1, 0x3ff, 0x7fffffff, 0x0, 0x400, 0x7, 0x5, 0x9, 0x81, 0x1a9, 0x8000000, 0x1, 0x8, 0xbe73, 0xf1, 0x2, 0x101, 0x7ff, 0x1, 0x3, 0x401, 0x101, 0xc2, 0xdb2, 0x5, 0x5, 0x0, 0x7, 0x0, @perf_config_ext={0x7}, 0x100, 0x1, 0x4, 0x2, 0xffffffffffffffff, 0x8, 0x7}, r3, 0x6, r0, 0x1) r4 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x0, 0x2) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000380)={&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000000340)="dfa0fdb9439625e0f2db2c449bea9779800196bc8e802bc8b67a90ede0134698be774a2976", 0x25, r1}, 0x68) write$rfkill(r4, &(0x7f0000000000), 0x8) [ 331.146054][T11609] do_syscall_64+0x103/0x610 [ 331.146073][T11609] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 331.146086][T11609] RIP: 0033:0x458da9 [ 331.146101][T11609] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 331.146110][T11609] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 331.146124][T11609] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 331.146133][T11609] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 331.146142][T11609] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 331.146151][T11609] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 331.146160][T11609] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 331.248617][T11628] overlayfs: './file0' not a directory [ 331.272002][T11609] memory: usage 307200kB, limit 307200kB, failcnt 789 [ 331.516856][T11595] device nr0 entered promiscuous mode [ 331.547556][T11634] overlayfs: './file0' not a directory [ 331.572005][T11609] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 331.581959][T11609] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 331.595006][T11609] Memory cgroup stats for /syz2: cache:0KB rss:297812KB rss_huge:239616KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:162936KB active_anon:15272KB inactive_file:0KB active_file:0KB unevictable:119668KB [ 331.626930][T11609] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10386,uid=0 [ 331.648801][T11609] Memory cgroup out of memory: Killed process 10386 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 331.680143][ T1043] oom_reaper: reaped process 10386 (syz-executor.2), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 331.982198][T11609] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 331.992832][T11609] CPU: 0 PID: 11609 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 332.000797][T11609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 332.010848][T11609] Call Trace: [ 332.014154][T11609] dump_stack+0x172/0x1f0 [ 332.018495][T11609] dump_header+0x10f/0xb6c [ 332.022903][T11609] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 332.028718][T11609] ? ___ratelimit+0x60/0x595 [ 332.033296][T11609] ? do_raw_spin_unlock+0x57/0x270 [ 332.038404][T11609] oom_kill_process.cold+0x10/0x15 [ 332.043525][T11609] out_of_memory+0x79a/0x1280 [ 332.048215][T11609] ? lock_downgrade+0x880/0x880 [ 332.053324][T11609] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 332.059553][T11609] ? oom_killer_disable+0x280/0x280 [ 332.064761][T11609] ? find_held_lock+0x35/0x130 [ 332.069520][T11609] mem_cgroup_out_of_memory+0x1ca/0x230 [ 332.075066][T11609] ? memcg_event_wake+0x230/0x230 [ 332.080084][T11609] ? do_raw_spin_unlock+0x57/0x270 [ 332.085185][T11609] ? _raw_spin_unlock+0x2d/0x50 [ 332.090022][T11609] try_charge+0x102c/0x15c0 [ 332.094505][T11609] ? find_held_lock+0x35/0x130 [ 332.099255][T11609] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 332.104782][T11609] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 332.111012][T11609] ? kasan_check_read+0x11/0x20 [ 332.115864][T11609] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 332.121394][T11609] mem_cgroup_try_charge+0x24d/0x5e0 [ 332.126665][T11609] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 332.132486][T11609] wp_page_copy+0x408/0x1740 [ 332.137059][T11609] ? find_held_lock+0x35/0x130 [ 332.141831][T11609] ? pmd_pfn+0x1d0/0x1d0 [ 332.146086][T11609] ? lock_downgrade+0x880/0x880 [ 332.150926][T11609] ? swp_swapcount+0x540/0x540 [ 332.155677][T11609] ? kasan_check_read+0x11/0x20 [ 332.160528][T11609] ? do_raw_spin_unlock+0x57/0x270 [ 332.165632][T11609] do_wp_page+0x48e/0x1500 [ 332.170054][T11609] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 332.175508][T11609] __handle_mm_fault+0x22e8/0x3ec0 [ 332.180718][T11609] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 332.186252][T11609] ? find_held_lock+0x35/0x130 [ 332.191029][T11609] ? handle_mm_fault+0x322/0xb30 [ 332.195957][T11609] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 332.202179][T11609] ? kasan_check_read+0x11/0x20 [ 332.207015][T11609] handle_mm_fault+0x43f/0xb30 [ 332.211853][T11609] __get_user_pages+0x7b6/0x1a40 [ 332.216790][T11609] ? follow_page_mask+0x19a0/0x19a0 [ 332.221986][T11609] ? retint_kernel+0x2d/0x2d [ 332.226580][T11609] populate_vma_page_range+0x20d/0x2a0 [ 332.232026][T11609] __mm_populate+0x204/0x380 [ 332.236615][T11609] ? populate_vma_page_range+0x2a0/0x2a0 [ 332.242275][T11609] __x64_sys_mlockall+0x35c/0x520 [ 332.247305][T11609] do_syscall_64+0x103/0x610 [ 332.251881][T11609] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 332.257760][T11609] RIP: 0033:0x458da9 [ 332.261639][T11609] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 332.281226][T11609] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 332.289630][T11609] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 332.297587][T11609] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 332.305548][T11609] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 332.313519][T11609] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 332.321490][T11609] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 332.331780][T11609] memory: usage 307200kB, limit 307200kB, failcnt 834 [ 332.338714][T11609] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 332.346283][T11609] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 332.353354][T11609] Memory cgroup stats for /syz2: cache:0KB rss:297660KB rss_huge:239616KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:147584KB active_anon:15256KB inactive_file:0KB active_file:0KB unevictable:134964KB [ 332.375720][T11609] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11605,uid=0 [ 332.391156][T11609] Memory cgroup out of memory: Killed process 11605 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 332.405674][ T1043] oom_reaper: reaped process 11605 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB 12:47:28 executing program 2: mlockall(0x3) r0 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff) clock_gettime(0x0, &(0x7f00000000c0)={0x0, 0x0}) timerfd_settime(r0, 0x1, &(0x7f0000000100)={{0x0, 0x989680}, {r1, r2+10000000}}, &(0x7f0000000140)) ioctl$BLKROTATIONAL(r0, 0x127e, &(0x7f0000000180)) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x40800, 0x0) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x3000000, 0x40010, r3, 0x8000000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:47:28 executing program 3: r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:28 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x1a}) 12:47:28 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:28 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0xf0be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x0, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) getresuid(&(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240)) lsetxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.origin\x00', &(0x7f0000000100)='y\x00', 0x2, 0x3) 12:47:28 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x34402, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x3, 0x2) ioctl$RTC_VL_CLR(r1, 0x7014) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'\x00', 0x4009}) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) 12:47:28 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'nr0\x00', 0x9002}) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x80000, 0x0) ioctl$PERF_EVENT_IOC_ID(r1, 0x80082407, &(0x7f0000000040)) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f0000000140)=0x7) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) ioctl$VIDIOC_G_SLICED_VBI_CAP(r1, 0xc0745645, &(0x7f0000000080)={0xffffffff, [0x100000000000800, 0x401, 0x3, 0x3ff, 0x3, 0x4, 0x800, 0x5, 0xfc4, 0x4, 0x600000, 0x870, 0x6, 0xff, 0x7, 0x5, 0x6, 0x15, 0x4, 0x3f, 0x1f, 0x200000002, 0x0, 0x9, 0x7, 0x6, 0x3, 0xffffffffffff52d6, 0x6, 0xb0d92a, 0xfff, 0x4, 0x100, 0x1, 0xfffffffffffffffc, 0xce9f, 0xfdf7, 0x8, 0x8, 0x200, 0x1ff, 0xc1a, 0x0, 0x80, 0x4, 0x1003, 0x1, 0x3], 0x6}) 12:47:28 executing program 4: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, r0, 0xfffffffffffffffe) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r1, &(0x7f0000000080), 0x8) 12:47:28 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x1c}) 12:47:28 executing program 3: r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 332.626554][T11665] overlayfs: './file0' not a directory [ 332.657551][T11659] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 12:47:28 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) eventfd2(0x3f, 0x800) write$rfkill(r0, &(0x7f0000000080), 0x8) [ 332.714260][T11659] CPU: 0 PID: 11659 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 332.722278][T11659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 332.732361][T11659] Call Trace: [ 332.735668][T11659] dump_stack+0x172/0x1f0 [ 332.740013][T11659] dump_header+0x10f/0xb6c [ 332.744439][T11659] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 332.750261][T11659] ? ___ratelimit+0x60/0x595 [ 332.755691][T11659] ? do_raw_spin_unlock+0x57/0x270 [ 332.760822][T11659] oom_kill_process.cold+0x10/0x15 [ 332.765948][T11659] out_of_memory+0x79a/0x1280 [ 332.770637][T11659] ? lock_downgrade+0x880/0x880 [ 332.775491][T11659] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 332.781740][T11659] ? oom_killer_disable+0x280/0x280 [ 332.786954][T11659] ? find_held_lock+0x35/0x130 [ 332.791846][T11659] mem_cgroup_out_of_memory+0x1ca/0x230 [ 332.797497][T11659] ? memcg_event_wake+0x230/0x230 [ 332.802531][T11659] ? do_raw_spin_unlock+0x57/0x270 [ 332.807656][T11659] ? _raw_spin_unlock+0x2d/0x50 [ 332.812512][T11659] try_charge+0x102c/0x15c0 [ 332.817014][T11659] ? find_held_lock+0x35/0x130 [ 332.821793][T11659] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 332.827353][T11659] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 332.833600][T11659] ? kasan_check_read+0x11/0x20 [ 332.839172][T11659] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 332.844727][T11659] mem_cgroup_try_charge+0x24d/0x5e0 [ 332.850022][T11659] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 332.855683][T11659] __handle_mm_fault+0x1e1f/0x3ec0 [ 332.860805][T11659] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 332.866362][T11659] ? find_held_lock+0x35/0x130 [ 332.871132][T11659] ? handle_mm_fault+0x322/0xb30 [ 332.876085][T11659] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 332.882335][T11659] ? kasan_check_read+0x11/0x20 [ 332.887194][T11659] handle_mm_fault+0x43f/0xb30 [ 332.891973][T11659] __get_user_pages+0x7b6/0x1a40 [ 332.896934][T11659] ? follow_page_mask+0x19a0/0x19a0 [ 332.902135][T11659] ? __vma_adjust+0x1840/0x1840 [ 332.907016][T11659] ? lock_acquire+0x16f/0x3f0 [ 332.911691][T11659] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 332.917943][T11659] populate_vma_page_range+0x20d/0x2a0 [ 332.923427][T11659] __mm_populate+0x204/0x380 [ 332.928040][T11659] ? populate_vma_page_range+0x2a0/0x2a0 [ 332.933976][T11659] __x64_sys_mlockall+0x35c/0x520 [ 332.939717][T11659] do_syscall_64+0x103/0x610 [ 332.944342][T11659] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 332.950239][T11659] RIP: 0033:0x458da9 [ 332.954144][T11659] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 332.973930][T11659] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 332.982350][T11659] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 332.990326][T11659] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 332.998319][T11659] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 333.006319][T11659] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 12:47:28 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 333.014300][T11659] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 333.067449][T11659] memory: usage 307200kB, limit 307200kB, failcnt 871 [ 333.074499][T11659] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 333.083467][T11659] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 333.090470][T11659] Memory cgroup stats for /syz2: cache:0KB rss:297784KB rss_huge:239616KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:154744KB active_anon:15272KB inactive_file:0KB active_file:0KB unevictable:127876KB [ 333.119901][T11659] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10426,uid=0 [ 333.193594][T11659] Memory cgroup out of memory: Killed process 10426 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 333.230997][ T1043] oom_reaper: reaped process 10426 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:47:29 executing program 2: mlockall(0x3) r0 = socket$nl_crypto(0x10, 0x3, 0x15) r1 = dup(r0) ioctl$VIDIOC_ENUMAUDOUT(r1, 0xc0345642, &(0x7f0000000100)={0x100000000, "1e5cfb31f1fc119074839ed228508f89df777501ed7dcb2a487d1d76fb8c1f3e", 0xf527a6ff93daf1e4, 0x1}) fsetxattr$security_selinux(r0, &(0x7f0000000000)='security.selinux\x00', &(0x7f00000000c0)='system_u:object_r:system_dbusd_var_run_t:s0\x00', 0x2c, 0x3) prctl$PR_MCE_KILL_GET(0x22) sched_yield() clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) getsockname(r1, &(0x7f0000000300)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000380)=0x80) ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000140)=[0x3ff]) ioctl$VT_RESIZEX(r1, 0x560a, &(0x7f00000001c0)={0x6, 0x10001, 0xec76, 0x10000, 0x4, 0x1}) ioctl$SG_GET_COMMAND_Q(r1, 0x2270, &(0x7f00000002c0)) setxattr$trusted_overlay_origin(&(0x7f0000000240)='./file0\x00', &(0x7f0000000180)='trusted.overlay.origin\x00', &(0x7f0000000200)='y\x00', 0x2, 0x2) r2 = syz_open_dev$swradio(&(0x7f0000000280)='/dev/swradio#\x00', 0x1, 0x2) getsockopt$inet_sctp_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f00000003c0)={0x0, 0x4773, 0x9, 0x200, 0x4, 0xffffffff}, &(0x7f0000000400)=0x14) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000440)={r3, 0x5, "83786db5d0"}, &(0x7f0000000480)=0xd) 12:47:29 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x25}) 12:47:29 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:29 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) 12:47:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x1e}) [ 333.469086][T11703] overlayfs: './file0' not a directory 12:47:29 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4006}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) 12:47:29 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:29 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:29 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) r1 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f00000000c0)={'syz', 0x0}, &(0x7f00000001c0)="7ad98d1355f4d6a383098ef5eb6e8ca3a74efdb51f1b7ddd2fac10378bb04ec5dfe90436b324f8c2271d82450f5e0a94bd1bf39d55767e3e6292a6b2e211f50f7340f9826cd7065b13aeba0fccfeb83ac127d25f1786ed334d013c2a0e8e53ec3a4a21b13665c1db192464dcfefe22d255d9fc277bea53bce77a0fd92d4209d68e2cc5fb64887f1b0c816a8b5aec268b899ac7b6628c411f61c5be46b51615172c1f69eb1d42cf828f540a3ea70e6fd4b098aea59ee4004e2fbb92020ff77fece52b7550e9ed606962534144f059a1777c7cfa98420db70204dd023f1da3bc1e6e323fe5e39641b7b23a", 0xea, 0xfffffffffffffffe) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000100)={r1, 0x1, 0xf5}, &(0x7f00000002c0)=ANY=[@ANYBLOB='en84-avx\x00'/77], &(0x7f0000000340)="a28f894ff70c055856", &(0x7f0000000380)=""/145) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r0, 0x40045731, &(0x7f0000000440)=0x3) 12:47:29 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x1e00}) [ 333.645145][T11723] device nr0 entered promiscuous mode 12:47:29 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 333.767449][T11731] overlayfs: failed to resolve './file1': -2 [ 334.172093][T11747] overlayfs: './file0' not a directory [ 334.211206][T11723] device nr0 entered promiscuous mode 12:47:30 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = dup(0xffffffffffffffff) getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f0000000100), &(0x7f0000000140)=0x4) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r2 = syz_open_dev$admmidi(&(0x7f0000000000)='/dev/admmidi#\x00', 0x1, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r2, 0x8917, &(0x7f00000000c0)={'veth1_to_bridge\x00', {0x2, 0x4e21, @loopback}}) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0xa6dba5d2b0276718, 0x30010, r1, 0x0) 12:47:30 executing program 4: perf_event_open(&(0x7f0000000140)={0x4, 0x70, 0x3e6, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) 12:47:30 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x3f00}) 12:47:30 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:30 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:30 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) fcntl$setlease(r0, 0x400, 0x2) r1 = socket$kcm(0x29, 0x2, 0x0) r2 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x3, 0x2) accept4$x25(r2, &(0x7f0000000040)={0x9, @remote}, &(0x7f0000000080)=0x12, 0x80800) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) 12:47:30 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3}, 0xffffffffffffff33) [ 334.968337][T11763] device nr0 entered promiscuous mode 12:47:30 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x1000000}) [ 335.010017][T11765] overlayfs: './file0' not a directory 12:47:31 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 335.093609][T11766] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 335.112653][T11766] CPU: 0 PID: 11766 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 335.120671][T11766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 335.130737][T11766] Call Trace: [ 335.134054][T11766] dump_stack+0x172/0x1f0 [ 335.138400][T11766] dump_header+0x10f/0xb6c [ 335.142860][T11766] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 335.148680][T11766] ? ___ratelimit+0x60/0x595 [ 335.153281][T11766] ? do_raw_spin_unlock+0x57/0x270 [ 335.158403][T11766] oom_kill_process.cold+0x10/0x15 [ 335.163527][T11766] out_of_memory+0x79a/0x1280 [ 335.164214][T11779] overlayfs: './file0' not a directory [ 335.168228][T11766] ? lock_downgrade+0x880/0x880 [ 335.168245][T11766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 335.168263][T11766] ? oom_killer_disable+0x280/0x280 12:47:31 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 335.168275][T11766] ? find_held_lock+0x35/0x130 [ 335.168304][T11766] mem_cgroup_out_of_memory+0x1ca/0x230 [ 335.200395][T11766] ? memcg_event_wake+0x230/0x230 [ 335.205438][T11766] ? do_raw_spin_unlock+0x57/0x270 [ 335.210560][T11766] ? _raw_spin_unlock+0x2d/0x50 [ 335.215432][T11766] try_charge+0x102c/0x15c0 [ 335.219939][T11766] ? find_held_lock+0x35/0x130 [ 335.224725][T11766] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 335.230312][T11766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 335.236567][T11766] ? kasan_check_read+0x11/0x20 [ 335.241430][T11766] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 335.246987][T11766] mem_cgroup_try_charge+0x24d/0x5e0 [ 335.252282][T11766] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 335.257927][T11766] __handle_mm_fault+0x1e1f/0x3ec0 [ 335.263051][T11766] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 335.268685][T11766] ? find_held_lock+0x35/0x130 [ 335.273452][T11766] ? handle_mm_fault+0x322/0xb30 [ 335.273475][T11766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 335.273492][T11766] ? kasan_check_read+0x11/0x20 [ 335.273511][T11766] handle_mm_fault+0x43f/0xb30 [ 335.273531][T11766] __get_user_pages+0x7b6/0x1a40 [ 335.273556][T11766] ? follow_page_mask+0x19a0/0x19a0 [ 335.273570][T11766] ? __vma_adjust+0x1840/0x1840 [ 335.273599][T11766] ? lock_acquire+0x16f/0x3f0 [ 335.313987][T11766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 335.320328][T11766] populate_vma_page_range+0x20d/0x2a0 [ 335.325802][T11766] __mm_populate+0x204/0x380 [ 335.330410][T11766] ? populate_vma_page_range+0x2a0/0x2a0 [ 335.336057][T11766] __x64_sys_mlockall+0x35c/0x520 [ 335.341094][T11766] do_syscall_64+0x103/0x610 [ 335.345700][T11766] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 335.351592][T11766] RIP: 0033:0x458da9 [ 335.355490][T11766] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 335.375134][T11766] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 335.383556][T11766] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 335.391558][T11766] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 335.399543][T11766] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 335.407523][T11766] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 335.415588][T11766] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 335.425287][T11766] memory: usage 307200kB, limit 307200kB, failcnt 926 [ 335.432335][T11766] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 335.440036][T11766] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 335.447058][T11766] Memory cgroup stats for /syz2: cache:0KB rss:297768KB rss_huge:243712KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:164984KB active_anon:15272KB inactive_file:0KB active_file:0KB unevictable:117652KB [ 335.447147][T11766] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10487,uid=0 12:47:31 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) kexec_load(0x6, 0xa, &(0x7f0000001700)=[{&(0x7f00000001c0)="672f4fa1565e3fdbcb0402bbfba7796a40e1ff4c52f6ee7b773b66ad8f402e9ba2871a6ec2b0e2d1d463041a13f5c5dc7aa245dba01fe80e50ab2be86ed7cf38fca1afed8b53233b3a0d683b00dc9374ed2420000af8d21a20881f1f9b00cc6de14e9cad24cf3365ba9853962b9bfa8668205153ad32de84df58ad87a84ba165691968ef00155d9ed792caaddb1b87b2f5665a6d2fbf82a41d53e5b77b29d534ec2b80e5c587ea9a603ae5cf88b7a78b9c283f422601e379c60751c65614baeca8902e3972ec671525054daf2abec4dc9c9f3461146d", 0xd6, 0x8, 0x850}, {&(0x7f0000000300)="043f921d2f1acfc5f1953b5f19f984029f7b8336daa31534991dda11a1b759e3f841c7cc768808035d863772690de231b24c6db21bc5866f9201038d19fbf1cb4b0a30b0a2499a7e347c747b9cdfb129fd159d1d1cf5153a80d5d0df00de7f44d9c2f13de84dd3a7d3c194b7b20b7bdd2f9529b167ff09ccc37ff79ff558b07aed30845cb5e73f81acdd202e329f9452c33ae75f84238471d9fb", 0x9a, 0xfffffffffffffffb, 0x3ff}, {&(0x7f0000000000)="6ba899d020fb1b77e67f0243c94ce2b49a3c84ea0536ab4bc7d136ff2118ec27c5322bda11ee6a9d8881a559cca020c966c96e5ac5d39efc629381d6a36e94735999d8f763ec2ba820df7e34", 0x4c, 0xffff, 0x4}, {&(0x7f00000003c0)="50353e3c10e88cb284b8291484a7cb16171c4e16680f8460f4a655f9fd7f59671ce298f0adbdec12f8c89979e287e7780654cb94badcb5dd989614d976bf0ff4ddcfcab44b1fe669a667e1a7c891a4bac1eb4dca491fb3dc64e95cc913cedee654063cfb9d6a39526a5a05f3d478b677e81d87a89533daa1e498fbe602add13b6e70f5b56aba04743dea3881f5a40270dcacfb971c95cec2db79c3b54c0e5703a60cbbc3883e97669fd7982d214eff19492b573948776c233be19572d0e8a7ca09ba3c503287e3902eb0720f2537b5439aec57874038872792a00d28ae9c8f6dbce660f120374b656150d77b17264b2f4117612e50f53dbffaff4110cbdc2bbd7e7d55c7d3459372d96c3c7a2f16d44c3af4539221c864b588b8a45594696c5201b27c88fb38973b087f427e3840a65a4a95a89f41741400cde47029a71cf9d3e01c79d0e1690673a17532b40ed8d47da1822cb4cad06d1c073ed74eb66295e34ddf1b689a0e114917c302554d166e5a6a8ae0e011d204572d7cfcbd4cb871f73fb5930fb0989160d9570208c934601da9218cbb3cd94d0677ca033473c0ef0da18d4f44329ac94b365716a267760b6da0c328b1d8c3be6d377fd877ac6528c10b8714a40df04a2db8f294a1edad183cf4ba223c5afe4b6288cda5cabfa025e5c8f6a23ec7c2e46547c0d2adbc0060ca551c6b837691114683ec2c4ada11876836cf33f02c9c61e659cb203d2c42c3abc0c147a2aa87e0cff7c47173257adda68339166b7e498e97e162ca92c032f2eef75a7f1da9c59e61aa6245151c35a339dc21381634b5cdaed8c4485d554f3dd9521525118838bbc0bbb54adb599b9025b3e0be3d9c5783f1d531525bf58179adff9cf583771e6e05ef6dbdffd5a77e8a3c027b8e9dfde4fc1fc6f5df443430784b0b494deb65752af7ee3079c8d9283dec73d6d7da2243f46e5971cbc5177bb1f9ef589864e5762e3493202a71465d6074ddbfc51b121629c83d72adf063dd11df922fa9d8e7912ec6b3d9964fbee987adea708cf75e73894dc14f9a6fc1100191c38ebed49684c0de0b751fbb140306d610dff4c20ef8b11e1b194d99da2ad1938d097c6799c09dc7ef3df026d30dcc66fc12792a8d180e7f6ad397abdabe7892dac157a306712037ee8b782e4fa0aed5584ca055f42affb181de5c3b6764e4503d4f890c7174c7ad1ad51439810dbb56a8dcf8571bab952cf73079f12de8cb1a0672e005010d0caa7987e7c562d37b607c25f0bb0f59768532ebf6407b01c81fe4a2bc03b1feb2e18ff09cfb3e081195c5dc2bb7f2d9179f29a23f519d57cabf1828a1a8473f4b3245a8282e5bfbc9901457f2a6762f8ef136e86d41dfa0c7eb55bdd198206943a5c4fabe65625a1cc672a1e04269486b85c8bca2cbafdc92a839a5ac664564ea5350f5c25b5fcfb28fe008c0589ee1bb17f4addd96c782a4cafec2b8b8817b2f30f692c6b2c29c3558a732166cb2c7788f5c912a9e3e10018788396c7876f0a1dc25349237d0c0866f35198819886bb9e0099b47788f19f5ca40dcc231673baeecddcbb96ec3d09ab3842d7c266e57ce92ce570157fc2ccd7d9e4a868037eba2599e6b56f4cfd36b043072f0299498ee6f740c471ab750cbd5e09aceb65a7004d9ca47072be4b5dde958fbd672d060d7762aed45ec38175a26bad6646373b394cdea05fbdbe2c20aaa7e56c4f82b39147d85a09ea9a809fa658598cf11157c1ffbaf36be15bf69dcc966e45acf7d1d880a9aa33ff396daa62810c08d46b8943f59b642847cf3edc8067e1180cfaa39d344c51cbbdad710c8a1e7796ca5cfcc164e371f1e23f327f6818ac4decaceaa436ca3a483298fd37bc788510afefee18d2c69f3e0e987c5bdebf81531cbebff3d622bc0a45448d2514afdf3ed1f9e484ac45629575c7c95f006aa359ed029195ac9052a659398946428bc009516e60b1fbdcfbe7ed564c993ca9018741398466b0c2d361730b3476646c68715f79bb4cfddfaec3b97ba6525242280f0c3e05a2185b727836f90c8061b39e10748e7970ef14c3e26c7f9f46e0203b32e800f08e08cfd63f629c3aedc111d5e5cc60538e38e046c65007d2369778a7653de6b8c0151e6a5773a168889c16b23e70ccd2ffe18fa379e7dfba7706b043b78801fcf3369fcf69321d3beade12e1fb9c70ff66c18ecee4b16d5a0a0ddf8da20e3d45dbd4c36a560fdc3ba124b3e5b5cfe33125008676109e584ac9aed6868947446696756e80cbe90c51a6ef790a57c7630d6538d57ee1b0323fa623252bd4c8b0059603e7133bf1ede2060eec862ed1f4c5949515ccbdd272fcded0c5ad36d47dd5f9b7b4efa5cbce665511b04fc90eb033a229041bf6ee7f03ab69b5f4fa19e625495d9784264cab0b0306600e4b157fe8f46ff517195463f2a7c8a49b60775a0b52adc494d9623f3c7720d4d8933666cb2627ff85358c6fd2fb20d830e88f05ef4a7579b4c871c5049f94912582cae4e6f65cb98eed15beff472e1bc4296b76ca5a629054023d79555ce2a42689feb33b49d1d6ef8d176e4dd692b37f318e5002473f1b88a97f31fd0052575c7ec365ff3596d83f5ba1f67a083792f982bd91bbc1debaba6559fbf2bd4aaaef6ae4c0886c31d986c88b17e8e20ed09107426b0031a19aa12c8f313ec9c4aacbf621c5716a7975d9057b245d5a1ebb3a62dbcca90c6edf5dff56cfbab94765d65d16b286a8b046f2ee4e482a3514a3136c87bea409c4d50e614b6ba4284b48f4d6e3fe7ac18ec03d09ee160a1b6db9b9eb5db7059594b29b6042ddba353398bdeccee81c072fa9ac723faed87920225c19dccacd7be8fb50f840c0d64757994980524a42dd1a143d6e34182766d1bc9021b0d0870f41df31c5e6223f510acc3c48b7d4f7a97f2672c071dcc0458d1de71e9aef414419a8165229424c0ee868a93b91d1de4b2785e1e8b15178947909bc9a657c260454013fa2fd1a7f061ef9c17a5f8091ad417224a2450472f97d8e62676ce1c3cefbf132c8e5b702b704f0cc3d8841c1d1b0707f5299d94b4c99525cca2377a1563de3cbe8d1a6d5820e0460fa561cf1b982d4fffc579199599fddef1da18d48fc173102dbfa9fef09be2efadadf8523ecef33c6ce938b11d75d771dbd86e9847eb8a1fc2ee7d01c18f7e3e89be0235baaab51706dd34fbc9afad0cf825a94d1c3cc1f5f78409603fa396ffb6ada006ce68004f23f77546c4ffd5c8363767783a064ae3a8a194f1b3dc6d007b5a1a9c4e6f468e88639d8da0805962ca3a2b337a56e03ffe4ffbe53e11a55b11d85560579339eeda2b1fc4d7cd719513841711c53b4ec4e63adb5f11d359e8c877f5c6282cde2ee4551ec519d21e3232ce129eaf43d9584622b9a6165ada418511aa83b95a5eb7e5a37239d957a84325a8d9a8900fd4919fe9486d9ad93e5d1102012bd382e6d3f7ddf5bbf1d1507972e9c11dec0644d3a49f84a5ee4047f38d3ee39e98ad5ae098df3d381fdea4f263d35dfc6c5779060460fd244d672196d3f7308540de491b77753452a3ac42256b458992fba7a0950c73d8df8f3f0d13de644d14d920abf0d9db07adb189d4ccc73197e1a21cb9e664dab2b7ca788e2236761e149126091a82890235a88e770cb657ca73f59a99fc93b63e41e0d90b372fb8bbeba674f1a863f93d8277413667f8de842d1fe6484973e639833950620a9a372845e3667e25a727bd52cd2d9d5c04d57f65bb4620fa8c467914d5c695e3bdb01e8c35a1ab055f63eebdfee8384c2b3406bec454dcc4da7ac833285fe13cfd43c6bd5b086df21cb501d2b52a75070368c562701396e103c885e51de06d671e6bf2dbf204298ff7f4e7b43cc6276d6a5c5a208e57c0876ff44f68a86eea68cbe8f07a17735e6f2fa1f4b2eee28cee390b7245e81e1b07a891e38c7383f352cacc14a42b28f69f5a868d6e788d1effedf639dcd64d31d8af82d9f8499378827ac084d5b0965825d09c8bcf2da2e96afaa40f65ff1c46cc08ff8bc3c426cd00cab88d851eabb1a0d9c7b107f18ee6045cd906d7276769e82d6c597c250e40ed1499e4539520366c40e82cfd830f19984102b0634c2d4a27c63c19712e3b2d18b61e72ced501d5a85d2ad319942f28601de9e398e316e1aa555b482dcfa4444a2481945d51fd43b6eff93e9f009af4f5c015558bf9a9cc532df81412a50f133d7ff82fed8f4e427a36228e9fb83b13a0363009a11fcc5c6fb1b19afd0f1608ac7f14df147aed0fa52be12e28bf51b21011a5908089eb05fd58780f8e8b2d3f9df03a3745c8cff212e49e4dd45ec3fd653c8bea01aa70fc9a3edf2b7bafbf81ac3dd195d189312dcab7edbbf8d6ed86dc55d7bcf02d2a9d5d86cec1d9364e38bd622b2a4f434937bd423d522e6f074c3846544b882cbe41be13b2a64147ffa1c468aaeedff8d25742c4341a0b06fadb081eac7b87704e069a46f3a0f77612314f0e5f1642895647cdb0c971c100a647e370819267686efe685f9c6bb3f3a0665818d8d5890dd5be44a392ddc06e060c3c28a8aeb4449947b69c287d78f063a48f2de95a38f278ce747beb4ae13f426b1713fe5eeb34af49cec1b03664654d1ed05054bd3e42cbd2bcd2a06e99e6476233e085d2a36856b1e91ff3155688a18daf53d763eb88f7de22b25a4bc4b901354306b59da7595eb0f5db6a846ab5cc2b1bd02e67dd05d3fff48f25946842d62deb0898f124294ab89cbe07556467c15652c44652d4648c99ccfe7a80b0bcc33c71c9d470126e5f50e04f25c9c5b2635a17055bf876b1235d9c45a0211ece65fe8fbba286c52c29ab07c59e2d639f7e7c55c8a2822c1dc974d737d2c2cd99607c2cf41dc4165ed02350cc3b8c36e8cda7129bfe06b0131a0ed73010a35d42d9a5c2321fb0fcf176beecb1fc0f03ceaef321d60cfc43d47b05879ec92600870afbe691dd4ca6653c9f95b0955c791d6d5b213685cc33ed0958a6f995c9cb938ead3cb934eda154237527171bcd3e3e2a9287b475e323a1ab0da0e35e9315f07d974dc4a8635c95554b0b1ac76df0d3cc3eb43b36a32cf69bd9e71769093ca6c86c614cd9cf87a96243b1a52923a37f4a83ac00e7ac6b1139f0e37eed3015b519d167f755c6dcc0698af2450e090cddfb612dac001a39e26071357e9cfa2789afc896a2ef5ca3e7aebe9b7b711bd0de50123c60507310f65af463f480970351265bd22c8493af56ba26faa5f9abf91cd21edf571e6d085f968d658d1f6afc3d3405ed66e786336f54d9228ad652eb5ce39d0e6c20ffa9cf48b98221cb0815fda9b612cd52936c92db164c7a3fc09d13b8590a46a81fd6fcad09505e22565c1f6451cca3c9ec35a2eb72b7426449bc6bfae7c6158ebdfa76136818baf5db3b444a67ba2f632927bde861aac960d68478950cc4371ee055d464cac7f665a9ad323fe452b29a21d8db406a9b974ece6e8ac599bdb6091812537b1e165114c309ebe17e6332d28b15c2c22310d79443b8b742c8243f5b414fd49e8b3c4c90d2c20d123f67e349a8739892564d9f0306b0f3b5ca99c40acd6277e7a24dc110d95ea70b3b1ad551749d5baff7b36a4ae5fec4a7781f187f58f73cef87247526a967bd5944e8b3c731db67af76dc8b57e41c5f984b0b495f5d3856ccf01ec3abf521515b7259b0f3e62bd37b4f7e214e2ea79479fe7fb5507eb13506b24d1e3d0d5afe8fe44d280bbe7ea620fdd68beb583e29c677eccaa97aff4fb1c3a2c8e6c28b9610", 0x1000, 0xfff, 0x5d8e}, {&(0x7f00000000c0)="3ec72ca7fea2c3700073ef615d8e747c9ea183c5469274f97b5c53dec61a8e611ad77fcd0ee133e76330611962fd380152f1a4ab6c36c9a336311e5201337d6833d915f62cc0d063066e6aa934364e908dcda2b7d6a51faaa604b981a68e4cc67b9d87759f0f71796db7a9", 0x6b, 0xfffffffffffffc1c, 0x255}, {&(0x7f00000013c0)="a82ab83c0282bd85d64b9376a09a5f9a18960e7075df5c1861c6e1cd337f3287631e86f1e8cd01133bd9e5f579867e6ecb282eeefba50345e614686c90df7cd4716398d3a92304dc86c7de44ffb8517fceef4b2b0448ffd4", 0x58, 0xf0, 0x6}, {&(0x7f0000001440)="95131d1433858bf6f6e796732fb4ded451dce95428d34d791ad21f6e341e293ae56f5bf72ab721e41ee0f553a14939905b9939d9b80fea3f348d7416e77fc346c159c2f39cc4589db2affe2b6b5a04e3c4b56ffa54ea2ac8791e845ce4fe16e1ae9e21809ee25e2b0d5a964c", 0x6c, 0x81, 0x6f75}, {&(0x7f00000014c0)="12c7abadf88c3b6fe7a00cad67b4e5729e7915bf5f51df790c10bb8518c972111dce218aa7e6f2e3d0e95d3aee9e3a278dea0e8e978048f95c6a0ae45317dce1bb4ecb", 0x43, 0x5, 0x2f}, {&(0x7f0000001540)="866a3a914199a5922685f87f36722396c1f3f9c8077a2c89612a7c693d23dfad7e6d241ec05f8c7d7a488ee4b71627470f63aa5c403cc4f480777ef131f482710422039d707bcd8a1011e2da12472ebf3afd3e328933b6444796f96f3b237ae18dce1d201142d647a8d86f13c6746e5120fe890e0ccf408b062e284c8f8b04fb35a7ce053fffe2f1735043f5f1d9c4a35824ad5ec30420bdf6b2118a04b49519fde4", 0xa2, 0x0, 0x7ff}, {&(0x7f0000001600)="b7d9ffc53d01df778523ed1cc9a37c9747e1b44a71f48b0035eb43f4eb748242468d75f9e2ce4184c7dd3d72d5e7150273640e72ccf7ddaf95190208b03c221ca35a66ff05ba5850acffcbd5b41989666c6e88f1838dd350619307e8dfacd08c601d24f1b030500b1f00dd2e382cafd23aae34888c3ecb35c4d2d90e30c2e64d97e980efe2a497ab20f31ae3ee7ed0ac36b784430675a102a6c1b3f6b07894120963edf004b0ac55b38089976049de6f5dae36a3417770481eb1d7767543ac8612b436f221fd970ab58ba890c1", 0xcd, 0x134, 0x2}], 0x3e0000) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000001840), 0x8) ioctl$RNDZAPENTCNT(r0, 0x5204, &(0x7f0000000080)=0xfffffffffffffffd) [ 335.447250][T11766] Memory cgroup out of memory: Killed process 10487 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 335.569939][T11788] overlayfs: './file0' not a directory 12:47:31 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 335.618124][T11763] device nr0 entered promiscuous mode [ 336.242376][T11766] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 336.253077][T11766] CPU: 0 PID: 11766 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 336.261094][T11766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 336.271168][T11766] Call Trace: [ 336.274451][T11766] dump_stack+0x172/0x1f0 [ 336.278767][T11766] dump_header+0x10f/0xb6c [ 336.283269][T11766] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 336.289056][T11766] ? ___ratelimit+0x60/0x595 [ 336.293641][T11766] ? do_raw_spin_unlock+0x57/0x270 [ 336.298749][T11766] oom_kill_process.cold+0x10/0x15 [ 336.303854][T11766] out_of_memory+0x79a/0x1280 [ 336.308510][T11766] ? lock_downgrade+0x880/0x880 [ 336.313366][T11766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 336.319589][T11766] ? oom_killer_disable+0x280/0x280 [ 336.324763][T11766] ? find_held_lock+0x35/0x130 [ 336.329510][T11766] mem_cgroup_out_of_memory+0x1ca/0x230 [ 336.335038][T11766] ? memcg_event_wake+0x230/0x230 [ 336.340144][T11766] ? do_raw_spin_unlock+0x57/0x270 [ 336.345235][T11766] ? _raw_spin_unlock+0x2d/0x50 [ 336.350082][T11766] try_charge+0x102c/0x15c0 [ 336.354568][T11766] ? find_held_lock+0x35/0x130 [ 336.359454][T11766] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 336.364986][T11766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 336.371214][T11766] ? kasan_check_read+0x11/0x20 [ 336.376055][T11766] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 336.381585][T11766] mem_cgroup_try_charge+0x24d/0x5e0 [ 336.386851][T11766] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 336.392492][T11766] wp_page_copy+0x408/0x1740 [ 336.397065][T11766] ? find_held_lock+0x35/0x130 [ 336.401816][T11766] ? pmd_pfn+0x1d0/0x1d0 [ 336.406039][T11766] ? lock_downgrade+0x880/0x880 [ 336.411754][T11766] ? swp_swapcount+0x540/0x540 [ 336.416503][T11766] ? kasan_check_read+0x11/0x20 [ 336.421387][T11766] ? do_raw_spin_unlock+0x57/0x270 [ 336.426610][T11766] do_wp_page+0x48e/0x1500 [ 336.431031][T11766] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 336.436410][T11766] __handle_mm_fault+0x22e8/0x3ec0 [ 336.441532][T11766] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 336.460181][T11766] ? find_held_lock+0x35/0x130 [ 336.464931][T11766] ? handle_mm_fault+0x322/0xb30 [ 336.469968][T11766] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 336.476191][T11766] ? kasan_check_read+0x11/0x20 [ 336.481021][T11766] handle_mm_fault+0x43f/0xb30 [ 336.485782][T11766] __get_user_pages+0x7b6/0x1a40 [ 336.490724][T11766] ? follow_page_mask+0x19a0/0x19a0 [ 336.495918][T11766] ? retint_kernel+0x2d/0x2d [ 336.500532][T11766] ? populate_vma_page_range+0x37/0x2a0 [ 336.506078][T11766] populate_vma_page_range+0x20d/0x2a0 [ 336.511519][T11766] __mm_populate+0x204/0x380 [ 336.516104][T11766] ? populate_vma_page_range+0x2a0/0x2a0 [ 336.521746][T11766] __x64_sys_mlockall+0x35c/0x520 [ 336.526771][T11766] do_syscall_64+0x103/0x610 [ 336.531343][T11766] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 336.537213][T11766] RIP: 0033:0x458da9 [ 336.541094][T11766] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 336.560789][T11766] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 336.569206][T11766] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 336.577185][T11766] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 336.585142][T11766] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 336.593097][T11766] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 336.601054][T11766] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 336.611348][T11766] memory: usage 307200kB, limit 307200kB, failcnt 976 [ 336.618398][T11766] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 336.626087][T11766] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 336.633315][T11766] Memory cgroup stats for /syz2: cache:0KB rss:297728KB rss_huge:243712KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:151724KB active_anon:15256KB inactive_file:0KB active_file:0KB unevictable:130872KB [ 336.656498][T11766] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11764,uid=0 [ 336.672878][T11766] Memory cgroup out of memory: Killed process 11764 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 336.688269][ T1043] oom_reaper: reaped process 11764 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB 12:47:33 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x40000004) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f00000000c0)) 12:47:33 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x1e000000}) 12:47:33 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:33 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) 12:47:33 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:33 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x400000, 0x0) ioctl$PIO_FONT(r1, 0x4b61, &(0x7f00000000c0)="1ca2b5a08301f95a8d3b0cf716173c3a48504ed9830fdcef539356989c6fdc7ae0b971242cb30137e4edaf25acd78e3eccc8fa4533f3bfd703d5bdd75ce951836d5767b2c44607011a9556fed7281e46cd8bd139b659a20f8950d7653c18af03ce5aebcf9b2cfe2e4b643f7f9b19149734ed1dea034e4987793dccda076c63a9c07913ff31b279a76e188fcfb9d57e4c0dc12f2475ec7f44e4e44aef8d0dc3868173463579be3737ee63bb319c389c17a1a180864f9a1b847e7fc856bce42a233c111ba277454010e89ab07cb35508ddd24314f8517832d6e786869ac403a6656cefada7de252052feaf1af3c031c6d8d3221cc285d372327c889591d5cd") link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) [ 337.750408][T11810] device nr0 entered promiscuous mode 12:47:33 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:33 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x3f000000}) [ 337.901295][T11818] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 337.913157][T11818] CPU: 0 PID: 11818 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 337.921324][T11818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 337.931390][T11818] Call Trace: [ 337.934696][T11818] dump_stack+0x172/0x1f0 [ 337.939040][T11818] dump_header+0x10f/0xb6c [ 337.943464][T11818] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 337.949281][T11818] ? ___ratelimit+0x60/0x595 [ 337.953908][T11818] ? do_raw_spin_unlock+0x57/0x270 [ 337.959028][T11818] oom_kill_process.cold+0x10/0x15 [ 337.964154][T11818] out_of_memory+0x79a/0x1280 [ 337.968849][T11818] ? lock_downgrade+0x880/0x880 [ 337.973708][T11818] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 337.979956][T11818] ? oom_killer_disable+0x280/0x280 [ 337.985246][T11818] ? find_held_lock+0x35/0x130 [ 337.990123][T11818] mem_cgroup_out_of_memory+0x1ca/0x230 [ 337.995678][T11818] ? memcg_event_wake+0x230/0x230 [ 338.000717][T11818] ? do_raw_spin_unlock+0x57/0x270 [ 338.005849][T11818] ? _raw_spin_unlock+0x2d/0x50 [ 338.010718][T11818] try_charge+0x102c/0x15c0 [ 338.015269][T11818] ? find_held_lock+0x35/0x130 [ 338.020145][T11818] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 338.025702][T11818] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 338.031983][T11818] ? kasan_check_read+0x11/0x20 [ 338.036853][T11818] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 338.042506][T11818] mem_cgroup_try_charge+0x24d/0x5e0 12:47:34 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 338.047818][T11818] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 338.053465][T11818] __handle_mm_fault+0x1e1f/0x3ec0 [ 338.058596][T11818] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 338.064166][T11818] ? find_held_lock+0x35/0x130 [ 338.068018][T11828] overlayfs: failed to resolve './file0': -2 [ 338.068954][T11818] ? handle_mm_fault+0x322/0xb30 [ 338.068982][T11818] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 338.069001][T11818] ? kasan_check_read+0x11/0x20 [ 338.069029][T11818] handle_mm_fault+0x43f/0xb30 [ 338.095869][T11818] __get_user_pages+0x7b6/0x1a40 [ 338.100834][T11818] ? follow_page_mask+0x19a0/0x19a0 [ 338.100851][T11818] ? __vma_adjust+0x1840/0x1840 [ 338.100874][T11818] ? lock_acquire+0x16f/0x3f0 [ 338.100890][T11818] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 338.100911][T11818] populate_vma_page_range+0x20d/0x2a0 [ 338.110990][T11818] __mm_populate+0x204/0x380 [ 338.111013][T11818] ? populate_vma_page_range+0x2a0/0x2a0 [ 338.111036][T11818] __x64_sys_mlockall+0x35c/0x520 [ 338.111058][T11818] do_syscall_64+0x103/0x610 [ 338.147453][T11818] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 338.153353][T11818] RIP: 0033:0x458da9 [ 338.157257][T11818] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 338.162913][T11834] overlayfs: './file0' not a directory [ 338.176962][T11818] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 338.176977][T11818] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 12:47:34 executing program 4: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r1, &(0x7f0000000080), 0x8) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) [ 338.176984][T11818] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 338.176991][T11818] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 338.176999][T11818] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 338.177007][T11818] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 338.183385][T11818] memory: usage 307200kB, limit 307200kB, failcnt 995 [ 338.223803][T11818] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 338.257537][T11818] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 12:47:34 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00'}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0xfdfdffff}) [ 338.288384][T11818] Memory cgroup stats for /syz2: cache:0KB rss:297928KB rss_huge:243712KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:158840KB active_anon:15272KB inactive_file:0KB active_file:0KB unevictable:123900KB [ 338.318000][T11810] device nr0 entered promiscuous mode [ 338.345200][T11818] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10526,uid=0 [ 338.371836][T11818] Memory cgroup out of memory: Killed process 10526 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 338.399277][ T1043] oom_reaper: reaped process 10526 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:47:34 executing program 2: mlockall(0x3) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x0, 0x0) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000100)='nbd\x00') r2 = syz_open_dev$swradio(&(0x7f0000000280)='/dev/swradio#\x00', 0x1, 0x2) r3 = dup3(0xffffffffffffff9c, 0xffffffffffffff9c, 0x80000) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000180)='/dev/full\x00', 0x20000080100, 0x0) r5 = openat$dsp(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/dsp\x00', 0x20000, 0x0) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0x400000, 0x0) r7 = open(&(0x7f0000001580)='./file0\x00', 0x80000, 0x94) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f00000016c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001680)={&(0x7f00000015c0)=ANY=[@ANYBLOB="88000000", @ANYRES16=r1, @ANYBLOB="080025bd7000fcdbdf25030000001c00070008000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r3, @ANYBLOB="0880", @ANYRES32=r4, @ANYBLOB="0c000200adffffffffffffff0c00030004000000000000001c00070008000100", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="0c00060001000000000000000c00080005000000000000000c0005000400000000000000"], 0x88}, 0x1, 0x0, 0x0, 0x84}, 0x20000011) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:47:34 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:34 executing program 4: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r1, &(0x7f0000000080), 0x8) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f00000000c0)={0x0, @aes256, 0x3}) 12:47:34 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00'}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:34 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0xfffffdfd}) 12:47:34 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x200000) openat$cgroup_subtree(r2, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xffffff19}], 0x1) [ 338.814394][T11966] device nr0 entered promiscuous mode 12:47:34 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 338.862968][T11975] overlayfs: './file0' not a directory [ 338.921318][T11971] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 338.935519][T11971] CPU: 1 PID: 11971 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 338.943626][T11971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 338.953714][T11971] Call Trace: [ 338.957048][T11971] dump_stack+0x172/0x1f0 [ 338.961389][T11971] dump_header+0x10f/0xb6c [ 338.965821][T11971] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 338.971742][T11971] ? ___ratelimit+0x60/0x595 [ 338.976535][T11971] ? do_raw_spin_unlock+0x57/0x270 [ 338.981655][T11971] oom_kill_process.cold+0x10/0x15 [ 338.986776][T11971] out_of_memory+0x79a/0x1280 [ 338.991472][T11971] ? lock_downgrade+0x880/0x880 [ 338.996323][T11971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 339.002569][T11971] ? oom_killer_disable+0x280/0x280 [ 339.007769][T11971] ? find_held_lock+0x35/0x130 [ 339.012547][T11971] mem_cgroup_out_of_memory+0x1ca/0x230 [ 339.018102][T11971] ? memcg_event_wake+0x230/0x230 [ 339.023139][T11971] ? do_raw_spin_unlock+0x57/0x270 [ 339.028260][T11971] ? _raw_spin_unlock+0x2d/0x50 [ 339.033120][T11971] try_charge+0x102c/0x15c0 [ 339.037631][T11971] ? find_held_lock+0x35/0x130 [ 339.042498][T11971] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 339.048054][T11971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 339.054304][T11971] ? kasan_check_read+0x11/0x20 [ 339.059169][T11971] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 339.064835][T11971] mem_cgroup_try_charge+0x24d/0x5e0 [ 339.070134][T11971] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 339.075773][T11971] __handle_mm_fault+0x1e1f/0x3ec0 [ 339.081352][T11971] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 339.086902][T11971] ? find_held_lock+0x35/0x130 [ 339.091755][T11971] ? handle_mm_fault+0x322/0xb30 [ 339.096728][T11971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 339.102969][T11971] ? sync_mm_rss+0xa4/0x1c0 [ 339.107492][T11971] handle_mm_fault+0x43f/0xb30 [ 339.112262][T11971] __get_user_pages+0x7b6/0x1a40 [ 339.117667][T11971] ? follow_page_mask+0x19a0/0x19a0 [ 339.122865][T11971] ? __vma_adjust+0x1840/0x1840 [ 339.127740][T11971] ? lock_acquire+0x16f/0x3f0 [ 339.132432][T11971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 339.138682][T11971] populate_vma_page_range+0x20d/0x2a0 [ 339.144154][T11971] __mm_populate+0x204/0x380 [ 339.148776][T11971] ? populate_vma_page_range+0x2a0/0x2a0 [ 339.154431][T11971] __x64_sys_mlockall+0x35c/0x520 [ 339.159468][T11971] do_syscall_64+0x103/0x610 [ 339.164065][T11971] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 339.170040][T11971] RIP: 0033:0x458da9 [ 339.173941][T11971] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 339.193659][T11971] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 339.202079][T11971] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 339.210064][T11971] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 12:47:35 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000240), 0x357) socketpair$tipc(0x1e, 0x7, 0x0, &(0x7f0000000200)) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000280)={0x0}, &(0x7f0000000040)=0xc) ptrace$getregset(0x4204, r1, 0x206, &(0x7f00000001c0)={&(0x7f00000000c0)=""/81, 0x51}) [ 339.218052][T11971] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 339.226136][T11971] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 339.234114][T11971] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 339.244575][T11971] memory: usage 307200kB, limit 307200kB, failcnt 1049 [ 339.251642][T11971] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 339.259689][T11971] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 339.266856][T11971] Memory cgroup stats for /syz2: cache:0KB rss:297988KB rss_huge:243712KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:158840KB active_anon:15272KB inactive_file:0KB active_file:0KB unevictable:123880KB [ 339.290002][T11971] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10582,uid=0 [ 339.318840][T11971] Memory cgroup out of memory: Killed process 10582 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 339.360051][ T1043] oom_reaper: reaped process 10582 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:47:35 executing program 4: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') sendmsg$TIPC_CMD_GET_LINKS(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r1, 0x300, 0x70bd29, 0x25dfdbfe, {{}, 0x0, 0x4, 0x0, {0x8, 0x11, 0x9}}, ["", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x1) write$rfkill(r0, &(0x7f0000000080), 0x8) sendto$netrom(r0, &(0x7f0000000180)="bf5effbefd5c758b04df0806245575836058db8e9f9be3e610b0db7d885c05157a78672db7669fb598afb13542b499bed82db4a416d89b14d17ee87dae4346c1f8cffdb373858c220230bb44ef5cf7e567b21a2144f734891d69c7a615409753012f6a1c31559db8f530b3416f2bae2c7e8c2a750ffd", 0x76, 0x40000, &(0x7f0000000200)={{0x3, @bcast, 0x4}, [@null, @default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, @bcast]}, 0x48) 12:47:35 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x4}, 0xffffff17) 12:47:35 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00'}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:35 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x100000000000000}) [ 339.617532][T11966] device nr0 entered promiscuous mode [ 339.671766][T12001] overlayfs: './file0' not a directory [ 339.876608][T11971] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 339.887052][T11971] CPU: 0 PID: 11971 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 339.895053][T11971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 339.905111][T11971] Call Trace: [ 339.908422][T11971] dump_stack+0x172/0x1f0 [ 339.912761][T11971] dump_header+0x10f/0xb6c [ 339.917275][T11971] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 339.923092][T11971] ? ___ratelimit+0x60/0x595 [ 339.927691][T11971] ? do_raw_spin_unlock+0x57/0x270 [ 339.932824][T11971] oom_kill_process.cold+0x10/0x15 [ 339.937949][T11971] out_of_memory+0x79a/0x1280 [ 339.942634][T11971] ? lock_downgrade+0x880/0x880 [ 339.947491][T11971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 339.953742][T11971] ? oom_killer_disable+0x280/0x280 [ 339.958949][T11971] ? find_held_lock+0x35/0x130 [ 339.963734][T11971] mem_cgroup_out_of_memory+0x1ca/0x230 [ 339.969292][T11971] ? memcg_event_wake+0x230/0x230 [ 339.974332][T11971] ? do_raw_spin_unlock+0x57/0x270 [ 339.979452][T11971] ? _raw_spin_unlock+0x2d/0x50 [ 339.984304][T11971] try_charge+0x102c/0x15c0 [ 339.988817][T11971] ? find_held_lock+0x35/0x130 [ 339.993592][T11971] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 339.999127][T11971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 340.005375][T11971] ? kasan_check_read+0x11/0x20 [ 340.010221][T11971] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 340.015755][T11971] mem_cgroup_try_charge+0x24d/0x5e0 [ 340.021045][T11971] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 340.026704][T11971] wp_page_copy+0x408/0x1740 [ 340.031293][T11971] ? find_held_lock+0x35/0x130 [ 340.036084][T11971] ? pmd_pfn+0x1d0/0x1d0 [ 340.040342][T11971] ? lock_downgrade+0x880/0x880 [ 340.045178][T11971] ? swp_swapcount+0x540/0x540 [ 340.049927][T11971] ? kasan_check_read+0x11/0x20 [ 340.054773][T11971] ? do_raw_spin_unlock+0x57/0x270 [ 340.059892][T11971] do_wp_page+0x48e/0x1500 [ 340.064294][T11971] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 340.069653][T11971] __handle_mm_fault+0x22e8/0x3ec0 [ 340.074765][T11971] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 340.080310][T11971] ? find_held_lock+0x35/0x130 [ 340.085075][T11971] ? handle_mm_fault+0x322/0xb30 [ 340.090028][T11971] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 340.096265][T11971] ? kasan_check_read+0x11/0x20 [ 340.101121][T11971] handle_mm_fault+0x43f/0xb30 [ 340.105881][T11971] __get_user_pages+0x7b6/0x1a40 [ 340.110854][T11971] ? follow_page_mask+0x19a0/0x19a0 [ 340.116059][T11971] ? retint_kernel+0x2d/0x2d [ 340.120637][T11971] populate_vma_page_range+0x20d/0x2a0 [ 340.126101][T11971] __mm_populate+0x204/0x380 [ 340.130691][T11971] ? populate_vma_page_range+0x2a0/0x2a0 [ 340.136309][T11971] __x64_sys_mlockall+0x35c/0x520 [ 340.141319][T11971] do_syscall_64+0x103/0x610 [ 340.145896][T11971] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 340.151827][T11971] RIP: 0033:0x458da9 [ 340.155706][T11971] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 340.175305][T11971] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 340.183706][T11971] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 340.191672][T11971] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 340.199644][T11971] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 340.207597][T11971] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 340.215554][T11971] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 340.224712][T11971] memory: usage 307200kB, limit 307200kB, failcnt 1114 [ 340.232350][T11971] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 340.239929][T11971] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 340.246861][T11971] Memory cgroup stats for /syz2: cache:0KB rss:297852KB rss_huge:243712KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:145680KB active_anon:15256KB inactive_file:0KB active_file:0KB unevictable:137012KB [ 340.269190][T11971] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11970,uid=0 [ 340.269307][T11971] Memory cgroup out of memory: Killed process 11970 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB 12:47:36 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x141480, 0x0) ioctl$NBD_CLEAR_QUE(r0, 0xab05) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r0, 0x84, 0x1a, &(0x7f00000000c0)={0x0, 0xd1, "f6172044865f90622a3c23893cc0c151e059462052b3132f097624d609cdca3ec170ea06eeeae905353eb3259d9b7e78e030ca1492a2d78fadd45692b3ff35767678f5743fc9ffcea6b1b37cb4d687dba0e4a18e59a2ca73f9f9703261506f869ced28fb8a64383eb522d3083e972f24cb54eb5a1ffb72ddcb9c6ed423901f681db396426192a12c8af5ccede8a22da64ccaffff1415f9565a09e00ade60c38f271b83d22a97148d01344f3053bd124d7a73d71659cbbaaeb0236d5ed87277d618a417d5e0c593240e17b04b56018ddaa6"}, &(0x7f00000001c0)=0xd9) getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r0, 0x84, 0xf, &(0x7f0000000200)={r1, @in6={{0xa, 0x4e20, 0x401, @mcast1, 0x5}}, 0x1ff, 0x4, 0x0, 0x7fffffff, 0x7}, &(0x7f00000002c0)=0x98) mlockall(0x3) 12:47:36 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:36 executing program 4: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x0, 0x0) ioctl$TIOCSBRK(r0, 0x5427) write$rfkill(r1, &(0x7f0000000080), 0xfd9c) 12:47:36 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x1e00000000000000}) 12:47:36 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:36 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x2, 0x0) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x401, 0x0, 0x10000, 0x101}) ioctl$DRM_IOCTL_SG_ALLOC(r2, 0xc0106438, &(0x7f0000000080)={0x6, r3}) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r2, 0x4008240b, &(0x7f00000000c0)={0x5, 0x70, 0x1, 0x7, 0x8000, 0xffffffffffffffff, 0x0, 0x3, 0x24, 0x4, 0x20, 0x4, 0x4, 0x7f, 0x8, 0x2, 0x9f, 0xffffffffffffffff, 0x6, 0x0, 0xfffffffffffffffc, 0x7, 0x7, 0x2, 0xfff, 0x4, 0x7fffffff, 0x7ff, 0x1, 0x800, 0xfffffffffffff18b, 0x80000000, 0xff, 0xf0, 0x81, 0x9, 0x6450, 0xe3, 0x0, 0x2, 0x0, @perf_config_ext={0xa43, 0x1f}, 0x80, 0x8001, 0xed0, 0x6, 0x1, 0x1, 0x48}) 12:47:36 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x3f00000000000000}) 12:47:36 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 340.464768][T12121] device nr0 entered promiscuous mode [ 340.496775][T12119] overlayfs: './file0' not a directory 12:47:36 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_GET_FP_MODE(0x2e) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x142ffb, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) [ 340.646127][T12132] overlayfs: './file0' not a directory [ 340.656487][T12127] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 340.682658][T12127] CPU: 0 PID: 12127 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 340.690686][T12127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 340.700741][T12127] Call Trace: [ 340.704038][T12127] dump_stack+0x172/0x1f0 [ 340.708375][T12127] dump_header+0x10f/0xb6c [ 340.712799][T12127] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 340.718617][T12127] ? ___ratelimit+0x60/0x595 [ 340.723212][T12127] ? do_raw_spin_unlock+0x57/0x270 [ 340.728328][T12127] oom_kill_process.cold+0x10/0x15 [ 340.733451][T12127] out_of_memory+0x79a/0x1280 [ 340.738137][T12127] ? lock_downgrade+0x880/0x880 [ 340.742991][T12127] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 340.749240][T12127] ? oom_killer_disable+0x280/0x280 [ 340.755220][T12127] ? find_held_lock+0x35/0x130 [ 340.759984][T12127] mem_cgroup_out_of_memory+0x1ca/0x230 [ 340.765559][T12127] ? memcg_event_wake+0x230/0x230 [ 340.770617][T12127] ? do_raw_spin_unlock+0x57/0x270 [ 340.777296][T12127] ? _raw_spin_unlock+0x2d/0x50 [ 340.782166][T12127] try_charge+0x102c/0x15c0 [ 340.786672][T12127] ? find_held_lock+0x35/0x130 [ 340.791449][T12127] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 12:47:36 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 340.797002][T12127] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 340.803248][T12127] ? kasan_check_read+0x11/0x20 [ 340.808108][T12127] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 340.813759][T12127] mem_cgroup_try_charge+0x24d/0x5e0 [ 340.819090][T12127] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 340.824743][T12127] __handle_mm_fault+0x1e1f/0x3ec0 [ 340.829868][T12127] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 340.835421][T12127] ? find_held_lock+0x35/0x130 [ 340.840190][T12127] ? handle_mm_fault+0x322/0xb30 [ 340.845143][T12127] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 340.851371][T12127] ? kasan_check_read+0x11/0x20 [ 340.856205][T12127] handle_mm_fault+0x43f/0xb30 [ 340.860956][T12127] __get_user_pages+0x7b6/0x1a40 [ 340.865894][T12127] ? follow_page_mask+0x19a0/0x19a0 [ 340.871186][T12127] ? __vma_adjust+0x1840/0x1840 [ 340.877871][T12127] ? lock_acquire+0x16f/0x3f0 [ 340.882544][T12127] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 340.888770][T12127] populate_vma_page_range+0x20d/0x2a0 [ 340.894231][T12127] __mm_populate+0x204/0x380 [ 340.898816][T12127] ? populate_vma_page_range+0x2a0/0x2a0 [ 340.904437][T12127] __x64_sys_mlockall+0x35c/0x520 [ 340.909453][T12127] do_syscall_64+0x103/0x610 [ 340.914059][T12127] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 340.919956][T12127] RIP: 0033:0x458da9 [ 340.923838][T12127] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 340.943434][T12127] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 340.951845][T12127] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 340.959823][T12127] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 340.967789][T12127] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 340.975754][T12127] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 340.983707][T12127] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff 12:47:36 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) r0 = syz_open_dev$mouse(&(0x7f00000000c0)='/dev/input/mouse#\x00', 0x7f, 0x101801) write$rfkill(r0, &(0x7f0000000040)={0x4, 0xffffffffffffffff, 0x1, 0x1, 0x1}, 0x5) [ 340.994446][T12127] memory: usage 307200kB, limit 307200kB, failcnt 1131 [ 341.001309][T12127] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 341.010165][T12127] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 341.018675][T12127] Memory cgroup stats for /syz2: cache:0KB rss:297964KB rss_huge:243712KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:152696KB active_anon:15272KB inactive_file:0KB active_file:0KB unevictable:130064KB 12:47:37 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) write$P9_RCREATE(r2, &(0x7f0000000040)={0x18, 0x73, 0x1, {{0x8, 0x3, 0x3}, 0xffffffff}}, 0x18) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) [ 341.082196][T12127] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10631,uid=0 [ 341.108265][T12127] Memory cgroup out of memory: Killed process 10631 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 341.152056][T12144] overlayfs: './file0' not a directory [ 341.158345][ T1043] oom_reaper: reaped process 10631 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 341.189770][T12149] device nr0 entered promiscuous mode 12:47:37 executing program 2: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/pfkey\x00', 0x80000, 0x0) ioctl$TIOCLINUX6(r0, 0x541c, &(0x7f00000000c0)={0x6, 0x5}) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:47:37 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0xfdfdffff00000000}) 12:47:37 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x1d4) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000180)='tls\x00', 0xfe52) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000100), 0x28) sendto$inet6(r0, &(0x7f0000000300)="b760406c17bc98688a53bfb6d00500b185eba6586a27c1a632f771d08949419de8b14ec28917170651b46fa623838f5ab38a4db645688dc6167b1f1819ebce8bb3462025b465c238b3c01bbb648fa4484cc0589f7f8fa0a39a37cf6ab9071ee8f5db3d576f36f8d143aea643618b1824b7f41bec942fa74d434521e8325e076bae030983d2b80caa043c4b2ca3c86e41ce41dc659763b981b6fc64540293375b28d32b78f437bc147f66d174a50b9dbeadc1de5f6cec95327ef2b4c14ec2d260f9c0b25d7c3919feab08756206948f7848642bb087b2780538a18611314f571ea467700568dfdd5dcf4757bf49872a4cabc1ff117e561de2f59d3bf0baa985ba3bda7f6960b7cdd0f6f316fc8a3712da69f89e17309decb4d2cf374550f1438a640b0b76a767e82e72ba812f4bdd92fdd34829", 0x133, 0x0, 0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x100, 0x0) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r1, 0xc0a85352, &(0x7f00000001c0)={{0xe2, 0x10200000}, 'port1\x00', 0x1, 0x1, 0x0, 0x2, 0x2, 0x7a3, 0x10001, 0x0, 0x4, 0x10000}) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r1, 0x3) sendmmsg(r0, &(0x7f0000005f00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[{0x18, 0x11a, 0x1, '}'}], 0x18}}], 0x1, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r2, &(0x7f0000000080), 0x8) 12:47:37 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:37 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 341.529757][T12164] overlayfs: './file0' not a directory 12:47:37 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:37 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0xffffffff00000000}) [ 341.596215][T12149] device nr0 entered promiscuous mode [ 341.699293][T12163] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 341.725551][T12163] CPU: 0 PID: 12163 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 341.733604][T12163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 341.743671][T12163] Call Trace: [ 341.746980][T12163] dump_stack+0x172/0x1f0 [ 341.751328][T12163] dump_header+0x10f/0xb6c [ 341.755768][T12163] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 341.761702][T12163] ? ___ratelimit+0x60/0x595 [ 341.766306][T12163] ? do_raw_spin_unlock+0x57/0x270 [ 341.771442][T12163] oom_kill_process.cold+0x10/0x15 [ 341.776588][T12163] out_of_memory+0x79a/0x1280 [ 341.781282][T12163] ? lock_downgrade+0x880/0x880 [ 341.786142][T12163] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 341.792392][T12163] ? oom_killer_disable+0x280/0x280 [ 341.797604][T12163] ? find_held_lock+0x35/0x130 [ 341.802385][T12163] mem_cgroup_out_of_memory+0x1ca/0x230 [ 341.807938][T12163] ? memcg_event_wake+0x230/0x230 [ 341.813066][T12163] ? do_raw_spin_unlock+0x57/0x270 [ 341.818199][T12163] ? _raw_spin_unlock+0x2d/0x50 [ 341.823069][T12163] try_charge+0x102c/0x15c0 [ 341.827581][T12163] ? find_held_lock+0x35/0x130 [ 341.832365][T12163] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 341.837924][T12163] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 341.844204][T12163] ? kasan_check_read+0x11/0x20 [ 341.849087][T12163] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 341.854649][T12163] mem_cgroup_try_charge+0x24d/0x5e0 [ 341.859959][T12163] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 341.865603][T12163] __handle_mm_fault+0x1e1f/0x3ec0 [ 341.870731][T12163] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 341.876278][T12163] ? find_held_lock+0x35/0x130 [ 341.881044][T12163] ? handle_mm_fault+0x322/0xb30 [ 341.886014][T12163] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 341.892256][T12163] ? sync_mm_rss+0xa4/0x1c0 [ 341.896779][T12163] handle_mm_fault+0x43f/0xb30 [ 341.901567][T12163] __get_user_pages+0x7b6/0x1a40 [ 341.906532][T12163] ? follow_page_mask+0x19a0/0x19a0 [ 341.911733][T12163] ? perf_trace_lock+0xeb/0x510 [ 341.917311][T12163] ? __vma_adjust+0x1840/0x1840 [ 341.927374][T12163] ? lock_acquire+0x16f/0x3f0 [ 341.932058][T12163] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 341.938310][T12163] populate_vma_page_range+0x20d/0x2a0 [ 341.943792][T12163] __mm_populate+0x204/0x380 [ 341.948405][T12163] ? populate_vma_page_range+0x2a0/0x2a0 [ 341.954056][T12163] __x64_sys_mlockall+0x35c/0x520 [ 341.959087][T12163] do_syscall_64+0x103/0x610 [ 341.963693][T12163] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 341.969586][T12163] RIP: 0033:0x458da9 [ 341.973486][T12163] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 341.993096][T12163] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 342.001533][T12163] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 342.009516][T12163] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 342.017501][T12163] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 342.025482][T12163] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 342.033463][T12163] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 342.046620][T12163] memory: usage 307200kB, limit 307200kB, failcnt 1186 [ 342.058791][T12185] overlayfs: './file0' not a directory [ 342.064446][T12163] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 342.075760][T12163] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 12:47:38 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 342.091054][T12163] Memory cgroup stats for /syz2: cache:0KB rss:298004KB rss_huge:243712KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:152696KB active_anon:15272KB inactive_file:0KB active_file:0KB unevictable:130060KB [ 342.124189][T12163] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10682,uid=0 [ 342.142097][T12163] Memory cgroup out of memory: Killed process 10682 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB 12:47:38 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x1000, 0xfffffffffffffffc}, 0xfffffffffffffd41) [ 342.294353][T12192] overlayfs: './file0' not a directory 12:47:38 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:38 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x1e}) 12:47:38 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0xfffffffffffffffe, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) [ 342.542210][T12205] overlayfs: './file0' not a directory [ 342.690940][T12163] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 342.701874][T12163] CPU: 1 PID: 12163 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 342.709867][T12163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 342.719951][T12163] Call Trace: [ 342.723257][T12163] dump_stack+0x172/0x1f0 [ 342.727599][T12163] dump_header+0x10f/0xb6c [ 342.732065][T12163] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 342.737891][T12163] ? ___ratelimit+0x60/0x595 [ 342.742504][T12163] ? do_raw_spin_unlock+0x57/0x270 [ 342.747611][T12163] oom_kill_process.cold+0x10/0x15 [ 342.752724][T12163] out_of_memory+0x79a/0x1280 [ 342.757381][T12163] ? lock_downgrade+0x880/0x880 [ 342.762209][T12163] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 342.768431][T12163] ? oom_killer_disable+0x280/0x280 [ 342.773607][T12163] ? find_held_lock+0x35/0x130 [ 342.778491][T12163] mem_cgroup_out_of_memory+0x1ca/0x230 [ 342.784026][T12163] ? memcg_event_wake+0x230/0x230 [ 342.789045][T12163] ? do_raw_spin_unlock+0x57/0x270 [ 342.794146][T12163] ? _raw_spin_unlock+0x2d/0x50 [ 342.799001][T12163] try_charge+0x102c/0x15c0 [ 342.803496][T12163] ? find_held_lock+0x35/0x130 [ 342.808253][T12163] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 342.813795][T12163] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 342.820024][T12163] ? kasan_check_read+0x11/0x20 [ 342.824870][T12163] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 342.830433][T12163] mem_cgroup_try_charge+0x24d/0x5e0 [ 342.835793][T12163] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 342.841412][T12163] wp_page_copy+0x408/0x1740 [ 342.845983][T12163] ? find_held_lock+0x35/0x130 [ 342.850732][T12163] ? pmd_pfn+0x1d0/0x1d0 [ 342.854956][T12163] ? lock_downgrade+0x880/0x880 [ 342.859822][T12163] ? swp_swapcount+0x540/0x540 [ 342.864888][T12163] ? kasan_check_read+0x11/0x20 [ 342.869729][T12163] ? do_raw_spin_unlock+0x57/0x270 [ 342.874828][T12163] do_wp_page+0x48e/0x1500 [ 342.879246][T12163] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 342.884624][T12163] __handle_mm_fault+0x22e8/0x3ec0 [ 342.889825][T12163] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 342.895373][T12163] ? find_held_lock+0x35/0x130 [ 342.900136][T12163] ? handle_mm_fault+0x322/0xb30 [ 342.905073][T12163] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 342.911324][T12163] ? kasan_check_read+0x11/0x20 [ 342.916161][T12163] handle_mm_fault+0x43f/0xb30 [ 342.920907][T12163] __get_user_pages+0x7b6/0x1a40 [ 342.925841][T12163] ? follow_page_mask+0x19a0/0x19a0 [ 342.931021][T12163] ? retint_kernel+0x2d/0x2d [ 342.935594][T12163] populate_vma_page_range+0x20d/0x2a0 [ 342.941039][T12163] __mm_populate+0x204/0x380 [ 342.945612][T12163] ? populate_vma_page_range+0x2a0/0x2a0 [ 342.951248][T12163] __x64_sys_mlockall+0x35c/0x520 [ 342.956279][T12163] do_syscall_64+0x103/0x610 [ 342.960959][T12163] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 342.966838][T12163] RIP: 0033:0x458da9 [ 342.970714][T12163] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 342.990300][T12163] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 342.998693][T12163] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 343.006649][T12163] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 343.014686][T12163] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 343.022648][T12163] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 343.030701][T12163] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 343.039310][T12163] memory: usage 307200kB, limit 307200kB, failcnt 1214 [ 343.046327][T12163] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 343.053873][T12163] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 343.060714][T12163] Memory cgroup stats for /syz2: cache:0KB rss:297860KB rss_huge:243712KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:151824KB active_anon:13204KB inactive_file:0KB active_file:0KB unevictable:132924KB [ 343.083646][T12163] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12162,uid=0 [ 343.099155][T12163] Memory cgroup out of memory: Killed process 12162 (syz-executor.2) total-vm:72580kB, anon-rss:18176kB, file-rss:54328kB, shmem-rss:0kB [ 343.113446][ T1043] oom_reaper: reaped process 12162 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB 12:47:39 executing program 4: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) getsockopt$bt_BT_POWER(r1, 0x112, 0x9, &(0x7f0000000440)=0x101, &(0x7f0000000480)=0x1) write$rfkill(r1, &(0x7f0000000080), 0x8) ioctl$sock_inet6_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f00000004c0)) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') write$UHID_CREATE(r1, &(0x7f0000000300)={0x0, 'syz0\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000280)=""/59, 0x3b, 0x80000000, 0x0, 0x7fff, 0xfff, 0x3}, 0x120) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="0000008790bd334925d72cf1de4d", @ANYRES16=r2, @ANYBLOB="010025bd7000fbdbdf250f0000000800050001000000080005000100008008000600000000005c00030008000500fffffff70800080007000000080001000100000014000600000000000000000059f5a37e8b7e9ab7000000000000000114000600fe8000000000000000000000000000bb08000800ff000000080007004e200000080005007f00000108000500040000006461c0e394b1232e24d1656905cce546ea0973d8eb50dc4646b885a8a6483181a3f40efead78368d4e9c82dffedb6e32c9af7ac5eb864e06bb9dafd4f5e656f6401c56d6fab2650e7a41c954609f543f3f445940a79f49"], 0x90}, 0x1, 0x0, 0x0, 0x4}, 0x0) 12:47:39 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:39 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x1e00}) 12:47:39 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) setsockopt$bt_BT_VOICE(r0, 0x112, 0xb, &(0x7f00000000c0), 0x2) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:47:39 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:39 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) mq_open(&(0x7f0000000000)='system\x00', 0x42, 0x2, &(0x7f0000000040)={0x8001, 0x6, 0x0, 0x8001, 0xb7, 0x8, 0x9, 0x1}) 12:47:39 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x3f00}) [ 343.256277][T12224] device nr0 entered promiscuous mode [ 343.256610][T12228] overlayfs: './file0' not a directory 12:47:39 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 343.324696][T12230] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 343.362299][T12230] CPU: 1 PID: 12230 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 343.370319][T12230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 343.380373][T12230] Call Trace: [ 343.383674][T12230] dump_stack+0x172/0x1f0 [ 343.388018][T12230] dump_header+0x10f/0xb6c [ 343.392447][T12230] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 343.398259][T12230] ? ___ratelimit+0x60/0x595 [ 343.402861][T12230] ? do_raw_spin_unlock+0x57/0x270 [ 343.407983][T12230] oom_kill_process.cold+0x10/0x15 [ 343.413103][T12230] out_of_memory+0x79a/0x1280 [ 343.417975][T12230] ? lock_downgrade+0x880/0x880 [ 343.422838][T12230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 343.429082][T12230] ? oom_killer_disable+0x280/0x280 [ 343.434281][T12230] ? find_held_lock+0x35/0x130 [ 343.439061][T12230] mem_cgroup_out_of_memory+0x1ca/0x230 [ 343.444613][T12230] ? memcg_event_wake+0x230/0x230 [ 343.449658][T12230] ? do_raw_spin_unlock+0x57/0x270 [ 343.454806][T12230] ? _raw_spin_unlock+0x2d/0x50 [ 343.459672][T12230] try_charge+0x102c/0x15c0 [ 343.464179][T12230] ? find_held_lock+0x35/0x130 [ 343.468951][T12230] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 343.474508][T12230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 343.480757][T12230] ? kasan_check_read+0x11/0x20 [ 343.485604][T12230] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 343.491138][T12230] mem_cgroup_try_charge+0x24d/0x5e0 [ 343.496412][T12230] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 343.502033][T12230] __handle_mm_fault+0x1e1f/0x3ec0 [ 343.507250][T12230] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 343.512777][T12230] ? find_held_lock+0x35/0x130 [ 343.517610][T12230] ? handle_mm_fault+0x322/0xb30 [ 343.522564][T12230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 343.528873][T12230] ? kasan_check_read+0x11/0x20 [ 343.533707][T12230] handle_mm_fault+0x43f/0xb30 [ 343.538455][T12230] __get_user_pages+0x7b6/0x1a40 [ 343.543378][T12230] ? follow_page_mask+0x19a0/0x19a0 [ 343.548573][T12230] ? __vma_adjust+0x1840/0x1840 [ 343.553410][T12230] ? lock_acquire+0x16f/0x3f0 [ 343.558089][T12230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 343.564325][T12230] populate_vma_page_range+0x20d/0x2a0 [ 343.569784][T12230] __mm_populate+0x204/0x380 [ 343.574399][T12230] ? populate_vma_page_range+0x2a0/0x2a0 [ 343.580048][T12230] __x64_sys_mlockall+0x35c/0x520 [ 343.585071][T12230] do_syscall_64+0x103/0x610 [ 343.589650][T12230] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 343.595522][T12230] RIP: 0033:0x458da9 [ 343.599421][T12230] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 343.619018][T12230] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 343.627416][T12230] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 343.635400][T12230] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 343.643354][T12230] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 343.651309][T12230] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 343.659349][T12230] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 343.672525][T12230] memory: usage 307200kB, limit 307200kB, failcnt 1246 12:47:39 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x1000000}) [ 343.699803][T12230] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 343.713421][T12230] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 343.721438][T12238] overlayfs: './file0' not a directory 12:47:39 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 343.738960][T12230] Memory cgroup stats for /syz2: cache:0KB rss:298000KB rss_huge:243712KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:158844KB active_anon:13232KB inactive_file:0KB active_file:0KB unevictable:125952KB [ 343.763656][T12241] device nr0 entered promiscuous mode [ 343.776614][T12230] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10769,uid=0 12:47:39 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) io_uring_setup(0x5c5, &(0x7f0000000000)={0x0, 0x0, 0x7, 0x0, 0x1b2}) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mISDNtimer\x00', 0x80000, 0x0) ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x0, {0x2, 0x0, @multicast2}, {0x2, 0x0, @initdev}, {}, 0x4000000604}) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) dup(r0) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x2000000000000, 0x80, &(0x7f0000000100)=@broute={'broute\x00', 0x20, 0x1, 0x1c8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200002c0], 0x0, &(0x7f0000000000), &(0x7f00000002c0)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{{{0x5, 0x0, 0x0, 'sit0\x00', 'eql\x00', 'ifb0\x00', 'eql\x00', @link_local, [], @remote, [], 0x108, 0x108, 0x138, [@physdev={'physdev\x00', 0x48, {{'eql\x00', {}, 'vlan0\x00'}}}]}}, @common=@CLASSIFY={'CLASSIFY\x00', 0x8}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}]}, 0x240) syz_open_dev$vbi(&(0x7f00000000c0)='/dev/vbi#\x00', 0x3, 0x2) [ 343.798657][T12230] Memory cgroup out of memory: Killed process 10769 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB 12:47:39 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 343.931139][T12252] overlayfs: './file0' not a directory 12:47:40 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 344.080978][T12260] overlayfs: './file0' not a directory 12:47:40 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:40 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x1e000000}) [ 344.364710][T12272] overlayfs: './file0' not a directory [ 344.438537][T12230] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 344.458108][T12230] CPU: 1 PID: 12230 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 344.466110][T12230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 344.476175][T12230] Call Trace: [ 344.479479][T12230] dump_stack+0x172/0x1f0 [ 344.483803][T12230] dump_header+0x10f/0xb6c [ 344.488220][T12230] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 344.494014][T12230] ? ___ratelimit+0x60/0x595 [ 344.498599][T12230] ? do_raw_spin_unlock+0x57/0x270 [ 344.503714][T12230] oom_kill_process.cold+0x10/0x15 [ 344.508833][T12230] out_of_memory+0x79a/0x1280 [ 344.513535][T12230] ? lock_downgrade+0x880/0x880 [ 344.518382][T12230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 344.524619][T12230] ? oom_killer_disable+0x280/0x280 [ 344.529806][T12230] ? find_held_lock+0x35/0x130 [ 344.534597][T12230] mem_cgroup_out_of_memory+0x1ca/0x230 [ 344.540161][T12230] ? memcg_event_wake+0x230/0x230 [ 344.545372][T12230] ? do_raw_spin_unlock+0x57/0x270 [ 344.550657][T12230] ? _raw_spin_unlock+0x2d/0x50 [ 344.555497][T12230] try_charge+0x102c/0x15c0 [ 344.560001][T12230] ? find_held_lock+0x35/0x130 [ 344.564773][T12230] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 344.570665][T12230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 344.576910][T12230] ? kasan_check_read+0x11/0x20 [ 344.581844][T12230] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 344.587380][T12230] mem_cgroup_try_charge+0x24d/0x5e0 [ 344.592655][T12230] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 344.598277][T12230] wp_page_copy+0x408/0x1740 [ 344.602851][T12230] ? find_held_lock+0x35/0x130 [ 344.607603][T12230] ? pmd_pfn+0x1d0/0x1d0 [ 344.611843][T12230] ? lock_downgrade+0x880/0x880 [ 344.616677][T12230] ? swp_swapcount+0x540/0x540 [ 344.621426][T12230] ? kasan_check_read+0x11/0x20 [ 344.627296][T12230] ? do_raw_spin_unlock+0x57/0x270 [ 344.632423][T12230] do_wp_page+0x48e/0x1500 [ 344.636851][T12230] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 344.642310][T12230] __handle_mm_fault+0x22e8/0x3ec0 [ 344.647422][T12230] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 344.653149][T12230] ? find_held_lock+0x35/0x130 [ 344.665101][T12230] ? handle_mm_fault+0x322/0xb30 [ 344.670038][T12230] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 344.676267][T12230] ? kasan_check_read+0x11/0x20 [ 344.681112][T12230] handle_mm_fault+0x43f/0xb30 [ 344.685882][T12230] __get_user_pages+0x7b6/0x1a40 [ 344.690827][T12230] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 344.696281][T12230] ? follow_page_mask+0x19a0/0x19a0 [ 344.701463][T12230] ? retint_kernel+0x2d/0x2d [ 344.706047][T12230] populate_vma_page_range+0x20d/0x2a0 [ 344.711519][T12230] __mm_populate+0x204/0x380 [ 344.716135][T12230] ? populate_vma_page_range+0x2a0/0x2a0 [ 344.721762][T12230] __x64_sys_mlockall+0x35c/0x520 [ 344.726793][T12230] do_syscall_64+0x103/0x610 [ 344.731406][T12230] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 344.737285][T12230] RIP: 0033:0x458da9 [ 344.741188][T12230] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 344.760789][T12230] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 344.769286][T12230] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 344.777250][T12230] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 344.785235][T12230] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 344.793195][T12230] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 344.801156][T12230] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 344.809985][T12230] memory: usage 307200kB, limit 307200kB, failcnt 1270 [ 344.816901][T12230] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 344.824484][T12230] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 344.831373][T12230] Memory cgroup stats for /syz2: cache:0KB rss:297848KB rss_huge:241664KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:155908KB active_anon:13216KB inactive_file:0KB active_file:0KB unevictable:128828KB [ 344.853698][T12230] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12229,uid=0 [ 344.871061][T12230] Memory cgroup out of memory: Killed process 12229 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 344.885723][ T1043] oom_reaper: reaped process 12229 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB 12:47:40 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f0000000000)='./file0\x00', 0x40) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r0, 0xc0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=0x4, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x7095, 0x8}, 0x0, 0x0, &(0x7f0000000140)={0x9c, 0x7, 0x2, 0xc}, &(0x7f0000000180)=0x6, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=0x7c}}, 0x10) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x5) 12:47:40 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x4220, 0x0) fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000040)='y\x00', 0x2, 0x1) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x1, 0x100) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f00000000c0)=r2, 0x4) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r3 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) 12:47:40 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x800, 0x8001, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xd}, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x484000, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f00000000c0)={0x0, 0x1, 0x6736, 0xffffffff00000001}, &(0x7f0000000100)=0x10) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f00000001c0)=@sack_info={r2, 0x20, 0xfaf5}, 0xc) 12:47:40 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x3f000000}) 12:47:40 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 345.020339][T12288] overlayfs: './file0' not a directory 12:47:41 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:41 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0xfdfdffff}) 12:47:41 executing program 4: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$void(r0, 0xc0045878) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) r2 = msgget$private(0x0, 0x425) msgsnd(r2, &(0x7f00000001c0)=ANY=[@ANYRES32=r1], 0x1, 0x800) write$rfkill(r1, &(0x7f0000000080), 0x8) ioctl$NBD_SET_FLAGS(r1, 0xab0a, 0x40) 12:47:41 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'vxcan1\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') r2 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x200000, 0x0) ioctl$KVM_GET_CLOCK(r2, 0x8030ae7c, &(0x7f0000000040)) readv(r1, &(0x7f0000000280), 0x0) [ 345.184149][T12294] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 12:47:41 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 345.255261][T12294] CPU: 0 PID: 12294 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 345.263265][T12294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 345.270715][T12303] overlayfs: './file0' not a directory [ 345.273326][T12294] Call Trace: [ 345.273351][T12294] dump_stack+0x172/0x1f0 [ 345.273371][T12294] dump_header+0x10f/0xb6c [ 345.273388][T12294] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 345.273410][T12294] ? ___ratelimit+0x60/0x595 [ 345.290872][T12294] ? do_raw_spin_unlock+0x57/0x270 [ 345.306356][T12294] oom_kill_process.cold+0x10/0x15 [ 345.306374][T12294] out_of_memory+0x79a/0x1280 [ 345.306395][T12294] ? lock_downgrade+0x880/0x880 [ 345.321015][T12294] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 345.327264][T12294] ? oom_killer_disable+0x280/0x280 [ 345.332480][T12294] ? find_held_lock+0x35/0x130 [ 345.337276][T12294] mem_cgroup_out_of_memory+0x1ca/0x230 [ 345.342836][T12294] ? memcg_event_wake+0x230/0x230 [ 345.347873][T12294] ? do_raw_spin_unlock+0x57/0x270 12:47:41 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 345.347891][T12294] ? _raw_spin_unlock+0x2d/0x50 [ 345.347923][T12294] try_charge+0x102c/0x15c0 [ 345.362395][T12294] ? find_held_lock+0x35/0x130 [ 345.367191][T12294] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 345.372746][T12294] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 345.372767][T12294] ? kasan_check_read+0x11/0x20 [ 345.372786][T12294] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 345.372822][T12294] mem_cgroup_try_charge+0x24d/0x5e0 [ 345.389432][T12294] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 345.389460][T12294] __handle_mm_fault+0x1e1f/0x3ec0 [ 345.405456][T12294] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 345.405473][T12294] ? find_held_lock+0x35/0x130 [ 345.405493][T12294] ? handle_mm_fault+0x322/0xb30 [ 345.415878][T12294] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 345.415898][T12294] ? kasan_check_read+0x11/0x20 [ 345.415918][T12294] handle_mm_fault+0x43f/0xb30 [ 345.415938][T12294] __get_user_pages+0x7b6/0x1a40 [ 345.427093][T12294] ? follow_page_mask+0x19a0/0x19a0 [ 345.427107][T12294] ? perf_trace_lock+0xeb/0x510 12:47:41 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0xfffffdfd}) [ 345.427127][T12294] ? __vma_adjust+0x1840/0x1840 [ 345.427146][T12294] ? lock_acquire+0x16f/0x3f0 [ 345.436729][T12294] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 345.436750][T12294] populate_vma_page_range+0x20d/0x2a0 [ 345.436771][T12294] __mm_populate+0x204/0x380 [ 345.436790][T12294] ? populate_vma_page_range+0x2a0/0x2a0 [ 345.436821][T12294] __x64_sys_mlockall+0x35c/0x520 [ 345.446937][T12294] do_syscall_64+0x103/0x610 [ 345.446957][T12294] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 345.446969][T12294] RIP: 0033:0x458da9 [ 345.446984][T12294] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 345.446999][T12294] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 345.456667][T12294] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 345.456675][T12294] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 345.456683][T12294] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 345.456692][T12294] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 345.456700][T12294] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 345.469340][T12294] memory: usage 307192kB, limit 307200kB, failcnt 1291 [ 345.522652][T12294] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 345.542685][T12294] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 345.624032][T12294] Memory cgroup stats for /syz2: cache:0KB rss:298020KB rss_huge:241664KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:162940KB active_anon:13232KB inactive_file:0KB active_file:0KB unevictable:121856KB [ 345.644668][T12327] overlayfs: './file0' not a directory [ 345.707722][T12294] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10839,uid=0 [ 345.731374][T12294] Memory cgroup out of memory: Killed process 10839 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 346.045662][T12333] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 346.056030][T12333] CPU: 0 PID: 12333 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 346.064016][T12333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 346.074070][T12333] Call Trace: [ 346.077374][T12333] dump_stack+0x172/0x1f0 [ 346.081716][T12333] dump_header+0x10f/0xb6c [ 346.086135][T12333] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 346.091928][T12333] ? ___ratelimit+0x60/0x595 [ 346.096501][T12333] ? do_raw_spin_unlock+0x57/0x270 [ 346.101604][T12333] oom_kill_process.cold+0x10/0x15 [ 346.106709][T12333] out_of_memory+0x79a/0x1280 [ 346.111380][T12333] ? lock_downgrade+0x880/0x880 [ 346.116230][T12333] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 346.122458][T12333] ? oom_killer_disable+0x280/0x280 [ 346.127643][T12333] ? find_held_lock+0x35/0x130 [ 346.132412][T12333] mem_cgroup_out_of_memory+0x1ca/0x230 [ 346.137991][T12333] ? memcg_event_wake+0x230/0x230 [ 346.143023][T12333] ? do_raw_spin_unlock+0x57/0x270 [ 346.148129][T12333] ? _raw_spin_unlock+0x2d/0x50 [ 346.152969][T12333] try_charge+0x102c/0x15c0 [ 346.157453][T12333] ? find_held_lock+0x35/0x130 [ 346.162224][T12333] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 346.167761][T12333] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 346.173993][T12333] ? kasan_check_read+0x11/0x20 [ 346.178842][T12333] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 346.184370][T12333] mem_cgroup_try_charge+0x24d/0x5e0 [ 346.189668][T12333] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 346.195286][T12333] wp_page_copy+0x408/0x1740 [ 346.199858][T12333] ? find_held_lock+0x35/0x130 [ 346.204634][T12333] ? pmd_pfn+0x1d0/0x1d0 [ 346.208865][T12333] ? lock_downgrade+0x880/0x880 [ 346.213697][T12333] ? swp_swapcount+0x540/0x540 [ 346.218441][T12333] ? kasan_check_read+0x11/0x20 [ 346.223283][T12333] ? do_raw_spin_unlock+0x57/0x270 [ 346.228394][T12333] do_wp_page+0x48e/0x1500 [ 346.232796][T12333] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 346.238178][T12333] __handle_mm_fault+0x22e8/0x3ec0 [ 346.243372][T12333] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 346.248901][T12333] ? find_held_lock+0x35/0x130 [ 346.253650][T12333] ? handle_mm_fault+0x322/0xb30 [ 346.258591][T12333] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 346.264823][T12333] ? kasan_check_read+0x11/0x20 [ 346.269661][T12333] handle_mm_fault+0x43f/0xb30 [ 346.274672][T12333] __get_user_pages+0x7b6/0x1a40 [ 346.279612][T12333] ? follow_page_mask+0x19a0/0x19a0 [ 346.284805][T12333] ? __vma_adjust+0x1840/0x1840 [ 346.289650][T12333] ? lock_acquire+0x16f/0x3f0 [ 346.294318][T12333] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 346.300549][T12333] populate_vma_page_range+0x20d/0x2a0 [ 346.305995][T12333] __mm_populate+0x204/0x380 [ 346.310568][T12333] ? populate_vma_page_range+0x2a0/0x2a0 [ 346.316185][T12333] __x64_sys_mlockall+0x35c/0x520 [ 346.321194][T12333] do_syscall_64+0x103/0x610 [ 346.325794][T12333] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 346.331715][T12333] RIP: 0033:0x458da9 [ 346.335590][T12333] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 346.355311][T12333] RSP: 002b:00007f32eb5c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 346.363708][T12333] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 346.371662][T12333] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 346.379614][T12333] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 346.387597][T12333] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5c16d4 [ 346.395577][T12333] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 346.404770][T12333] memory: usage 307200kB, limit 307200kB, failcnt 1363 [ 346.412322][T12333] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 346.419895][T12333] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 346.426886][T12333] Memory cgroup stats for /syz2: cache:0KB rss:297848KB rss_huge:241664KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:160012KB active_anon:13216KB inactive_file:0KB active_file:0KB unevictable:124732KB [ 346.449336][T12333] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12293,uid=0 [ 346.464857][T12333] Memory cgroup out of memory: Killed process 12293 (syz-executor.2) total-vm:72580kB, anon-rss:18088kB, file-rss:54324kB, shmem-rss:0kB 12:47:42 executing program 2: mlockall(0xd) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() mlockall(0x3) 12:47:42 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = request_key(&(0x7f0000000000)='rxrpc_s\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='/dev/net/tun\x00', 0xfffffffffffffff8) r2 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$reject(0x13, r1, 0x1000, 0x1, r2) r3 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') write$binfmt_elf32(r3, &(0x7f0000000440)={{0x7f, 0x45, 0x4c, 0x46, 0x4, 0x5, 0x1, 0x8, 0x1, 0x2, 0x3f, 0xfffffffffffffffc, 0x235, 0x38, 0x345, 0x1, 0x8, 0x20, 0x2, 0xb809, 0xc58, 0x80000000}, [{0x7, 0x200, 0x6, 0xfffffffffffff7d7, 0x7, 0x7ff, 0x3, 0x7ff000}], "82da850d674c523be158e43ff4e2df02ac772bedc5c6dd9cb14c6de626af8f9e915f95cf0d22a402153440af2d7919364249148a2fd7dd2f2d35ebe838d83a42bc0eec7153c83c1175161ff42affd86a643f9554f7aaf7d8", [[], [], [], [], [], []]}, 0x6b0) readv(r0, &(0x7f0000000240), 0x0) 12:47:42 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:42 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x100000000000000}) 12:47:42 executing program 4: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f0000000000)={0x6, 0x4, 0x8000, 0x2, 0x101, 0x14f1}) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f00000000c0)) connect$rose(r0, &(0x7f0000000100)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x2, [@bcast, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}, 0xffffffba) write$P9_RVERSION(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="150078f9672357ef00000800691d0ca907c6cf3950323030302e75b1f69f49085029bc59cf45fe7377000000000000000000000000000000ccb427fc1104b3249e0ddd0c91ab3cac673d6c367d7d2622721c1e175c23089f41d555d168207b78e30895a5a9cde3f9f376049b790801eeffc71d991e0c752fca5c6abae7080000000000000099eac74315ec6c268fda4657598266ec7d7259da76993466393dffb45e51fd696e6f8bcb511d298667a92bcc87b0c5373c67ae7881a2c72eabd2ff403aae6f95248e011440472c8921524a725ab4806c142a680a53d7bfdb9c50aa605112bab54d4f4e9f2b0c5b35d2e5702902a5d2a9770a3040538bea466aa7abdb33d29f299e929f48bfa524ab0d871f57144cbad1da19127ae354b4ca7575ae19eed67cdf0000000000e8d30f1ca3505cf806ce701577438e892d444df0bf83d8b6fcbc54518e317322075324c24fed5605e1a65f8ff52bdf0418e4c8"], 0x15) 12:47:42 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 346.590958][T12339] device nr0 entered promiscuous mode [ 346.637062][T12346] overlayfs: './file0' not a directory 12:47:42 executing program 4: pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x80800) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000300)={0x3f, {0x0, 0xfffffffffffffffb, 0x80, 0x1ff, 0x100}}) r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x9, 0x3, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000d8329ab0838b2d617f5441fcbb9835c1950000000000000075a84b4809000000fb76389417484a0a55954de4db25603cf774da5aa77958bb0387630407cc62618ed6dac2d814fb53fc5a749e72ca958378f38b6b6485f8"], &(0x7f0000000140)='syzkaller\x00', 0x6f1a, 0xfb, &(0x7f00000003c0)=""/251, 0x0, 0x0, [], 0x0, 0xd}, 0x48) openat$zero(0xffffffffffffff9c, &(0x7f0000000380)='/dev/zero\x00', 0x2000, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000040)={r4, r3, 0x0, 0x2}, 0x10) r5 = socket$inet_udplite(0x2, 0x2, 0x88) write$P9_RWALK(r1, &(0x7f0000000240)={0x57, 0x6f, 0x2, {0x6, [{0x48, 0x4, 0x2}, {0x7}, {0x62, 0x4}, {0x20, 0x1, 0x2}, {0x4, 0x4, 0x3}, {0x20, 0x2, 0x8}]}}, 0x57) ioctl(r5, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") bpf$BPF_PROG_ATTACH(0x9, &(0x7f0000000340)={r4, r3, 0xd}, 0x10) getsockopt$inet_sctp6_SCTP_NODELAY(0xffffffffffffffff, 0x84, 0x3, &(0x7f0000000100), &(0x7f0000000180)=0x4) ioctl$TIOCNOTTY(0xffffffffffffffff, 0x5422) write$rfkill(r2, &(0x7f0000000080)={0x0, 0x9}, 0x8) 12:47:42 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x101, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x2df, 0x0, 0xffffffff, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x4, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) ioctl$RNDADDENTROPY(r0, 0x40085203, &(0x7f00000001c0)={0x7ff, 0xe0, "0f2284878b37283c433410da0f79a2f083e7fb943608e43397589797b83ab8f485d743a224ed0a65aeb16754d2a36e011d3b1697d05067afbae66e676f48bb36caa1c689ad7e12bfaa668817b1d0c39bcf1052b17c8c40bf4ef2f737b16e9cb61504eaea34b90615220765422ac095beb540774fe1dca2f6b322e8b1d81574e9e1b7de18f6606cb97eaee6161be0bb00302f1f8a1f558483f997c19dd46c1c6fbf8b9c80a5f8410512fbbb6889a1dd4fa5f596702db0bfaf277cd979f70a637f068bb0f45d1df5b5998ac033d436846bb40648b2a5ccd263788649f5c04f5312"}) ioctl$PPPIOCGFLAGS(r0, 0x8004745a, &(0x7f0000000000)) 12:47:42 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:42 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) timerfd_create(0xf, 0x80000) 12:47:42 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 346.935447][T12363] overlayfs: './file0' not a directory 12:47:43 executing program 4: r0 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x1ff, 0x200000) ioctl$PPPIOCGL2TPSTATS(r0, 0x80487436, &(0x7f00000001c0)="c525f9b580dbd600a26dc2253a6ef0262e369d25aa87902bc05f6f17270f9ecca6df49e0d8a02c75ee75b4327d592238d38f9bb08c7775db0de5c1718c09c9bbd6d6f6ad61f237bf473d482fceafb16d42558ea98e5fd7fe4030ea8c0f8b3c3537d42e677da5643e8b06fbff7a9b57337d271943a475aced68ce5a87e244ecf646ba392b8f3ef64e8c9e") r1 = gettid() ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f00000000c0)={[], 0x401, 0x2, 0xb3b, 0x3, 0x5, r1}) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x20143004, 0x0) write$rfkill(r2, &(0x7f0000000080), 0x8) [ 347.116637][T12339] device nr0 entered promiscuous mode [ 347.182149][T12371] overlayfs: './file0' not a directory [ 347.329997][T12349] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 347.340793][T12349] CPU: 0 PID: 12349 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 347.348787][T12349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 347.358858][T12349] Call Trace: [ 347.362167][T12349] dump_stack+0x172/0x1f0 [ 347.366790][T12349] dump_header+0x10f/0xb6c [ 347.371225][T12349] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 347.377046][T12349] ? ___ratelimit+0x60/0x595 [ 347.381656][T12349] ? do_raw_spin_unlock+0x57/0x270 [ 347.386784][T12349] oom_kill_process.cold+0x10/0x15 [ 347.391910][T12349] out_of_memory+0x79a/0x1280 [ 347.396599][T12349] ? lock_downgrade+0x880/0x880 [ 347.401452][T12349] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 347.407704][T12349] ? oom_killer_disable+0x280/0x280 [ 347.412904][T12349] ? find_held_lock+0x35/0x130 [ 347.417776][T12349] mem_cgroup_out_of_memory+0x1ca/0x230 [ 347.423425][T12349] ? memcg_event_wake+0x230/0x230 [ 347.428630][T12349] ? do_raw_spin_unlock+0x57/0x270 [ 347.433743][T12349] ? _raw_spin_unlock+0x2d/0x50 [ 347.438597][T12349] try_charge+0x102c/0x15c0 [ 347.443097][T12349] ? find_held_lock+0x35/0x130 [ 347.447874][T12349] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 347.453424][T12349] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 347.459665][T12349] ? kasan_check_read+0x11/0x20 [ 347.464519][T12349] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 347.470098][T12349] mem_cgroup_try_charge+0x24d/0x5e0 [ 347.475415][T12349] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 347.481073][T12349] __handle_mm_fault+0x1e1f/0x3ec0 [ 347.486195][T12349] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 347.491740][T12349] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 347.497236][T12349] handle_mm_fault+0x43f/0xb30 [ 347.502006][T12349] __get_user_pages+0x7b6/0x1a40 [ 347.506955][T12349] ? follow_page_mask+0x19a0/0x19a0 [ 347.512150][T12349] ? retint_kernel+0x2d/0x2d [ 347.516748][T12349] populate_vma_page_range+0x20d/0x2a0 [ 347.522225][T12349] __mm_populate+0x204/0x380 [ 347.526823][T12349] ? populate_vma_page_range+0x2a0/0x2a0 [ 347.532468][T12349] __x64_sys_mlockall+0x35c/0x520 [ 347.537586][T12349] do_syscall_64+0x103/0x610 [ 347.542183][T12349] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 347.548074][T12349] RIP: 0033:0x458da9 [ 347.551968][T12349] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 347.571759][T12349] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 347.580175][T12349] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 347.588232][T12349] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 347.596205][T12349] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 347.604262][T12349] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 347.612231][T12349] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 348.030385][T12349] memory: usage 307200kB, limit 307200kB, failcnt 1400 [ 348.037507][T12349] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 348.049539][T12349] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 348.056494][T12349] Memory cgroup stats for /syz2: cache:0KB rss:297816KB rss_huge:241664KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:167036KB active_anon:13316KB inactive_file:0KB active_file:0KB unevictable:117536KB [ 348.078750][T12349] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=10991,uid=0 [ 348.094352][T12349] Memory cgroup out of memory: Killed process 10991 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 348.118175][ T1043] oom_reaper: reaped process 10991 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:47:44 executing program 2: mlockall(0x3) r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0x2, 0x0) ioctl$VIDIOC_S_FBUF(r0, 0x4030560b, &(0x7f0000000180)={0x10, 0x30, &(0x7f00000000c0)="710d8cde67674054b7ccdbbe5a10d5c235659a2d57a3e4cd4356e4cf01c290ae4f9ac65140b2e9d9f791fd01e9e95bb88951349b2ac85335d1e111cb33c66abcf0f1b1e5d691a1b916b2115fa2d7e32168165e8ca736074e6c1b01145fdfeab005d0d6ebbb3a4466761760b87e0d4f5ebd9faa0a2d23d7791dd9a4db9caa2ce34028f44f185655b561591892d0fdbc43526e0e0654b5d6500d810243fbb43d38e5f0da7d937dfe2b0cfa2bcfba2939fd5d0a30f6a761ec34a6ed", {0x4, 0x7fffffff, 0x38415262, 0x3, 0xb, 0x8, 0x6, 0x2}}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:47:44 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x1e00000000000000}) 12:47:44 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 12:47:44 executing program 4: r0 = socket$kcm(0x29, 0x0, 0x0) ioctl$sock_SIOCBRADDBR(r0, 0x89a0, &(0x7f0000000000)='nr0\x00') perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r1, &(0x7f0000000080), 0x8) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_TIMER(r1, 0xc0605345, &(0x7f00000000c0)={0xc, 0x1, {0x1, 0x3, 0x3, 0x3, 0x6}}) 12:47:44 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x10000, 0x0) ioctl$TIOCEXCL(r1, 0x540c) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) ioctl$SG_NEXT_CMD_LEN(r1, 0x2283, &(0x7f0000000040)=0x8d) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) 12:47:44 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, 0x0) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 348.346446][T12391] device nr0 entered promiscuous mode 12:47:44 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 348.387515][T12394] overlayfs: './file0' not a directory [ 348.421756][T12396] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 348.443919][T12396] CPU: 1 PID: 12396 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 348.452018][T12396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 348.462082][T12396] Call Trace: [ 348.465387][T12396] dump_stack+0x172/0x1f0 [ 348.469834][T12396] dump_header+0x10f/0xb6c [ 348.474273][T12396] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 348.480092][T12396] ? ___ratelimit+0x60/0x595 [ 348.480110][T12396] ? do_raw_spin_unlock+0x57/0x270 [ 348.480129][T12396] oom_kill_process.cold+0x10/0x15 [ 348.480153][T12396] out_of_memory+0x79a/0x1280 [ 348.489936][T12396] ? lock_downgrade+0x880/0x880 [ 348.489953][T12396] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 348.489971][T12396] ? oom_killer_disable+0x280/0x280 [ 348.489991][T12396] ? find_held_lock+0x35/0x130 [ 348.520779][T12396] mem_cgroup_out_of_memory+0x1ca/0x230 [ 348.526347][T12396] ? memcg_event_wake+0x230/0x230 [ 348.531387][T12396] ? do_raw_spin_unlock+0x57/0x270 [ 348.536590][T12396] ? _raw_spin_unlock+0x2d/0x50 [ 348.541483][T12396] try_charge+0x102c/0x15c0 [ 348.545998][T12396] ? find_held_lock+0x35/0x130 [ 348.550784][T12396] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 348.556360][T12396] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 348.562621][T12396] ? kasan_check_read+0x11/0x20 [ 348.567489][T12396] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 348.573050][T12396] mem_cgroup_try_charge+0x24d/0x5e0 [ 348.578348][T12396] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 348.583994][T12396] __handle_mm_fault+0x1e1f/0x3ec0 [ 348.589121][T12396] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 348.594674][T12396] ? find_held_lock+0x35/0x130 [ 348.599448][T12396] ? handle_mm_fault+0x322/0xb30 [ 348.604406][T12396] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 348.610661][T12396] ? kasan_check_read+0x11/0x20 [ 348.615530][T12396] handle_mm_fault+0x43f/0xb30 [ 348.620305][T12396] __get_user_pages+0x7b6/0x1a40 [ 348.626490][T12396] ? follow_page_mask+0x19a0/0x19a0 [ 348.631694][T12396] ? __vma_adjust+0x1840/0x1840 [ 348.636565][T12396] ? lock_acquire+0x16f/0x3f0 [ 348.641251][T12396] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 348.647520][T12396] populate_vma_page_range+0x20d/0x2a0 [ 348.653177][T12396] __mm_populate+0x204/0x380 [ 348.657782][T12396] ? populate_vma_page_range+0x2a0/0x2a0 [ 348.663451][T12396] __x64_sys_mlockall+0x35c/0x520 [ 348.668482][T12396] do_syscall_64+0x103/0x610 [ 348.673085][T12396] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 348.678975][T12396] RIP: 0033:0x458da9 [ 348.682873][T12396] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 348.702481][T12396] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 348.711007][T12396] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 348.718982][T12396] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 348.726972][T12396] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 12:47:44 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) modify_ldt$read_default(0x2, &(0x7f0000000300)=""/4096, 0x1000) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x40}, 0x8) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={r0, 0x28, &(0x7f0000000040)}, 0x10) ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000000)={0x8c, 0xdb9, 0x9, 0x5, 0x10, 0xda9e, 0x1, 0xa00000000, 0x4, 0x3}) mmap$binder(&(0x7f0000fec000/0x12000)=nil, 0x12000, 0x1, 0x1012, r0, 0x0) [ 348.735052][T12396] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 348.745950][T12396] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 348.756147][T12396] memory: usage 307200kB, limit 307200kB, failcnt 1436 [ 348.763746][T12396] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 348.771400][T12396] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 348.778553][T12396] Memory cgroup stats for /syz2: cache:0KB rss:297792KB rss_huge:243712KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:179320KB active_anon:13348KB inactive_file:0KB active_file:0KB unevictable:105244KB [ 348.803783][T12396] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11184,uid=0 [ 348.819750][T12396] Memory cgroup out of memory: Killed process 11184 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 348.844869][ T1043] oom_reaper: reaped process 11184 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:47:44 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x3f00000000000000}) 12:47:44 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 348.943531][T12406] overlayfs: './file0' not a directory 12:47:44 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0xfdfdffff00000000}) 12:47:44 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xfffffffffffffc5c}], 0x1) [ 349.141784][T12422] overlayfs: './file0' not a directory [ 349.167042][T12427] device nr0 entered promiscuous mode [ 349.365252][T12396] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 349.375704][T12396] CPU: 0 PID: 12396 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 349.383688][T12396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 349.393739][T12396] Call Trace: [ 349.397022][T12396] dump_stack+0x172/0x1f0 [ 349.401342][T12396] dump_header+0x10f/0xb6c [ 349.405760][T12396] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 349.411557][T12396] ? ___ratelimit+0x60/0x595 [ 349.416145][T12396] ? do_raw_spin_unlock+0x57/0x270 [ 349.421247][T12396] oom_kill_process.cold+0x10/0x15 [ 349.426442][T12396] out_of_memory+0x79a/0x1280 [ 349.431107][T12396] ? lock_downgrade+0x880/0x880 [ 349.435972][T12396] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 349.442217][T12396] ? oom_killer_disable+0x280/0x280 [ 349.447401][T12396] ? find_held_lock+0x35/0x130 [ 349.452154][T12396] mem_cgroup_out_of_memory+0x1ca/0x230 [ 349.457684][T12396] ? memcg_event_wake+0x230/0x230 [ 349.462693][T12396] ? do_raw_spin_unlock+0x57/0x270 [ 349.467825][T12396] ? _raw_spin_unlock+0x2d/0x50 [ 349.472670][T12396] try_charge+0x102c/0x15c0 [ 349.477169][T12396] ? find_held_lock+0x35/0x130 [ 349.481926][T12396] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 349.487479][T12396] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 349.493739][T12396] ? kasan_check_read+0x11/0x20 [ 349.498602][T12396] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 349.504144][T12396] mem_cgroup_try_charge+0x24d/0x5e0 [ 349.509416][T12396] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 349.515036][T12396] wp_page_copy+0x408/0x1740 [ 349.519612][T12396] ? find_held_lock+0x35/0x130 [ 349.524389][T12396] ? pmd_pfn+0x1d0/0x1d0 [ 349.528622][T12396] ? lock_downgrade+0x880/0x880 [ 349.533477][T12396] ? swp_swapcount+0x540/0x540 [ 349.538239][T12396] ? kasan_check_read+0x11/0x20 [ 349.543104][T12396] ? do_raw_spin_unlock+0x57/0x270 [ 349.548244][T12396] do_wp_page+0x48e/0x1500 [ 349.552665][T12396] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 349.558029][T12396] __handle_mm_fault+0x22e8/0x3ec0 [ 349.563168][T12396] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 349.568697][T12396] ? find_held_lock+0x35/0x130 [ 349.573461][T12396] ? handle_mm_fault+0x322/0xb30 [ 349.578388][T12396] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 349.584612][T12396] ? kasan_check_read+0x11/0x20 [ 349.589459][T12396] handle_mm_fault+0x43f/0xb30 [ 349.594238][T12396] __get_user_pages+0x7b6/0x1a40 [ 349.599194][T12396] ? follow_page_mask+0x19a0/0x19a0 [ 349.604392][T12396] ? retint_kernel+0x2d/0x2d [ 349.609095][T12396] populate_vma_page_range+0x20d/0x2a0 [ 349.614560][T12396] __mm_populate+0x204/0x380 [ 349.619145][T12396] ? populate_vma_page_range+0x2a0/0x2a0 [ 349.624762][T12396] __x64_sys_mlockall+0x35c/0x520 [ 349.629769][T12396] do_syscall_64+0x103/0x610 [ 349.634367][T12396] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 349.640244][T12396] RIP: 0033:0x458da9 [ 349.644135][T12396] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 349.666146][T12396] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 349.679732][T12396] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 349.687700][T12396] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 349.695658][T12396] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 349.703702][T12396] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 349.711658][T12396] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 349.721961][T12396] memory: usage 307068kB, limit 307200kB, failcnt 1474 [ 349.728902][T12396] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 349.736481][T12396] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 349.743412][T12396] Memory cgroup stats for /syz2: cache:0KB rss:297588KB rss_huge:241664KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:173984KB active_anon:13332KB inactive_file:0KB active_file:0KB unevictable:110396KB [ 349.743495][T12396] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12395,uid=0 [ 349.743611][T12396] Memory cgroup out of memory: Killed process 12395 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB 12:47:45 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) time(&(0x7f0000000000)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x6) 12:47:45 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000000)={0x8, 0x7, 0x7, 0x20, 0x1000, 0x20}) 12:47:45 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, 0x0) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) 12:47:45 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0xffffffff00000000}) 12:47:45 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 349.866221][T12427] device nr0 entered promiscuous mode [ 349.929836][T12442] overlayfs: './file0' not a directory [ 349.964654][T12441] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 349.988346][T12441] CPU: 1 PID: 12441 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 349.996446][T12441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 350.006505][T12441] Call Trace: [ 350.009838][T12441] dump_stack+0x172/0x1f0 [ 350.014180][T12441] dump_header+0x10f/0xb6c [ 350.018608][T12441] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 350.024425][T12441] ? ___ratelimit+0x60/0x595 [ 350.029018][T12441] ? do_raw_spin_unlock+0x57/0x270 [ 350.034133][T12441] oom_kill_process.cold+0x10/0x15 [ 350.039250][T12441] out_of_memory+0x79a/0x1280 [ 350.044023][T12441] ? lock_downgrade+0x880/0x880 [ 350.048874][T12441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 350.055123][T12441] ? oom_killer_disable+0x280/0x280 [ 350.060331][T12441] ? find_held_lock+0x35/0x130 [ 350.065111][T12441] mem_cgroup_out_of_memory+0x1ca/0x230 [ 350.070659][T12441] ? memcg_event_wake+0x230/0x230 [ 350.075698][T12441] ? do_raw_spin_unlock+0x57/0x270 [ 350.080827][T12441] ? _raw_spin_unlock+0x2d/0x50 [ 350.085685][T12441] try_charge+0x102c/0x15c0 [ 350.090192][T12441] ? find_held_lock+0x35/0x130 [ 350.094970][T12441] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 350.100526][T12441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 350.106773][T12441] ? kasan_check_read+0x11/0x20 [ 350.111644][T12441] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 350.117198][T12441] mem_cgroup_try_charge+0x24d/0x5e0 [ 350.122580][T12441] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 350.128231][T12441] __handle_mm_fault+0x1e1f/0x3ec0 [ 350.133358][T12441] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 350.138907][T12441] ? find_held_lock+0x35/0x130 [ 350.143678][T12441] ? handle_mm_fault+0x322/0xb30 [ 350.148630][T12441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 350.154901][T12441] ? kasan_check_read+0x11/0x20 [ 350.159749][T12441] handle_mm_fault+0x43f/0xb30 [ 350.164510][T12441] __get_user_pages+0x7b6/0x1a40 [ 350.169445][T12441] ? follow_page_mask+0x19a0/0x19a0 [ 350.174643][T12441] ? __vma_adjust+0x1840/0x1840 [ 350.179493][T12441] ? lock_acquire+0x16f/0x3f0 [ 350.184162][T12441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 350.190415][T12441] populate_vma_page_range+0x20d/0x2a0 [ 350.195876][T12441] __mm_populate+0x204/0x380 [ 350.200462][T12441] ? populate_vma_page_range+0x2a0/0x2a0 [ 350.206086][T12441] __x64_sys_mlockall+0x35c/0x520 [ 350.211100][T12441] do_syscall_64+0x103/0x610 [ 350.215696][T12441] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 350.221581][T12441] RIP: 0033:0x458da9 [ 350.225482][T12441] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 350.245076][T12441] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 350.253485][T12441] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 350.261450][T12441] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 350.269408][T12441] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 350.277378][T12441] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 12:47:46 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x200) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x634eccd6, 0x1, 0x0, 0x2, 0x2, 0x9, "81fbd75b27fe9b2a69f0602a1a79db3d43c329771a369d56fd77ea47ded55f9423455aeb594dc08e169d864ded674531f099fafd6926a05d019f5dcfd89a58ba", "5b8a76e79fd5a2e3432e0f35b1f69bb089a45a3e58e574f89eb63faaed6bc9ba0385a92e339442c338ffdc58d66885a5651aa873958bb7d06b6b70c8e5cf4e23", "d2ffb0df183b878a358e3ea3300619f5ce97f8a1db0ab42d748b349aedee79eb", [0x4, 0x3]}) ioctl$SIOCAX25OPTRT(r0, 0x89e7, &(0x7f0000000040)={@null, @null, 0x2, 0x44}) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r1, &(0x7f0000000080), 0x8) 12:47:46 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 350.285333][T12441] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 350.293738][T12441] memory: usage 307200kB, limit 307200kB, failcnt 1506 [ 350.314784][T12441] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 350.330850][T12441] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 350.338831][T12441] Memory cgroup stats for /syz2: cache:0KB rss:297868KB rss_huge:241664KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:181368KB active_anon:13348KB inactive_file:0KB active_file:0KB unevictable:103200KB [ 350.369002][T12441] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11288,uid=0 12:47:46 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r1, &(0x7f00000001c0)=[{&(0x7f0000000000)=""/17}, {&(0x7f0000000040)=""/169}, {&(0x7f0000000100)=""/109}, {&(0x7f0000000440)=""/247}, {&(0x7f0000000180)=""/57}], 0x10000000000002ad) [ 350.406903][T12441] Memory cgroup out of memory: Killed process 11288 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB 12:47:46 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x1e}) 12:47:46 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, 0x0) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 350.487876][T12453] device nr0 entered promiscuous mode 12:47:46 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="7570706572646d723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6406723d2e2f66696c6531b643"]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 350.527688][ T1043] oom_reaper: reaped process 11288 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 350.536491][T12456] overlayfs: './file0' not a directory 12:47:46 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_pts(0xffffffffffffffff, 0x80) ioctl$TCSETXW(r0, 0x5435, &(0x7f0000000000)={0x2, 0x7, [0x100, 0x9, 0x9f9, 0x4, 0x1f], 0x1}) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r1, &(0x7f0000000080), 0x8) [ 350.635285][T12467] overlayfs: unrecognized mount option "upperdmr=./file0" or missing value [ 350.697411][T12467] overlayfs: unrecognized mount option "upperdmr=./file0" or missing value [ 350.887136][T12441] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 350.897702][T12441] CPU: 1 PID: 12441 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 350.905694][T12441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 350.915747][T12441] Call Trace: [ 350.919032][T12441] dump_stack+0x172/0x1f0 [ 350.923559][T12441] dump_header+0x10f/0xb6c [ 350.927972][T12441] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 350.933774][T12441] ? ___ratelimit+0x60/0x595 [ 350.938371][T12441] ? do_raw_spin_unlock+0x57/0x270 [ 350.943482][T12441] oom_kill_process.cold+0x10/0x15 [ 350.948730][T12441] out_of_memory+0x79a/0x1280 [ 350.953408][T12441] ? lock_downgrade+0x880/0x880 [ 350.958277][T12441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 350.964521][T12441] ? oom_killer_disable+0x280/0x280 [ 350.969717][T12441] ? find_held_lock+0x35/0x130 [ 350.974488][T12441] mem_cgroup_out_of_memory+0x1ca/0x230 [ 350.980041][T12441] ? memcg_event_wake+0x230/0x230 [ 350.985087][T12441] ? do_raw_spin_unlock+0x57/0x270 [ 350.990195][T12441] ? _raw_spin_unlock+0x2d/0x50 [ 350.995132][T12441] try_charge+0x102c/0x15c0 [ 350.999636][T12441] ? find_held_lock+0x35/0x130 [ 351.004415][T12441] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 351.009975][T12441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 351.016222][T12441] ? kasan_check_read+0x11/0x20 [ 351.021103][T12441] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 351.026741][T12441] mem_cgroup_try_charge+0x24d/0x5e0 [ 351.032027][T12441] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 351.037656][T12441] wp_page_copy+0x408/0x1740 [ 351.042249][T12441] ? find_held_lock+0x35/0x130 [ 351.047026][T12441] ? pmd_pfn+0x1d0/0x1d0 [ 351.051275][T12441] ? lock_downgrade+0x880/0x880 [ 351.056130][T12441] ? swp_swapcount+0x540/0x540 [ 351.060889][T12441] ? kasan_check_read+0x11/0x20 [ 351.065730][T12441] ? do_raw_spin_unlock+0x57/0x270 [ 351.070841][T12441] do_wp_page+0x48e/0x1500 [ 351.075271][T12441] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 351.080769][T12441] __handle_mm_fault+0x22e8/0x3ec0 [ 351.085882][T12441] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 351.091415][T12441] ? find_held_lock+0x35/0x130 [ 351.096169][T12441] ? handle_mm_fault+0x322/0xb30 [ 351.101111][T12441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 351.107347][T12441] ? kasan_check_read+0x11/0x20 [ 351.112208][T12441] handle_mm_fault+0x43f/0xb30 [ 351.116968][T12441] __get_user_pages+0x7b6/0x1a40 [ 351.122301][T12441] ? follow_page_mask+0x19a0/0x19a0 [ 351.127494][T12441] ? lock_acquire+0x16f/0x3f0 [ 351.132160][T12441] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 351.138397][T12441] populate_vma_page_range+0x20d/0x2a0 [ 351.143887][T12441] __mm_populate+0x204/0x380 [ 351.148511][T12441] ? populate_vma_page_range+0x2a0/0x2a0 [ 351.154159][T12441] __x64_sys_mlockall+0x35c/0x520 [ 351.159192][T12441] do_syscall_64+0x103/0x610 [ 351.163790][T12441] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 351.169691][T12441] RIP: 0033:0x458da9 [ 351.173621][T12441] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 351.193241][T12441] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 351.201658][T12441] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 351.209662][T12441] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 351.217651][T12441] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 351.225660][T12441] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 351.233659][T12441] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 351.244524][T12441] memory: usage 307076kB, limit 307200kB, failcnt 1530 [ 351.244539][T12441] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 351.260485][T12441] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 351.267796][T12441] Memory cgroup stats for /syz2: cache:0KB rss:297716KB rss_huge:239616KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:167844KB active_anon:13332KB inactive_file:0KB active_file:0KB unevictable:116540KB [ 351.290298][T12441] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12440,uid=0 [ 351.306206][T12441] Memory cgroup out of memory: Killed process 12440 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 351.332672][ T1043] oom_reaper: reaped process 12440 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB [ 351.349104][T12453] device nr0 entered promiscuous mode 12:47:47 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) timer_create(0x0, &(0x7f0000000100)={0x0, 0x40, 0x1, @tid=0xffffffffffffffff}, &(0x7f0000000140)=0x0) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) r3 = syz_open_dev$audion(&(0x7f0000000280)='/dev/audio#\x00', 0x40, 0x101000) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r3, 0xc05c5340, &(0x7f00000002c0)={0x5, 0x400, 0x1, {0x77359400}, 0x7, 0x7ff}) clock_gettime(0x0, &(0x7f00000001c0)={0x0, 0x0}) timer_settime(r0, 0x0, &(0x7f0000000200)={{r1, r2+30000000}, {r4, r5+30000000}}, &(0x7f0000000240)) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x80000, 0x2) ioctl$sock_SIOCINQ(r3, 0x541b, &(0x7f0000000340)) mlockall(0x3) 12:47:47 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x101000, 0x0) faccessat(r0, &(0x7f0000000040)='./file1\x00', 0x40, 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:47:47 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) clock_nanosleep(0x7, 0x1, &(0x7f0000000040)={0x77359400}, &(0x7f00000000c0)) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000000)={0x9, 0x200, 0x401, 0x8883, 0x3, 0x7f, 0x2, 0x8000, 0x8, 0x77, 0x9}, 0xb) write$rfkill(r0, &(0x7f0000000080), 0x8) [ 351.523822][T12482] overlayfs: './file0' not a directory [ 351.552017][T12484] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 12:47:47 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="75707065726469723d696c65302c6c6f7765726469723d2e2f079166696c65312c776f726b6469723d2e2f66696c6531000000"]) chdir(&(0x7f0000000380)='./file0\x00') lsetxattr$security_ima(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='security.ima\x00', &(0x7f0000000100)=@ng={0x4, 0x4, "32cd0419b4f6e177bcc8905c4725a30add26"}, 0x14, 0x1) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 351.572553][T12484] CPU: 0 PID: 12484 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 351.580577][T12484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 351.590645][T12484] Call Trace: [ 351.593943][T12484] dump_stack+0x172/0x1f0 [ 351.598262][T12484] dump_header+0x10f/0xb6c [ 351.602669][T12484] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 351.608466][T12484] ? ___ratelimit+0x60/0x595 [ 351.613068][T12484] ? do_raw_spin_unlock+0x57/0x270 [ 351.618188][T12484] oom_kill_process.cold+0x10/0x15 [ 351.625142][T12484] out_of_memory+0x79a/0x1280 [ 351.629819][T12484] ? lock_downgrade+0x880/0x880 [ 351.634661][T12484] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 351.640890][T12484] ? oom_killer_disable+0x280/0x280 [ 351.646072][T12484] ? find_held_lock+0x35/0x130 [ 351.650848][T12484] mem_cgroup_out_of_memory+0x1ca/0x230 [ 351.656378][T12484] ? memcg_event_wake+0x230/0x230 [ 351.661390][T12484] ? do_raw_spin_unlock+0x57/0x270 [ 351.666487][T12484] ? _raw_spin_unlock+0x2d/0x50 [ 351.671357][T12484] try_charge+0x102c/0x15c0 [ 351.675852][T12484] ? find_held_lock+0x35/0x130 [ 351.680606][T12484] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 351.686142][T12484] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 351.692382][T12484] ? kasan_check_read+0x11/0x20 [ 351.697237][T12484] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 351.702769][T12484] mem_cgroup_try_charge+0x24d/0x5e0 [ 351.708064][T12484] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 351.713711][T12484] __handle_mm_fault+0x1e1f/0x3ec0 [ 351.718833][T12484] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 351.724387][T12484] ? find_held_lock+0x35/0x130 [ 351.729159][T12484] ? handle_mm_fault+0x322/0xb30 [ 351.734105][T12484] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 351.740346][T12484] ? kasan_check_read+0x11/0x20 [ 351.745186][T12484] handle_mm_fault+0x43f/0xb30 [ 351.749947][T12484] __get_user_pages+0x7b6/0x1a40 [ 351.754882][T12484] ? follow_page_mask+0x19a0/0x19a0 [ 351.760083][T12484] ? perf_trace_lock+0xeb/0x510 [ 351.764943][T12484] ? __vma_adjust+0x1840/0x1840 [ 351.769786][T12484] ? lock_acquire+0x16f/0x3f0 [ 351.774456][T12484] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 351.780691][T12484] populate_vma_page_range+0x20d/0x2a0 [ 351.786145][T12484] __mm_populate+0x204/0x380 [ 351.790735][T12484] ? populate_vma_page_range+0x2a0/0x2a0 [ 351.796365][T12484] __x64_sys_mlockall+0x35c/0x520 [ 351.801377][T12484] do_syscall_64+0x103/0x610 [ 351.805958][T12484] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 351.811841][T12484] RIP: 0033:0x458da9 [ 351.815722][T12484] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 351.835319][T12484] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 351.843717][T12484] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 351.851678][T12484] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 351.859640][T12484] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 351.867622][T12484] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 351.875605][T12484] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 351.886350][T12484] memory: usage 307200kB, limit 307200kB, failcnt 1562 [ 351.901348][T12484] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 351.909723][T12484] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 351.924802][T12484] Memory cgroup stats for /syz2: cache:0KB rss:297840KB rss_huge:239616KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:175224KB active_anon:13348KB inactive_file:0KB active_file:0KB unevictable:109344KB [ 351.954643][T12484] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11360,uid=0 [ 351.972134][T12484] Memory cgroup out of memory: Killed process 11360 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB 12:47:48 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x1e00}) 12:47:48 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 352.033545][T12490] overlayfs: failed to resolve 'ile0': -2 [ 352.048399][T12490] overlayfs: failed to resolve 'ile0': -2 12:47:48 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x802005, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000700)='\xcc_\xd7\n\xd6\x10\x032\x1d\xf0i\x82\x89t\x8f\x8dnr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe2r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4v_7\x0e\xfc\xbc\xf2\xd9\xc1\xa9\x036l\xb6\x1bi:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83Z\xbb)\x00\x00\x00\x00\x00\x00\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1d\x9f\xfd\xdbmz\v\xe6T\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!\xf0\xab\x9d\xdf\x90.\xae\xc2l\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A\xdc\xfbGf\xd4 \xc3\x1a\xaf\xd5\xe1\x92\x92\xf5\xb6\x19t\xc5\xe3g\x91\xed-\x93\x99:n\x04\x7f\xc2\xf9\xb0iE~\xa5\xd0\xcc \xa4\f\xe7\xfa\xff\r\xb1wR\xbei\xa0hV>\x99\xe2\xed\x01\x060\xafHxX\xc4\x9d}\xc6\x14\xda\x89\xffFO\xf3a\x8c\xc1q`\x87\x06Lm0\xe5M\xfaUU6B\x1d\xfb\xe2\x10\x02X\x13\xc4\xf4\xd5\xeb\x8e\xbb\f\x03\xa9f\xda7\xd4\'\xc2\xfd6\x14\xab\v\x9dR\xd1\x0e\xb5\xe7\xf0\xb2Z\xe9\x87\x1f.O \x11\x8a(\xdf\xc3\x84\xe3\n\x17&2\xe2gA\x8030x0}}, {{@in6}, 0x0, @in=@multicast2}}, &(0x7f0000000180)=0xe8) sendmmsg(r0, &(0x7f0000000340)=[{{&(0x7f00000002c0)=@ll={0x11, 0x7, r1, 0x1, 0x358}, 0x80, &(0x7f0000000200)=[{&(0x7f0000000740)="73c532d82b2c376307edd622a5d63b1bd9d314fa35fc8f83af4d346f723a252ade867eff8e9187d0ecb1d5e630fb729694b3eb257382f625212f3fa76a9af2b9ff72c22849ec736e9e58a2d8b5e612c8c5d29adf6b12eb26eccb55599488662f69cb54eaa2db1e4b80e012dd77a7f210cd140c519f0031370fa89e167d015c857f1213cfec46e112464a07abd173fdf27283c18e902ba1c9563842f144e4ecade0ab3e5f07a682a6d76b092a35ac559c1631bee24f5b84d15c3562acf5ff8ff8b6e87ff273047fef", 0xc8}], 0x1, &(0x7f0000000840)=[{0x80, 0xfe09cdd14a6adfb3, 0xfffffffffffffc01, "be211ee520d34a6b69c1f347678218e8c7e4807b020c4cbe43a22e2193b4f5d225a266c4ae7d7fd673e5c79cc86019c47293ca29a7e4f203c170332e5b2eb583e1a33e0e181d7875531ede95d57f0bea308cff6d1fee3f30cf66d158492d6d16ae6818a03944ba57c7bedfcf7c4874"}, {0x68, 0x0, 0x9, "c234afcc25bb3d34bf46f2112ae2011431e6df0a884220c82eaa5ceb90e98e4103beda8841e254256e996de429b13251ec5f4fe22101faf7d3251e20b2342a8998c609b06302aaa2a2922d4fdc512420d5"}], 0xe8}, 0x20}], 0x1, 0x40000) chdir(&(0x7f00000001c0)='./file1/file0/file0\x00') r2 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f0000000080)='./file1/file0\x00', 0x0) setsockopt$bt_hci_HCI_DATA_DIR(r2, 0x0, 0x1, &(0x7f0000000000)=0x4, 0x4) ioctl$ASHMEM_GET_PROT_MASK(r2, 0x7706, &(0x7f00000000c0)) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469eed43ebf0d7b87ad14a8723d2e2f66696c6531"]) chdir(&(0x7f0000000380)='./file0\x00') mkdir(&(0x7f0000000040)='./file1/file0\x00', 0x80) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000500)) 12:47:48 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x3f00}) [ 352.206839][T12498] device nr0 entered promiscuous mode 12:47:48 executing program 1: getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in6=@remote, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in=@dev}}, &(0x7f0000000200)=0xe8) mount$9p_xen(&(0x7f0000000000)='overlay\x00', &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)='9p\x00', 0x2, &(0x7f0000000600)={'trans=xen,', {[{@cache_loose='cache=loose'}, {@cachetag={'cachetag', 0x3d, 'selinux-%lo[eth1-#posix_acl_access'}}, {@uname={'uname', 0x3d, 'user'}}, {@cache_none='cache=none'}, {@cache_loose='cache=loose'}, {@fscache='fscache'}, {@msize={'msize', 0x3d, 0x401}}], [{@dont_appraise='dont_appraise'}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@subj_type={'subj_type'}}, {@euid_eq={'euid', 0x3d, r0}}, {@audit='audit'}]}}) mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='`pperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:47:48 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x74, &(0x7f0000000000)=""/6, &(0x7f0000000040)=0x6) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000080), &(0x7f0000000100)=0x4) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:47:48 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x40000, 0x0) ioctl$KVM_SET_DEBUGREGS(r0, 0x4080aea2, &(0x7f00000000c0)={[0xf000, 0x7000, 0x100000, 0x6000], 0x173f, 0x8a, 0x200}) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r1, &(0x7f0000000080), 0x8) [ 352.457351][T12518] overlayfs: './file0' not a directory [ 352.495178][T12522] QAT: Invalid ioctl 12:47:48 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f00000000c0)={0x18, 0xd, 0x2, {{0x1, 0x4, 0x7}, 0x7}}, 0x18) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffbe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$bt_hidp(0x1f, 0x3, 0x6) mlockall(0x5) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ashmem\x00', 0x400, 0x0) ioctl$ASHMEM_GET_PROT_MASK(r0, 0x7706, &(0x7f0000000040)) 12:47:48 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 352.661179][T12525] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 352.686763][T12525] CPU: 0 PID: 12525 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 352.694781][T12525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 352.704942][T12525] Call Trace: [ 352.708247][T12525] dump_stack+0x172/0x1f0 [ 352.712596][T12525] dump_header+0x10f/0xb6c [ 352.717024][T12525] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 352.722849][T12525] ? ___ratelimit+0x60/0x595 [ 352.727447][T12525] ? do_raw_spin_unlock+0x57/0x270 [ 352.732575][T12525] oom_kill_process.cold+0x10/0x15 [ 352.737792][T12525] out_of_memory+0x79a/0x1280 [ 352.742491][T12525] ? lock_downgrade+0x880/0x880 [ 352.747347][T12525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 352.753613][T12525] ? oom_killer_disable+0x280/0x280 [ 352.759686][T12525] ? find_held_lock+0x35/0x130 [ 352.764477][T12525] mem_cgroup_out_of_memory+0x1ca/0x230 [ 352.770039][T12525] ? memcg_event_wake+0x230/0x230 [ 352.775098][T12525] ? do_raw_spin_unlock+0x57/0x270 [ 352.780227][T12525] ? _raw_spin_unlock+0x2d/0x50 [ 352.785086][T12525] try_charge+0x102c/0x15c0 [ 352.789596][T12525] ? find_held_lock+0x35/0x130 [ 352.794385][T12525] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 352.799947][T12525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 352.806415][T12525] ? kasan_check_read+0x11/0x20 [ 352.811286][T12525] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 352.816956][T12525] mem_cgroup_try_charge+0x24d/0x5e0 [ 352.822264][T12525] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 352.827928][T12525] __handle_mm_fault+0x1e1f/0x3ec0 [ 352.833062][T12525] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 352.838618][T12525] ? find_held_lock+0x35/0x130 [ 352.843401][T12525] ? handle_mm_fault+0x322/0xb30 [ 352.848384][T12525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 352.854644][T12525] ? kasan_check_read+0x11/0x20 [ 352.859522][T12525] handle_mm_fault+0x43f/0xb30 [ 352.864305][T12525] __get_user_pages+0x7b6/0x1a40 [ 352.869271][T12525] ? follow_page_mask+0x19a0/0x19a0 [ 352.874661][T12525] ? __vma_adjust+0x1840/0x1840 [ 352.879531][T12525] ? lock_acquire+0x16f/0x3f0 [ 352.884219][T12525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 352.890479][T12525] populate_vma_page_range+0x20d/0x2a0 [ 352.895961][T12525] __mm_populate+0x204/0x380 [ 352.900578][T12525] ? populate_vma_page_range+0x2a0/0x2a0 [ 352.906239][T12525] __x64_sys_mlockall+0x35c/0x520 [ 352.911284][T12525] do_syscall_64+0x103/0x610 [ 352.915893][T12525] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 352.921794][T12525] RIP: 0033:0x458da9 [ 352.925705][T12525] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 352.945321][T12525] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 352.953746][T12525] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 352.961731][T12525] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 352.969716][T12525] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 352.977702][T12525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 352.985682][T12525] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 353.002573][T12527] overlayfs: './file0' not a directory 12:47:48 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x1000000}) 12:47:48 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000080)='./file0\x00', 0x200000000000) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000040)='./file0\x00', &(0x7f0000000440)='overlay\x00', 0x40008, &(0x7f0000000300)=ANY=[@ANYPTR64=&(0x7f0000000340)=ANY=[@ANYRESOCT=r0, @ANYRES32, @ANYBLOB="287d6d13f403ad11180da41ce0501a4dddac82ca06fd7717bdf6d1fb8d36b161076149378c72f662b947dc9abf04afb6f03c8dfc7ba6610d665ad5f0c26810604db65b207b9cc37b3abae6bf55dd0ca3bcd19f24af2a7f9f49e74b81e8ffeb3ef3e27d86ed20cc8363c8812e8c3d39585cc0eb40b547d57ed6e42fc5e36a", @ANYRES16=r0, @ANYRESHEX=r0, @ANYRES16=0x0, @ANYRESDEC=r0, @ANYRES32]]) chdir(&(0x7f00000001c0)='./file0\x00') ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000000140)={0x0, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x21}}, {0x2, 0x4e22, @local}, {0x2, 0x4e24, @multicast1}, 0x8, 0x0, 0x0, 0x0, 0x80000001, &(0x7f0000000100)='vlan0\x00', 0x17, 0x7, 0x10000}) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f0000000000)={0x3, 0x40, 0x2}) 12:47:48 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 353.029430][T12525] memory: usage 307200kB, limit 307200kB, failcnt 1581 [ 353.047737][T12525] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 353.062833][T12525] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 353.107346][T12525] Memory cgroup stats for /syz2: cache:0KB rss:297880KB rss_huge:239616KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:183416KB active_anon:13348KB inactive_file:0KB active_file:0KB unevictable:101156KB 12:47:49 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x406000) ioctl$SG_GET_VERSION_NUM(r1, 0x2282, &(0x7f0000000040)) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f00000000c0)=""/184, 0xb8}], 0x1000000000000071) 12:47:49 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x2, 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 353.186396][T12542] device nr0 entered promiscuous mode [ 353.196200][T12525] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11508,uid=0 12:47:49 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x1e000000}) 12:47:49 executing program 4: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcs\x00', 0x0, 0x0) ioctl(r0, 0x7559, &(0x7f0000000000)="6b4252542d913f2851") write$rfkill(r0, &(0x7f0000000080), 0x8) mq_getsetattr(r0, &(0x7f0000000040)={0x5, 0x7, 0x8b, 0x8, 0x1, 0x6, 0x40, 0x5600}, &(0x7f00000000c0)) [ 353.261752][T12525] Memory cgroup out of memory: Killed process 11508 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 353.326715][ T1043] oom_reaper: reaped process 11508 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 353.335912][T12553] overlayfs: './file0' not a directory 12:47:49 executing program 4: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet(0x2, 0x0, 0x6) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000080)=0x0) fcntl$lock(r0, 0x27, &(0x7f00000000c0)={0x2, 0x0, 0x3f, 0x597, r2}) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/vcs\x00', 0x115000, 0x0) ioctl$LOOP_CHANGE_FD(r3, 0x4c06, r3) write$rfkill(r3, &(0x7f0000000040)={0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x20000}, 0xffffffffffffff44) write$rfkill(r3, &(0x7f0000000000)={0xf9ea, 0x9, 0x1}, 0x8) 12:47:49 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = socket$inet_sctp(0x2, 0xffffffffffdffbff, 0x84) write$binfmt_misc(r0, &(0x7f0000000000)={'syz0', "d7c5635074c185f2ee8c2c5bad22a93b97844aa0681d9def2a20266ee6892d3dd9a8f06fa371686e33a9df429131d791bf758c12433400d9b8b337e274f8765810a124eedaaa938c612922275d225bd37adf66470a2589d35c0a6177ccb9902e232fcef34c2fddc396b23c96a85b770cd18d41385dc49b4ec5e2791e7dfd9c2165473bfc5002b8346c2d96ec1e56f3ee92b486fda537e39d5bb13237f43c841bbc0421e06a968cfdeaffaca8813737241f3524bf"}, 0xb8) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:47:49 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x400000143002, 0x0) openat$apparmor_task_current(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/attr/current\x00', 0x2, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000000)='trusted.overlay.nlink\x00', &(0x7f0000000040)={'L+', 0x20}, 0x28, 0x2) [ 353.700354][T12551] device nr0 entered promiscuous mode [ 353.871471][T12525] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 353.885739][T12525] CPU: 0 PID: 12525 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 353.893735][T12525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 353.903795][T12525] Call Trace: [ 353.907106][T12525] dump_stack+0x172/0x1f0 [ 353.911453][T12525] dump_header+0x10f/0xb6c [ 353.915879][T12525] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 353.922215][T12525] ? ___ratelimit+0x60/0x595 [ 353.926818][T12525] ? do_raw_spin_unlock+0x57/0x270 [ 353.931942][T12525] oom_kill_process.cold+0x10/0x15 [ 353.937063][T12525] out_of_memory+0x79a/0x1280 [ 353.941747][T12525] ? lock_downgrade+0x880/0x880 [ 353.946604][T12525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 353.952860][T12525] ? oom_killer_disable+0x280/0x280 [ 353.958059][T12525] ? find_held_lock+0x35/0x130 [ 353.962847][T12525] mem_cgroup_out_of_memory+0x1ca/0x230 [ 353.968427][T12525] ? memcg_event_wake+0x230/0x230 [ 353.974106][T12525] ? do_raw_spin_unlock+0x57/0x270 [ 353.979212][T12525] ? _raw_spin_unlock+0x2d/0x50 [ 353.984066][T12525] try_charge+0x102c/0x15c0 [ 353.988563][T12525] ? find_held_lock+0x35/0x130 [ 353.993331][T12525] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 353.998902][T12525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 354.005149][T12525] ? kasan_check_read+0x11/0x20 [ 354.009993][T12525] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 354.015521][T12525] mem_cgroup_try_charge+0x24d/0x5e0 [ 354.020798][T12525] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 354.026427][T12525] wp_page_copy+0x408/0x1740 [ 354.031002][T12525] ? find_held_lock+0x35/0x130 [ 354.037669][T12525] ? pmd_pfn+0x1d0/0x1d0 [ 354.041900][T12525] ? lock_downgrade+0x880/0x880 [ 354.046764][T12525] ? swp_swapcount+0x540/0x540 [ 354.051525][T12525] ? kasan_check_read+0x11/0x20 [ 354.056399][T12525] ? do_raw_spin_unlock+0x57/0x270 [ 354.061501][T12525] do_wp_page+0x48e/0x1500 [ 354.065925][T12525] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 354.071301][T12525] __handle_mm_fault+0x22e8/0x3ec0 [ 354.076401][T12525] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 354.081936][T12525] ? find_held_lock+0x35/0x130 [ 354.086687][T12525] ? handle_mm_fault+0x322/0xb30 [ 354.091611][T12525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 354.097866][T12525] ? kasan_check_read+0x11/0x20 [ 354.102733][T12525] handle_mm_fault+0x43f/0xb30 [ 354.107501][T12525] __get_user_pages+0x7b6/0x1a40 [ 354.112443][T12525] ? follow_page_mask+0x19a0/0x19a0 [ 354.117645][T12525] ? __vma_adjust+0x1840/0x1840 [ 354.122878][T12525] ? lock_acquire+0x16f/0x3f0 [ 354.127557][T12525] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 354.133801][T12525] populate_vma_page_range+0x20d/0x2a0 [ 354.139273][T12525] __mm_populate+0x204/0x380 [ 354.143866][T12525] ? populate_vma_page_range+0x2a0/0x2a0 [ 354.149529][T12525] __x64_sys_mlockall+0x35c/0x520 [ 354.154539][T12525] do_syscall_64+0x103/0x610 [ 354.159155][T12525] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 354.165132][T12525] RIP: 0033:0x458da9 [ 354.169024][T12525] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 354.188614][T12525] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 354.197016][T12525] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 354.204984][T12525] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 354.212962][T12525] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 354.220932][T12525] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 354.228889][T12525] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 354.238391][T12525] memory: usage 307200kB, limit 307200kB, failcnt 1642 [ 354.245461][T12525] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 354.253133][T12525] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 354.260143][T12525] Memory cgroup stats for /syz2: cache:0KB rss:297708KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:176164KB active_anon:13332KB inactive_file:0KB active_file:0KB unevictable:108348KB [ 354.282605][T12525] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12524,uid=0 [ 354.298245][T12525] Memory cgroup out of memory: Killed process 12524 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 354.313251][ T1043] oom_reaper: reaped process 12524 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB [ 354.366226][T12547] device nr0 entered promiscuous mode 12:47:50 executing program 2: mlockall(0x3) clone(0x200004, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:47:50 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) getsockname$unix(r0, &(0x7f0000000000), &(0x7f0000000080)=0x6e) chdir(&(0x7f0000000380)='./file0\x00') syz_open_dev$adsp(&(0x7f0000000100)='/dev/adsp#\x00', 0x1, 0x800) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:47:50 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x3f000000}) 12:47:50 executing program 4: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000540)='TIPCv2\x00') r3 = getegid() getresgid(&(0x7f0000000bc0), &(0x7f0000000c00), &(0x7f0000000c40)=0x0) syz_mount_image$hfsplus(&(0x7f0000000640)='hfsplus\x00', &(0x7f0000000680)='./file0\x00', 0xe67, 0x6, &(0x7f0000000b00)=[{&(0x7f00000006c0)="d1bab21849235943ba9fa1c94541b96caa8d63b1d2e90d72bee8e6ffd9f8f9fe02c93a00b910229a1804c242ecc57499052b49c2a228bf9399414332219839bec81f8c3912a8f714140c0b953bc0c3deea6af0148fcf49825440ebd212bd94c2e231105d5b974ec33928ff53defa5583b8ed922a42f4bfe68b1ee8347f7e2e824696bebec1da5233d43bbb0affce09d74f8550b8c0e60062188f3002cd81ea285861ea01844c6d83b28fbfcf63f72243568079a942f3401b4567cdb8161ea660804e4fbcb6f9e6d27eb1447a1ec1e5acc87e4e13f44846d42994a7719749", 0xde, 0xe9}, {&(0x7f00000007c0)="d1346d3c9f0891488b308dcd8482f6a818704cde412557f6cf21e0e1", 0x1c, 0x5}, {&(0x7f0000000800)="64a2521d8b8055804b492825a4316f648d1e72e04141406120fc77bb2982a2e68c9a4682d7bd5e92597eb2b3b9e4a8e3969865afd4c301d5d5ca", 0x3a, 0x8}, {&(0x7f0000000840)="15c0bf8cc3dfa86dece5585056bc8e9d09772b3f9941d0de016480593523d75bc0852abb0444498a5d855dec9a16e335e379da18e69a342faccf78b3d2eadb1b2f3d5f9a8921c8fa1fb7f28ed01a3d7d9c83c0b80faca32d65a81d9a00faf8c70141db569480f054721a96d86ecc1c2360ad76bbd1c57c993e82042033211cfd06ca11706649f2873d6388ac06676dd24485c2366d3aaf7407c8316c250c37294833ebb3e7132599fa241fe51809ae2c9c81c10c", 0xb4, 0x6}, {&(0x7f0000000900)="54006136e9480fada68ea5474c58dbaf82a3cc6b815b538f2656e7896cf52a8ef281352e0c5f991c034806496377903c840a24fe6f34181e3c11b7cbfae98024cf96785591b0c4b6257c122a2599a09810f62eb3fdaaa14a9d5d7d92c0b7103f9b0af55e58e34a3098ea27a581b0eb71f2181e0ad735b87f28bece7f4a436ea7f7049fd92522a9ed731e12e4f7d1d48e0b4d142e0d3cc7761e63a9ad010cc7af07a2dd26d2b95c469fa37a9cb7bc34f19fef40e6cadabfd69d38c6914eb009695a12", 0xc2, 0x1}, {&(0x7f0000000a00)="73bf58a7dc3341ebab510a507c84f994b7fc07b04917b5bb81412278d2138f9985f28b6735eec89485b43d39f6ca1d140c48fd271e4791a298a7c87e8f93a405635eb206cc124cdd99682eee0066b60e26ddf5030251c181015510e69f1c393beed4369c613d71631b16dc9fa4a916e53c3e6b0555bcad0db877619d78c660aa6d9e85507cdf283d40e25797b707ba86465df34d54b7d7dcfc30935650c72dcbf3ddc9dce9dcb5700b6f827ccac38c72d84b48a1f96b14f394feaaa41db78f3d865128fefcf6288c9fe835718bd27eb075f3e8ae4af7d60b0f76c943cdfc5439fe0b169ae6641805c4317b2f49e59ce0e173599e1b3c8d27c2c6", 0xfa, 0x40}], 0x10000, &(0x7f0000000c80)={[{@gid={'gid', 0x3d, r3}}, {@type={'type', 0x3d, "047654e7"}}, {@nodecompose='nodecompose'}, {@umask={'umask', 0x3d, 0x2}}, {@umask={'umask', 0x3d, 0x1}}, {@gid={'gid', 0x3d, r4}}, {@decompose='decompose'}, {@nodecompose='nodecompose'}, {@force='force'}], [{@pcr={'pcr', 0x3d, 0x39}}, {@subj_user={'subj_user', 0x3d, 'GPL'}}]}) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8002400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000300)={0x230, r2, 0xd10, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0xc4, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffffffeffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fff}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40000000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}]}]}, @TIPC_NLA_NET={0xc, 0x7, [@TIPC_NLA_NET_ADDR={0x8}]}, @TIPC_NLA_NET={0x44, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xffe00000000}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0xc8c}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x3}]}, @TIPC_NLA_SOCK={0x3c, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9ee}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xe9}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7f}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x20}]}, @TIPC_NLA_NODE={0x14, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xffff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MEDIA={0x1c, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MON={0x24, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2fec}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}]}, @TIPC_NLA_MEDIA={0x78, 0x5, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x4}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x19e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x81}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9aa7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}]}]}, 0x230}, 0x1, 0x0, 0x0, 0x4800}, 0x20000001) write$rfkill(r1, &(0x7f0000000080), 0x8) perf_event_open$cgroup(&(0x7f0000000240)={0x3, 0x70, 0x80000000, 0x29d0, 0x1, 0x84b, 0x0, 0x5, 0x20000, 0xe, 0x400, 0xcc2f, 0x800, 0x820, 0x3, 0x9, 0x2, 0x8000, 0xf8, 0x5, 0xe78, 0x7fffffff, 0x6, 0xff, 0x69a, 0x1000, 0xff, 0x1, 0x100000000, 0x6, 0xff, 0xfffffffffffffffe, 0x1000, 0x80, 0x3d, 0x2, 0x80, 0xfffffffffffffffd, 0x0, 0x58, 0x1, @perf_bp={&(0x7f0000000040)}, 0x400, 0x10000, 0x1000, 0x5, 0x2, 0x9b, 0x8}, r1, 0x3, r1, 0x1) getsockopt$IP6T_SO_GET_INFO(r1, 0x29, 0x40, &(0x7f0000000580)={'nat\x00'}, &(0x7f0000000600)=0x54) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000001c0)={0x5, 0x3, 0x2, 0x0, 0x0, [{r0, 0x0, 0x8}, {r0, 0x0, 0x400}]}) 12:47:50 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xe}], 0x1) [ 354.534695][T12584] overlayfs: './file0' not a directory [ 354.685062][T12597] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 354.700442][T12597] CPU: 0 PID: 12597 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 354.708431][T12597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 354.718471][T12597] Call Trace: [ 354.721751][T12597] dump_stack+0x172/0x1f0 [ 354.726067][T12597] dump_header+0x10f/0xb6c [ 354.730469][T12597] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 354.736259][T12597] ? ___ratelimit+0x60/0x595 [ 354.740840][T12597] ? do_raw_spin_unlock+0x57/0x270 [ 354.745938][T12597] oom_kill_process.cold+0x10/0x15 [ 354.751032][T12597] out_of_memory+0x79a/0x1280 [ 354.756502][T12597] ? lock_downgrade+0x880/0x880 [ 354.761350][T12597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 354.767594][T12597] ? oom_killer_disable+0x280/0x280 [ 354.772782][T12597] ? find_held_lock+0x35/0x130 [ 354.777542][T12597] mem_cgroup_out_of_memory+0x1ca/0x230 [ 354.783087][T12597] ? memcg_event_wake+0x230/0x230 [ 354.788098][T12597] ? do_raw_spin_unlock+0x57/0x270 [ 354.793225][T12597] ? _raw_spin_unlock+0x2d/0x50 [ 354.798086][T12597] try_charge+0x102c/0x15c0 [ 354.802588][T12597] ? find_held_lock+0x35/0x130 [ 354.807354][T12597] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 354.812905][T12597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 354.819151][T12597] ? kasan_check_read+0x11/0x20 [ 354.824001][T12597] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 354.829568][T12597] mem_cgroup_try_charge+0x24d/0x5e0 [ 354.834863][T12597] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 354.840486][T12597] __handle_mm_fault+0x1e1f/0x3ec0 [ 354.845588][T12597] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 354.851163][T12597] ? find_held_lock+0x35/0x130 [ 354.855931][T12597] ? handle_mm_fault+0x322/0xb30 [ 354.860872][T12597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 354.867122][T12597] ? kasan_check_read+0x11/0x20 [ 354.871962][T12597] handle_mm_fault+0x43f/0xb30 [ 354.876723][T12597] __get_user_pages+0x7b6/0x1a40 [ 354.881658][T12597] ? follow_page_mask+0x19a0/0x19a0 [ 354.886846][T12597] ? perf_trace_lock+0xeb/0x510 [ 354.891682][T12597] ? __vma_adjust+0x1840/0x1840 [ 354.896521][T12597] ? lock_acquire+0x16f/0x3f0 [ 354.901184][T12597] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 354.907415][T12597] populate_vma_page_range+0x20d/0x2a0 [ 354.912863][T12597] __mm_populate+0x204/0x380 [ 354.917441][T12597] ? populate_vma_page_range+0x2a0/0x2a0 [ 354.923059][T12597] __x64_sys_mlockall+0x35c/0x520 [ 354.928069][T12597] do_syscall_64+0x103/0x610 [ 354.932649][T12597] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 354.938523][T12597] RIP: 0033:0x458da9 [ 354.942411][T12597] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 354.962037][T12597] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 354.970435][T12597] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 354.978389][T12597] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 354.986348][T12597] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 354.994331][T12597] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 355.002293][T12597] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 355.011601][T12597] memory: usage 307200kB, limit 307200kB, failcnt 1669 [ 355.018710][T12597] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 355.026456][T12597] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 355.033559][T12597] Memory cgroup stats for /syz2: cache:0KB rss:297796KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:183416KB active_anon:13348KB inactive_file:0KB active_file:0KB unevictable:101164KB [ 355.056220][T12597] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11589,uid=0 [ 355.071881][T12597] Memory cgroup out of memory: Killed process 11589 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 355.096778][ T1043] oom_reaper: reaped process 11589 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 355.120473][T12593] device nr0 entered promiscuous mode 12:47:51 executing program 5: r0 = syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x8, 0x0) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffff9c, &(0x7f0000000180)={0x10, 0x30, 0xfa00, {&(0x7f0000000140)={0xffffffffffffffff}, 0x2, {0xa, 0x4e20, 0x4, @ipv4={[], [], @loopback}, 0x9}}}, 0x38) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r0, &(0x7f00000001c0)={0x11, 0x10, 0xfa00, {&(0x7f0000000100), r1}}, 0x18) r2 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x7, 0x511800) ioctl$BLKRRPART(r2, 0x125f, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) socket$kcm(0x29, 0x2, 0x0) delete_module(&(0x7f0000000200)='nr0\x01\x00 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 356.011911][T12597] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 356.020309][T12597] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 356.028266][T12597] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 356.036241][T12597] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 356.044214][T12597] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 356.052182][T12597] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 356.061212][T12597] memory: usage 307200kB, limit 307200kB, failcnt 1690 [ 356.068172][T12597] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 356.075973][T12597] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 356.083195][T12597] Memory cgroup stats for /syz2: cache:0KB rss:297716KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:176144KB active_anon:13332KB inactive_file:0KB active_file:0KB unevictable:108348KB [ 356.105469][T12597] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12596,uid=0 [ 356.105593][T12597] Memory cgroup out of memory: Killed process 12596 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB 12:47:52 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, 0x0, 0x0) 12:47:52 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d4baf66696c6531"]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:47:52 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0xfffffdfd}) 12:47:52 executing program 2: mlockall(0x6) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$mouse(&(0x7f0000000200)='/dev/input/mouse#\x00', 0xc18, 0x80) fstat(0xffffffffffffff9c, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) r2 = getegid() write$FUSE_ATTR(r0, &(0x7f0000000340)={0x78, 0x0, 0x6, {0x2, 0x5, 0x0, {0x4, 0x6, 0x2, 0x5a, 0x401, 0x4, 0x9, 0x6, 0x8, 0x0, 0x5, r1, r2, 0x5, 0x3}}}, 0x78) r3 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = syz_open_dev$midi(&(0x7f0000000140)='/dev/midi#\x00', 0xffffffff, 0x20000) syz_open_dev$admmidi(&(0x7f0000000180)='/dev/admmidi#\x00', 0x3ff, 0x200000) pipe2(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) ioctl$sock_kcm_SIOCKCMATTACH(r4, 0x89e0, &(0x7f0000000280)={r4, r5}) socket$inet_tcp(0x2, 0x1, 0x0) ioctl$IOC_PR_RELEASE(r3, 0x401070ca, &(0x7f0000000240)={0xffff, 0x6}) mlockall(0x3) r6 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x46000) getsockname$packet(r6, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000100)=0x14) 12:47:52 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x400, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x40}, 0x8) ioctl$TIOCEXCL(r0, 0x540c) getsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040), &(0x7f0000000100)=0xb) openat$vfio(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vfio/vfio\x00', 0x41c4, 0x0) [ 356.216427][T12719] device nr0 entered promiscuous mode [ 356.229274][T12738] overlayfs: failed to resolve 'K¯file1': -2 12:47:52 executing program 2: r0 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x101, 0x400000) setsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f00000000c0)=0x6, 0x4) mlockall(0x1) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:47:52 executing program 1: r0 = socket$inet6(0xa, 0x80000000001, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000000140)={'bridge0\x00\x00\x00\x00\x80\x00', &(0x7f0000000100)=@ethtool_cmd={0x10}}) mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r1 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) ioctl$RTC_AIE_ON(r1, 0x7001) r2 = getpid() write$cgroup_pid(r1, &(0x7f0000000000)=r2, 0x12) ioctl$TCSBRK(r1, 0x5409, 0x1) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) unlink(&(0x7f0000000180)='./file0\x00') setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f00000001c0)=0x7fffffff, 0x4) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000080)={&(0x7f0000000040)='./file0/file0\x00', r1}, 0x10) [ 356.274458][T12738] overlayfs: failed to resolve 'K¯file1': -2 12:47:52 executing program 4: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x9, 0x80) ioctl$sock_ifreq(r0, 0x1000089df, &(0x7f00000003c0)={'irlan0\x00', @ifru_data=&(0x7f0000000380)="efa21c3ec9cae38d349b4102b9f215d1b6f7b7adc6eb080810a33a65e465caab"}) getsockname(r0, &(0x7f00000000c0)=@nl=@proc, &(0x7f0000000040)=0x80) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000200)="ded20906e2b9b3a68f1960c9ad491c467f090be7fa68fcfbd99901057e2c2e272f4aac8d36eff1a56947f688f6adba173a6cdfe63391c33f369c94d0f5b5aa1cce91cc64cc075e73d4262190ab9deb853bd0b94f520be31add59e91aabfb78daea4d82d9218b2dcc0312e327057cdf43a8967931e7a61de7613f79a3c8f1a75e06a15c8c31ecf0c83d58b6ed6d3926c004fdcc19c43b13e38d90806cb5ab61960c927d9f542106ec55d25128ef759e80c4a4f070bb88ef0cb48ad15f", 0xbc) write$rfkill(r1, &(0x7f0000000080), 0x8) [ 356.448949][T12753] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 356.474974][T12753] CPU: 0 PID: 12753 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 356.482997][T12753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 356.493063][T12753] Call Trace: [ 356.496367][T12753] dump_stack+0x172/0x1f0 [ 356.500712][T12753] dump_header+0x10f/0xb6c [ 356.505178][T12753] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 356.511005][T12753] ? ___ratelimit+0x60/0x595 [ 356.515603][T12753] ? do_raw_spin_unlock+0x57/0x270 [ 356.520730][T12753] oom_kill_process.cold+0x10/0x15 [ 356.525865][T12753] out_of_memory+0x79a/0x1280 [ 356.530555][T12753] ? lock_downgrade+0x880/0x880 [ 356.535415][T12753] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 356.541682][T12753] ? oom_killer_disable+0x280/0x280 [ 356.546894][T12753] ? find_held_lock+0x35/0x130 [ 356.551676][T12753] mem_cgroup_out_of_memory+0x1ca/0x230 [ 356.557233][T12753] ? memcg_event_wake+0x230/0x230 [ 356.562279][T12753] ? do_raw_spin_unlock+0x57/0x270 [ 356.567403][T12753] ? _raw_spin_unlock+0x2d/0x50 [ 356.572269][T12753] try_charge+0x102c/0x15c0 [ 356.576778][T12753] ? find_held_lock+0x35/0x130 [ 356.581571][T12753] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 356.587142][T12753] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 356.593400][T12753] ? kasan_check_read+0x11/0x20 [ 356.598271][T12753] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 356.603839][T12753] mem_cgroup_try_charge+0x24d/0x5e0 [ 356.609129][T12753] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 356.614803][T12753] __handle_mm_fault+0x1e1f/0x3ec0 [ 356.619935][T12753] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 356.627209][T12753] ? find_held_lock+0x35/0x130 [ 356.631961][T12753] ? handle_mm_fault+0x322/0xb30 [ 356.636895][T12753] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 356.643151][T12753] ? kasan_check_read+0x11/0x20 [ 356.648001][T12753] handle_mm_fault+0x43f/0xb30 [ 356.652865][T12753] __get_user_pages+0x7b6/0x1a40 [ 356.657826][T12753] ? follow_page_mask+0x19a0/0x19a0 [ 356.663029][T12753] ? __vma_adjust+0x1840/0x1840 [ 356.667886][T12753] ? lock_acquire+0x16f/0x3f0 [ 356.672635][T12753] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 356.678874][T12753] populate_vma_page_range+0x20d/0x2a0 [ 356.684384][T12753] __mm_populate+0x204/0x380 [ 356.688965][T12753] ? populate_vma_page_range+0x2a0/0x2a0 [ 356.694612][T12753] __x64_sys_mlockall+0x35c/0x520 [ 356.699638][T12753] do_syscall_64+0x103/0x610 [ 356.704216][T12753] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 356.710099][T12753] RIP: 0033:0x458da9 [ 356.714000][T12753] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 356.733718][T12753] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 356.742140][T12753] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 356.750113][T12753] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 356.758096][T12753] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 356.766206][T12753] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 356.774173][T12753] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 356.784776][T12753] memory: usage 307200kB, limit 307200kB, failcnt 1710 [ 356.791821][T12753] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 356.799511][T12753] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 356.806570][T12753] Memory cgroup stats for /syz2: cache:0KB rss:297628KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:183416KB active_anon:13448KB inactive_file:0KB active_file:0KB unevictable:100876KB [ 356.829063][T12753] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11642,uid=0 [ 356.829185][T12753] Memory cgroup out of memory: Killed process 11642 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 356.863933][T12742] device nr0 entered promiscuous mode [ 356.874328][ T1043] oom_reaper: reaped process 11642 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 12:47:52 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x0, 0x0) openat$cgroup_int(r0, &(0x7f0000000040)='cpuset.cpu_exclusive\x00', 0x2, 0x0) ioctl$KVM_SET_DEBUGREGS(r0, 0x4080aea2, &(0x7f00000000c0)={[0x0, 0xf004, 0x3004, 0x2], 0x5, 0x22, 0xfffffffffffffff7}) connect$bt_sco(r0, &(0x7f0000000000)={0x1f, {0x100, 0x1ff, 0x9, 0x5, 0x4, 0x4}}, 0x8) write$rfkill(r0, &(0x7f0000000080), 0x8) [ 357.127187][T12760] overlayfs: './file0' not a directory 12:47:53 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x0, 0x0) ioctl$LOOP_GET_STATUS64(r1, 0x4c05, &(0x7f0000000040)) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) 12:47:53 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x100000000000000}) 12:47:53 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, 0x0, 0x0) 12:47:53 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) kexec_load(0x1, 0x3, &(0x7f00000002c0)=[{&(0x7f0000000000)="545fe00e15c6710756091fdb3ba5fd5307313fd4bfd997909c3cf201f069f192694f417328498cddebd79de10be738e4ecbf9c2e7b00a009849703b1100f0912c5f5d648222801c976bf4572c34b90555e2e86eb8b318c8f5736905d28a660ca9feac297615837e070d7d5a508a76dc062f550789b43c6f1f8ef52570be3fe8fc1eae3536c707fc226c15ffeba963b3f68c7519efaec31bf70c3ef45e9609f4f3095", 0xa2, 0x8000, 0xd7}, {&(0x7f0000000100)="b439e3b5277506a6f430b17b0d38d287793dbf8c6d23f0e2dd57bed9ca8f54a17607b0a54b7566e1e746fab745b700c77070bc3aafb727c77b", 0x39, 0x58db81c1, 0x8}, {&(0x7f0000000140)="94fe4cd6f9e7e95313815b9309e99135870fdf8f2434ccda797f1633d470d25211cd915c3766ca8fad87e40e8d6bb5218c69c22ef6b400ba19d627c8f9ebbc96e3d10e0d616c0535b50c400be1039a393fe36dab64d39bfd99a4909d59248a6a42d10bdff3ef7e7962716ab67110b047d694a5ce3643d47b85aa688d6684796b89fd337bb3", 0x85, 0x200, 0x6}], 0xc6dfbb79e0cd48d4) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:47:53 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) getsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000000), &(0x7f0000000040)=0x4) 12:47:53 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x1e00000000000000}) [ 357.337243][T12777] device nr0 entered promiscuous mode [ 357.367724][T12782] device nr0 entered promiscuous mode 12:47:53 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) [ 357.396617][T12753] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 357.434538][T12790] overlayfs: './file0' not a directory [ 357.435032][T12753] CPU: 0 PID: 12753 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 357.448039][T12753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 357.458120][T12753] Call Trace: [ 357.461429][T12753] dump_stack+0x172/0x1f0 [ 357.465773][T12753] dump_header+0x10f/0xb6c [ 357.470206][T12753] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 357.476040][T12753] ? ___ratelimit+0x60/0x595 [ 357.480647][T12753] ? do_raw_spin_unlock+0x57/0x270 [ 357.485785][T12753] oom_kill_process.cold+0x10/0x15 [ 357.490933][T12753] out_of_memory+0x79a/0x1280 [ 357.495630][T12753] ? lock_downgrade+0x880/0x880 [ 357.500503][T12753] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 357.506769][T12753] ? oom_killer_disable+0x280/0x280 [ 357.511997][T12753] ? find_held_lock+0x35/0x130 [ 357.516790][T12753] mem_cgroup_out_of_memory+0x1ca/0x230 [ 357.522357][T12753] ? memcg_event_wake+0x230/0x230 [ 357.527402][T12753] ? do_raw_spin_unlock+0x57/0x270 [ 357.532525][T12753] ? _raw_spin_unlock+0x2d/0x50 [ 357.537387][T12753] try_charge+0x102c/0x15c0 [ 357.541894][T12753] ? find_held_lock+0x35/0x130 [ 357.546683][T12753] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 357.552250][T12753] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 357.558514][T12753] ? kasan_check_read+0x11/0x20 [ 357.563398][T12753] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 357.568963][T12753] mem_cgroup_try_charge+0x24d/0x5e0 [ 357.574272][T12753] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 357.579933][T12753] wp_page_copy+0x408/0x1740 [ 357.584538][T12753] ? find_held_lock+0x35/0x130 [ 357.589330][T12753] ? pmd_pfn+0x1d0/0x1d0 [ 357.593592][T12753] ? lock_downgrade+0x880/0x880 [ 357.598456][T12753] ? swp_swapcount+0x540/0x540 [ 357.603238][T12753] ? kasan_check_read+0x11/0x20 [ 357.608104][T12753] ? do_raw_spin_unlock+0x57/0x270 [ 357.613238][T12753] do_wp_page+0x48e/0x1500 [ 357.617683][T12753] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 357.623084][T12753] __handle_mm_fault+0x22e8/0x3ec0 [ 357.628222][T12753] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 357.633781][T12753] ? find_held_lock+0x35/0x130 [ 357.638574][T12753] ? handle_mm_fault+0x322/0xb30 [ 357.643542][T12753] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 357.658314][T12753] ? kasan_check_read+0x11/0x20 [ 357.663189][T12753] handle_mm_fault+0x43f/0xb30 [ 357.667971][T12753] __get_user_pages+0x7b6/0x1a40 [ 357.672940][T12753] ? follow_page_mask+0x19a0/0x19a0 [ 357.678150][T12753] ? retint_kernel+0x2d/0x2d [ 357.682764][T12753] ? populate_vma_page_range+0x189/0x2a0 [ 357.688415][T12753] populate_vma_page_range+0x20d/0x2a0 [ 357.693898][T12753] __mm_populate+0x204/0x380 [ 357.698507][T12753] ? populate_vma_page_range+0x2a0/0x2a0 [ 357.704169][T12753] __x64_sys_mlockall+0x35c/0x520 [ 357.709211][T12753] do_syscall_64+0x103/0x610 [ 357.713828][T12753] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 357.719733][T12753] RIP: 0033:0x458da9 [ 357.723639][T12753] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 12:47:53 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f962c4a1266696c65312c776f726b646972342e2f66"]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 357.743249][T12753] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 357.751675][T12753] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 357.759679][T12753] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 357.767843][T12753] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 357.775835][T12753] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 357.783823][T12753] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 357.908220][T12798] overlayfs: unrecognized mount option "Jfile1" or missing value [ 357.938434][T12798] overlayfs: unrecognized mount option "Jfile1" or missing value [ 358.042556][T12753] memory: usage 307200kB, limit 307200kB, failcnt 1740 [ 358.049662][T12753] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 358.060439][T12753] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 358.068321][T12753] Memory cgroup stats for /syz2: cache:0KB rss:297532KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:175984KB active_anon:13444KB inactive_file:0KB active_file:0KB unevictable:108220KB [ 358.091009][T12753] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12752,uid=0 [ 358.106973][T12753] Memory cgroup out of memory: Killed process 12752 (syz-executor.2) total-vm:72580kB, anon-rss:18060kB, file-rss:53428kB, shmem-rss:0kB [ 358.127823][ T1043] oom_reaper: reaped process 12752 (syz-executor.2), now anon-rss:18112kB, file-rss:54324kB, shmem-rss:0kB 12:47:54 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x2000000006) 12:47:54 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) getpeername(r0, &(0x7f0000000000)=@nl=@proc, &(0x7f00000000c0)=0x80) write$rfkill(r0, &(0x7f0000000080), 0x8) 12:47:54 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="75707065726469723d2e3066696c65302c6c6f6469723d2e2f66696c65312c776f726b6469723d2e2f66696c6531304359a635560403b3a0472e06dc408982752fddd9a5c981a1e5dc33f53e9cdd2b751d37b7ab68e65bc5e5cbe4e19e2fbb5f9e7498c4250dfef3031348c74003a883d0e1bda51c72cdb372c16cebb4dcecbb242dad94b8eff03103e4d1fa32540e0351412443c6874e9e03fedd912ed51b0953694ff4ca5f62b4d404"]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) faccessat(r0, &(0x7f0000000100)='./file1/file0\x00', 0x1, 0x1200) 12:47:54 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x3f00000000000000}) [ 358.298118][T12777] device nr0 entered promiscuous mode [ 358.382824][T12806] overlayfs: unrecognized mount option "lodir=./file1" or missing value [ 358.419125][T12806] overlayfs: unrecognized mount option "lodir=./file1" or missing value [ 358.504489][T12814] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 358.531195][T12814] CPU: 1 PID: 12814 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 358.539208][T12814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 358.549267][T12814] Call Trace: [ 358.552574][T12814] dump_stack+0x172/0x1f0 [ 358.556913][T12814] dump_header+0x10f/0xb6c [ 358.561337][T12814] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 358.567154][T12814] ? ___ratelimit+0x60/0x595 [ 358.571753][T12814] ? do_raw_spin_unlock+0x57/0x270 [ 358.576874][T12814] oom_kill_process.cold+0x10/0x15 [ 358.581998][T12814] out_of_memory+0x79a/0x1280 [ 358.586691][T12814] ? lock_downgrade+0x880/0x880 [ 358.591545][T12814] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 358.597804][T12814] ? oom_killer_disable+0x280/0x280 [ 358.602996][T12814] ? find_held_lock+0x35/0x130 [ 358.607766][T12814] mem_cgroup_out_of_memory+0x1ca/0x230 [ 358.613320][T12814] ? memcg_event_wake+0x230/0x230 [ 358.618348][T12814] ? do_raw_spin_unlock+0x57/0x270 [ 358.625199][T12814] ? _raw_spin_unlock+0x2d/0x50 [ 358.630052][T12814] try_charge+0x102c/0x15c0 [ 358.634540][T12814] ? find_held_lock+0x35/0x130 [ 358.639289][T12814] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 358.644831][T12814] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 358.651072][T12814] ? kasan_check_read+0x11/0x20 [ 358.655921][T12814] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 358.661452][T12814] mem_cgroup_try_charge+0x24d/0x5e0 [ 358.667162][T12814] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 358.672781][T12814] __handle_mm_fault+0x1e1f/0x3ec0 [ 358.677883][T12814] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 358.683420][T12814] ? find_held_lock+0x35/0x130 [ 358.688178][T12814] ? handle_mm_fault+0x322/0xb30 [ 358.693106][T12814] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 358.699340][T12814] ? kasan_check_read+0x11/0x20 [ 358.704176][T12814] handle_mm_fault+0x43f/0xb30 [ 358.708922][T12814] __get_user_pages+0x7b6/0x1a40 [ 358.713861][T12814] ? follow_page_mask+0x19a0/0x19a0 [ 358.719045][T12814] ? __vma_adjust+0x1840/0x1840 [ 358.723889][T12814] ? lock_acquire+0x16f/0x3f0 [ 358.728552][T12814] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 358.734794][T12814] populate_vma_page_range+0x20d/0x2a0 [ 358.740280][T12814] __mm_populate+0x204/0x380 [ 358.744879][T12814] ? populate_vma_page_range+0x2a0/0x2a0 [ 358.750540][T12814] __x64_sys_mlockall+0x35c/0x520 [ 358.755563][T12814] do_syscall_64+0x103/0x610 [ 358.760142][T12814] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 358.766040][T12814] RIP: 0033:0x458da9 [ 358.769918][T12814] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 358.789533][T12814] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 358.797940][T12814] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 358.805898][T12814] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 358.813852][T12814] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 358.821817][T12814] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 358.829798][T12814] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 358.838987][T12814] memory: usage 307200kB, limit 307200kB, failcnt 1777 [ 358.846164][T12814] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 358.853860][T12814] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 358.860861][T12814] Memory cgroup stats for /syz2: cache:0KB [ 358.860891][T12814] rss:297684KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:183284KB active_anon:13468KB inactive_file:0KB active_file:0KB unevictable:100952KB [ 358.885911][T12814] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11743,uid=0 [ 358.901557][T12814] Memory cgroup out of memory: Killed process 11743 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB 12:47:54 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f00000010c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12[\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x800, 0x0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000040)={0x0, 0x55, "7db8124107dcd76fbac5df11b0802ac347164937f297a2c50b3b8ee81ef7c94db2539d60a6b9aad9a3a48ffe46b0b9cc145fa75d8001d3f942c2ddb04d520c6bda3db0ab044de28f4f62cd3643c9a7724a48303834"}, &(0x7f00000000c0)=0x5d) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f0000000100)=r2, 0x4) 12:47:54 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) ioctl$SNDRV_RAWMIDI_IOCTL_STATUS(r0, 0xc0385720, &(0x7f0000000000)={0x1, {0x77359400}, 0x0, 0x3}) write$rfkill(r0, &(0x7f0000000080), 0x8) 12:47:54 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = request_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='overlay\x00', 0xfffffffffffffffd) r1 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0x0) keyctl$search(0xa, r0, &(0x7f0000000100)='pkcs7_test\x00', &(0x7f0000000140)={'syz', 0x0}, r1) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c65313ad7850ec0c8ad24bdf8d3b21a446f51096b091ab4988d12b80681bcae5d4875704e6989673f354f9ba7c132fd5db10210834c172c28eec4b3369e4e46e5a09c88b48a0968dee9c0fb99f472e9fba01b2f4c3efd72c3169597a6a120077a7b648134e589c81163d0c08662ae1ba051"]) chdir(&(0x7f0000000380)='./file0\x00') lremovexattr(&(0x7f0000000200)='./file1/file0\x00', &(0x7f00000003c0)=@known='trusted.overlay.upper\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:47:54 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, 0x0, 0x0) 12:47:54 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0xfdfdffff00000000}) [ 359.058258][T12826] device nr0 entered promiscuous mode 12:47:55 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = pkey_alloc(0x0, 0x1) pkey_mprotect(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, r0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="75707065080069723d2e2f65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c6531e7ea025a"]) chdir(&(0x7f0000000100)='./file1\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 359.106626][T12829] overlayfs: unrecognized mount option "(îij6žNFå œˆ´Š hÞéÀû™ôréû /L>ýrÕ—¦¡ z{d4å‰ÈcÐÀ†b® Q" or missing value 12:47:55 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000013c0)='/dev/hwrng\x00', 0x0, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r0, 0xab07, 0xde6) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x143006, 0x0) write$rfkill(r1, &(0x7f0000000080), 0x8) io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000001340)=[{&(0x7f0000000000)=""/1, 0x1}, {&(0x7f00000000c0)=""/18, 0x12}, {&(0x7f0000000100)=""/64, 0x40}, {&(0x7f00000001c0)=""/4096, 0x1000}, {&(0x7f00000011c0)=""/103, 0x67}, {&(0x7f0000001240)=""/131, 0x83}, {&(0x7f0000001300)=""/38, 0x26}], 0x7) [ 359.229630][T12814] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 359.248965][T12841] overlayfs: unrecognized mount option "uppe" or missing value [ 359.260078][T12814] CPU: 0 PID: 12814 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 359.268083][T12814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 359.278159][T12814] Call Trace: [ 359.281463][T12814] dump_stack+0x172/0x1f0 [ 359.285821][T12814] dump_header+0x10f/0xb6c [ 359.290251][T12814] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 359.296071][T12814] ? ___ratelimit+0x60/0x595 [ 359.300665][T12814] ? do_raw_spin_unlock+0x57/0x270 [ 359.305787][T12814] oom_kill_process.cold+0x10/0x15 [ 359.310916][T12814] out_of_memory+0x79a/0x1280 [ 359.315608][T12814] ? lock_downgrade+0x880/0x880 [ 359.320471][T12814] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 359.326738][T12814] ? oom_killer_disable+0x280/0x280 [ 359.331946][T12814] ? find_held_lock+0x35/0x130 [ 359.336727][T12814] mem_cgroup_out_of_memory+0x1ca/0x230 [ 359.342282][T12814] ? memcg_event_wake+0x230/0x230 [ 359.347317][T12814] ? do_raw_spin_unlock+0x57/0x270 [ 359.352439][T12814] ? _raw_spin_unlock+0x2d/0x50 [ 359.357307][T12814] try_charge+0x102c/0x15c0 [ 359.361873][T12814] ? find_held_lock+0x35/0x130 [ 359.366740][T12814] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 359.372300][T12814] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 359.378547][T12814] ? kasan_check_read+0x11/0x20 [ 359.378569][T12814] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 359.378591][T12814] mem_cgroup_try_charge+0x24d/0x5e0 [ 359.388996][T12814] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 359.389016][T12814] wp_page_copy+0x408/0x1740 [ 359.389030][T12814] ? find_held_lock+0x35/0x130 [ 359.389051][T12814] ? pmd_pfn+0x1d0/0x1d0 [ 359.389067][T12814] ? lock_downgrade+0x880/0x880 [ 359.389082][T12814] ? swp_swapcount+0x540/0x540 [ 359.389108][T12814] ? kasan_check_read+0x11/0x20 [ 359.427992][T12814] ? do_raw_spin_unlock+0x57/0x270 [ 359.433125][T12814] do_wp_page+0x48e/0x1500 [ 359.437565][T12814] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 359.442971][T12814] __handle_mm_fault+0x22e8/0x3ec0 [ 359.448109][T12814] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 359.453676][T12814] ? find_held_lock+0x35/0x130 [ 359.458460][T12814] ? handle_mm_fault+0x322/0xb30 [ 359.463424][T12814] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 359.469690][T12814] ? kasan_check_read+0x11/0x20 [ 359.474565][T12814] handle_mm_fault+0x43f/0xb30 [ 359.479350][T12814] __get_user_pages+0x7b6/0x1a40 [ 359.484323][T12814] ? follow_page_mask+0x19a0/0x19a0 [ 359.489542][T12814] ? retint_kernel+0x2d/0x2d [ 359.494171][T12814] populate_vma_page_range+0x20d/0x2a0 [ 359.499654][T12814] __mm_populate+0x204/0x380 [ 359.504269][T12814] ? populate_vma_page_range+0x2a0/0x2a0 [ 359.509926][T12814] __x64_sys_mlockall+0x35c/0x520 [ 359.514967][T12814] do_syscall_64+0x103/0x610 [ 359.520096][T12814] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 359.526001][T12814] RIP: 0033:0x458da9 [ 359.529909][T12814] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 359.549526][T12814] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 359.557949][T12814] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 359.565927][T12814] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 359.573905][T12814] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 359.581885][T12814] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 359.589860][T12814] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 359.600232][T12845] overlayfs: unrecognized mount option "uppe" or missing value 12:47:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0xffffffff00000000}) [ 359.652673][T12814] memory: usage 307200kB, limit 307200kB, failcnt 1810 [ 359.673052][T12814] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 359.689107][T12814] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 359.715519][T12814] Memory cgroup stats for /syz2: cache:0KB rss:297540KB rss_huge:235520KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:169684KB active_anon:13452KB inactive_file:0KB active_file:0KB unevictable:114492KB [ 359.744982][T12814] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12812,uid=0 [ 359.772763][T12814] Memory cgroup out of memory: Killed process 12812 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB 12:47:55 executing program 2: mlockall(0x3) prctl$PR_GET_SECCOMP(0x15) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:47:55 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) lstat(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:47:55 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') socketpair(0xb, 0x80000, 0xffffffffffffa6c8, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000000c0)="0d09dae341a0b98391afce3eeef251ea2b2e5564c0fc33732f17b747f6ed559ad53096528b9048556124184e529ed0c8a87b37345eb96e1f6a679ea8901a430cbd9ca5bde856111616955b75d8067b73e17a4afda9b07995749f9ab96575f3a0e6e866029361411db70da6b552549c370a5c03b6264b3fcb88f3a1933fbf3d53b30f497ecb328f6036aa87b050b12202b008074a7753a1cc2ecb90072ff807505255b9b5365bc63a0f01e98ac8c2785ec85687d883acebc9ae93dbea457de7e8f1e4f1e1c1772f04a2cf8412fbd82243dc3ed6342cdde4b63d00b30db7b02044610d3dbe82207ba192c476294702eaad31cef8", 0xf3}, {&(0x7f00000001c0)="a9832e2dc06ca415b2ecec5f0597161c2a9b5228e8e375635c6b75f785ca2286e91fb3b89a89264aa6cf7d77e38bc1d0cfe5247b8e75089aba510129b777ec6ae1814f0d9064d3c4720050094f4b66d49a5722333074d3d7ea197c9595651850dd672bafc0cf86dd67ca0ec5f0815aeaa887fd8386c8da", 0x77}], 0x2, &(0x7f0000000440)="bf8deb0a4129c9b16a02830f463ec3cddfdc2d0bc82daca0e06654f6397b12154806603776ab66ca21b8d1717306a0bac3490e274ec35b920edc40885abc4f669c8dab4dd920d1759dea078292102bb165b72d912e868e6d3d91219afe4afb47994172e3957171c7807fd2640744fd818ceada810e6c33190b37f6d75f226a8c9145713c7757e0700d1b8c776705105dc53495191e0fa7e1422163595d1b4fafa3eb3ed93000d448b50ec4f6742d2d131d1e54e92cd0743637b3c590d25674c89a968ad495125a835014f3", 0xcb, 0x80}, 0x1) r3 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x10000, 0x0) setsockopt$bt_BT_POWER(r3, 0x112, 0x9, &(0x7f0000000040)=0x5, 0x0) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) 12:47:55 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240), 0x0) 12:47:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x1e}) 12:47:55 executing program 4: ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000000)=0x0) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x60028, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x3, 0x1, @perf_config_ext, 0x4000}, r0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) ioctl$TCSETXF(r1, 0x5434, &(0x7f0000000040)={0x7fffffff, 0x5, [0x7, 0xffffffff00000000, 0x8001, 0x47, 0xf7da], 0x4ad8}) write$rfkill(r1, &(0x7f0000000080), 0x8) 12:47:55 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x143002, 0x0) ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000240)=0x1) syz_open_dev$swradio(&(0x7f0000000280)='/dev/swradio#\x00', 0x1, 0x2) lsetxattr$security_evm(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)='security.evm\x00', &(0x7f0000000200)=@sha1={0x1, "a4b2e9228cb5995a8644767fac52f03add8496f3"}, 0x15, 0x3) write$rfkill(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x800000000000, 0x1}, 0xffffffffffffff01) ioctl$VHOST_SET_VRING_ENDIAN(r0, 0x4008af13, &(0x7f0000000040)={0x2, 0x40}) syz_open_dev$video(&(0x7f0000000080)='/dev/video#\x00', 0x0, 0x0) [ 359.923724][T12865] device nr0 entered promiscuous mode [ 359.943743][T12861] device nr0 entered promiscuous mode [ 359.989180][T12871] overlayfs: './file0' not a directory 12:47:55 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x28000, 0x30) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000040)={0x2, 'sit0\x00'}, 0x18) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 360.046654][T12869] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 360.063106][T12869] CPU: 1 PID: 12869 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 360.071109][T12869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 360.082472][T12869] Call Trace: [ 360.085775][T12869] dump_stack+0x172/0x1f0 [ 360.090120][T12869] dump_header+0x10f/0xb6c [ 360.094540][T12869] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 360.100349][T12869] ? ___ratelimit+0x60/0x595 [ 360.104943][T12869] ? do_raw_spin_unlock+0x57/0x270 [ 360.110067][T12869] oom_kill_process.cold+0x10/0x15 [ 360.115276][T12869] out_of_memory+0x79a/0x1280 [ 360.119966][T12869] ? lock_downgrade+0x880/0x880 [ 360.124833][T12869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 360.131086][T12869] ? oom_killer_disable+0x280/0x280 [ 360.136283][T12869] ? find_held_lock+0x35/0x130 [ 360.141063][T12869] mem_cgroup_out_of_memory+0x1ca/0x230 [ 360.146623][T12869] ? memcg_event_wake+0x230/0x230 [ 360.151661][T12869] ? do_raw_spin_unlock+0x57/0x270 [ 360.156780][T12869] ? _raw_spin_unlock+0x2d/0x50 [ 360.161651][T12869] try_charge+0x102c/0x15c0 [ 360.166153][T12869] ? find_held_lock+0x35/0x130 [ 360.170932][T12869] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 360.176669][T12869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 360.182920][T12869] ? kasan_check_read+0x11/0x20 [ 360.187782][T12869] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 360.193346][T12869] mem_cgroup_try_charge+0x24d/0x5e0 [ 360.198652][T12869] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 360.204296][T12869] __handle_mm_fault+0x1e1f/0x3ec0 [ 360.209422][T12869] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 360.214974][T12869] ? find_held_lock+0x35/0x130 [ 360.219749][T12869] ? handle_mm_fault+0x322/0xb30 [ 360.224700][T12869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 360.230951][T12869] ? kasan_check_read+0x11/0x20 [ 360.235823][T12869] handle_mm_fault+0x43f/0xb30 [ 360.240601][T12869] __get_user_pages+0x7b6/0x1a40 [ 360.245557][T12869] ? follow_page_mask+0x19a0/0x19a0 [ 360.250762][T12869] ? __vma_adjust+0x1840/0x1840 [ 360.255632][T12869] ? lock_acquire+0x16f/0x3f0 [ 360.260318][T12869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 360.266569][T12869] populate_vma_page_range+0x20d/0x2a0 [ 360.272042][T12869] __mm_populate+0x204/0x380 [ 360.276655][T12869] ? populate_vma_page_range+0x2a0/0x2a0 [ 360.282312][T12869] __x64_sys_mlockall+0x35c/0x520 [ 360.287369][T12869] do_syscall_64+0x103/0x610 [ 360.291970][T12869] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 360.297862][T12869] RIP: 0033:0x458da9 [ 360.301756][T12869] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 360.321365][T12869] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 360.329785][T12869] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 360.337772][T12869] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 360.345760][T12869] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 360.353735][T12869] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 360.361715][T12869] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 360.387999][T12869] memory: usage 307200kB, limit 307200kB, failcnt 1867 [ 360.396229][T12869] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 360.409156][T12869] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 12:47:56 executing program 4: r0 = syz_open_dev$usb(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x9, 0x472080) setsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000040)=0x3, 0x4) r1 = syz_genetlink_get_family_id$fou(&(0x7f0000000240)='fou\x00') sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000340)={&(0x7f0000000200), 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x38, r1, 0x600, 0x1, 0x25dfdbfb, {}, [@FOU_ATTR_AF={0x8, 0x2, 0x2}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_TYPE={0x8, 0x4, 0x2}, @FOU_ATTR_TYPE={0x8, 0x4, 0x1}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x4) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r2, &(0x7f0000000080), 0x8) getsockopt$netrom_NETROM_T1(r2, 0x103, 0x1, &(0x7f0000000100), &(0x7f00000001c0)=0x4) shutdown(r0, 0x1) socketpair(0x0, 0x80001, 0x2, &(0x7f00000000c0)) [ 360.428355][T12869] Memory cgroup stats for /syz2: cache:0KB rss:297552KB rss_huge:235520KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:177140KB active_anon:13468KB inactive_file:0KB active_file:0KB unevictable:107096KB [ 360.457792][T12869] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11801,uid=0 [ 360.500551][T12869] Memory cgroup out of memory: Killed process 11801 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB 12:47:56 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x1e00}) 12:47:56 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vcs\x00', 0x143004, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000040)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f0000000200)={0x16, 0x98, 0xfa00, {&(0x7f0000000000), 0x3, r1, 0x30, 0x0, @in6={0xa, 0x4e23, 0x8, @ipv4={[], [], @multicast1}, 0xab7}}}, 0xa0) 12:47:56 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000540)={0x1, 0x0, @pic={0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x102], 0x1f000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$sock_bt_cmtp_CMTPCONNDEL(r3, 0x400443c9, &(0x7f0000000000)={{0x6, 0x9, 0x8, 0x80000001, 0x7, 0x4}}) accept4$unix(r3, &(0x7f0000000140), &(0x7f00000001c0)=0x6e, 0x80000) mount$overlay(0x400000, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0xfffffffffffffffe, &(0x7f0000000d80)=ANY=[@ANYRESHEX=r3, @ANYRES16=r3, @ANYBLOB="9a53b4f6e4e4e718bdfb9212f822d6c16fc982f5e95e6b62c048d245d339520e9f5323351636e68284f0c1956f9996301c30b35f3ce3cfdb11312a2553a348346e89e5aa959f126f8afba8aa44d69faba07f403c93ca6228985568e3691bc1baf9ec4db19702da71885e89143875633d6d0c02ea92862a44ea933a742afcb0426c6f4c646272584f23f2364c7c19a8694a461a0e4cadea013813c039d1f311e07f0c23b1aad0351cdb56e6daa7cc7cda5172e87959601fac35c373903da639d255a200a46880350bd9b418349bec845a6952b819ed4d09b1aab7fe3bd485fe1c77ad82547bd11b5313e1cd4087fd5a5a88666139110be3674db63c4489fa6217673d17419f66b47095237c7c8a2cd797f41b0f63542c5958662684fa512e72726930fc7f539b607ce60d60fe6ec1fe05443da26a1bb6d26f360efa2a74595991c911a39c5bdcfeff284f2f9ce86938e0db0fa9ec25110394a36f8470bba7a65f31022d5cdce501df5e0a970c082ea8f824d9b91e9fc325682a0a834d7166fe7a3fb119a160c862056a0d333e7531645ce78d827648f522ad2d4c94260ff5c4e90da9ae70543d8d930135211715c1091c8f01e9c7eea7c0cf81e28f683bd1f1c19c385cead3bc8d0dca3720bccdbea6be6bdd18b7d78af69389374000d82064cf43239061b1ad61d9ab5c3a5349b6277811523c49372e5d7d6f8e26e5e85da191f7ce240f3d34443964533200050dc15cfc290ab5187ab8d6880e8e0436586ff590067ecfacebb5b13660f4e1fd8ffc669eae4b53071b903598494d67a810133322314d0161482c039cbacf4767cec7c3f5f06d9affc3061861f041ce61c857d33390068ed10d29c09036827d9292691529b4f817ba4847c227314f6a455a3d484c480fcf558645a959eca0f3e607971babf211558530a37337953286e1bd65d2e5cd3818155a65ada9d5f6d9fdaea064684ee5413bb66626e96a198b33d77c0308ddb381c9c919492d0af7c8de9e0e5ece9e23ef70fe0077a105ac4ab87d00122db7427b2930d91985bf84bd198189ae155e32dc0e9bae9aec6c960c465a96a6853504e6196d4b39d35669ceb26438f303df477e705ce17afcd7e46fa63fdf16fefdcd72354e86928aa1432af0bab3d948481f6c1cb59d6069349cc967fbab73142003c724236ea316658ad564026b9c9a836b5e0c44af7abad8ff5942cae52f010c320c00b3349c3bde6ccbfb395f4cee43f35aba2a6690e71430d4ab0504d24625334bb31bc42ecf872fbd2c44608285eeb32a8527f57cb85316144c4099602c4e8e6d32832fccc366311bf0199e41e28fba5e2919ef091c2d46b280a30dd26795aac1273c95c530807621badbd0a1dcc1fb5344ef314454b157682edd184d10e74084b7d3046b84d443217c1cdae8a0b02e8a704cde07651ae693b2de6a9758c4ce86199c2fb0cf0d84accd507626a86efcf38eda3ccc1b63bfa49fa326d42c60ca1b3afd6aacb21d93b12d4cfd4af417b4a5fd2be10fc9cba11c4a548af7fcd9a9d0197e8e49bda487e5808e74bcc651693af582a1de313d4b72320694626abe93a893517e13ceecd804660326e2580bc24a87b989bcabcae2a3246b2ef0526d139f4670dc9cf1dcf62e63a86ba28091793b6743505d771deed8cd407883b3d3f01472b22b9236889b7ee313048e5199e88e30399c91bc043493e447ecd1d1e81d8b6b52da7f3f9fabd944e9b937865fad650a6efebdf67febbc7cf7231ceaec9050d989988b30f4a43e70c5f8c340213cc5b55b463b00b75a25dfe1eebfb5d9c843e5d6f987dc5bf3e3425342d2e53d06093d7fc2181ae999b7844a537e035befc6bca7236ad6122b9d43ae02f472504f3b193b750bb25e674b2f2e5f2b023792ded5d74567cf4e88bb9dd303a0552fb5b86cc7187ab553b0ce3f1635f9f1cb3783a740bb74349a0bfdd66af99742b23c040474cb7bebb25b7f43461a24df267ef7980d4b145deef4d25ed844773871d93054e3d045d18da55d2a0e1c80c384599e5ed6e767c302f253da38dc12071e31fc59222ce56b35e2dd48c943059b84a6e94265d5d86f28d030cc4394db15c543d8b5d2e3c193707356de49bcff5cbaab6181cf9dce44253d1800dc7aa90b9d161678cf0651df4609f07f0a262512ce8f6f49e5270aa132d34a3e7d22d14f6f37f15cd4df16b5230d74874f25a96890ff2d45d345f399900a539354eb303fffae33b5edeb781b2e7b5a7b5cfb12dbb3d4070e1da6fadff680e4680a16ffdb30c2032bb3deaa82b6e13a99076b5b6423b6cf549c78e88839007e1fb53ddd68eebec55de40dd7d8f33faba0fd3f26f80dce77016e207d987e6489cc40900f3c94cb7b237a1d15e0ff0a3e27e8cf4150e242f3aee32c8dea597225ec9ecbe3d12cbe4e20ffb418a40e7425596e9b47d19ac7c44dd736fad1443a48e16eab9b115dce2da2cb2181a251ccf59bfb34e64928648a48926ed49e8a9ed6ff4aeb3d91d5f612a4d22c14ec33fd0a5878602e7dfbb189c9a4623dda7ac5ec04839878bffb5dc0a8e576e30ed6c5b7922b4ff4ba6cfaa34436531eb560fc525e4087ac0916f6099c44903b72854c874bb771d51cd04f88bd4e781c6cbf6dec2073203b34187889625559a7b1391b60c557cacbd8a373a7d9253bbb067699238edcd950986a2cf44f17b492d122f185c87234403857b47a6d814ee4e904908259a2f1b2764748e8b2777ad3dc00ca94b82b6b9346ce73a05269e1ec6368bba8122a892471059aafbbc75de2e19b28b23c2198bdae09af668fdc74e8b3b00b4b905306defa0e9fcc39195321ad2dc37d8efc938bc28f54673bede07f7096232acde0726c582358b96d18d7406143e8c8e51bcaaec1ea7355e98b39ef17df86d843348a674caef80aacf589cd73bc580db6478833fc65e49f257ebde50cdf0691fb260764b9fd44b07527f8e78f29b7da9b1a40e367b47777d83913d560af9d4d64c5607d7232e7c857c39f576376afecf64699320ac387c16e8a5ffad985845adde828193b1095d07cb83cf0de14ea2173b38641e1989772c7940a4e23dc7584d9b4a2743fe78a696859f96913655e0cde54b5cc654a4f5606597159c95ce4329ece2b47c308d19f54301364a245a354af7e86ed4827d5ef4b33b0e61ce119476779ff00ab6dce0d4a9cb44ddcf25bac48cf79feebc885a03b5a97eba011b78fbe1f0bcf208d0a78e15803c07f7ad54a139d22c24e9a16079c9aa5c199d469d467b0ff9cdb803994559ea4defd8b04df47df7c5c02147346e2e2f05b11ad053a7c61e39990cb93866b47ff6037d8d4a28d2f0c518d1e878d42e4fc97722dffb7248757d1b95dc71c49054e00085ebaf5c5c4f3de7823bcb06cba007ad22863b36f8fbf582d67832fa7e56d6ed09e3c16862ddde28535b3d907d0d7f151da664862fa609057d7a133b758cf7dd36f64c03b4b89be448f6f48b7e175662881527e80fe90e9e4ddd4b2ab5f002393e5bcaa89689a04ea37b0aac48feb1ada3c69313189ce1f58751b2407ffc582080d66e2b99cba38575fe73c8e98819d516d75b54f3a81f04633b03818b52d74ec6aa56fbb2ab2529e942e5de1c34567293a22e8759cc293c8e949d1cefa7d875cc186a6f6ff6eada58be7c871ca87588f09d795334dbd766aa1e0ac5f35049d89d42b93370feda528e532ce744bc76ff75a02a283ff9b6574e6d8f5a61a245eda5af5e5d3ee3619bc2db3b1a883f465df8e36fe2a502b408c712e68a6f68773362a3519fbf8c3bcbd1206a8ae65ca7a4ed730373d8e9297e0cae5290100b7661b08b40263a2dec744cf4f7a6cca2d302d70bcc8869cc8fcf12c57c70b5739d8dcd76d48c519319bad6c9f433c0b59d9a8173f9a93b281d5147f072c63007fca2fc45edde5b8cab0b7efe7e3b9114ee85e7e9140965c10f91fe2c8509587019403b079530a0406e73b958ab691890ef7d0d19c433ee771765a6f33828ef527e7accd8fd266fb890bba9dd994057fe199687609ee20f500191b749831652517634bebb52064ad4ca83ef0421b06f721a4af4164e9b343df0d32335e1427780c46eacca51540a5c1eaff8bed74904cdbbd32442e5d96d28b1199f5c2084f4c61f2f0e46e7edda6ac2e5400b7114a965198213b65b17bde915487519972efadc50152237abd674adf1fb56857280dfd972a931bbfd989ba7398250ceb9980baca358fe866828d797a4120adddc3810cd10b00408bddd885715f02309c4729aa792a77e52ec6c87094070bc8590ffc3af2d0a4960dc0d84548228859239e3b888f2158c23ecc8c201b55888e2a80310aed2a15552ff9529aeeebc50f47351591aca2dc8d7b26acd9ec5cad0b1af7117a10022416ffc05b351be180d6c2e094ca01e9a6cf59c38ada2d587803b026cae6c369d0c0a0045ae69d92dcef285ad0346b0e0e54b1201466957da2609140d86cdf36810db51bb2033989d4495dbc6f0dd3387fb9eb255d047f309c80be33d2d6a5f1fbc879a1cb9b1c17cf34ac17474f34db6d4ccf9cc16884ba39ba200dbdb61dbc5c55c5fdbc03af54058d5dfe42315c7284890092c8bfd430c6d8bd931c741faac3c6e691d2b9b907b24e1683b908800736365986d59b412f7109d94aacf324c701a81d6c545a0775d2f1f15a10b4a00dd959987062b70d8cf1d7d4906968b9bc92158bc468551c0c81df5636d76ae3ca01839ef51283359b58645384416f6a55b91c280ed82dae00dbb5377df891443fc682f3e47826e6d2d167b97bf2e3b35f683810ef1f9bd34c3b415345adcc7bc6194914aa0960cdd82866a5bae4df2b3cdfab98ef0886dcf0edd5e31f35ff538b0310df1c173b0ef427adde623b50a63caf89a80b1a5d1e9aa435b22358e93af0dcb1e8de4e17435b081250b30e68f3e31cd23683dfa176b6ee98cf4785cafd0789026b06a37eedafdff302ee4a1eef8eb7b3e7976553d16e2588e00de07e67108e3244c4387fe70e07695f611a0ba1a1439be8d46467efc9800a7bc9f871f577ea7c6584b6337abdde2a19fe58a7de34289933222bd64f3399dd70544a349d48a4f997183ee3963cba5fa3d742a976e30a8c60767a84e338ccf4ac7c2ebb99e23ae8e2f07e6d35b9c935c433b7eb62e9d5d342cb2ac1486e2bf406f40381040b22a7059d103bf05cdb66c2854f9bf6901c49426745f74c92e8709cbb4b918108c95ad244c9f4e289fb07cdf499460178a102d13b52321d8ecae98e732c3c3a4d0b084c33e547b6979d545b7c0a1c520ab07cb542c5ecaa1f4a316c20e779770238cdf24ae9751e18177fd8a7b364007e153f1d1d09dc08c2f83caf71fb1d576f48a2d8449be4836eefe3bcb3e4856f63d908d40f5f5597b743b481a6b04fe60eed1238a93de8222983a1183980162e52ccb07922876587804a3b285b30b41a62be292cfbe2ff06150c57708cc96adf610e8b8b6ad1f8ea498bd0e25de0c2b0ac1a64123611bbb35442a53f587053839b8a5854374b86e307abba90d5e858f83b436d44a582384e3a45ff84705cbd3e9721ad6c6ef22c47723c329c9af03266f814bb3e55ea7b93a4f73bf4dd2bb5e63b25f269ab7277f5be3e3385c586de85c8fb95e74a613905eff584648056e09ca2851cf86cceb994f1d9f199094985e36c54c427bfa393c4d285f0eb500013b656aed0bdfbd1c5650cedfb9e0ea707f0048ef55b355918d02f70d69eeac1a15906f8f1adf2a2ba7f27a3a107159c1e754b14c1e72227a3b09f"]) syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x8, 0x2100) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000340)='./file1\x00', &(0x7f00000002c0)) syz_genetlink_get_family_id$tipc(&(0x7f00000003c0)='TIPC\x00') [ 361.069986][T12869] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 361.080904][T12869] CPU: 0 PID: 12869 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 361.088909][T12869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 361.098970][T12869] Call Trace: [ 361.102267][T12869] dump_stack+0x172/0x1f0 [ 361.106597][T12869] dump_header+0x10f/0xb6c [ 361.111008][T12869] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 361.116833][T12869] ? ___ratelimit+0x60/0x595 [ 361.121411][T12869] ? do_raw_spin_unlock+0x57/0x270 [ 361.126522][T12869] oom_kill_process.cold+0x10/0x15 [ 361.131635][T12869] out_of_memory+0x79a/0x1280 [ 361.136321][T12869] ? lock_downgrade+0x880/0x880 [ 361.141161][T12869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 361.147393][T12869] ? oom_killer_disable+0x280/0x280 [ 361.152580][T12869] ? find_held_lock+0x35/0x130 [ 361.157337][T12869] mem_cgroup_out_of_memory+0x1ca/0x230 [ 361.162872][T12869] ? memcg_event_wake+0x230/0x230 [ 361.167887][T12869] ? do_raw_spin_unlock+0x57/0x270 [ 361.172987][T12869] ? _raw_spin_unlock+0x2d/0x50 [ 361.177833][T12869] try_charge+0x102c/0x15c0 [ 361.182321][T12869] ? find_held_lock+0x35/0x130 [ 361.187072][T12869] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 361.192605][T12869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 361.198838][T12869] ? kasan_check_read+0x11/0x20 [ 361.203674][T12869] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 361.209203][T12869] mem_cgroup_try_charge+0x24d/0x5e0 [ 361.214472][T12869] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 361.220088][T12869] wp_page_copy+0x408/0x1740 [ 361.224659][T12869] ? find_held_lock+0x35/0x130 [ 361.229407][T12869] ? pmd_pfn+0x1d0/0x1d0 [ 361.233633][T12869] ? lock_downgrade+0x880/0x880 [ 361.238473][T12869] ? swp_swapcount+0x540/0x540 [ 361.243221][T12869] ? kasan_check_read+0x11/0x20 [ 361.248051][T12869] ? do_raw_spin_unlock+0x57/0x270 [ 361.253153][T12869] do_wp_page+0x48e/0x1500 [ 361.257551][T12869] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 361.262928][T12869] __handle_mm_fault+0x22e8/0x3ec0 [ 361.268030][T12869] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 361.273560][T12869] ? find_held_lock+0x35/0x130 [ 361.278315][T12869] ? handle_mm_fault+0x322/0xb30 [ 361.283242][T12869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 361.289472][T12869] ? kasan_check_read+0x11/0x20 [ 361.294312][T12869] handle_mm_fault+0x43f/0xb30 [ 361.299087][T12869] __get_user_pages+0x7b6/0x1a40 [ 361.304032][T12869] ? follow_page_mask+0x19a0/0x19a0 [ 361.309232][T12869] ? lock_acquire+0x16f/0x3f0 [ 361.313890][T12869] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 361.320142][T12869] populate_vma_page_range+0x20d/0x2a0 [ 361.325598][T12869] __mm_populate+0x204/0x380 [ 361.330196][T12869] ? populate_vma_page_range+0x2a0/0x2a0 [ 361.335827][T12869] __x64_sys_mlockall+0x35c/0x520 [ 361.340844][T12869] do_syscall_64+0x103/0x610 [ 361.345420][T12869] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 361.351291][T12869] RIP: 0033:0x458da9 [ 361.355180][T12869] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 361.374787][T12869] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 361.383195][T12869] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 361.391153][T12869] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 361.399112][T12869] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 361.407074][T12869] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 361.415055][T12869] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 361.429313][T12869] memory: usage 307200kB, limit 307200kB, failcnt 1881 [ 361.436369][T12869] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 361.444328][T12869] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 361.451189][T12869] Memory cgroup stats for /syz2: cache:0KB rss:297520KB rss_huge:235520KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:169684KB active_anon:13452KB inactive_file:0KB active_file:0KB unevictable:114492KB [ 361.474269][T12869] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12868,uid=0 [ 361.489747][T12869] Memory cgroup out of memory: Killed process 12868 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 361.504065][ T1043] oom_reaper: reaped process 12868 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB 12:47:57 executing program 2: r0 = creat(&(0x7f0000000000)='./file0\x00', 0x21) ioctl$KVM_GET_REGS(r0, 0x8090ae81, &(0x7f00000000c0)) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$KVM_HYPERV_EVENTFD(r0, 0x4018aebd, &(0x7f0000000180)={0x3, r0, 0x1}) r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FIGETBSZ(r1, 0x2, &(0x7f00000001c0)) mlockall(0x3) 12:47:57 executing program 4: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snapshot\x00', 0x0, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000300)={0x1000, 0xbff, &(0x7f00000001c0)="75f1481a1c565566bab7ec09a469715aceefeeb16076a2912318c03d915982c417b677bdfd4d5222a87573ee065036a33b3f3752", &(0x7f0000000200)="5964172b0d819a41acecf32d26995c77051e0de7e51b346b3f5204905a2de00aee089e8d561f0b6f6a24661512130bb20ee2099083bc498b09d8105f0634a79c86759ff9d368c7e710d631baff2365ef2da74b9508b72fb50c54456636144f5183f1d0897a0159a2b09d50f1fc82467ac1ad12cf20cc1ad77ccf46b3ff45921afab0f72364db57825798346799a909f8483a732b4200a6adcaded7abf64651c2ac4e3a411ca17b3be86229ed", 0x34, 0xac}) ioctl$VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000100)={@reserved}) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) fstat(r0, &(0x7f0000000000)) write$rfkill(r2, &(0x7f0000000080), 0x8) 12:47:57 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)) sendmsg$nl_generic(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x20, 0x808, 0x70bd28, 0x25dfdbfd, {0xd}, [@typed={0x8, 0x43, @u32=0x1}]}, 0x1c}}, 0x24000000) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f00000018c0)='\x01') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) 12:47:57 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240), 0x0) 12:47:57 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x3f00}) 12:47:57 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000003c0)={0x0, @in={{0x2, 0x4e22, @remote}}, 0x5, 0x200, 0x5, 0x6, 0x39}, &(0x7f0000000300)=0x98) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000340)={0x6, 0x3ff, 0x800d, 0xffff, 0x1, 0x1000, 0x1, 0xa6b, r1}, &(0x7f0000000500)=0x20) r2 = openat$rtc(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rtc0\x00', 0x10000, 0x0) r3 = fcntl$dupfd(r2, 0x406, r0) ioctl$RTC_ALM_SET(r3, 0x40247007, &(0x7f0000000600)={0x1d, 0x25, 0xa, 0x12, 0x0, 0x4, 0x1, 0x8c}) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x0, &(0x7f0000000000)='./file1/file0\x00', &(0x7f0000000040)='overlay\x00', 0x3000000, &(0x7f0000000080)={[{@xino_off='xino=off'}], [{@obj_type={'obj_type', 0x3d, 'overlay\x00'}}]}) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) ioctl$KDDISABIO(r0, 0x4b37) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20020000}, 0xc, &(0x7f0000000140)={&(0x7f0000000740)=@newtaction={0x200, 0x30, 0x400, 0x70bd29, 0x25dfdbfd, {}, [{0xd0, 0x1, @m_bpf={0xcc, 0x12, {{0x8, 0x1, 'bpf\x00'}, {0x38, 0x2, [@TCA_ACT_BPF_OPS={0x1c, 0x4, [{0x3, 0x3ff, 0x401, 0x8001}, {0xb92, 0x8, 0x4, 0xfff}, {0x4, 0x2, 0xfffffffffffffff8, 0x1}]}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1ff, 0x100000001, 0x4, 0x9, 0x9}}]}, {0x84, 0x6, "1586efb34f6114baef3854a98092065f30ae6777a69b19fe49cb27fbee640f4524933a58511d7cff1e1131ef2925c8ca04ac0fd2c3fbd036b4500987a66ad0d46f7e8c69ccb7909afa9c0305fb33f67255c1f9a9370da322be258fd08f8c73eee95c76d2225c0f5aa049d67a9354766862af18807049a63492e14c5090510681"}}}}, {0x11c, 0x1, @m_skbedit={0x118, 0x1e, {{0xc, 0x1, 'skbedit\x00'}, {0xc, 0x2, [@TCA_SKBEDIT_QUEUE_MAPPING={0x8, 0x4, 0x1000000000000000}]}, {0xf8, 0x6, "458efd591fe99d97294a4b0072726f81e8783e88431d3a835c146f1c2397a23bd2f5d1b43deaa2f31331d597ac43748d22f605d8fc29761b612379783f2e6dfcaedc7883d84f95a9230ac9e0e3e34959e4ed31696cd62540f20d6cb5f8ab35ef3151a2f435661c0b372bbbf4ed16e74a941de837ffd7ecc8bd41721a2c87fee4718d9499807616da717b27eeaa91e76d679c1f7d7f9fabc39e748107b2f34ccf4a2a0f15086797145c7eeaef89a740d3a449ebbb87b463bfdd543b8ecf4044f275b9b22fa9a1a3f3098a2852a7afd9cad9a7e3420d80c6e8d7877d21e18b16f6fac6fe166f3d674cc6a7165e8a8a53c92039"}}}}]}, 0x200}, 0x1, 0x0, 0x0, 0x48044}, 0x10) getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000640), &(0x7f0000000680)=0xc) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000540)={r1, 0x88, 0x2, 0x8000, 0xfffffffffffffe07}, 0x14) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r0, 0x84, 0x12, &(0x7f00000001c0), &(0x7f0000000200)=0x4) 12:47:57 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x27, &(0x7f0000001fc0)={@multicast1, @dev, 0x0}, &(0x7f0000002000)=0xc) sendmmsg(r0, &(0x7f0000005cc0)=[{{&(0x7f0000000000)=@llc={0x1a, 0x339, 0x8, 0x4, 0xfff, 0x3, @remote}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000100)="6d16f9f2cbbfe09d2d7f85e7a273942d3f939fe9ca02850793c3b76f96766ce06353544c3020530792af06bdcad1b4fea7635889846f41de0c1be9694a6cda", 0x3f}, {&(0x7f0000000140)="ef9c6b490e1f7ccfb5056e0bc2eda5ee9df7e6454ae4b4e296fbec1bb9dfd9cf06022d448a2d83681f6a6fde31f3c1b2a901d812a36521e823f5187fd8bc9fadfe94e9e87c8d1b847025cdbaf81a29ceed809501ec2e91238ccd85bfb68a0f5c7efbc24b6d015fb1acf745c28c077f25b215255f18d6b069922ff8fe0c0bf3c7f827d4707237b87640e91a12434120eafd10647efe8e0e38d4514354fc8f8921c6e354c2c2aefacee27e14697c4b6fce8a76d6b06fde5b5e550eaad0c96d53a67eb8db9278f6f21ae2055a24eb557e5c228bb3f19c8e2492225e35f029861da6537ff61babb28e74c66916037d533c97626497751915894723168358113d77", 0xff}, {&(0x7f00000002c0)="337821ffbead4d55bf608ea57a69583ffa20fe4f1c2054ee163f36e7706b21fd411be43be8e58e6a73b94d369b79bcb3c912df345b44097a030c631bd40b07ab47074246cab2e3fa26775d0fcb5835fe4a25771bd9b41d56a7c8527a012809fdda48642cd057a98b7b2c6dca9c2573da3c5ab1ede9ca499e607b42cc965576c7d418f26c5f250cfb2e4322921bdd20f936faefd72a5ea44f1d96c89028ed8db22c48e61205d455fcf270e56e1efb3bd17db1d8879e6a5f404b3d946670b5b3a49d37a62741e2b4b027ac386813d3cb156039a30bf4cdb52e5fc4bc", 0xdb}, {&(0x7f00000003c0)}, {&(0x7f0000000600)="483ad64c05980f0fffd134ee7570c27884db9d8648e6aa670e00d5411a77e8d3a3e41bac82f4877441a0e9e681e273cfd0b160baf86e6960ac9ffbbc745c24ffdabe2ccea107f762aa6c757a1054ecffc62378fea05525e1e099b189f0c5ecd31c1972e36101d34cb70b0b7e2d948c1b89e64f61b31c2d6601f9450ebaf4a0475945f3ea8eb98c616ab5f7699f1fef43242d180e", 0x94}, {&(0x7f0000000740)="a6340b469aa327a01ec78734550935b87d916f047e3f574eda777e1354831a257a0700c13f1a720ae1b3880b5c9b84710915b0f15f166d23b41876783592a1dabca9faf5cb9df6fe1deab238384a62a403d845148b23cbd904b50d5691d412adae33b72b300bfaa086d2715b8135b6cf41a206dd4330bd9b0992d6480e2057dc630b8e5a56b558c5843a32d66c68c7fb13e35a70a4", 0x95}, {&(0x7f0000000400)="9843823f7902919f573daef390643abe0548c7a37b9dfdc98e4b021e58deff10169b69e2bff1003de78c31891ccd8f4b07aa79b1ecc4096c285e33d649eb545d61ed32a2b90778842c5ef582c738", 0x4e}], 0x7}, 0xb7}, {{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000800)="74af67faeec045a861143f7ccfcb975126628a9c600b276015fe9dd1c64ff46ba7c05756f0b2fefbe2795f8438c5e1ac430f86eb9e561dbe48c5387d409cd716cb197418bc2f58ce61bf79f12b3a5c90b2196814486b184547cfde1d1d062a74971a3e783259ced89c0381e9c22045a5db6a02eaa0f2f6226d7b9dd040f1d0c6d3095004309a75aa9cba2584d46609332ecad1e2e9e3efa5dc1d641d4a4d497aad559287d6765d", 0xa7}], 0x1}, 0x3}, {{&(0x7f00000008c0)=@in={0x2, 0x4e22, @rand_addr=0x10001}, 0x80, &(0x7f0000000a80)=[{&(0x7f0000000940)="7a9af7a953bc7130cc5d8e4ba434cb8f6894585071b5e857000f3cb8c120ff8d9007d0e347fffad36f707a293375f1c0d328004609df25ae8eecc6cc47db03a9abd899b59d439d6c1869882df163e80b8bf9c97e7277021b36df7a", 0x5b}, {&(0x7f0000000d80)="37b7769b272e9f5eb553c3b3a6e9a5f49785432a0dcb70df447b32d0f0d1ec2b70a41306283c6c1ffbe266e441951d24860d155f15744cb9f079065395ef53f9523958576d993054ae2274c45212700e3a42df96fae0032da5383a66548f49241bc150c518700a77f096c24a47f19205ed7b5ae6e4238106373e978eea17fb924538f497025a67da6ebe3edaf3473e464a4c90a4c02996fa1ca370acec7ebdd6edf13174e49395fb9834dc61ec02bbd6cec1fb006d6904d4f128000eff9428e864882a71262f997fd63f34631bcb1317d55853144203b9b368c1ce8354d599d841820e6c6c828683e2b64de52a75c0d7403e67b120605918e19a35a7b58a4b4a41e81ba1943361316803591e6babc22a9ac7027e46a0e08c23bfbfec11dabfeee0ece3a518406e2ae7bc005e2ee553b4647a6c1743b1e16acf04bef4dae80acc8b81fcd6a5bed561f86d48d2ebe716b683ee9a647ecdae2ef180e9c3b8bdb9306591339195f6c37c8c2a71004700d359ab0660a7e2d6b8d0af6ed75f225dbdab7a0538893fb3854180296ad1ea7aca15fb598060af48a236b98cdc450467df5984c27fe97298c5997c056590f1915927d8d891236b060011996974cd32b3d5c427d2f296761705bffa76fd661833c3f2b947720e61cb0bb6e3f48981ad967969a95c2ec97204d4fa7f11d5082c9f9fbf30b2b194abd646a8b2956f9875d1378733bbd95f5a731ccb49adf7c3f259be17d9aa7c73f106e94989691296d72ccbc1b82aced2618ea0da5f932f39154550b1afb415e3eb211f93d875a9c62b76c0575e0f5205cde0f57fd6e86e4621cb4cf2d8177ac6551735d87c2f4cc20af9b34d6dfa8ac1931e2c6481b5338fac5eb251b6a9bb415d06d508f7bffb61d1342c43fdbe0d89e34ff5b4b2155219f53f8144b990654efd8c6c75ba867c00c13e741c4e53b0eef9e09c50592e502e5875761a9b645979ca76c66bd2b76cb9203bb675e9299da994757ef0a85bb3bcbfc4b8c34081b9d6baf81e3dfe9105e77d13c5082baede7568c8a67a7522cf7dc9ebdcc4b53a01eef208fff19defbec186e9758db16127952741d2dfdd8ef75c9b31a805482fbc46c95f480ef349bcf7581a4223a0031ca2a28a85c089bdcc2d61ea44a1190b3f11d61a42099c2e16840eaf1d9233be20816671a50249265bd43beb4d0095c6c0736626f9d61a0c8f23d06d168ddaf3b80ffab6489edbd64db86ecc234d147079d06273aa502341a1456a6c4d923e9a4fd481cb30bdc5f71e294625e890be6ad5513ac5b9c5b970092c02ff0c0dc5b6660b0cd3ed65e3025867e7d7f4f80ae8b82fbba80e8ed042f108eb11a6dcabcef5ef6f8ef2539543b7b3baf394627b4ad0807f4c452d5e7fbad6197d7033c9790bf8893f399e666863ef624728c161ac0e8dbd0aff60065167d3e4a845618734247487b7a27cf70380b053e0114e654385929c27536b48525c290f71f5cfd83bc6325ecf1e4384f0afd42b1b0dfc6a12127d6eae4169b4123e7ac3db53edfd48d4b115aa15c11b71364223ae6f4d44e552cc57ac1a5797b8bfd1a5737381bc6e261be783f1438412cf817c8f84ef385667aa15e300d107ed6c24e53a8edc77e343da5e024e0ae3537ab68aba1dfc47537d3bf6a15f08336ebd49a0077d46a01070a2312f4590ad27b72bf84ef1e424407dbb2341ab6a9430c562619b2562f394a94b4de70d904304d29e669e635d86670f52f54596ea1290a589e7e737912089d3b4cf7501f843b198b0169bc22ac32ec70984f6b5f325e369242ed7637615129a076d5a5b588e567fc0495bc2e0c5e0aeeeea4e23743363bca0eb0a56fa7703ed19081a18fbc7fc0e1ceec83436519112802b7c0c1dd489d82de7f02438aa48887a461528b68c838f0766a09f0927ff37c7ba159cb3b1d933bd2b983b20af6c7a7a0d2a8bf7e68e155a024e78bcb178b5ef7a2f91e58c4009279bbfb224f355f909359ba3898fd41bce0f29dba7e7b7f519f5a00cea38f9d78965a74d51ba68d4e3ac9ba3a82f8e43f934ee08120d6184d6c92b055f9c3d4a87990edcccd8dd4f77716bdf8640e2e8342f85e83ad26c640bbef83830d1e4493c0ab330a1f7d53b911e25025be130baecafd078f5fbf6da0d7a893bba684cde9aaf22a988e1293ad3dc715b99f57d4b50fc23cf6e5fcd4155b07ce82c9b7f5e6bd1ef376eafbacf1d7cdca1b8b8eb1677937f6cd14547846d664d48777a81d2289a5ffbfdaf5c899cc0641b738638793b7410b185e4b8d6468545752e07f45774b0ab01263d4b73be7f5d9193b63189879e3de7a16434fe17a16095d44943b824ccf81d51f777ab14be997216d63c143443a9bb1d3705d268b87605589ccd4edfa96217d9f0bc690bc40a61275c6f3cfb38d5f592360d342c90c7f33b61ee60e96ca86fc481337c6b59bb6e8a716cbec7171dfe14233f88655a713de774ad07cd6ebd61601e1646c30e0d021b844c9bd4f727b078f5751031327d2e35ca9f7a5af32c1718066c990c3dbf1ae9e21f78d6e8a007cec85ee45d1587dbf0c9bbe0aceb2185c20208188f3dbd0d2b306d1dc509354dbdd5be0dc56213c6b4495d75fe5ecb118c5a19fc54e367458b281231e8c45c89bf2c76660d9276574057ef5ca812d887c6987fc044a0e19e038587b4a0d0738bc607eb3a5d0da2d1c5f673d27491f4385ea5514d0631ba5c5cd0585fa6ec012f6fe209f8d691cbb647a0af69fc2567e16666c080187de02d91db2cd5b47f486c3ed82784232060bd1300902c689474f6a4feb18742561bbed9c976496337e564203c3722f69aeba1fbca7b935a87ca42f2691d48be01fefbccbb907b16f649654917132f3c631af83b155cd6017c44796ae0ca58bdcdd6265dc40d98af49fb3f24798a426237431eb6262da711e5c46cdfac18d656c8f50e1cd2b1ef1031d45c582e6714d78876eedf107aaa28793ad7449311502ceb656fa8e5044924cfd6c00d83342776dd1e22aed806ade10b6ee46be9664a427fed104dbda24058cbe146e693d9d570c1890d3983e4f2869007e13a81d709b73aaf5a89b00dea66f4fdc67da629bfb4547932d6dea380fa06e7ffdecc6ca5b93aac3f3c7f1aebde0cd7ecc61f3c06065ef30f348533a0865f816fa98a4ce60380b2f374448918cba57b165ad9fdc829a2ebf0081d819b155b54365b98e74be1900d027737dfb0d60342e77af73c8500350656979a096f24790d235506801ff347c54155aa52570fd671d6af7714f6e884c011884c25f70557b9c0c158f5f59c1ea6cd9022e5f5bf2fe3d98f1e357e30c806dc83c9d97f5dcd93347b6e752a23e48a91722cab4ea15029b2ccbaa34382aa199a39485f5f3d50e6efc6791c416435f80705ce50dd9681123cadc9cec35fca5bded9099e4e2b7a50a449efac69132ecfb53ea6a1a9fcbbdec5b7f98f9c6cca0164a4e7250c4931058a2096a27da21b9a045ae9108b45578fa72b55327a382f92ec962bdcc2feb7949e8545e081a7e7fcf794bb39d470f9ea477695c5a9f3a55277eae716fea9bfddd9bbac2703f9e3fe48c0607d2887168ac4186590bedcad4655a227a1dbd63de5a94d3a785503e1629832c370bdef6de54cfb7d8aa4405405d842e5d7baeb83cc16d460fe564d04439adbff95882eeabbdafcf87aec9088bfa1970bb63f7c8972d643ad67f37f2fc3d3971344f076a733dc4c8f9eb18e3edcc6a7ce03accae5c994929712611059d1775f47e00fa839900b6951bc7f78a754ae2e327562c25beef2e9c59f248c55d877b08bf8ae8000d7a9d2b00483f1891caec5b851c92236922259c849bb87d139aa49a8314adb1ff2130e55bd185bc13e48dd6197f197b33cfa91929f74f92640e0aa396b348ddffd7a325e1a504230f5357a78aebf6578db25c94d9f7ce4a200dc28f7d17cf2a7855b80e56bdb587315d52663e1772e6f156990840b49f889ed83d5bc1280e8ad2aabc88a417fb3f7f0961d6563f71d70dd8fd747638d25f247791dcbfda260669926efd12828f939f44cb75c9aaae483211772e4445c7c9e8a36d977bb8d43bf71edce8032682886855a6ea183696a84ca89e2cdae91f954803170f92512823cbc780ba78dfbe6d16a59c3843ee66661f951635f46589d1f74e4d113273592a6347e111e44d0ed93315c408a0a567c1335521748db28687c1a8edb7107f2194ce95fdcfc0bcc66a16c73f2a9076e9bc10fb98c2b96224e53c943162d3f2d72aaefe9c45f56ff3e540419e9488897afde84476adec82d7e11e533dc1b22aa7b433e921f58ea0b47e606a4c34d031aaef832a6f222630ef7f27870bf36ef26cebe1641bec2fe43798b7583aeb17e10377c4baff1a80be867afee8552573ad4f107b853259cf156327769326033caa7623e4055d317d5220cf881b5ad348522c16e47397c03a2210ac3f42c5e7a5291ca2868bf2746d636498a1eb71ddf5e72d750d0c6066d71eee5fe2cc21748b410954f5391d80afddbff296b4559580d6dd1213bf64ade4bd7e05dc00cf08853a3bf057c782b7811c3ffb066c96f857b80feb0f081e1b5fa69664442c25dde1dd2d8e2e07bf6ef5e1c253718ccbad3b8afa82bcd780a48aa0fc9a302f7758c900288619cd8af6484e25517cbb4a5e2f70897868757f76e62b9b69bc0abec2de545e10e66975a681471dd8190504cf598df3aa00b40fcb03bbecf353b55d2562786d90ab9a7d45e36f869ba6c20bd1ae60cf035f67e0e0cf94d185ce568fd01179f4dcc2d81a1c419d6f93353922a32b0bc4ee899c03a3ef22e9521cea7198eabb491d7d8d7be884d9baaf746c9e970fb3a3ff5d4314968c5892d3a213c1d81d67be3b4dfa80e69fa97e02d774a8e15ea14772f7542630132f714f47622a2f403f1f0f238adda8f3ac8756a949983ab15966230f24af95ee03a49840ad46af3eee505c839d24f9047f3bde676b2bb82f0a00e945bec2384eb44ed8f91db50f9b91f11a17d30d750a0482e3d87d40b9dc222a8bddfadf7f334717587730c3fb039731ccdd89e9fd396ca36d1299b1cf320fe91ca6d439466357a1249f483fa546433a04a59976c93d28a129879528311849a31c9f47e072a5e754d6ed3566945b295ea747c615cd639785ffe90c2841fac92e28b5e4cd98bd061bdffd717e02d4d5eb4818f8ce39e4ce9210e928dde08b47a73a8199799bdcbc727207af57b688132b68ba4c5d955502d391cbf74935756c7839b08054500bf2d0e4a5fd87d58bc4d52b784495a38233eef95a923572816c560372bb5b17cb0458c6997f214d53de0becbf01991cf952ac5673c28b3c966c635d58f3f3fc07e2df1eaa98efa709385ef612633f6215feb6d58d5ea335e668a404c97c70f232881a5ef4a775c5e41812825350b2609b63422dc50e391ba3137230c4fb954993cfd0f7894867939c5f8e171466433f2825ab12b16af56b3040c5f6ec363e017a39b2d1590efdf13140cfccda1a3e28b0cb38c18237938604e4a1b71cb74cfbf90f0131fa97cf069658da04922b9b5eefdade24d50240c780c88ffc0c28c3c1e5d1c1f5c6365e4068f8e842c50edf5cfb535819340381061747167ad09b3d1d3a369891f84bc75aaf6a393b11daaca5fd6b96062dc890a2e150b35ec77bf884c66b960be3dc3b102dca79c380fea3dfe185a3cd23380630f107dd592fc3a825759c264e7a359a98a45497b157e9da93a575f5a693437a3e5840ab565a48935291874dfe47b77df374f577c79fa7156", 0x1000}, {&(0x7f00000009c0)="ec3a89cd2372f4a3b21a702e69074300b92cb1bbd680a036005ddf9e4a9b8dfae4862a4f0969dad48d3c5e69e91e366fea420667a80fd215addc9f9ab4815fd2d9b5e99b8ca136bdc9dc7b989716fd823b0025622972d46a17f4106b47668ac6c23dbac6701068f6570e8cb71fea6810f7d6d14a7970acadd258582e1f0fa96fb599aee77768a0c05779aa5717544402a454e9a97dc2f75fe6e40e6689", 0x9d}], 0x3, &(0x7f0000000ac0)=[{0x110, 0x112, 0x6, "f7369ac093b8387abdb7588dca8dc4795b5dd53687c7f34b1ccb667d4f50b6cfa8a709c53f7bb7c8afe9e442c7087958d68fd38492de235b37b1ff51c9e5831ac49d696866aaba41b2905f32d7c239aefec15868080a8907d29ff5fcaf8ea82eabee078f7807842c9da36152b36fa23302fefe310968f55565853c46d60c8f9d1f5fc8c87ee48d1425bf9defc936b370548a4809a4c8bf2d3ac50f9a126145a4aebedc0205c1232c46f9cd225ee2ffe7a2a14e4a1f5e8be3b71d5aa9f87767ae640483639a3e56c4330036084a689e73bfa9a1441a3b0d8627fd7d7c0b1c96bc3845c3abd68445888dfa8b749d8ef81c8de32408d11bc7cd220acb0d13"}], 0x110}, 0x401}, {{&(0x7f0000000c00)=@nfc={0x27, 0x0, 0x1, 0x1}, 0x80, &(0x7f0000000cc0)=[{&(0x7f0000000c80)}], 0x1, &(0x7f0000000d00)}}, {{&(0x7f0000001d80)=@sco={0x1f, {0x1, 0x54, 0x2, 0x4, 0x5, 0x4}}, 0x80, &(0x7f0000001e40)=[{&(0x7f0000001e00)="b263e0d1e2a8a3e57a022ee42374", 0xe}], 0x1, &(0x7f0000001e80)=[{0x50, 0x0, 0x9, "f9364b2812c9c6474cb8d57c9d99e79d926ca90662cb4b3b058fadb4de27466bdcb55a57c195f00c4fffefca86c1eb8a2c4659b72823e719c5b7"}, {0xd0, 0x108, 0x100000001, "e98844370c721466178c5bb6fbf8aa7aef3f4af150b9ee71d478532d51a9e54e044c0f47b937bd90a9555605f800917e482069a6ce9dda0b9687c6075cdde0112f5d42742f37cf922ae8bb3070b9a595858b6ee1152f31483e790a91b4a4e1a643d14129f694de362507e11d9f45b0e1be9cddd807e2dc3807ecaf08ca9d4d443f79b253d5f7e172b4e5e27e70c5232aa6ef9312cf99c31c4b7b27f8bb1abd5fe39bbc646c9b08bc3c8e8478b635f535a528946dbcf22081d1d778f9"}], 0x120}, 0x2}, {{&(0x7f0000002040)=@xdp={0x2c, 0x7, r1, 0x2f}, 0x80, &(0x7f00000024c0)=[{&(0x7f00000020c0)="eaa0b94c4300ff40946b45064ecaafc21ed2dd29cb56173e1c6adeded9fefee7abc6728f17d7026ec3f5bfbb06a503872382736ce894b20ba2e177ac562b50daeeb6f9a274ccf67e949c38f37564c0c91063d5358f666b8da4414af81b91a4e784d9ef8a7d393ed1e2f46f8d69ef4dbbab56a8b8b5dbe351902a3d60ac3302ef0105cfb5f847513dd6ad8cb5452223a84a20156110d83deb26a0a55f6eb26be267804dffda505374ed8e4aa11ac33371f9afec78210d5a0e60ab4497b4dbdf228e7baa69de6e38a81b8deee6629ed1315458b7be66e0fea2fea423822adf", 0xde}, {&(0x7f00000021c0)="e9e45dca79c086fbfa487ef40f11fdd99505154286741355488df37dbe97b4b4199871ecfb4cc999f0f9cec8eb9fc5ed9c04991d26a8a2260e6e73eb723ed28ae75a2275acfb83a7e0a4d715252711b0710ebf48ed539f08ab935227afac65526ebd78fb96489033e84c5362b0831170dfc349a164977c407f266539cf1ce9ecf87c9bed9bab", 0x86}, {&(0x7f0000002280)="1c879e9a3461d00d1d2697ef4ea5e96e4f2689619ac8abeba099096ec95426097e6bb1551951f34e15166e3004e1e72c0491ad46b4a1f06a8abc2faeb34881ae67acbb4c927c11c4c3c22e1120e59fd5497b11d369c9f6851ecd8d503fa34cd9b5d64b58bd866560bcd460734d6fcd236e0b85a74eb2eff1358fc548bc37a9ea532b4cc72cdd07ff9c3733c15b333ae0dcc6efba323ba4c82818e5dc49905ed06f85af977bf7974fd5fdde8803090627747185fde0d56a1530715610462a73fd8668d86b5546ad8c2a9e1e1a1b6b7cd41e3a2e20", 0xd4}, {&(0x7f0000002380)="6e8472d867401e8c5863d98c9c1ef242d482a7666f85c478d4878ec0eb8e6db2292b0649a0a52be78586752fe9913abbca2148f104d9c77e10b2f5869d81df28429c34fd995e129ba82956cc8ce8bd4a1e57892ebb7a6b359db6d49702300807ecf089e364ae987d1f1f7af66e0fc405c69f19229a3b588acba6823e60331656004f40fc6de302d90e63b36a5f8f141f9f3dd3a870a2d0ce893a62094e47be8b3415b51bb1b1241d59d8b42da95098d3055246680333e3d74e4ac2ddb8a9945e54ff7687873648c28481f78a232b2ceb9041492640eaaa3ba26824618eb9097242b8b46c16301f96f40ed7", 0xeb}, {&(0x7f0000002480)="352d22d3975155b244cf967fb1477032dc3091e9f418dfa01665c453124a3f1e816ef183c6f94c7a95671a4ce09824", 0x2f}], 0x5, &(0x7f0000002540)=[{0x90, 0x113, 0xdf8, "5fb17c09b6c3492df242cb3956f972e76dbc1c2115ec97f5ed8880a823e8c71baeae32513702e522503966bd2efb510678f13a2c0897531f764cad5482f118841a13a0e7cb3591ee7ae0ee18a48559491257fbbd81628cb4ceae6d2ca653441c73c203237427e72f4a13cc712935ec1404273b00c039464272"}, {0xa8, 0x13f, 0x4, "985121eb86fae14b41035dc181f41c4cb5923ffb050f7035bb5921162e88a76dd51e0b0093cbf3ec22b2095ece9a65e33684f178b47c1f151f6a2f161828b986fe420500947f5f091f2663b299df0e8c5b2f23c2cc79734e39dcccc81db67312dbf6428a42cc7d7bc249960969a243dcd966d6a0fb77131be923e1d824f6a7bc40472ae3284e5a341c913a27195a731db6c8"}, {0x18, 0x11b, 0x0, "55c75d16"}, {0x1010, 0x1, 0x1ff, "c6be200888ed246b340faeb0fec3a53bc482dc11b1041387c5ca13d17f3193a5c8749f1ab443db4d13c6dec953918e952c7ede9cd9e19e52ea46c0a925818e5cae759b800279fdc2725957496701bcdefb668f218ceee72ba727fd2a2ee893b910b8719be2f40aa65008a376e41c3074d68138c2396642878bbca861139b6baa46e482be6af25b080bc1efdc073f3c35b1c0be538202c4dda1547fe432c9d9dda3581bba2e3dd0f8dd2479a91a9c13f264aa79e5a0842308ac8edb4350a5ecbcd46078391465f8a966528be030aa8ded187bcefa028a301d8e2bdb96443a27c652345501f47f7d8f623e64d1796f0cb8ec4d487106421019e4fb9240ccea5227bec8a8d9a7550644f58b249ca327c7f8d7e10b00a0ac3ef8770f551d53b1fdc5f036252d8b10b58f917c8d5cff72745edf1e6d120222fff86f29b275bf401a0f3e5066a6b78790d0a42249a6cb76baf41adc70ec867a6b37ee7af1ab69de4e69327d58a8a6a7028812725d8e19a8c981d2b43dcae5f44c0663d26a302bb2ca9ea07cd47ddeac2846aaffe390915dae371c70196fd36f1a9608ccfb361e7904060ffeb6ab0aa5a2ffea429f02c9525c712fc544a1b50f8911fb3ae6fa9e36e8c984a3a57ff410bade61cda509cbf812c2dbe0600b0508511a5b6fb0597b958ec37109f48377219f5087be42f4befec126095835e98053899cb6c5f0fdb187fb68e70f0f14ea7a9049f5b1c4b0f740fc2e1d0053eba624d1c88e8c958e3fe703a05ead810678b3c8271b58e77913fa6d3d0c1a194e7be545d121cca3a7b6728f2a269fdd3eef3fd668a0bbddbd27cf981e6405ad7c8e7b0e2a707acd24f32de681b33be4f9daabe69f479c2aef6f0e1a12eb0f8f09acba2ec7522544ddc0ac4e91f671cff20dc0425fcc429cbdc2ba48f71c7f18ae5f7dff138d6ba8091120ba5cacb7f01be8d0318cef60166238da57ff6d9e1f4299f2d04926e86cceeb5d0b6c2aa0602696bfb6d9199fb1ca16ceaabe4abc65dfe63797459a092fb8a537a358a65d9fcafd60105ddc4b4bb798b8cb4084305c77863cff40a406a274be97dc647f25126327504b66c12f6f0b9ac479601361f5b0990d823cd8d1f41455e3fdd18e953a67519fce371a196dc638ccd41c1c2da88490a8d15753f6ef2cb43bc1c072621b0dcef975a810859d1c16c32b7c776f11e381ff58ba6433fcaaa779f657e70dde55d294bf03b69516704bba25bd62be3c85a618a35daf9cba7ea06cd30a48113c1a1a624ac044df82434f350a2db06383d1140db8b1887fb75bfedcc986478325d035ef4da336d612737fcc14d4391da4769654082007e00b7f4186448a7dc547c6e99b7ae3bb84768677b4dfdd21686a461be3c519ab84cfdc7de16d4b3b1f3a448b0e7e42457e9ac116546ebfc9c0cd723a18f6192ad7826a319dbeda3e3adb671c283bea8244096cc61b090b29c3c7c773b06246a0a7290d42838dfe04b8e1eac153ece30a7edbc00d67a6d9b1eea13f70a3b92aa6cb73e85bc690462510b020a62ff8581595ebad2a7561cb18a74b9c6157952b6e01834ea4122b138b8783fc5d11494e6b28e3f3eaa4a814573bf9857aa35d4e904c2356584f5b846be4c4b4386f40beb69716cd790da9e024625fb80060346b8ce78638b6df5f31cd8da27310eb76596d663cdf2a97fb2d8bf5ffb34b441abe1d03fa05a1654dc8101e177e227df44fbd32d07a8e5b98309a0dcff4801863cc0800613732c546d54ff05a78065d43925b47419196c5d98aca54cd99c18b220caeee87abe1d0b11b77b9dcb6436ba4e579403aba45889c2b795e7d7559ed7162d2ef12f4cad28733ab8ae95e87298a7ce6517140dced42d8ba6997c722599887ed393681f7b0c04c3651b99e9f80019676f2830ca0270715778288365da5709d5fb80aaa4406dae0f02b0a73edacbe565bdd0c1e131e723e7481381c0adf4e221f603c39d7e87536aa92a24a2449da7867fd125b222d6b77b11368555d09c694b5a6c3ca083acd1b4240702db1760944f02a049dfce15bd7a0df71237369a5da8c6910e45921eee23b6a4bd2480b47d153347445bfc723b0864ca3bd97c5dba3ec77b070e76165e141d627ea56cad9a7ac8b43b16d3df3f738d3c26f85bf0fcc1113a23f6e604b200def2402890f2f58e2c0620778f6a5eb391b30730a4b8babc685bf7c4189131af0c1256711d4d02de7497589a9a9afa99b16d004414c423500b52eee224a387df7f5ae23d6a09cde0587fb4cd5666f890d04c3f4b695992b6df85db4a95f01454f53e9a45e9990f3e16825d1c54d1104a4b7f27d2450f35ffd84eb4ea1a11c76f7566bf96ff6c258a0fb2049a07dc127254bd113edde738144dae56e22b373908862340e855662dc2aa053ed3f6a05e6c38edcd18547a277457479a9af27f5e75e24dbce35bdb81102705dfb880136461d34efc675a559d71e768acc951b4b8e944b01dc2cd883923a0244297e90428a43a08f284b8a36658f32c3fa90cc6ec185db46d25afb187c324ef2cdd6698ed6160da37046a4cd4d5cddc6036dc6beb509509a52f0fe9a49dd97004ed7d9baad27c0b5a57f74a1d92d4881a74ff07eff9af68ed76284df9e7d4247c5b3fbd403d1c58e70aef9ac4bcc8d33dd1d8781e643e9ba065f5b7b136ba7b2a23d468a7ba4ccc84392d0fb62e2f35defa34d81bd8e8d1579a7aeccd9b16fc5c83ce37ad7e08e1e8d53087eb092d67c18fa61caf878dfea7194ee74ea74c7e7869529c8eb13109891b4f5f3c195344b97f41a4bf611cd01ca7d439dfd5552928cc721666a689740e5ad83dfd8713fa934e3fe37e0d8c07e140f501ec1d531d1adf90092fda2fda15ee6f26c3838fecc4d644cac84cab3ce409e54cf278f94d0bfdceca30fa0f6feba3c00d5a5e642324befc54cc94061dfec7b8e752081d02386cb90764502ad0d3118cca286c08e07e7b03dbbfb844faa0b70591c4d6471f9eee543e7b7d25c6614967151f0b22082b525ff1ce2f2f5c71780dd528f0c2e95abd3c272bb02745cc452eb0742982b23f32c51617b3cc934d91762fde3ac587d079853f71dd35f9256c6eae4cd8edf5ee812746071cc8fb2f42eefe783378d23517e69ebd7fc3cd3a1072d19e2e2d17c90e5976f183efcb5f72a44e8d42aba0610e5061eefad044b251b70a29b8241a1342ee4985ec0d490b0dc70db7fd392894ab2a5265d2baad46cf383d2629cbaa0f4606d911a5fd60c26b449cf97d98beb0cb86a336f12a785538741cc149b083d7fe7d1d302337bc43477f411d815433dbb4c250b6afe30275592d46694970c9cb8a1171e0b9103893a099b5edd8905b88678f2c8fe9c1377f596a6beab80286b8abb53046c92192fc00fafee833ea4ee591eb4d532ef96660ebc4d2bae6cd232027192787b0b9cc74dc3ed34e4d99879fbcde6ff883bf16fb34eb83c2b2b2d00cdf7175291146137f4dba588610fd6a512e3e67732365a0060eddb3ab3116b6a41d800502fc1b64333fc8241858a9474bad76f1314e5063f47c726a7cbc887aaa95e66c3ad7cc27df2d4e74a530b4709dd18a8bb79edde62e4b95a206e564fab83ab7d9d9e3c151b685b686d46298341361e2958a42bf868c01ba80a64cb2423e0260360443d14720297253e22672e9505a14e3b3c9a746172b757cd8317be7821ba8406e32b7d4537a5b0963bc569b996b83314c0083262702d76d496db55521dd3247692b26a54164a65ce4e4050e847765f63a46390d36cc0e554d4c671f0dd1e6b7d1693cf82e19d316eac7e9058fd93e8d77b2919cddf196574f573e17f293989e284d7e6fddf0d6a06a19c251ce510dfce24ee7a76cd662c953a81928bcb1100c96a28fe72803e3f6a47e2a7163e044bbc52a31e7b951f03c5d9b0ad88a10b38eb4fde19df57a9c5095323468e43fc5584960d0f1944dcb8b5d83369301b51781a88089fd390d3a0de58fb7aa12aed975499db0fb72296744a4f18a61326cd8e4196a1e0ef9305047c341ed13508e645f20d48893a8d7339c1c0630863c4ea39adfb112a253de393d6a016a1092bc6e0e1318dffe938bb781232f6665d1a034a4e7497145817b9fc0dae22c7620b870694893a38bedc5716796a577dcfd0184a61961f27c44b61d2be6918032d3c0329d57c46bb2415b604c605b91b48f914b1f3697fb354d77b7842fdfa2b68f81b01887e984fdb9386cc1686c908b0d738144c603e1e3a867c55b0d4df6febaa7fe732b8018e0d2ece69eed71914aa88d07dc7c8ef6b6b3e8253e89e7229a956880ac026414dcd2e10e6f035812313865a4fe698f84404f5e96519c5afd97c1402c9ab51e30800c06c0e54f0c366bb7a2a3dc615501e43b3a5d7f9d4e48d60eb96e1a2269de127b7b9accf45bcc87b936faaf26fd0c67b0e75bd8dcd086de57b6ca5b29ada730fde9804012df0c224b5a8637f1d47a96744a128be3cb5379c7c435bee796cffd573bfc460d9d245a7890ee84ad29eac3a55019639e198ed83711f5487fc0b809a7ca22e56d6289025e7c1090c00f98cf2cac54c408c6e73b1012d2972fc9be123814e500e1e524d493b1c92943ae9ec6626f8541a56d6b24f27369cb8aff1118afb6cd1297646cf4d0915fdfdc688836fab603c166c6872123d71a7f8f0e2bd4b85a4f6485c80f253e3df6a8f980c3e2dda9816878d5b9d0823652973d5126f126a227fa09b573aa58d14cb33d34f55883e00d7553697daa4bfc5e7906a33cbb362b76ab1aa826d2e6b238130803f7c38d17dc300f28b4a0c78e8f441ff7eea0a58c62a96c137388936f4872ebb39ad04e37f765cfda791ec124cfcfd5a2dfecbfdb9ec78d7e2c95e690a84f28f595c92da783bf97fab074e8ece01f6935bd839ae8ec3569de9fcb16dabcc4f982630be7d0f79cf6d7731bbebc7a23a9a00e2c5ae43d87e37f2cc8db44c7b9d0911f3f8dd7e5bfe31e5b558d041b11cce72a7c8be3d72be72d4a68368719833d8d7b65decce2a3a427a730c5033eb794481ad9926b02742cf87b16c27ef641077a33695c6fde6f44388e8ea6ee567e927e8e8d2b4a6ae9c51950b744137b189b2f34df58ec0d2547f0b43e52474468435615d8457a8eeaf6f4b4163743c8caf7fd59f0936b5a00923d42cc4b776e4a872cd0cab48b76ef981169fd066c7cf8c3a4482dff3bee0ef459ab34c8c009fd811c33a6e70f1d3672063620c175012124e7870b271d5b3c15d6442b4f54bacab8f7080144c874781b548269abe39c171c659d7e7ae6b1c905e0ace771e135d66290c360f568111a6bf2f9ce6634f47c08243682766d60114336e8e48d1103af50909e667b7a1de35d0778c3e67b98c83ba7aadfcca54765357605717a2bcf9943e587133ff1b250062d29f5bcd5940eb72d074785e72f0b3b14239b399516161ac59c7b8e3170c044790d124070179a2d3134f0eca09c1057304e532aaddf0607bc47e496160ea499a4e594cfb22720d0cb8d009e594be5b17e15e7fd41c357c913d2124ad2dfefc8a16270fa322057db4b1fbe6435f3ffb541e1ec2368f3ba49fa956ed02735e7c47803f406057347228674c786e48470afffb0822d1fee07d46192cd269db865d43ca93aed8767b2dea0ca951911087390c00549e83b27ac1efb06330aed802ddc89694056ba64119a0d711198ecdde0e4d511bae33604ca1ee810f65e0524fd9f7fdcdf8535603ca4e669cc1dff39b5ee0d8c51b0c68af1fdf93b45b8b8eab133c5312c4c26e0c92bb"}, {0xa8, 0x10a, 0x2, "8e8a237094daec559522bb36f127a67ed0eeff15ee6b72a051a5363f153deafce8a266b91d48157adc0e4b3dc833d919874da44211c83732216b188b9a2cc30e5ba980e69cb68fba51f7b90cd68ee3c84e856e392dac20c7d2e82294214184730096f40b0c2d669d83af8cf2fb9091609360fae719ed98ed9ee5add5c7dd878a6664b5a7dc69d386eca4215df7b755415e7d5f5d"}, {0xa0, 0x1ff, 0x7, "4b25bc1feefaf6b7f20900090850abd1ba66523eb405729057ee8ec848787be320050a7e52ddda45810a6235ff72b05d32fe45739a195e33803b9313ac3d3ab1c243ff01923bcf7ae948277450a606738354cdd97679b67a62c7a81f091e0bcb30d720d5369ef17e6e70541faac2147bf1d96a30171e547cfcf9bc4b259634c7a2ff390bf875590709471574e6b4"}, {0x1010, 0x85, 0xffffffffffffffff, "c1901f933030290a9ed74f21a96521863d8cfdfe62692803c0d20e860332b069aac088d11c7be8d6d09ada06e87fb5ff2e9968d2559708976eaedf41b5ab4eb84df76e9576933d3eea4895b11736ff45971e612ce1d7618627b4e922a48fd138e0b90e99b3c0339a94da3e9d740ad19087056fc0597f326d2b39d4a0f6ddfb5148fc5e276f6e074aa1f6de5d5b6092ca4c0a0fc8b7bc4478397da7b92a53b4c9526c34fa7bd22f31dfc3b9b446319d5cc1f15777d1e88939bf2cec9fe5210cf9d0618151faa5f635ce8ec927dce6283bca86e7a0b31037d71939760db00a0c3c4e636cfcddc3ae52260b1e982eba5d4e49964322632d1af80204595e111ae7fde27354bf7a9247b80b121c6a771f03360ed5cd73a5f5f298173092be3897a89a71d004928ced8c99989bbe641c26ede75bd16607a20b7afdc53b0c7a588eb6f4146c8465baf7fdc1b4b6c3591ec4f68b8081d1881cc437804fb280c7d3824f8be0c3e26f878a574722de43a3749b49de0f6e9cd7e7392e6cc841fb066f5c2d66b2c98ae2c1ef743e79589f7123a56aed4dd98dbebacf68ef648f8ecbfc410e68922a929a2f1c72eb54a3512da5ce7511c109c17559f9328dde3f169fd7a9baa6416c23c7061c0e4659ae27e256d72a0c03d9b12d22b50c487483943cb734d4b70412fe6284d31541556b16505232156f714ed61c5910c2f4c5c1257dccaef5f162f5d47dd426711af9944029d8fa630e7133195b32fde71592818bd2e5d9e7ac5517f4d83fd6cd136d4dcf833da708fdb91b92180d7ec7f6c9afba13e01820aa3380689bce440ab409bdb0668161d5cb68fb21fb9f0a53f0fe8c7987d1c527b81ca01502b846cfd6579fd3292df4088d17ddc245d9b08e181a316447d52405f39e9740b953cf10ff07a247e486255b5c001b9bdf7ac986e2ec5899551c725db8e5bb6e0451f80e5337f941a502fb86a586f456737190a399a03dc5f5bc770655cbcfa375368c93c6681ddd8aaaa93a42acb12c7c46398a397f2d4e1dc0512873086100209b2a00ae3f53e1ef9d4aff21c214dbb61fc84b4fbffc2540a406fc67dba64851ef8942a1b77f756baf690bb7e2b96da5665e603046e633254ae5f3336ff38414012933b6a35ca868b90d15b1323cb8a7e876ade64ce45a7f8d4ae35760261770dcbbd1ed01e848e8cd3e66694076a2ccc9e83c0cb9621bc280695eb83ebcba9b8de7c25e021af7f0a6d5fb358eea14bbf7abdee606e95d0cc1d58f7a5d1b6f4f32654926b3d996816ec20c60c4059fe2c5cecdd53a131c9f723c1970c8848056d7778b3b98b0b2b81913fede39b6448bc989795d05b8c11428518666696864defec8d8c677e4e03991065515c467a78aae65f95c0764244de6d70fec0c3693ed6bba7704921f9e72c32a3f754d9620bbef0419643dce1edd31abb2914b54ae0ad291b49ff3102acb0f1918bd719d1ca24b211620e1cd1e4d156a104d23068074c274a4b9df6ec98afd75f1f70d2120a7ca0d72a8393898609c8ec419c3309f3c7afeb803526335adb1a3b955a5364371819eb097af27661497c22fc95f14f377f23a0336a1fa8bf4bce478d0eb5818ed9974fc54e08deddcca8d81514d82c35391c5be4c34d66d9bb3cad34895f0347dcef95b13d66dec76998f6d3fe02ca06d27cf83d692eb799e014808826be97f1f602b6889c71137837d40cc1b7e4eb8fcd19860d1fdd9e2ee0831de9d442cad3d8e8de1f3f8dc2bb55e96f9f4ad0421fa5abe6400ff4f48aa7242330f07a8160db7f29d635d2c74bbe420e22431bc9a72b3fe57505e7e7420d8b7513986a1c81f9b752a54dcb806e743156fe38d1512522fdfe87e3ebf58c9f64fadbdfe4f82c7ad4dae24e62d8c89db26e8fa580d41bcd1cbbbb2fb1a2835ab9caf872e9ee6be05c64e770078a4d9b3ad0b94fcee8833fbc34067162492167da27a1182cdba59d5536b4a1cd520d6d9b018e7c3706d1916cd2aa0b088f6a6eae03fb38d052aacc93fab0b308e56fbe59721336fad6010399fe75dfc1e55b9b400f8adb583f8695663dc3c39aeaefa086000463f25850d0622896aa4bf02de5979755b059209b0a8b07f66ba5be5a3c497ab3bb9b47ce0a2d8b394cc8e5d9a786bf6bef94de7e6c828939f141cefbbe78bb2fc9387feee85422d35140fe48ecfe3ff1cdb764763fc2d5b5d091f939c715f1ebaa2ea7fc7e8733ca239bdf297ed982b334b34a0c0b7283bf0e2620c3fa0053cb9f3923dee8224514144859f4fb41b9c369078c931c0ea2ff9801af759e15e2efbdbdca8b94fb96542882a44b3f3cc6a7d311890d45411e422353571a7808def9d1703417dce7a0c4ab8e55f1d4bcba72508e4173727897564d849e99234affa02e32d42a5aa8142fe6e653c079e9eecc66ab21fe2afe93696846332ec7ce4c958c2a9faeba4599a7d37c5a26ade8031ec9f57121f82037769f8919bcc6cdacac2dec8e69b7567fcb33d28f6996d97e0412ced314adafeec8a02b805f729e5aad7ea9aba0fb64cff268b8ebbf104ef0e1ee613a75e19edccf5474b9362ce9cfe7d6b937318fc5cfe5936eb0e9ccd50fd62e750270e54c966347f6473512ee68dd9386d2efa7f1c283a3f2b0d7f81d41544610aa0f4e01f88ae6db9408470963fcef22beb7d2f173b8e78f43ad0103298b49ca4fc432f7a0e42fb8e1187c962aff892446bbfb33d9023e18efe68f72e4aeded9acbeeca7d9ef378456f3b4434c500334aa0e902e23b717f007f952fe43628a1caeb476bf9f94376123fefb5a932e8b5f3e51aa6f0514dbb1679b08ff6f54c257d03d03e0fa4b753579b7c1bf768f55d0c7129ecada327f2ee3785acab8d58c80874afda21722d419323db308fcb4fef8dfe6aeac15be8a85871baf72193605ae3031173928938d43989c35205364d436b20ae81a35870b44929ecdc44f7031075441bc87bc2b9b41c8fd234788cb6166330cae7085e32c2ddffebbc25a486262053f72213bb3d572fe7f40b34d0a9cb60f925370e559cbd524710676fb31a44398fe7aa8b7444ad0b91ac302eed3a9f1c6ce5b76b1d4700ee26ff20f595fb2c320423e8ee2d7385eecd9f6d33e73e802a884e131bbee27817942356e06a5679fc7b60d332dcbb8b775960f35ddf12044a843b01d13c816dbac533bc2026640145c73a2c8a1287822dbefa3e7e930d5066fad14a4b5a5c9cb375e747c31c71d9754398b262117b71dc816b34a6ae71850aad1f311d1fe1937d9ac2791d5636020e6fad542158df4cdb45ed9ec17a560955cfa86b0d0fc0fe77a4674383f1d5a4568aa2b1f80d5001501595c6a607d5ccf611b982c52effe1aab5fd6a14bab8a347ae0bc8d39261ebc7d428d167fc8f20e12f0943213946cb1220ebe41952b6bc73bf121303039ce851b515ac65ed1faeb7528b43a8e4ab2fbba85efc2d90d48bc62bc0af1e9f9cac733f54e5adcece685b2c843f11296d9f936d4f7483774949201f696d9cca2c9cb99c05ba96af5c816479aa780fc055b0c6476a928c127cb6018eb3b60f1437107f428f956b18b8a86c057a77bcaef4158195b628896c80a81b55c44fe93fd2a20beeb91b0cc34fbb795e467beed4907bf071b04f6bcf4f3b715219192b6095f3d36d506bac060b2ae729159da66e14f6c58cd4e3930d9fd30c250eb70fc5631899f3bf5fac784fe11580774f5420003e38d5c24154ffcfde41a6ecdaf5f370930585e68c3564a945a1b298cd23bc3bb95c81cc4a65c7577324f3a29bcc5a0e7f54d572f01a669622dd2240b66b73b8e5123d915aa369fe94f2d31b07066298c7bf8edcd788e3a738bc9112c90d516279ab5ffc7a8a34f5eebb534f97fb4e809c86887884442c43a942465678c338887fe3c903746db0f395114b2436ed536e60417277987fc7b19923e6451ed3561425367e62842b6744ebad90ed69a43034e2e22003ea10c8ecaa306968e00eccb7ea362f459a85633d4b37da327857a95f07d551650e2f7dd399bfad53ea55acce50b906297092110750f12255a0b02df041b5c0ca5377a15e06cede705a126c61168d813a827b1d51c424ad32d961d092dcbfa40a69efc585da8c60d809f9d686ee2dc7ff03e26c66b7b44f07b925030817ff4a1f8dc4bcd1ad42cc5eb0ab8d588523bc19f6e2ef0aedad80d339c3bc7408fba80438617836f5a5ab56e1360543427dbcf8f1914087eee6c759e65c6f3c294dd33163771a54d71ec59771d1421a93bd726c91d7fbe9b7685559597b5f20d934f97569618c5fabe89d8ecc1a98832a099f6ea529545278c4e39564be6f0387658b641053f9cfa01731d0fe9311cfc750329486625a110cca9ad705aa3b6871863ce9dc49e2e5a1c5e2534139ac59254f3fe3f120ab33d527736362fe8dbd4d93489c95894ab974566c99124ea44271d66ce954c0f749795b922e5a99e40e6d05479c4746cad8cb226b2820adf14c834e70f475383e01f72ca57a036a8fca595c7e33ab09ed964ee1caedad2839f9cea4d42db39b6490ddd351846e750fa5f279e31cc56e31d1206d24d0285ac3faaddebee958373157779b91864bd4a69949c864482e553a8528a17f947da2982998aa191e972bce8d78cac06164ccdfc16f68306387f86d1dc6d9a90bc5cd34453217c55319d35f21517e03a4942eb26043b8e577f788d08c0e09d7ada3b520e9aee76105ee4448e88bf367c9cb4d14ae564fc9b6d9b2a603545220129a3d32ba4b3b8ab0568d3c78f6ede9184095a80d9b98c7d863b8d24457bb6d9136b912b2f3ccf5cdc7fdce36670443d63d4282872592da56f91caca27ae3c4733c2651ce459c4be122aa831610a654e380ca0df921d4b47e23f20cd8c1a4808fd0b039e0836085efc5bc113e8870366b9eda187baf8e6f27a454f96a5ebc43ab96dad7253373b46697e2c0f5f6cea0fe31f8eca0ba52e828d81ebd0be3d8749b80225a95c610c7682b9bbcf23a78a839ba81aaaf28e2caa7e253fc7cd04529710df12465e52c82264576025acb46ade2cf81423c40da1cfdb4920954c6fdd4e4db9a72f5deffb1d608370fbf73d663bd0912f249368218c57c09982006518ad99b0d67a76bc8bc5a8dd49c5d6caaac7a8efa5e0cee44b1f312e3ece860937cb632d919d2163a076c02b70b4b093a50d150a6bc9a177f300620c1cc6e4d99d4426a4f124ad8572760b9532eb96c15bac91d778ec2558186272b048f25dcf2f9961d2d24334861b8a69fcf26e1ff3407e38e5d6d8673ccfc1b7810768594f50a49b9431d8a511b78c3e79c9e73c6f0ea9d447be8452a7a10fbac62bb8c1861f6c1ac23446fef2a465e60171fb438885378060fecb4f14543737119310bd405665561f47b7953fc107d4346e3da4f21ca97e71c9617dec9484895774723c8f016d63d937cef1affc47535e6e981f0588320b98133bbbe4248e02c43bd3860f26be160a13b8bf450a0aff14b9611eac7b2eea57bcfd7109b2b4353fbf2623716b57247c23f9124b498cac772043d66643810e5e5395c8bfbb2fef5d3441a54e0e7f387708f6b8178851f4a68a95861b562a08f7efd689aa10e00135f57820c8c2755075032dafde032ddb4687c8612c50a3a2cc53abfcb10391b5e71137d9c6dc63d9ca10f61536999c3184646dd8ad8cc478b3cca421d2b7271df943e19568b6327c4954a2ee2755b33a63079cb326d45778bb91c6644a3a96a516defe058b91823283ff070147734082f8358ba7c0a7004307a6f2a07c323b5d23cb142"}, {0xa8, 0x0, 0xfffffffffffffffd, "2fdf2a556d3ef168ee48cf2934364103279c93f3f1cc5965f403421316facc85aa737be936f8b1092b26620b51646ebff88203edc767571438bfdfc9e0b50393c271b95556bea9e5f985f489ff806c40b24d5cd0c7cb3a3a4913ab57db175b3cd2bb350592b7f0b89ef10579bac5ed9a3e0128e388afa9eb8efdadf626693056fc9cd5afbcc42db807b650655d211fafd344"}], 0x2360}, 0x8}, {{0x0, 0x0, &(0x7f0000004940)=[{&(0x7f00000048c0)="9751fad27d3cd36abd1cb8ed3f16e3593b27e0846fb984e5b494765f1a36979e87a39a448c2bc50e4eab2e1155819e5358a0af689c8737365555be2c0462a4b0ed65c7fc49", 0x45}], 0x1, &(0x7f0000004980)=[{0x50, 0x119, 0x800, "1092ac19a609ecaf86542a474d04c1467f860b5171b07732823111dc5b056b449b8edc42e6e1869fe8299a6b14982361886288b4b2a72a54acddfa132e"}], 0x50}, 0x5}, {{&(0x7f0000004a00)=@nfc_llcp={0x27, 0x1, 0x0, 0x7, 0x0, 0x7f, "c0bb361870791a8030b6e8334651b824bd5b0295df13995aa41dfefef33ef3aa5c9afe924104af168d4a2f4dbff573765bda34787dcd37055c994f97c812f4", 0x35}, 0x80, &(0x7f0000005b80)=[{&(0x7f0000004a80)="c5deb642529f61224da1234dacd0720f178412fda0e0c68772c4bda065a4ba222e3d1649d9ffa9b595062144a9459f8a1d915a3855665cd2d12e5680e14651efb4bd681ac8663027df6fb8760118a8ba4cf6ec5cdb9d394890f719cdd6d4abf35f8393c57ccee067129021edb8f166a0908a060396a9f6a62689e7e1a0ce350dbbb213f3e45fb454887adcc70af2b4f6a39300e36dd00539039fdc7f7418299fe56770156e1b8f078a088c6884330f787b295fab56821d", 0xb7}, {&(0x7f0000004b40)="6b51ae2b06ad563f6b869c088a5f4ca7ba1ea7cd49db2512ab1d18c19d16acdadf1f041798e735ecf0fcd682fd09e3a5726e0e104d1d15264d87af1bbafe5932d1cac7ce52a5ee86bbd9d3681fd8781063c28805d66b7f9118f18b664bb9fe64fd5f1f670678a2cf75ca9b91e6404138b257de67cd9dabdde702d8d7ada0dbfe377740451a4f47e1be133f0bb6c230f24d05542606f13f92d7f697057975bf306a8bf33dec137769afd99bf1819284b7d89d3d905891a8f3faf3dfb2657eeeb52b6679e4b774ee3bb81758184849ffc638507e27066c6210703ff746046441ee42d910532b2c4592a8608014509bff67dced122131cfa8d217f6699863dc0b4c4e0bee90858028f35ce1dd675e79e5898406e08a6dec8edcdf53af37749ef8700943803081fc82506757fb12d4ccdeb41aef1821a445dc3fea075b639ddb8d8906f1ab4ad935e52cb06e33d0f730df18b11ca51fb7541e0c347b95098090519290947870381cbd38b5d64c8efc2acc97bfa17d1e66fab69679d1659a242845f14f3fa20db58c931e5442dc0d502a6e1204941090dde2613cbca13e8d8446b9b1c7057fefdecccff5d42a96f828c617e27e175c664d049789664fba6278f45741573d42f7b387cebe3dd3f38967fa8410f9d4ab196ed50648730d7eb4eb197755461a96cf16bb29cb2b39a6276ee3d4fa6543f1b90d782232ef83feb95ce1931834b3c1bd1491533c9793c44900756d2d3907fd5530150a2ef6f38bd30e8502cc6a25d51697289fa2d0c3b3648bfd19d53713353426258f8334d428014bd76bbb338f0841c08aad4d555823ea6a27e31af18a25bbc2545e45d806f051b014714a6a5f48abcc0e948992d1841f69cd380cb13861c24c5d2e6856cd97e9a4a805acb7c3b915069be6a6934f5362a408cdb85f5e4fef2bcab3e0a6045e970ba95c3fdccb626335cb691c1590095d66fd571d74500a555a5d5ee8e76090e1b1262b14429d7e62deefd30d5402e1a1a3ba2d099936a50f955e65b5c116aba02943f9bb873a1ac568b6b7c45bb21935771b0bc55a9a419dc1554e00c2c23f1f9d2e143f855881decc85e1d10c8b74804ce0986bb672431a4ebd844d3076462ac7ee2a9893b3ebb5ca1e50c2464e0bd31c0d4b3b1de84cdb82fa3910e2c70ab7c9cdec5bae486661616cb738e3b4e8789c4b3f47a945b03911695cc444bef186c776733226df1baa3bea48ba27b56d4fca959ef6514beab6985bea73dd4209f9be613e414f3168e3becfad96c051e06cb6835c209bcfe55e5be2dbd0aeeeb3f03d3291d4a90ba8292410f7634ed9d555c7eac20e5c82eb19b854d79e98aa998aeeb78fe8b1edc04272189613bf33ee8c0c7ebeeab6bfbce55d95864ddeb99c06cae8ab7c493b435a9c287db9f89e23fbca9755fd4f98cbf8a8caf273659a409e7b30cdd3cad989206a904b222a58ba67e6b4109256e1becee2640e4821c7eded75a322f0a9f969f6a11d7bc12123ffad254cff246d3fcc598bd067c3d0c403f6ec94629256b3b86397abc6644a88ef789b9dc7519fa00174d9849ea6bbe26d445a2f6374fa6a03c5ca64a6f3580808f1fc35a4ad3923354bc046193eadb2887bd4cc62081b276182de38febb3791a694f7d836755585668f084e52e16ae8522b44213f90afa311a5e8082f3029d2d91e18214c825fcfc66b7e8356cf693f2b856a39352d6da52eb8274cde6a6f1dca025726c4402013af0da0a181ece1561d9234112a75ae6fd5c281443c199d321c410e98a00adb982b6f244f0823be56352ea527d732c9b2fb00c412e607036ef8a69bd34e4123d52fe47ec8793282ba3a6c8e11c95330d4449dbeb571634b036890a7a2adbb264e08fe5506d33dd7ccc329f11e08865f880535104294c275eaf97a11f759bd2d975179b8e5ab882789a88ca7afdc4ca9207fcef9bb56ab323062b925f29a1ae63e8552824fb2d7699e33d0e026ce386024d9ff6910095f8cb985a58920087ff16803e37d1849e08241496f61e333e5bebce6c8fbbf8736965361ef768369e8d55fdd230f44cd73ef1a59a1958c5372627a790156c63d7d84d78ff51b082f8778585bc61312c0bbac781789649667147289f66edc4e37413dc1c3d3169132c64593ce30a55c15ea0850235a73a06c4a1583c2507f1cb357fd93acfd19683634b5b4ccb3559cb07fb29df9e65e2bbbff2fe418a1fd14db3865714746ea4cfc7f13ecbaa2324403501de8093279531ff7f76aa9a427d2c0ccdbfbc88ec0461c581e2a81adff02b6fa5db68975abdecb2497b7b7bb0a0308d6e0e1f08f41b842332e68ef6132080477721f1dd75d47e3431350352770fe11d4fa694c581cdf4b3b772d7e64cfd0d4da2490af7239ecb35e33a9cb9a8f437c936972bae40d2834d286c030c04c9a6642180397bb1edaf86453d925a888b638257cf70c55d639398c9697c53a486f04eb2f0d5364c27e114baed9db3aff11cdf74c530d0e619b0cbd99d918febd2e30a12a8fed07f45521e1695739b639d58d3ebde16f3c7bbf23cb19dcee40d3d5eb1d97281916364e95a3d9e36df4003306209d7ca0510c226cdc12dff1b8427e00bd8f82047c5814c1abefe8ae3be66e5ea082392918ca195efa9022d9cef430f57f2310296eb69879e50a1a2a45c0e60aba69555c2548f920eef9c69c358383368b911b4e7ea00a0b72087205ae16a36b4f7bdbb0c57a0b0209921c4f8a2e443be9a1be923d772466aac47c638fa6649349c51d0ac16992a9e0f58423847f3bcba41c12ff6194ea75def3058e2a7ba24598737abdbcaeb9f5dea2d92ba7f83a8da2c4b0c7ec7ba47299b16f972f4a51cf91a4b4b2dc84cbfe03b3b2bd585248f2503995c26ff29481ca7980a114bd4464c6f58c7e648b5d3ef740477a49fb06487c59168304c8cf31854593dd4407115370f4261e341f66d60efc34aa8006c1efb399b40605e77436df65094ecd0779c03d7f52561a0e8ada063ebd195397fb5966f1a6949cb83764737e527359eaa888f312d00d43d6eccc2f9ad6ce7fe17066bc57623cba5003f950d2116899495fbc9bfcd86138cb9d8a1e5ec21438f219f38937840e29189902fa733bc0765cef1016e4694c5384937c85d4452a63915d5ef1ff4e92b5a034b74198ad3f2d888811ac860da14019d61da347e266c0327f1ab7b891521b0491fd092ed8009ba5090f870b1008e4ccc7e0e9c730d466001e2cf4215426ecc8382931ac7f4c4c9bcfdb5cc3f47ad0982767078aa940eeae24877dca8d489d3e83c292d066f00200332cc573656b5a3e015cc81d0bcd26b40bfd827e478ae1b230b184e8d76ea992d4b93b06a6c367a0f331d0b87e070bfc381bebcd6c594a702f6c445d787453282539174860e2105cdb027d506c92462fd6c61f1b2ce743916c90a51207caceb3e8910339f8b348ddbddf0c2fc3caaa184a1c4b1e0055ba4d8c4879070cfdfba751ba76c3609dd8437694921d4c0ab5a6526e34270ed803ebfe7987a0ff8aeb499b17c8465c73dbaec123b00734e3c2b0be13a3c7d48c424b254825164d907d649ecf95926856cc27079b90257e622edfe1f2b0469d4e80083271a4662abf7bcb9468f1112b16907f71191fb6d003cc876773f86ec2560eba0d065b0d18d4bc90f3bdfaf7884af7573461646bfc0de83d8dd5f0763b51e7ffb09b0d37b53a1877849da23731240facb1346537a52fc0f18425f2d1c916b5fc21bdaa505a92c55061ff10774cd0e5a8ae27ad8cd8c16f5971a1922dcb64abdf8e6147112db19a588247bb463a6006aa687a8dd9bc88d18fa29b2ab83ffd9abd149c45157d91d124d9879b9e741a634527928737216095f601b7ab1d57fd5610a7ea12e590a6f45d2f4581043551afefb72d145e6e7f6c5bb0586e2a8317c4dea811f5c16fce2d216c5a0f7c290c57dfd544a7e82b8583975727061aa0926f652a010ecbe6f4bf1df0f8d61a92f1d21385b845ea918d51d829856840a4e1b7c536b2b1ccf5fd8b549913f9050f036fe5d8b14d3e74d9063cabab758c49a34e88553e903d6b98b3f14d15e1007e1f1eaedf99623e0c1b3a36a478bff75e1dec47d6e2e1e483f2cb8fcde1e9e64c99aedc64294854904841e9d7dec99dc0e90f686a40f8137cdac1a3853715f89926a2ac3b567f53df5365a55504c502d11c13375bed626448661ba648dea2d17ba69d8eeee455c41c898d0a40c45407f8bf8a93b16cf0ffab7489ba3018ff0b0067593212253a7e78d7d5cb234e61adeb79e21b805d3f1b283d3254edb39166decbf581beb440b98b1ae7773eb8790fd1e459e3284e4cb4e5262cd452ceea67b879d5e6f9bd1e5bd69c9b118c241fe4f296dcd08d0d5844757cd7edeff2ccc5b3809078e8e6bae6b0b8ad4a673cdbcd92514e952efec89acef23da50b403ddee216cb5523e5640f9f9a7794e4fd5b7f4eff28512084008dfe87e7ce9f958aeb0def9c5e60f598b1e7507a3203c54fac3d5b54bce2bf3761294cd934a7d2d652e7b74144cacfacf52064184f7976ad504a81255248498e348df7cbe943f73cf627e0c9c46bc02408940858a0cc3baf6be731a3bf4c9935b056e1d9ee09513ca1d8dd6839bb5ef8c8c11bcefb5cc245cb6fab46e7945a376830122f5712de949c0ef1234b950d37fca4facdd4f0176cd1647989091e04c9be4b5d3fc0fed956ee2a342a8176b0866d147b1d2e8cfdeb41650e897dd00ca2af01cafaca570d295436a18694fda16bc6c4e1d887455d1c4fdc785f3889dea82ab5ddda1aa476b804dae93124d9d5e6f420528a94cc125bde71527bf55632b14a035fb8688dbb18ee702113ae09656f911a505f115407d52fccc4b5d21112c28eae73a41346fccb5eafad402d6e30fdab3a2f8984e01c5e20f5364096825b0d188dd45665645a762c70683005ecaa879a50c82d706202ee9b1413289fa74ca5a7fa5f982581b522fb04960e07e894eec5f998cbb1cdd2effc8ae845d37ab37174a383be543271bbdff11258813e13ad16bc95b8855cd7e166b822297e38f8727f62bfa015b392e9e878020778ee74c8e647d9677f8453e14eadb5c8dbed66b031e29e364d468b08eba9be409ca30b8a1a86d6951d19b8bb14ce18bd06f23dbd9303f636c53bd7c4fb1bd1f91dedca9834459c5418d31d8689e833cd5a73258acc1b4d27dc63b7791357463875b2758d87e79f71448caca00b844df2a0bb61aae40df13d4e0320cc89af5d3d9db9cbf872475cbd0c4f21ca5db0fe426f2b36cbcc9e77d594c51dfb4136c08b637be66aacb204683b63c0dac52b98b95089ed3886213796cc05ecedfc8ab071899440fd8df775929cebd0615f565953f1c61ff51712d2cd7284a324d7b3cc2c0fa326a892d9bbd238cae0c205601665a0cbcc483b0d887ffb7d98ce094682e7953f5c010687bb606c5162fed1191bc1531223241fc721c871d0c0f4ba2b16ee833ae52f714cb19992108c567896f0a6d5f7da74ba2cb62da8fcae54ca06f1645314293a618ed0cb26dda7a82974a4da1822b788e391845c53f2290bb0be13b4440af9939f48387bb3d94ef9de21e1c4098154248f51e16ac852b501d6ad0ae1f04126286ec5e67982ac206fa9010e95c67c61f6ad4f227761830826a447e2221c45112beb1f280ca2a620fb6c93b2b6e1962c316e0c6a6cf6f67baf4ae73e46c3b6f97e52d68148ead4db1bbac13f83829b56cfac009c88d998b72f110c9786c121c3cb2f479b56ad8fe2c31a0df462ae6ab03e", 0x1000}, {&(0x7f0000005b40)="213793410d326d911c524b536698033bf8e1fe6c33e21c6f218ee1e403fc6620e1e122745e03682822aae800e81db793", 0x30}], 0x3, &(0x7f0000005bc0)=[{0xe0, 0x10f, 0x100, "6b488bef72e4e8a4f13050e53c8a7fde140dec2f709c4c86a89d212ee67eb9c68f212b7c1cc98cea9dd0bcf903e0a7d478b96586eea1abba2a763d7e86c13fe23aa29d627d68150c6fab65e7ff83810dcad0ef6a11d42dfeba2c65fcabb45a711b8a7afb2c829115953b4aa43a4a7f09920fd7153c9642cfde463946046f59203353b3cc28685723b4180d7daff9a397863397d9df022460dd8c4414d04b0ba164cb17fedd3d4e94c91708bea9d8fb6314df104f06b1f8ed9069a71c301bcb8a24f9db9857de95d55df13a"}], 0xe0}, 0x2}], 0x8, 0x0) mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r2 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) bind$netrom(r2, &(0x7f0000005ec0)={{0x3, @default, 0x5}, [@bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$sock_inet_SIOCDARP(r2, 0x8953, &(0x7f0000005f40)={{0x2, 0x4e22, @broadcast}, {0x307, @random="c5d1cc5ff08f"}, 0x44, {0x2, 0x4e22, @loopback}, 'syzkaller1\x00'}) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000080)='./file1/file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 361.654972][T12912] device nr0 entered promiscuous mode 12:47:57 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x1000000}) 12:47:57 executing program 4: r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0xf0500, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x2, 0x100000000000000, 0x2, 0x1}, 0xfffffffffffffff0) r1 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00') sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r1, 0x734, 0x70bd2d, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004840}, 0x80) r2 = semget$private(0x0, 0x0, 0x100) semtimedop(r2, &(0x7f00000001c0)=[{0x5, 0x101, 0x1000}, {0x0, 0x5, 0x1000}, {0x3, 0x6, 0x1800}, {0x6, 0x401, 0x1000}, {0x6, 0x5, 0x800}, {0x4, 0x2, 0x1000}, {0x2, 0x37ea, 0x1800}], 0x7, &(0x7f0000000200)) 12:47:57 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000001c0)='./file1/file0\x00', 0x2) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="7570706572646972262e2f66697065302c6c6f7765726469723d2e3d66696c65312c776f726b6469723d2e2f66696c653178d6a9bc7bb305f9774501afa46d333e79c920294dcfa372bd967d6b7a4a65d9adc45a9e444218397f202ce021075cc2336b4cc324d8af91b4bed73cc6f7b8ab917aed0bc643695ca7c56200a7b8ee7712ea979fbed6b0091985dcd9eaa629fd1711940d9e8b7298f9d25583e195e04de37d3bac950d609746329439fb83a365ae7eeb3dcf15a563b0ffd711b9f83e5d7b42da9017cae339b1b2df25563104cab262a694fc49f3503963beac40bb00d25e96b92fd5cec1f8c41aae945f1b3114b9bd41d6e0ad20832da31462"]) r0 = shmget(0x0, 0x4000, 0x18, &(0x7f0000ffa000/0x4000)=nil) shmctl$SHM_STAT(r0, 0xd, &(0x7f0000000040)=""/191) chdir(&(0x7f0000000000)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 361.817227][T12916] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 361.851453][T12916] CPU: 0 PID: 12916 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 361.859470][T12916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 361.859476][T12916] Call Trace: [ 361.859500][T12916] dump_stack+0x172/0x1f0 [ 361.859521][T12916] dump_header+0x10f/0xb6c [ 361.859545][T12916] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 361.887406][T12916] ? ___ratelimit+0x60/0x595 [ 361.892264][T12916] ? do_raw_spin_unlock+0x57/0x270 [ 361.897394][T12916] oom_kill_process.cold+0x10/0x15 [ 361.902513][T12916] out_of_memory+0x79a/0x1280 [ 361.907208][T12916] ? lock_downgrade+0x880/0x880 [ 361.912102][T12916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 361.918365][T12916] ? oom_killer_disable+0x280/0x280 [ 361.923573][T12916] ? find_held_lock+0x35/0x130 [ 361.928357][T12916] mem_cgroup_out_of_memory+0x1ca/0x230 [ 361.933920][T12916] ? memcg_event_wake+0x230/0x230 [ 361.938970][T12916] ? do_raw_spin_unlock+0x57/0x270 [ 361.944099][T12916] ? _raw_spin_unlock+0x2d/0x50 [ 361.948970][T12916] try_charge+0x102c/0x15c0 [ 361.953481][T12916] ? find_held_lock+0x35/0x130 [ 361.958264][T12916] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 12:47:57 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x549001, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) [ 361.963835][T12916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 361.970090][T12916] ? kasan_check_read+0x11/0x20 [ 361.975009][T12916] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 361.980570][T12916] mem_cgroup_try_charge+0x24d/0x5e0 [ 361.985877][T12916] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 361.991522][T12916] __handle_mm_fault+0x1e1f/0x3ec0 [ 361.996653][T12916] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 362.002217][T12916] ? find_held_lock+0x35/0x130 [ 362.007003][T12916] ? handle_mm_fault+0x322/0xb30 [ 362.011962][T12916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 362.018227][T12916] ? kasan_check_read+0x11/0x20 [ 362.023097][T12916] handle_mm_fault+0x43f/0xb30 [ 362.027882][T12916] __get_user_pages+0x7b6/0x1a40 [ 362.032860][T12916] ? follow_page_mask+0x19a0/0x19a0 [ 362.038077][T12916] ? perf_trace_lock+0xeb/0x510 [ 362.042948][T12916] ? __vma_adjust+0x1840/0x1840 [ 362.047826][T12916] ? lock_acquire+0x16f/0x3f0 [ 362.052519][T12916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 362.058784][T12916] populate_vma_page_range+0x20d/0x2a0 [ 362.064282][T12916] __mm_populate+0x204/0x380 [ 362.068892][T12916] ? populate_vma_page_range+0x2a0/0x2a0 [ 362.074553][T12916] __x64_sys_mlockall+0x35c/0x520 [ 362.079596][T12916] do_syscall_64+0x103/0x610 [ 362.084208][T12916] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 362.090107][T12916] RIP: 0033:0x458da9 [ 362.094013][T12916] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 362.113626][T12916] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 362.122054][T12916] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 362.130038][T12916] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 362.138017][T12916] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 362.145995][T12916] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 362.153971][T12916] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff 12:47:58 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') acct(&(0x7f0000000000)='./file1/file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 362.164145][T12916] memory: usage 307200kB, limit 307200kB, failcnt 1911 [ 362.171112][T12916] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 362.182530][T12916] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 362.203866][T12916] Memory cgroup stats for /syz2: cache:0KB rss:297636KB rss_huge:235520KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:177140KB active_anon:13468KB inactive_file:0KB active_file:0KB unevictable:107096KB [ 362.271890][T12916] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11954,uid=0 [ 362.299532][T12916] Memory cgroup out of memory: Killed process 11954 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 362.329878][ T1043] oom_reaper: reaped process 11954 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 362.353532][T12942] overlayfs: './file0' not a directory [ 362.455230][T12942] Process accounting resumed [ 362.732008][T12916] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 362.742230][T12916] CPU: 1 PID: 12916 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 362.750193][T12916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 362.760754][T12916] Call Trace: [ 362.764148][T12916] dump_stack+0x172/0x1f0 [ 362.768480][T12916] dump_header+0x10f/0xb6c [ 362.772901][T12916] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 362.778699][T12916] ? ___ratelimit+0x60/0x595 [ 362.783275][T12916] ? do_raw_spin_unlock+0x57/0x270 [ 362.788370][T12916] oom_kill_process.cold+0x10/0x15 [ 362.793476][T12916] out_of_memory+0x79a/0x1280 [ 362.798137][T12916] ? lock_downgrade+0x880/0x880 [ 362.802970][T12916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 362.809193][T12916] ? oom_killer_disable+0x280/0x280 [ 362.814458][T12916] ? find_held_lock+0x35/0x130 [ 362.819210][T12916] mem_cgroup_out_of_memory+0x1ca/0x230 [ 362.824740][T12916] ? memcg_event_wake+0x230/0x230 [ 362.829754][T12916] ? do_raw_spin_unlock+0x57/0x270 [ 362.834847][T12916] ? _raw_spin_unlock+0x2d/0x50 [ 362.839686][T12916] try_charge+0x102c/0x15c0 [ 362.844170][T12916] ? find_held_lock+0x35/0x130 [ 362.848919][T12916] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 362.854452][T12916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 362.860777][T12916] ? kasan_check_read+0x11/0x20 [ 362.865660][T12916] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 362.871195][T12916] mem_cgroup_try_charge+0x24d/0x5e0 [ 362.876469][T12916] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 362.882089][T12916] wp_page_copy+0x408/0x1740 [ 362.886671][T12916] ? find_held_lock+0x35/0x130 [ 362.891424][T12916] ? pmd_pfn+0x1d0/0x1d0 [ 362.895651][T12916] ? lock_downgrade+0x880/0x880 [ 362.900483][T12916] ? swp_swapcount+0x540/0x540 [ 362.905243][T12916] ? kasan_check_read+0x11/0x20 [ 362.910088][T12916] ? do_raw_spin_unlock+0x57/0x270 [ 362.915186][T12916] do_wp_page+0x48e/0x1500 [ 362.919604][T12916] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 362.924974][T12916] __handle_mm_fault+0x22e8/0x3ec0 [ 362.930076][T12916] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 362.935606][T12916] ? find_held_lock+0x35/0x130 [ 362.940359][T12916] ? handle_mm_fault+0x322/0xb30 [ 362.945295][T12916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 362.951558][T12916] ? kasan_check_read+0x11/0x20 [ 362.956406][T12916] handle_mm_fault+0x43f/0xb30 [ 362.961172][T12916] __get_user_pages+0x7b6/0x1a40 [ 362.966107][T12916] ? follow_page_mask+0x19a0/0x19a0 [ 362.971294][T12916] ? lock_acquire+0x16f/0x3f0 [ 362.975952][T12916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 362.982188][T12916] populate_vma_page_range+0x20d/0x2a0 [ 362.987643][T12916] __mm_populate+0x204/0x380 [ 362.992225][T12916] ? populate_vma_page_range+0x2a0/0x2a0 [ 362.997852][T12916] ? __mm_populate+0x1b/0x380 [ 363.002516][T12916] __x64_sys_mlockall+0x35c/0x520 [ 363.007536][T12916] do_syscall_64+0x103/0x610 [ 363.012129][T12916] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 363.018002][T12916] RIP: 0033:0x458da9 [ 363.021879][T12916] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 363.041469][T12916] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 363.049876][T12916] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 363.057842][T12916] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 363.065826][T12916] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 363.073788][T12916] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 363.081752][T12916] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 363.094276][T12916] memory: usage 307200kB, limit 307200kB, failcnt 1949 [ 363.101156][T12916] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 363.108683][T12916] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 363.115573][T12916] Memory cgroup stats for /syz2: cache:0KB rss:297548KB rss_huge:235520KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:163540KB active_anon:13452KB inactive_file:0KB active_file:0KB unevictable:120632KB [ 363.137808][T12916] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12914,uid=0 [ 363.153247][T12916] Memory cgroup out of memory: Killed process 12914 (syz-executor.2) total-vm:72580kB, anon-rss:18172kB, file-rss:54328kB, shmem-rss:0kB 12:47:59 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$kcm(0x10, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000100)="1f000000190081ace4051cecff091ffa1c4f99a61cfe7084bce26a23480b0e", 0x1f}], 0x1}, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:47:59 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x1e000000}) 12:47:59 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240), 0x0) 12:47:59 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000000)='/dev/rfkill\x00', 0x400800, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) ioctl$CAPI_NCCI_OPENCOUNT(r0, 0x80044326, &(0x7f0000000040)=0x6) setxattr$security_capability(&(0x7f00000000c0)='\x00', &(0x7f00000001c0)='security.capability\x00', &(0x7f0000000200)=@v1={0x1000000, [{0xffffffff, 0xeb4}]}, 0xc, 0x2) 12:47:59 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) setxattr$trusted_overlay_origin(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.origin\x00', &(0x7f0000000080)='y\x00', 0x2, 0x2) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000740)={{{@in=@dev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@dev}}, &(0x7f0000000200)=0xe8) stat(&(0x7f0000000240)='./file2\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$vfat(&(0x7f0000000140)='vfat\x00', &(0x7f0000000180)='./file1/file0\x00', 0x2, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000600)="b62c2619edf9fbc70f79755c9e504df71fe379349f1e72f0ef8705c4610630566f34808cbd74c99f367331df71fec9ad1ba26a11f5962318f7701aab85d3f9d111bfdf50e70ba168f987db50c757140ff87c4b1bc4da64907d3db5be27db545f28d6b6943141d2ceb898c1a52f549476283cffb57dc762fd1f5ef55f3cbd8d13c09bc05075cf35f74518f2c3663f21825e6aa09a7d41af80cb8e15c492c368328606f8baec0d0615427ff618bceb47619747d0be46fd1b52172ad0670095464d2115143be8c7fd4fda33863dd74f42da51f93273e86257415ec2a17498c5e1e85739d65d04131c9094e795", 0xeb, 0x7}], 0x8020, &(0x7f00000003c0)={[{@rodir='rodir'}, {@shortname_winnt='shortname=winnt'}, {@uni_xlate='uni_xlate=1'}, {@shortname_lower='shortname=lower'}], [{@uid_eq={'uid', 0x3d, r2}}, {@subj_user={'subj_user'}}, {@euid_eq={'euid', 0x3d, r3}}, {@audit='audit'}, {@measure='measure'}, {@fsname={'fsname', 0x3d, 'y\x00'}}, {@measure='measure'}, {@pcr={'pcr', 0x3d, 0x11}}]}) chdir(&(0x7f0000000380)='./file0\x00') ioctl$RTC_AIE_OFF(r0, 0x7002) sendmsg$nl_route(r0, &(0x7f0000000880)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000840)={&(0x7f0000000500)=@ipv6_getnetconf={0x44, 0x52, 0x401, 0x70bd28, 0x25dfdbfd, {}, [@NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x80}, @NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x401}, @NETCONFA_IFINDEX={0x8, 0x1, r1}, @NETCONFA_FORWARDING={0x8, 0x2, 0x9}, @IGNORE_ROUTES_WITH_LINKDOWN={0x8, 0x6, 0xf7}, @NETCONFA_PROXY_NEIGH={0x8, 0x5, 0x9}]}, 0x44}}, 0x814) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000580)) 12:47:59 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) alarm(0x2) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x24000, 0x0) ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000000040)={0x4, 0x2, 0x3f, 0x3, 0x3}) ioctl$sock_inet_SIOCGIFADDR(r1, 0x8915, &(0x7f0000000080)={'rose0\x00', {0x2, 0x4e23, @remote}}) [ 363.287793][T12961] device nr0 entered promiscuous mode [ 363.308268][T12965] device nr0 entered promiscuous mode 12:47:59 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000000)='./file1/file0\x00', 0x8001000010000) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:47:59 executing program 4: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$notify(r0, 0x402, 0x4) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) keyctl$join(0x1, &(0x7f0000000040)={'syz', 0x2}) ioctl$EVIOCSREP(r1, 0x40084503, &(0x7f0000000100)=[0x1, 0x33]) ioctl$BLKTRACESTART(r1, 0x1274, 0x0) write$rfkill(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x20000000000, 0x80000000000000}, 0x8) ioctl$FIGETBSZ(r0, 0x2, &(0x7f0000000000)) 12:47:59 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x3f000000}) [ 363.390460][T12967] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 363.413799][T12967] CPU: 0 PID: 12967 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 363.421839][T12967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 363.421846][T12967] Call Trace: [ 363.421870][T12967] dump_stack+0x172/0x1f0 [ 363.421892][T12967] dump_header+0x10f/0xb6c [ 363.443986][T12967] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 363.449803][T12967] ? ___ratelimit+0x60/0x595 [ 363.454408][T12967] ? do_raw_spin_unlock+0x57/0x270 [ 363.459556][T12967] oom_kill_process.cold+0x10/0x15 [ 363.464689][T12967] out_of_memory+0x79a/0x1280 [ 363.469381][T12967] ? lock_downgrade+0x880/0x880 [ 363.474245][T12967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 363.480506][T12967] ? oom_killer_disable+0x280/0x280 [ 363.485716][T12967] ? find_held_lock+0x35/0x130 [ 363.490502][T12967] mem_cgroup_out_of_memory+0x1ca/0x230 [ 363.496066][T12967] ? memcg_event_wake+0x230/0x230 [ 363.501203][T12967] ? do_raw_spin_unlock+0x57/0x270 [ 363.503307][T12977] overlayfs: './file0' not a directory [ 363.506327][T12967] ? _raw_spin_unlock+0x2d/0x50 [ 363.506348][T12967] try_charge+0x102c/0x15c0 [ 363.506370][T12967] ? find_held_lock+0x35/0x130 [ 363.506401][T12967] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 363.531469][T12967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 12:47:59 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c149ef6ba1765302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c65adedfb3927f4f6a4a868057892544e9bce36167e81841c37bb77ebe79f0f09d272e4b81a2ad2f21bdc6cfb6b76e4a02c279668d1c8d14fe867bf4a97a9df200435a0543a2b8755c0a4cd312311968c4db5a125cafd7eac038a8d0b1041572f964927cb8dd07481ab4a689f6522f07d03ba53a2296e119b64acd04512cf356dee3c2836db60947e03034734e273ddb3d2c4f41cca82c4586a17889721d5fdbedc4b4c4658108c05959c42a42725f7ac63ddf0a42621a06681a247bbfa0413e1278d54960fdec29b74ea87bc57b954ec2799a42cbd794dcec1e95fd03c8b50df8318929bc62031dfee2f047f4d87a6aad2868d1c23b77d8f9890af5031f55a252f6876b1b244fa0af3a3914120dd87304720dfe5d824d99c893d92b65aadd31c0c0bad545a2f8f2df27cdc5a19349dbba75275a43005eadbd9d0e6623b89a27fab7f0ceb9315f5440f4987bc5bc6c007b876a532de4f780403f84366d17f3658099be28d32b900"/425]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 363.537725][T12967] ? kasan_check_read+0x11/0x20 [ 363.542586][T12967] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 363.548237][T12967] mem_cgroup_try_charge+0x24d/0x5e0 [ 363.553544][T12967] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 363.559198][T12967] __handle_mm_fault+0x1e1f/0x3ec0 [ 363.564334][T12967] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 363.569885][T12967] ? find_held_lock+0x35/0x130 [ 363.574655][T12967] ? handle_mm_fault+0x322/0xb30 [ 363.579620][T12967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 363.585875][T12967] ? kasan_check_read+0x11/0x20 [ 363.590745][T12967] handle_mm_fault+0x43f/0xb30 [ 363.595522][T12967] __get_user_pages+0x7b6/0x1a40 [ 363.600476][T12967] ? follow_page_mask+0x19a0/0x19a0 [ 363.605684][T12967] ? __vma_adjust+0x1840/0x1840 [ 363.610553][T12967] ? lock_acquire+0x16f/0x3f0 [ 363.615234][T12967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 363.621489][T12967] populate_vma_page_range+0x20d/0x2a0 [ 363.626993][T12967] __mm_populate+0x204/0x380 [ 363.631658][T12967] ? populate_vma_page_range+0x2a0/0x2a0 [ 363.631682][T12967] __x64_sys_mlockall+0x35c/0x520 [ 363.642459][T12967] do_syscall_64+0x103/0x610 [ 363.642481][T12967] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 363.642493][T12967] RIP: 0033:0x458da9 12:47:59 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c61302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653101f753a5e9766d2b27bcb2abfc8a30c7f1910314b974c1e062e6174e4c628083193fd17043a67aea42fa54cf642a61041b1b95ea740c32c6faca45c3edd9d19d6fbf8dd52ee5f6f2a1d4811d911d1934eab2937893175f3927bc985c49297adbe99d636aaf9ccb2422a8eb3d76bafc40397ddc183a562a38e84a511d86c361ce073ac8c9e5ebc19e3b6b4525f9200000007ee32f666a29fb9adcbe773c695ccb5c877f00c02ffe8605fe04f6972874eba80b63de000000"]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 363.642507][T12967] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 363.642514][T12967] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 363.642526][T12967] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 363.642533][T12967] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 363.642541][T12967] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 363.642549][T12967] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 363.642556][T12967] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff 12:47:59 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065f26469723d2e2f66696c65302c4b6f77652387d6b5d7ac44c65be3f3726469723d2e2d66696c65312c776f726b2f779b7e6d7eeb49f42456bd976512af5e21141a02524a1af2a7771e7ad4572295c3df8f78480d2a0068e4b5a74585d9a7020c0d9a7b30db16fad44b20225331e93d2684485fd064e10d50b53558d1fd2ee8d04892961b2674862242ad98ede55f9e7d7fbcf871f4e34e64ffae0000d7680e36c082ef6722a7b0a2af5f02065286aba1409566b44b2c6938a3f38eca2d972dbe484d3a78c33ae82f8176d1fdb979041269d4fd01d67b0b7b0d7c918ee06c3372a39a36f90851ceb4b1aa6d6d3c49b7a122f5ed9e883eea6b0a3ffac892d36621e99254971dc2a0b4986436e6d79105f576845391b7848e32094768e0a8088ec8a0a362a92b7b08f36e6b9cd75e190b21ab1e1d51"]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 363.668561][T12967] memory: usage 307200kB, limit 307200kB, failcnt 1980 [ 363.668575][T12967] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 363.668584][T12967] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 363.668591][T12967] Memory cgroup stats for /syz2: cache:0KB rss:297628KB rss_huge:235520KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:170996KB active_anon:13468KB inactive_file:0KB active_file:0KB unevictable:113240KB [ 363.668668][T12967] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=11997,uid=0 [ 363.668774][T12967] Memory cgroup out of memory: Killed process 11997 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 363.675897][ T1043] oom_reaper: reaped process 11997 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 363.731033][T12984] overlayfs: unrecognized mount option "'–hÑÈÑOèg¿J—©ß 5 T:+‡UÀ¤Í1#–ŒMµ¡%Êý~¬Š AW/–I'ËÐt«JhŸe"ð}ºS¢)n›d¬ÐEÏ5mî<(6Û`”~G4âsݳÒÄôÊ‚ÄXjˆ—!Õý¾ÜKLFXŒ•œB¤'%÷¬cÝð¤&! f¢G»úá'T–Þ›tꇼW¹Tì'™¤" or missing value [ 363.735371][T12984] overlayfs: unrecognized mount option "'–hÑÈÑOèg¿J—©ß 5 T:+‡UÀ¤Í1#–ŒMµ¡%Êý~¬Š AW/–I'ËÐt«JhŸe"ð}ºS¢)n›d¬ÐEÏ5mî<(6Û`”~G4âsݳÒÄôÊ‚ÄXjˆ—!Õý¾ÜKLFXŒ•œB¤'%÷¬cÝð¤&! f¢G»úá'T–Þ›tꇼW¹Tì'™¤" or missing value [ 363.826041][T12989] overlayfs: failed to resolve './fila0': -2 [ 363.860764][T12989] overlayfs: failed to resolve './fila0': -2 [ 363.954942][T12993] overlayfs: unrecognized mount option "uppeòdir=./file0" or missing value [ 363.971781][T12994] overlayfs: unrecognized mount option "uppeòdir=./file0" or missing value [ 364.223543][T12967] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 364.239913][T12967] CPU: 0 PID: 12967 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 364.247929][T12967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 364.257992][T12967] Call Trace: [ 364.261296][T12967] dump_stack+0x172/0x1f0 [ 364.265642][T12967] dump_header+0x10f/0xb6c [ 364.270082][T12967] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 364.275916][T12967] ? ___ratelimit+0x60/0x595 [ 364.280519][T12967] ? do_raw_spin_unlock+0x57/0x270 [ 364.285658][T12967] oom_kill_process.cold+0x10/0x15 [ 364.285677][T12967] out_of_memory+0x79a/0x1280 [ 364.285692][T12967] ? lock_downgrade+0x880/0x880 [ 364.285706][T12967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 364.285721][T12967] ? oom_killer_disable+0x280/0x280 [ 364.285732][T12967] ? find_held_lock+0x35/0x130 [ 364.285754][T12967] mem_cgroup_out_of_memory+0x1ca/0x230 [ 364.285767][T12967] ? memcg_event_wake+0x230/0x230 [ 364.285789][T12967] ? do_raw_spin_unlock+0x57/0x270 [ 364.332221][T12967] ? _raw_spin_unlock+0x2d/0x50 [ 364.337080][T12967] try_charge+0x102c/0x15c0 [ 364.341570][T12967] ? find_held_lock+0x35/0x130 [ 364.346325][T12967] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 364.351860][T12967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 364.358111][T12967] ? kasan_check_read+0x11/0x20 [ 364.362974][T12967] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 364.368516][T12967] mem_cgroup_try_charge+0x24d/0x5e0 [ 364.373821][T12967] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 364.379444][T12967] wp_page_copy+0x408/0x1740 [ 364.384028][T12967] ? find_held_lock+0x35/0x130 [ 364.388800][T12967] ? pmd_pfn+0x1d0/0x1d0 [ 364.393055][T12967] ? lock_downgrade+0x880/0x880 [ 364.397911][T12967] ? swp_swapcount+0x540/0x540 [ 364.402683][T12967] ? kasan_check_read+0x11/0x20 [ 364.407533][T12967] ? do_raw_spin_unlock+0x57/0x270 [ 364.412650][T12967] do_wp_page+0x48e/0x1500 [ 364.417103][T12967] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 364.422521][T12967] __handle_mm_fault+0x22e8/0x3ec0 [ 364.427686][T12967] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 364.433242][T12967] ? find_held_lock+0x35/0x130 [ 364.437997][T12967] ? handle_mm_fault+0x322/0xb30 [ 364.442932][T12967] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 364.449188][T12967] ? kasan_check_read+0x11/0x20 [ 364.454070][T12967] handle_mm_fault+0x43f/0xb30 [ 364.458850][T12967] __get_user_pages+0x7b6/0x1a40 [ 364.463790][T12967] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 364.469284][T12967] ? follow_page_mask+0x19a0/0x19a0 [ 364.474510][T12967] ? retint_kernel+0x2d/0x2d [ 364.479131][T12967] populate_vma_page_range+0x20d/0x2a0 [ 364.484598][T12967] __mm_populate+0x204/0x380 [ 364.489205][T12967] ? populate_vma_page_range+0x2a0/0x2a0 [ 364.494856][T12967] __x64_sys_mlockall+0x35c/0x520 [ 364.499877][T12967] do_syscall_64+0x103/0x610 [ 364.504467][T12967] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 364.510457][T12967] RIP: 0033:0x458da9 [ 364.514358][T12967] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 364.533964][T12967] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 364.542393][T12967] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 364.550369][T12967] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 364.558353][T12967] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 364.566347][T12967] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 364.574339][T12967] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 364.588227][T12967] memory: usage 307200kB, limit 307200kB, failcnt 2018 [ 364.595182][T12967] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 364.595193][T12967] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 364.595200][T12967] Memory cgroup stats for /syz2: cache:0KB rss:297576KB rss_huge:235520KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:163540KB active_anon:13452KB inactive_file:0KB active_file:0KB unevictable:120636KB [ 364.615351][T12967] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12966,uid=0 [ 364.652111][T12967] Memory cgroup out of memory: Killed process 12966 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 364.723726][T12961] device nr0 entered promiscuous mode 12:48:00 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000240)='/dev/dsp#\x00', 0xfff, 0x141800) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/btrfs-control\x00', 0x80000, 0x0) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f00000002c0)={0x2, r1}) r2 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x600000) r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000100)='fou\x00') sendmsg$FOU_CMD_GET(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x15}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="46000002", @ANYRES16=r3, @ANYBLOB="00042dbd7000fbdbdf25030000000800040000000000080002000a00000008000100f000000000080001004e2400"/62], 0x44}, 0x1, 0x0, 0x0, 0x4040000}, 0x20000000) mlockall(0x3) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000300), &(0x7f0000000340)=0x4) 12:48:00 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000000)) 12:48:00 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x400, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) 12:48:00 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0xfdfdffff}) 12:48:00 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{0x0}], 0x1) [ 364.909603][T13011] device nr0 entered promiscuous mode [ 364.961824][T13015] overlayfs: './file0' not a directory [ 365.058958][T13014] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 365.096750][T13014] CPU: 1 PID: 13014 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 365.104775][T13014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 365.114852][T13014] Call Trace: [ 365.118155][T13014] dump_stack+0x172/0x1f0 [ 365.122500][T13014] dump_header+0x10f/0xb6c [ 365.126929][T13014] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 365.132751][T13014] ? ___ratelimit+0x60/0x595 [ 365.137342][T13014] ? do_raw_spin_unlock+0x57/0x270 [ 365.142465][T13014] oom_kill_process.cold+0x10/0x15 [ 365.147590][T13014] out_of_memory+0x79a/0x1280 [ 365.152286][T13014] ? lock_downgrade+0x880/0x880 [ 365.157156][T13014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 365.163502][T13014] ? oom_killer_disable+0x280/0x280 [ 365.168706][T13014] ? find_held_lock+0x35/0x130 [ 365.173486][T13014] mem_cgroup_out_of_memory+0x1ca/0x230 [ 365.179043][T13014] ? memcg_event_wake+0x230/0x230 [ 365.184083][T13014] ? do_raw_spin_unlock+0x57/0x270 [ 365.189463][T13014] ? _raw_spin_unlock+0x2d/0x50 [ 365.194330][T13014] try_charge+0x102c/0x15c0 [ 365.199022][T13014] ? find_held_lock+0x35/0x130 [ 365.203784][T13014] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 365.209332][T13014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 365.215709][T13014] ? kasan_check_read+0x11/0x20 [ 365.220570][T13014] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 365.226111][T13014] mem_cgroup_try_charge+0x24d/0x5e0 [ 365.231423][T13014] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 365.237050][T13014] __handle_mm_fault+0x1e1f/0x3ec0 [ 365.242153][T13014] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 365.247687][T13014] ? find_held_lock+0x35/0x130 [ 365.252441][T13014] ? handle_mm_fault+0x322/0xb30 [ 365.257385][T13014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 365.263622][T13014] ? kasan_check_read+0x11/0x20 [ 365.268466][T13014] handle_mm_fault+0x43f/0xb30 [ 365.273219][T13014] __get_user_pages+0x7b6/0x1a40 [ 365.278164][T13014] ? follow_page_mask+0x19a0/0x19a0 [ 365.283346][T13014] ? __vma_adjust+0x1840/0x1840 [ 365.288192][T13014] ? lock_acquire+0x16f/0x3f0 [ 365.292857][T13014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 365.299093][T13014] populate_vma_page_range+0x20d/0x2a0 [ 365.304554][T13014] __mm_populate+0x204/0x380 [ 365.309136][T13014] ? populate_vma_page_range+0x2a0/0x2a0 [ 365.314758][T13014] __x64_sys_mlockall+0x35c/0x520 [ 365.319770][T13014] do_syscall_64+0x103/0x610 [ 365.324349][T13014] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 365.330308][T13014] RIP: 0033:0x458da9 [ 365.334206][T13014] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 365.353833][T13014] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 365.362236][T13014] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 365.370211][T13014] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 365.378198][T13014] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 365.386157][T13014] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 365.394123][T13014] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 365.411678][T13014] memory: usage 307200kB, limit 307200kB, failcnt 2031 [ 365.419348][T13014] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 365.427315][T13014] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 365.434320][T13014] Memory cgroup stats for /syz2: cache:0KB rss:297496KB rss_huge:235520KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:170996KB active_anon:13468KB inactive_file:4KB active_file:0KB unevictable:113236KB 12:48:01 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0xfffffdfd}) 12:48:01 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="75707065726469723d2e2f66690965302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c653145ea002bd29f53caeecd"]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:01 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') openat$smack_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) 12:48:01 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x0, 0x0) write$rfkill(r0, &(0x7f0000000000)={0x0, 0x1}, 0xfffffffffffffffd) [ 365.482365][T13014] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12153,uid=0 [ 365.498453][T13014] Memory cgroup out of memory: Killed process 12153 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB 12:48:01 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{0x0}], 0x1) [ 365.560272][T13024] overlayfs: failed to resolve './fi e0': -2 [ 365.596098][ T1043] oom_reaper: reaped process 12153 (syz-executor.2), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 365.619848][T13024] overlayfs: failed to resolve './fi e0': -2 [ 365.655718][T13035] device nr0 entered promiscuous mode 12:48:01 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0xfffffffffffffffc) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r0, 0x0, 0x486, &(0x7f0000000100), &(0x7f0000000140)=0xc) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000040)) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:01 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x100000000000000}) [ 365.671356][T13031] device nr0 entered promiscuous mode [ 365.736864][T13039] overlayfs: failed to resolve './file1': -2 [ 365.771033][T13042] overlayfs: failed to resolve './file1': -2 [ 366.136804][T13014] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 366.148267][T13014] CPU: 0 PID: 13014 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 366.156268][T13014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 366.166333][T13014] Call Trace: [ 366.169642][T13014] dump_stack+0x172/0x1f0 [ 366.173989][T13014] dump_header+0x10f/0xb6c [ 366.178421][T13014] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 366.184243][T13014] ? ___ratelimit+0x60/0x595 [ 366.188856][T13014] ? do_raw_spin_unlock+0x57/0x270 [ 366.193985][T13014] oom_kill_process.cold+0x10/0x15 [ 366.199126][T13014] out_of_memory+0x79a/0x1280 [ 366.203825][T13014] ? lock_downgrade+0x880/0x880 [ 366.208687][T13014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 366.214941][T13014] ? oom_killer_disable+0x280/0x280 [ 366.220145][T13014] ? find_held_lock+0x35/0x130 [ 366.224924][T13014] mem_cgroup_out_of_memory+0x1ca/0x230 [ 366.230482][T13014] ? memcg_event_wake+0x230/0x230 [ 366.235532][T13014] ? do_raw_spin_unlock+0x57/0x270 [ 366.240650][T13014] ? _raw_spin_unlock+0x2d/0x50 [ 366.245510][T13014] try_charge+0x102c/0x15c0 [ 366.250020][T13014] ? find_held_lock+0x35/0x130 [ 366.254800][T13014] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 366.260369][T13014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 366.266629][T13014] ? kasan_check_read+0x11/0x20 [ 366.271510][T13014] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 366.277168][T13014] mem_cgroup_try_charge+0x24d/0x5e0 [ 366.282500][T13014] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 366.288158][T13014] wp_page_copy+0x408/0x1740 [ 366.292758][T13014] ? find_held_lock+0x35/0x130 [ 366.297535][T13014] ? pmd_pfn+0x1d0/0x1d0 [ 366.301787][T13014] ? lock_downgrade+0x880/0x880 [ 366.306679][T13014] ? swp_swapcount+0x540/0x540 [ 366.311455][T13014] ? kasan_check_read+0x11/0x20 [ 366.316321][T13014] ? do_raw_spin_unlock+0x57/0x270 [ 366.321448][T13014] do_wp_page+0x48e/0x1500 [ 366.325888][T13014] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 366.331291][T13014] __handle_mm_fault+0x22e8/0x3ec0 [ 366.336423][T13014] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 366.341983][T13014] ? find_held_lock+0x35/0x130 [ 366.346764][T13014] ? handle_mm_fault+0x322/0xb30 [ 366.351725][T13014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 366.357998][T13014] ? kasan_check_read+0x11/0x20 [ 366.362867][T13014] handle_mm_fault+0x43f/0xb30 [ 366.367657][T13014] __get_user_pages+0x7b6/0x1a40 [ 366.372618][T13014] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 366.378112][T13014] ? follow_page_mask+0x19a0/0x19a0 [ 366.383334][T13014] ? lock_acquire+0x16f/0x3f0 [ 366.388015][T13014] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 366.394272][T13014] populate_vma_page_range+0x20d/0x2a0 [ 366.399749][T13014] __mm_populate+0x204/0x380 [ 366.404378][T13014] ? populate_vma_page_range+0x2a0/0x2a0 [ 366.410028][T13014] ? ns_capable_common+0x7f/0x100 [ 366.415075][T13014] __x64_sys_mlockall+0x35c/0x520 [ 366.420116][T13014] do_syscall_64+0x103/0x610 [ 366.424735][T13014] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 366.430637][T13014] RIP: 0033:0x458da9 [ 366.434539][T13014] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 366.454151][T13014] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 366.462571][T13014] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 366.470553][T13014] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 366.478540][T13014] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 366.486525][T13014] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 366.494523][T13014] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 366.513847][T13014] memory: usage 307200kB, limit 307200kB, failcnt 2089 [ 366.522012][T13014] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 366.535925][T13014] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 366.549285][T13014] Memory cgroup stats for /syz2: cache:0KB rss:297396KB rss_huge:235520KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:157392KB active_anon:13456KB inactive_file:0KB active_file:0KB unevictable:126780KB [ 366.571671][T13014] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13012,uid=0 [ 366.587592][T13014] Memory cgroup out of memory: Killed process 13012 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 366.601923][ T1043] oom_reaper: reaped process 13012 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB [ 366.617745][T13031] device nr0 entered promiscuous mode 12:48:02 executing program 2: mlockall(0x202) clone(0x7fffffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x8001, 0x80) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, &(0x7f00000000c0)="22a049dea3ceecbc51f25a80f58f095ffed85ef64076015daed2c800fb8dc60d00888e52bb198f7e9ab145730d521c12a97c40717d108e5a963332d68e6699a5051676c840d37b697e311c478620787cec67d8893cfdc4ebbd6df5", &(0x7f0000000140)=""/77}, 0x18) mlockall(0x3) 12:48:02 executing program 4: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dlm-monitor\x00', 0x8100, 0x0) r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x4000000000006, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x3, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000, 0x5, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x8}, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, r0, 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xb, 0x40, 0x0, 0xa37, 0x1}, 0x2c) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/btrfs-control\x00', 0x2000, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x7fff, 0x0) ioctl$VHOST_SET_VRING_ERR(r2, 0x4008af22, &(0x7f00000001c0)={0x0, r3}) ioctl$SG_GET_TIMEOUT(r1, 0x2202, 0x0) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vcs\x00', 0x2000000000000100, 0x0) write$rfkill(r4, &(0x7f0000000080), 0x8) faccessat(r4, &(0x7f0000000040)='./file0\x00', 0x80, 0x800) connect$pptp(r4, &(0x7f0000000240)={0x18, 0x2, {0x2, @broadcast}}, 0x1e) 12:48:02 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = getuid() mount$9p_rdma(&(0x7f0000000000)='127.0.0.1\x00', &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)='9p\x00', 0x820000, &(0x7f0000000100)={'trans=rdma,', {'port', 0x3d, 0x4e23}, 0x2c, {[{@sq={'sq'}}, {@timeout={'timeout', 0x3d, 0x2}}, {@timeout={'timeout', 0x3d, 0x81}}], [{@uid_lt={'uid<', r0}}, {@subj_role={'subj_role', 0x3d, 'overlay\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0x8}}]}}) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:02 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x1e00000000000000}) 12:48:02 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{0x0}], 0x1) 12:48:02 executing program 4: r0 = syz_open_dev$cec(&(0x7f00000000c0)='/dev/cec#\x00', 0x3, 0x2) write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000100)={0x28, 0x2, 0x0, {0x2, 0x7, 0x101}}, 0x28) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000240)=0x0) r2 = perf_event_open(&(0x7f00000001c0)={0x0, 0x70, 0x14, 0xffff, 0x1ff, 0x7, 0x0, 0x1, 0x200, 0x1, 0x1, 0x6, 0x2, 0x24f6, 0x5e6d, 0x5, 0x800, 0x0, 0x3, 0x6, 0x5, 0x830, 0x3, 0x5091, 0x400, 0x5, 0x80000000, 0x2, 0x3, 0x4, 0x7, 0x8, 0x7fff, 0x0, 0xffffffff, 0x4, 0x5, 0x9, 0x0, 0x8, 0x4, @perf_config_ext={0x80000001, 0x3}, 0x0, 0x48, 0xda, 0x3, 0x1f, 0x5, 0x3}, r1, 0x9, 0xffffffffffffffff, 0x1) getsockopt$IP_VS_SO_GET_DAEMON(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000000), &(0x7f0000000040)=0x30) write$rfkill(0xffffffffffffffff, &(0x7f0000000080), 0x8) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x9, 0x80, 0x4, 0x0, 0x5, 0x80000, 0x9, 0x94f, 0x7a, 0x20, 0x100, 0x1d, 0xfff, 0x6, 0x1, 0x7, 0x4, 0x1, 0x4, 0x7, 0x4, 0x7fff, 0x81, 0x80, 0x7, 0x5, 0xfff, 0x4, 0x5, 0x5, 0xbb0e, 0x48, 0xb47, 0x62, 0x7f, 0x0, 0x5, 0x0, @perf_bp={&(0x7f0000000280), 0x5}, 0x10000, 0x3f, 0x738, 0xb, 0x3ff, 0xb24, 0x4}, r1, 0xf, r2, 0xb) [ 366.802220][T13056] overlayfs: './file0' not a directory 12:48:02 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f05696c65312c776f726b6469723d2e2f66696c6531f453fdd362b9b4b8139332d2075a6e31280eeb42"]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 367.024677][T13061] device nr0 entered promiscuous mode [ 367.186965][T13172] overlayfs: failed to resolve './file1ôSýÓb¹´¸“2ÒZn1(ëB': -2 [ 367.199970][T13172] overlayfs: failed to resolve './file1ôSýÓb¹´¸“2ÒZn1(ëB': -2 [ 367.395082][T13060] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 367.405980][T13060] CPU: 0 PID: 13060 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 367.413982][T13060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 367.424025][T13060] Call Trace: [ 367.427308][T13060] dump_stack+0x172/0x1f0 [ 367.431626][T13060] dump_header+0x10f/0xb6c [ 367.436033][T13060] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 367.441835][T13060] ? ___ratelimit+0x60/0x595 [ 367.446409][T13060] ? do_raw_spin_unlock+0x57/0x270 [ 367.451508][T13060] oom_kill_process.cold+0x10/0x15 [ 367.456677][T13060] out_of_memory+0x79a/0x1280 [ 367.461346][T13060] ? lock_downgrade+0x880/0x880 [ 367.466201][T13060] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 367.472443][T13060] ? oom_killer_disable+0x280/0x280 [ 367.477635][T13060] ? find_held_lock+0x35/0x130 [ 367.482407][T13060] mem_cgroup_out_of_memory+0x1ca/0x230 [ 367.487974][T13060] ? memcg_event_wake+0x230/0x230 [ 367.492992][T13060] ? do_raw_spin_unlock+0x57/0x270 [ 367.498097][T13060] ? _raw_spin_unlock+0x2d/0x50 [ 367.502979][T13060] try_charge+0x102c/0x15c0 [ 367.507469][T13060] ? find_held_lock+0x35/0x130 [ 367.512219][T13060] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 367.517783][T13060] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 367.524018][T13060] ? kasan_check_read+0x11/0x20 [ 367.528857][T13060] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 367.534385][T13060] mem_cgroup_try_charge+0x24d/0x5e0 [ 367.539654][T13060] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 367.545288][T13060] __handle_mm_fault+0x1e1f/0x3ec0 [ 367.550404][T13060] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 367.555933][T13060] ? find_held_lock+0x35/0x130 [ 367.560682][T13060] ? handle_mm_fault+0x322/0xb30 [ 367.565609][T13060] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 367.571853][T13060] ? kasan_check_read+0x11/0x20 [ 367.576698][T13060] handle_mm_fault+0x43f/0xb30 [ 367.581479][T13060] __get_user_pages+0x7b6/0x1a40 [ 367.586406][T13060] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 367.591900][T13060] ? follow_page_mask+0x19a0/0x19a0 [ 367.597134][T13060] ? retint_kernel+0x2d/0x2d [ 367.601717][T13060] populate_vma_page_range+0x20d/0x2a0 [ 367.607174][T13060] __mm_populate+0x204/0x380 [ 367.611784][T13060] ? populate_vma_page_range+0x2a0/0x2a0 [ 367.617424][T13060] __x64_sys_mlockall+0x35c/0x520 [ 367.622448][T13060] do_syscall_64+0x103/0x610 [ 367.627072][T13060] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 367.632956][T13060] RIP: 0033:0x458da9 [ 367.636849][T13060] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 367.669246][T13060] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 367.677654][T13060] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 367.685614][T13060] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 367.693577][T13060] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 12:48:03 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x420000, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) ioctl$sock_SIOCSIFBR(r2, 0x8941, &(0x7f0000000140)=@get={0x1, &(0x7f0000000040)=""/199, 0x7}) 12:48:03 executing program 4: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) getsockopt$EBT_SO_GET_INFO(r1, 0x0, 0x80, &(0x7f0000000000)={'filter\x00'}, &(0x7f00000000c0)=0x78) bind$inet(r1, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000c80)={'batadv0\x00', 0x0}) sendmmsg(r1, &(0x7f0000002740)=[{{&(0x7f00000001c0)=@l2={0x1f, 0x7968, {0x5, 0x8f, 0x9, 0x3, 0x800, 0x80d1}, 0x6, 0xfffffffffffffff8}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000240)="12a8556fc6457cf41bf3db631a45a3bb5e9d", 0x12}, {&(0x7f0000000280)="367acf69c17699a0288fec6e08feddd75922f2d572782a5243009a8d85118620d5c97e589c998f5087001d93a4ccc9499a131be749", 0x35}, {&(0x7f0000000300)="75891ac3c5d5601e511f7a3c9a0ae80c811f3b388e39f91f4cdbd1c41bef9e87156f940d901c8ed45c715f2d43138799200220cec38b2b5617ae70162bbec21fc071a82ed8cc6f18798ce0c95d7643864323685d0202e3cfe9f2cf1b2fa402751838335c5ac3fcd22d07da559c0dbc376fee8fd414a38a18f6c5325f2cfd9afb35f19b7e92d698d79a7fdb21691a2636757f81cbc475f01189ac555bc52b62c4322aa7f6a5d1458167816fbbe33ec70383f01037a0ac7e1c0ccab57c292b6631fa908a28ce91ad94634d1d2aa9cc6db5a5", 0xd1}], 0x3}}, {{&(0x7f0000000440)=@alg={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw-camellia-asm\x00'}, 0x80, &(0x7f0000000780)=[{&(0x7f00000004c0)="ee1b0ba9635cb93fb3bbc3ba6ce362568268650180946478b83ec5dbc3ae82a1e4d0fd1538949b61dbd9439afd518c7e74f6cd98de3da4f54667e4a16e176fbe16a491a3d2ba6107506e3d29eaf88f5f870692001e4d40c3824b3cb91611ee2ac5f9f39a935860fd1a6f9e7969f1905c374111357571d00b9310ba385c62c47be5609151c749b6092d5005e5a1925608d8d66c578d5c0c1cba94cd5c229c6eecae4bef1454145668a9536fdbc4fdb138767235da8c23a5d72c6ce6f1b202b329735060c549ee36892cefc72b12bad60a6fc4ed5731ad5dd23d25900040881c9226849d2f68c3503b3e1c12", 0xeb}, {&(0x7f00000005c0)="b281fdc16f18b95b0a22fe97c12fe4e826c495c0bbe7876b3eb8f2e23ac7f397b7daa854ed1755c81dcfa0a6cc9e87334b3c88ea91dabd75a5d619d428c99955b1f0b4f7795285feda1856f6cd1ffe17972f3ad393fdd914741fc5af285b3a0f40feaa84ad9081aa1384f925e0b5543d3c90f9158ca4863f230a41dbe8d5496799ef47589ec064dcf2741802b8b54d3b671976fb06e69693c3f086cfaac42068e3e4b71defcb4be69591daf26bf58428a8c69de56788e661b9", 0xb9}, {&(0x7f0000000680)="d7e0e3bbbd700d7d0f7a40aa2c04d9c07e2d9de4bd23e1a54b0249a59c31b8f5ca5c353946d691d15363a919d72858481f6b2d88d30f3dcb1eb15404db64ad92c29dbd77f80a21fa9940ba80ba166d9e490fcb69eea41d7b5345b191f58afd1f01db551a5da546608530d799f5ea0d4ea76529b8c9e2819efabe5dd6309f3e5c890a668ab63c4cbf8a3d58d9826f8c96fd532fca4f427bdcc60aff1962283580a09a8cb3bd37b65855880d38b0df5d2942fde4b0fb2e1ab62d10ec3be9c73fbde04c99b694bef85f160c38ebb8db4907b6ac83cb087dbf446dd655003ece4e5c9cb607dabadc0f", 0xe7}], 0x3, &(0x7f00000007c0)=[{0xa0, 0x195, 0x7, "48c1c185acede500171b56ed14882fcd30e686d627253bc8b8a1eef2d2e5826a0017a2d2a1a746737839e81e2e40f564f3dac1731ab13041722d26befab42b3723231bac5f2205785e2dc0fe8490abe6a923ab0d602095f87aefe43a2b64a656100fed5510e96369dc7a0d0d7da265175356e069566821f6e311b4de0944d1f6a726ce1f0d2221d9d4"}, {0x108, 0x112, 0x5, "2c6cbaa96dc5cf5cc993821ddcc1e9eff201a915c18c9ec66b0ce14c4d03ebf48066093b61bff7af8482b27852f7723fddf34cf1a3c197f035959b8aa38208cd83d90a0b8a6d0c5b6780e4f31ca88939d482dec2d1af71d0500135bcbc753996f2d52f1894c41c7b9ace9e0af5afa3406cf9995b4eb97fc6ab281c8ed17e36d9436c9830e70be1cd709329a4824559d56cc5f9326616b18eea568bc12cdb08c17c7fc515bf482c2e87248647b6f06bda7154360a37ffec374e8fa2de6c4926ee6e0142f1fdf8e353b2e9a64a2e914e32090dc7de9c7dd05bd2a0f79c7123658b50978114c223e80918f2caa0840a6255a08606872117"}, {0x60, 0x10b, 0x9, "0bcfe8f7367a69f940a842f3100004c5204b30471e5700876c1a418c8d3ed75a2aa973bbbf8260d5ae92d5fb8669c85731a6115b933981c1d3059fe058bfb37da21776e836fef169fd19"}], 0x208}, 0x5}, {{&(0x7f0000000a00)=@l2={0x1f, 0x7, {0x2, 0x58, 0x3, 0x7d6c, 0x2, 0x4}, 0x4, 0x9}, 0x80, &(0x7f0000000bc0)=[{&(0x7f0000000a80)="2b4ea5aa78", 0x5}, {&(0x7f0000000ac0)="7dab5c234ba987ac47c57e555f70a4eb2d662727e89de15c660e587dd57b6ecd5e12b65e09817049df167cbd93631ce5e23561de6257fa8450feacde4061a2700513deb69c68b50be8731bef28f114133a41c671d6175e77d409313202a7541ebf4da4857906713b075ef13fc8883b5cd1284632c00577e524c9ba3736c99345e8fd40a25016f9c665b82e0afcafd997b93e2cd39ff6aa28712eab50dd17d1ef6ca645a532e34fe74880b95c1f295edae3bb0f77619dbc1f379afd7a7d8a1d9275b10fe3b24e66d94cc125990a10d36b241e1aaf97247b38a833e504776e1943c0aa450f13e22acb26c93bc3c6daee2e18d2e2679e7b238ebba99f", 0xfb}], 0x2, &(0x7f0000000c00)=[{0x60, 0x10e, 0x924e, "395068311246e6c7cdb2552f21d089e0cd7c0053ae4b1a4491261b30e9ec1a4e84ec3f1d5f47721b7eba073cb54595525880977fb0d46bd312fa3bf04997072df9e1691b2e306d871a9f8e4e54"}], 0x60}}, {{&(0x7f0000000cc0)=@can={0x1d, r2}, 0x80, &(0x7f0000001ec0)=[{&(0x7f0000000d40)="0f32b7862306ff11b469e3f5ae8ee9b07151567800c46f36b5ca93789f1f0e9a3de83567fa1f07f5932c49a3e577013045dc317ef58aed5ae72dc20c9de1175649da37df02ce1f431168f2d586b0fb6b0012bfbea0849b954c5cd963d6efba559972a834b85b14740a141366122ab09be99c83d97b045b77f6855e0236d24eea3d55759985fa4526af9cc0edcd68d067d35434cd0532811ad918ca89191286914bd5a45a07d1953ea34d811e71c4f3094a7980892a7ad3c7c493c245e46c5b20c5eeaddeee3a6ab531b23f38b0bfabb4bafe9c48ed9de367bd369fcd3caa2c2118268a96f310c0a5f55e1477527b170ec6e654ccaa6cbc7b1f0049abf55307d578d8423c17d8de08e6b6f5be74e1e7229eef493444b76a1bf6979e45d411e5e434c1500357402611a6bbde722e3c88c3a5255c505622111c08cd6d1015bb8f60a819e663b1f8314278a67a679117e888925038281fca565a9fe391390746b5725024db79f5d74e2fda345a19062706b31bfe2ad73eb50bed0cc4533f3ab1215ac35aca2f29581b2d67622ca4a869b69ed285d52ef5a423a4009258d0642e058d860bee314783bd9ead4fcada6ccb61ed6b9797c9f312e269a9c76c9cce08e86f42f3ac668ea2e9ec0a853d0754f74f86ecebb7e9a1b51458e34984219f4e3bce4276a83b9087b5292ca76f5a951a785faefb45242d4049100d26715b5e1a49c963f60724558a3a397b72ae94c63ae42ef1a8c22e57665ccb4704163d318f60a22adaa48ec99610eab3764772b1a724e01f250ae80b843a077bc2ea0ee0b6562751f379689c2d56e4ff8d9ad87b09d701958cb3e9c64b11892580bc53cd436cf7bb4ad75c2f1edc0ac383d840c7f1f727c4a79ddc3e640d04f96dadfa3914c1439c506624f646aa9e1a566738b73ce26637f5d9c0b916b2035a2a6eca86bfc0ff790964d7fc15e7350df368df80609a059f45c98fb6e31809fb86b3a0c92620fa5f13cb50250787ec7ebd2e7ec67ea4d20bc6cc286ae919df71698874daa2e28cdb62853de3e7dbc4f5a43651896fb50e227743ae6e12a28e41f730896c1babc33552554df6c27fed5d8f45e21f52239442e480329e2851fecc3db89301215ba91d9f87b168c11b8e7d863cc7fddd441aa1c623922cadfdcd215344841dddc83c06a9bcfef8cb2a30668f393c8af7c41d0da5bf23d558a876e44838902b83df50d9d7c8cbc1a553f7401a3f3035b5660be7057e1b149a3ad3a162c9ad51acd52ce814aaf41c6476b4c0d7e0db36c1d86668f8a1bd470863b36b88667df4469d8a801d588bb8ea592aaad591ffe26e485250b23284a2536f87189e2c702636d3eb297bbebf670512f23e56a0b9c8cfda3cf889eb0a0630f593b0d1fd6930e8d9682dd6f6f680861681419e0d30de9041b411b1917be1078cdc564e749b808efd3c1911a98b312cb14fde0bd19d55cd09175bcd1c495fd92c28b5ca2b13eb08c16687ef4a0ed487155c840a450c8a50a74895d58828667d1affd701a8dc1638ab87904902b319e1d62a7591add99e953d77384ccee93f42db3756d8eb9856d3c0281415ca15ae0f9224e893ddfecb10b2d0f89c0620311e709bfc565871c0965890e58c9348b22484ee49e9d57a55768df452f3fcb579576cf276aae6c0928de82959e1613dea9eec62400660e186cc47321734071fd6c9747eab66285f434f66049d270e62a37f5d330bf1def3611e5d9792c657fd2375090c60eb51dacd8912778d5faee250b1cf0fe9180ab4a5134f105d0797af0d328a71abb06893ef9e8fbabe76898e90c93c99d0bf2df5fb1b949c81e2a05f6e4a35add691ac9ac476c7682a261e4250e6c6aae6e448f2928fdbcc2c5417b5f8ee6786c50c7f1faf6ddd83aa1a126b1041410fa40d53314ccb47cdffd4f871c6bb701721a51a1af5495973c98d99c5acbe2f39c69bbb0aea7a67030c9448693e000e5e61a026de2026bacf6f7f4d6ee24dacee22381e554e04b0f957081ec0f6aff2a6418e6df2581eb2949e0ef1f480a387d382b0e770b857abf6cf190536969314d1ab79978c64651c2109e000c8c42ac1b599eb975d15aa5a4d091c4323fcdd52ff95d59e2fa0364a46ab3dbb74619a29c9e441c7889ba6f07a6f2e1cf5eab4643a974f95fffb439dd02eb6924f9a665d34463db04b0138f1e06cf1fa2ce100515437fc2f532cce06bd1840a10864813d7404764a74699eb2c0f216302473467a777be34d79da6bf708a3224b973b0f6fa925d33c5db0f022ee343b96f4739c1e985d19a8d4c0490861dea85f2a9d780b4f23f2426fe7fe61b441e6d6f99ed8e7e503f1afa613ace1eff257a31cf1535c9269a7adb02fc86e4fa5f8a8b3ecfc4c84f0ca14348efa8c41435abc38a2ccd96837ef670b889595eae06cf830375cdbdeab6d483e44797fbf0c9a2eb44628b7fd648878629d163515bd100031e735c5bd0cf15c57f36d3b3fd99d64f54880cc9ce96b4ff3a52e2b9d39a8f334cbce8c9f74ca01591684cf495cd06b0693d617a541f8311ccb4275b50435d569190fe5089b6e9cf39a683c8e077a539eab3f335d4615f090718a659984703dc57d6e8d9d60555018fe7c153f1fa0f881d54256638f8597f38c297c550f3ad258cac6801b598e662cfb40abe165bdc926beaf35ee578b0ea3ef54e689437f08ce74d325e1e0d08c06e6af678bdb5f2827e06482cdca4ce44235ee790d440a0c9b0b58da229ee8c65d1e0c4b186ab863b9f52d0bf19144fc6000d6c78b163bcb83f313e4fa0d51095c55e1095f787931a4ee6695a17a667733b9ab7c8c5354036cb45487199d8a67998857e6a5950a7ee27e9423e7f62a47ab5ca4669248f85d5aa53a260d2a565da71158c2caac2b9d74d853a10e4f5c3bbab1c17b9f6362070299a8a7c31fd8859581e8647f9505fe9a94dbc47ef332ccb19ef4b646aa4a9e4f7bfe3ec932e44591c7bcd011d73fe49f60a63871de28deecbeeef6856e3b96e2363a7deeb2258492372af9aa0ca28a6dbf27fac65809d96865ec2017d25fe9aa260f046deb86de3b72f611fec9e5876d4fb1472a572b45f6a5997059a20c849c6e5adbfeb018c5bead2df71c308fa248aa7b01fff5db45774e40fa805400acd75514c5690a3a18bcaa0837a634756568fbff6208ed50c1f15bb6964a454f73d07dd64c98932a0d8bdf9a9b6fe3f671f5bf11e6f0c04b3b9661f7a78b9d3dbe6bdecb1814b20a5ed6a5e8e6a9ec043000277ea25efd9262e53da743a236a45cd4d0b3314d7c989a7f333080873a91174d2a51a50c4b973a22acb7fe228f9536e5cf5998d0705089c01fd9348fe30f40e6d0479a273481d8ebbff3590abaca73b06eed46ad3ce082f4718e385356d9422ab94de0bee6e34150d5addffedfe10ba47da42f9635f4fd73d0a17b279225fd95e95a6d4a83dc1750c5d78f956e07ab05dbdd4fa880a8444372bbd98ff99a8d59dec4bd6b84480b51e82982075703e86c0e2b965b8d5c0841b7f9215f3e1d276b868b021cf419dd081090917b263c44d93b21e043d87a57a8a1c24271a96e76533500a316e4776c427958a8df7aef927c4e993485d987a959a2ad10114301f6b398eabcaa58ae6b5eac6d74fde4b78824130b79b0af07efb8c64606bc1c68494b3b6654acb4f4cb532bb0bdd4dc3efecba2b16a4396b331c37a925d932d0e77b57af2418efab7fbe565856c7c88416ae521f755c57e9129ea4481bd0635573f4b0410fc9609779b33b6ec2e9bb65ddbdcd26110ff976b79c2393a2d7403dd7ba07f412223c802a69b6886e725723075799328249f2fc86ddf0d95e966d553a70bac144e2ed05e950231694147cb8f7cc3945cb2709009db437be2d48fa9e170a79409f2ee6467c46d2ed711f3bf28c84d7b8af8eea3d35450fe228f5b60aea9948b834b386f1d70fd41111be47d2e0ae4ad11fe532eaa3619707075d96f1c383cf750992a611ffef89a9d2e6412f0d84cc85e53c7e4716a1566e314a9734a2083237513660171f94a6f5d914b0b9039c62187fee8d6c17fabeec620a0cb4d33bedd89a22b8fd24993bb211efad1eb7a56819206f499598ea1ce4c2f5981b8419164c4555357e17767918724f4aa922b10ff355d782ea4f6ce633774682dcdab062d776d5c97d28e2679375cbd093ac34bf91712937352c2c5759c16cb35b31645c12e50582107b32dd3679fa331480315f9f2c18a0f525306916abc97210eba3611751a9954d15ab0f05ae1b470b585ed4cc49f27e362db940ea9ffa319bdbdb2a8e8d57bcabb2319288eb8fe630cb38571db2bcbe0b360e2b91aa1157f0b87e9a96b7c829b3afb1f43f377ccdc578946678dab27866960b5f2bbfd6c82395b5fd8ca7b48e0c2797ba6f75f3ae5b7235ca403b9ebe158199a0cb2ce3bba82e36ec6c49ee3604204f90496a59a905ec98158110f7bb2382bec40cb3362fcc89f12413e3c5fa205b73a0e434914110add549cdd74055a479a3eae9743415df4dd677654e2126cfaf7217e200c50a72c994eb898ba030fc99608b9d7ca89cc81ef3e3d3ba60d4a6f38284be1199e0c9f98383d17f3cfea4af1f7af916dd5fa70940825f588ca02aa8509f2bf0572f5fcea8c972275b205ce9493eb1ecee491ec55042f6fe7672a8afd431bf6cf72d38f3751dacc870444389b31ae11f48d510a185f99bf09fc2a75b6924bfa616da5fbcf1c455bdc0d8c767d7701188221ae4dff1d50597c0f8e4bd68f8d03afbd954a87d6e9d1b91e1b3512789e3553bfe98f4bafdff03b280951565aab27974c69c467917fc518cc8d965c746a797015b7c89ac1d1f13c709bb131c58a6f2f4652d4146770940520d00d1b1d1e23edbc5e318d00cab044767654910a9b3fe34fd196baffee743cb8d3eba6e6e89ec1d79ddbea76d75ac349d6595c512ad7d19c7546d870d044304066d91006747a3a9b574d31fcfc926a4bb061b2827fd38617672680933d836db76ef878e94067283340a1031804047e0d8493f40eca47dbd81f55384f1c42025ab9ed4f72e032c10525ead5f97f2a25a80bf8656e984eb426d6552011525a4a194e7d7c47fc0891827b5f31e09160f530dee6276ed1e2ccf2d7343b4be1ef81607169e0e5398ca6c87b53fc2fbfbf4d83da3f4e3a065733b6cc9c14bc8b0bbc1cdb6a340f754d3d1657f1ad10fcfc48b40789b5a067e1464c6c400f024f7d18c2d9fc66238188dcb17fae34ec32ebdce6e34a89c1157d5dd273828d3204839c25ce90ee9dbd697b9dd1b50581c38d589cfad7e4aa7d8e395236675c4288e7d6758201459d1c5d39ce64145819af0da3d2451d131f4abd8f4ba534a1ceda7197c5924b9f601ac315e30b448df6e72095d9b2661af70a4cb7d05fd9efbbb0be088ed61a9cade595d1a75a0f93758bc24f4dcaf1159a54fad0cea4bd22121073f90ff3fdf014ff0523af976b5d4606db254cc3d4876f07027b867f66ebc8020612fafe7279138ca0c75edf2c386abac957acea6fadfbdc09fe7a58b2a4d7fc46c391bb7570fd4bfbe584c0e4fcad7c9407e69291fc8009d6bae212260ef36cd809d42b8400b7b8e903f4996c5e5f5ccc8ca70db08bf326304671fc07851ebeeb0af81bf5c227f6683d4661bf326d233faba57725ea9ac554b5e46238468546dc59e533564c4e24eda3f01bd1282e34c4577126b3c7d00c4ca38ca2797cc9aeb42e74e0603b32433779ed7d33356c7e1fe70e1923553ba0fd12e77ac6437c6b24d869c5594d0396cc2455", 0x1000}, {&(0x7f0000001d40)="c7167308dee7326bc685b63146ed328064babb02b626dbf88a158f95281bd6ba1fa57bbfaa71a5806fe8851d8ad617ff9bc9739393453cbec7d63035bb27827fefcd8113978ef380445a6778e6b317", 0x4f}, {&(0x7f0000001dc0)="bd2311993ae28d2d9e0e23642dac240221efcf8921e3084c0021bbdae1f54f08c6ad55640ed9f8889b59364144079f536109e8ba53f3d19984dcda28d5b8404fde2cfe11ed96c480cdf9c1c5f93744dd0b6fe4376a2fc87e2a1e09e3767bbd78df5c870fab3460e7026b0dd6104943828e90606fe9f7b3306a3910312ad378ab4d87316e8dd74958e8fe233ad765aeb58a9b11be692150afa00aed700a6539ef1b44b69e08c112a51b9be39c80", 0xad}, {&(0x7f0000001e80)="c4c1d341aa04ca91cf", 0x9}], 0x4, &(0x7f0000001f00)=[{0x98, 0x107, 0x5, "24bf84965a464b2f725d8e48d439fa4347a4da3b5dbda494903d4152f511059a32fd6929cf630ee6bb5f4d46fa6033c9148d009494173e30aed50feab12aa165da2b0fd2f5478d0718fd0aed03afd53787fe6cb3e0873fbc98fb31e2cc7935e30e6fb0b8263827fc2a2d13712aeb7de0fb0321d99c2d0c09a6665c085a3466807261e2bc07614073"}, {0xe0, 0xff, 0x7, "7e47517469d0338aa09c2b59a8687bc363afdfeee024f8527fc6ee190c2b3d36a1e47d33e403b51c8b62bce56fa0af9c345fd37c8f8a304438f595e1f981fe799f5afa2ac0f52399bf83b606809018b8ece76caca27789799bc0bcdb89a287675b00fd1ce3058ee463a9f4298df928b734c0392be536c19c065e103fa8fddbd4c74b270fd710f9e3a0d16ea80f6b3d7bc192586e932923b3774b5b764b4ca59845e5e3ef13e07a0b93c8139f4763ca9539e3abdee4df54a3b7b4f61c1df0261c0c72fd0575ac47c31bb330c8fc39"}, {0x60, 0x11f, 0x63, "e91e692bfa86d025d3f070bec058ade8b3531030bf495c1c1cda8bbafdeafbdb79c0e7eb4796d483b7ed302db82451514b1711dca1ac7e208ed255796f264c3db1b47be51f89c0e42f2cbf00"}, {0xd8, 0x118, 0x10000, "3a84571725741d0fd9413a34790e88a835d0da0f7037068378be01cb72601ff46204d22f09a4ba2136490f42d7f6cbe2285ff068d523d0670fe9898ad368d60e6526871c74c419de21402993f145f164ff5de20f2337cc9d16f156c4d3eb86fe7585c5847eb290d7ca5f1bde86af0262d4cc183ef82eea63375ef1c134298163371bea3ecc6709bda311f49ab3949fb36bbb8d418d429424eba514e5a1a2cc4351a51ea551638769c33f8190a15884442d2f362279a99cb48de71c1bd254caeadf"}, {0xc8, 0x3a, 0x2, "c8e111c453619a4ccbb09aa4ae159c4054ecf7be3dde618bcfea3a1bbbd32788d3157d908233bedd27ce865c3ba08220bf242c9d46c1e8e05a59d271ff167ad200b7fa697453ce442abd732ece527559b39b173516eae8a8da809988a6c46ceb8c7f13c4d589c4958f72cb34fd6289b10d73f1b6e5ab0621b16f2ec43cdc924d202b6e509cba111b42137f30a9887fd0dd5ef3c5c281ef30a11b04b919c61f146af61ece1646f4991f850735b91168e317"}, {0xc8, 0x0, 0x2, "feb4097405bfc64dc132456469c5ff4de8c19096b6cbc9295aedc085ea2d5893a09d823d22c77adc31c8b1a4544a88bf77c00c96d501bb4222f9c7176e50e2ae6dd41fe80133806101b644ddcb59182219d1a3021bab4701c4bca33740eff0826491c0cc06c35d605ef4c3b38aa94eea9d6ae4b70c124ef03d05191dd9a3157f7529e3888aa089eb1eb26e6c95d851181a2b1ee7c9cee3307744c59170a9cfe5bb5e29aacc36419fe3ad0999a2d6d80738bed9f7"}, {0xf8, 0x114, 0xcb1f43d, "f2813b133d2df3937b77c9db33e0b14459c12ee14626b0039512d63e693268879d4083c9ba04566d7b6ef751c93f12530b3c918520e0dd563dc2784ac6c82829c256ef5a7825efff91d58404cbc61cd7cf1b195d8f4999b59740ab8bf1e2731101a0b1d7e05fbb6e4b52bfe3cc3c7cca6d3b982e788b4dc8b8c7262919cf07710798d6f6f1e041f1255c9ce4878edbdd58375746f3f4b48a821a7cf8b598e489228e47141045fb9564700ff3cd307dc5f9b5ac711ba8fe032b381458a94fa04e25d4a7f78da2ef48c14a474c10c58f2811dd716fa6bc5c40e89d4d7824290f1dd5e3"}], 0x538}, 0xf03}, {{0x0, 0x0, &(0x7f0000002600)=[{&(0x7f0000002440)="8a6a73c6eb2022385d218c6b2571c01222f491007fe3997af9a4f301d33f6671641d92035cd3615990d93d5faa368cb22343703b01e1fe211a78e8e11b6926a69756f0b5dc7d561b8b8366579f2c49d99af9d0a97c12a0f3a12cc7870dd939945d2724dfa168eb17a6e4", 0x6a}, {&(0x7f00000024c0)="b63af5e014abae667ebab8ea515252c6ce0562a4bb8a1f82b43e528030cc41f085e84135e4345aad996eaa1bdefebbc0499ed63c2a1800b90ef9a6344eca37fa2a3b8d8fe6cc3d160c40b5e6d0e78342f70380a61ab94413dd399fe855ea5a3c4b61d11a4736d773ebf7dac7b4cf8c5fe168c6605abcaaa9b2d0c5e80fd9b8982fbf336348f9dea4ef08bd1284c668a7914742e0c0d8ffabe09374b19903e650cdbebdfb4b36", 0xa6}, {&(0x7f0000002580)="80812d21d51715735c5e7c07ab9e12cdd3d68013c1cda4e9bedb9a48a61da3e5be800cfe45d238fb4ea7dd412b3a09e4127565e009598aeb4fe204c001bceb1d1c3ac9951d082d77", 0x48}], 0x3, &(0x7f0000002640)=[{0xf0, 0xff, 0x3f, "1ef8e21b86de62381dce5b7e931dae180f86687e4fa1428df58d2fbe4dfc2890bbf8378c00e43e54d9860babceee271e0a2f983b4d7275b97a8d77c5e8dd5649828871c799931a7378dffdf83709d3cf02c047135cabff2acc5fa6f54d267b7375256b158246cc91257298a8eb3a15cd2779c82c3e55e06450ff38c0928edbf9a62ee8dacdf830b29b89f4c2ea45acbe3f270a9d8b9ba040d299a492402d01be1e3f76d1656e07ec10f0db29d921a8f6b4804a84b7b1f7a794324683ad65352ec06414aa8351aea22cb5bd1c98ca5a0ede6a78e7ec78ba16c35f42fe69aa4c"}], 0xf0}, 0x1}], 0x5, 0x408c1) write$rfkill(r1, &(0x7f0000000080), 0x8) 12:48:03 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x3f00000000000000}) 12:48:03 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, &(0x7f0000000740)={{0x0, 0x6, 0x7ff, 0x7fff, 'syz0\x00', 0x4213}, 0x1, [0x5, 0x5, 0x9, 0x0, 0x2, 0x20, 0x6, 0x8c3, 0x100000000, 0x9, 0x5, 0x6af7, 0x0, 0x9d8, 0x0, 0x4, 0x9, 0xffffffff, 0x9, 0x8, 0xfffffffffffffbff, 0x5, 0x13, 0x4, 0x8000, 0x4, 0x8, 0x11, 0x8, 0x6, 0x9, 0x7f, 0xff, 0x0, 0x4, 0x452, 0x7, 0x0, 0x4, 0xc4f8, 0x8, 0x7000000000000000, 0x8, 0xffffffffffffffc1, 0x3, 0x1, 0x5, 0xdcbf, 0x7, 0xe1, 0x1f, 0x5ac, 0x1, 0xd9, 0x4, 0xffffffffffffff81, 0x8, 0x1, 0xffffffffffffffff, 0x6, 0x40, 0x24bc, 0x0, 0xfffffffffffff65b, 0x1, 0x3, 0x7, 0x3, 0x2, 0xf0, 0x278, 0x3, 0x6, 0x80000001, 0x8, 0x80, 0x1f, 0x1000, 0x9, 0x7f0e, 0x6, 0x0, 0x7, 0x2, 0x800, 0x40, 0x8, 0x9, 0x5, 0x9, 0x8000, 0x8, 0xde78, 0x3, 0x20, 0x8, 0x7, 0x7, 0x7fffffff, 0x86, 0x0, 0x3, 0x3, 0x5, 0x81, 0x2, 0x38b, 0x4, 0x60f74b2d, 0x1000, 0xfffffffffffffffe, 0x82, 0x7, 0x80000001, 0x9, 0x3, 0x2, 0x0, 0x80, 0x8, 0x8, 0xff, 0x4, 0x2, 0x1, 0x4, 0x100000000, 0xfff], {0x0, 0x989680}}) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c653082c949582c6c6f7765726469723d002f66696c65312c776f726b6469723d2e2f66696c65312e538f5e4b522887d6a79c0a4b356f6040d7c43a875ca359fc5731acda050dc578508dc783fcdd5947f9b1186ca099ddd7eefc1efddec75a2233e51eeb9e6e86657185528adb88f7ff8f123a54a85ab0ff4372c04fc0e7003d28e22c4fa3278200e66fff0fe253df6f51800b4faebceb4162063bb852d99b18243b8775395688423c59eb8485eed5070494d380740f6735b8e8d856027eae61accbd70ed998ae2fe0343de7f5a029483e2412bff6cf5235da340e50e130ad4bbe4c0593794e8063bf5d3f0e228fed4c14230aa6f85843f44573befa86ea533e19e1f1b12225c9058b535ece5ea01bf341e6900a9aa6c6511ae8f3b143019da76af982a47d0b7f2e9926ff7a84496cbcf77a9b2c89e332b00beedebb02295ae17c94769bb2a4443aae1735002935b3f76f33e30df6c7d77e07a03c2e2f49c2fdee74a552c6dc0c89a7fa9ebec12f69469fc0d7ca6d6f9c4a2cd8045816ef6be1763aa752ad64054cd46c5e299e931d0f87b4dba5acf700000000000000957e39f54f9efdc9ba3a951a0cadd1547d9d12de4923b62766d0b4316d0a211ec51a45a6adefdbf383e31393c088c0b8a0213bba766f48a3694e7c74c6fcc3839379fb098fa116a0d76387f84428a0f6d9c7f7f4f299822436843fb5869129f08e35cbead04a3f8eff871b703e449674e999119e13aece000000000000"]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:03 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae89, &(0x7f0000000280)={0x7a, 0x0, [0x9e], [0xc1]}) [ 367.701537][T13060] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 367.709499][T13060] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 367.725877][T13060] memory: usage 307200kB, limit 307200kB, failcnt 2111 [ 367.733798][T13060] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 367.793795][T13179] overlayfs: unrecognized mount option "lowerdir=" or missing value [ 367.820426][T13060] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 367.847766][T13189] overlayfs: unrecognized mount option "lowerdir=" or missing value [ 367.853301][T13060] Memory cgroup stats for /syz2: cache:0KB rss:297508KB rss_huge:235520KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:164848KB active_anon:13472KB inactive_file:0KB active_file:0KB unevictable:119376KB [ 367.879202][T13187] device nr0 entered promiscuous mode [ 367.969476][T13060] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12199,uid=0 [ 368.019639][T13060] Memory cgroup out of memory: Killed process 12199 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB 12:48:04 executing program 2: mlockall(0x8000000000000000) clone(0x800500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:48:04 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) linkat(r0, &(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000040)='./file1/file0\x00', 0x1000) 12:48:04 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0xfdfdffff00000000}) 12:48:04 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x6) 12:48:04 executing program 3: r0 = socket(0x40000000015, 0x5, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7ffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) sendmsg$xdp(r0, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0) [ 368.276087][T13187] device nr0 entered promiscuous mode 12:48:04 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) r1 = add_key$keyring(&(0x7f00000000c0)='keyring\x00', &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, r1) write$rfkill(r0, &(0x7f0000000080), 0x8) [ 368.357481][T13201] overlayfs: './file0' not a directory 12:48:04 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x8) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:04 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x80142, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0c0583b, &(0x7f0000000b80)={0x0, 0x0, 0xa, 0x0, [], [{0x26b1, 0x2, 0x4, 0x80000000, 0xfffffffffffffff7}, {0x6, 0x2, 0x4, 0x7fffffff, 0x7f, 0x1}], [[], [], [], [], [], [], [], [], [], []]}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000300)={'bond0\x00', 0x100}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r1, &(0x7f0000000ac0)=[{&(0x7f0000000140)=""/239}, {&(0x7f0000000440)=""/155}, {&(0x7f0000000500)=""/241}, {&(0x7f0000000600)=""/177}, {&(0x7f00000006c0)=""/249}, {&(0x7f0000000280)=""/69, 0xed}, {&(0x7f00000007c0)=""/239, 0x3a5}, {&(0x7f00000008c0)=""/78}, {&(0x7f0000000940)=""/83}, {&(0x7f00000009c0)=""/211, 0x94}], 0x10000000000000e4) 12:48:04 executing program 3: 12:48:04 executing program 2: mlockall(0x2) clone(0x200, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_GET_KEEPCAPS(0x7) mlockall(0x3) r0 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x163c6cb3, 0x2002) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000001500), &(0x7f0000001540)=0x4) 12:48:04 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0xffffffff00000000}) 12:48:04 executing program 3: 12:48:04 executing program 4: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0xc8800, 0x0) r1 = socket$nl_crypto(0x10, 0x3, 0x15) r2 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0xfffffffffffffb40, 0x501000) r3 = accept4$inet(0xffffffffffffff9c, &(0x7f0000000100)={0x2, 0x0, @loopback}, &(0x7f00000001c0)=0x10, 0x0) r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200)='/dev/zero\x00', 0x40000, 0x0) r5 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r6 = accept4$rose(0xffffffffffffff9c, &(0x7f0000000600)=@short={0xb, @dev, @netrom, 0x1, @rose}, &(0x7f0000000640)=0x1c, 0x80800) r7 = syz_open_dev$loop(&(0x7f0000000680)='/dev/loop#\x00', 0xfffffffffffffffa, 0x0) ppoll(&(0x7f00000006c0)=[{r0, 0x8000}, {r1, 0x2}, {r2, 0x420}, {r3, 0x8000}, {r4, 0x8001}, {r5, 0x390}, {r6, 0x1004}, {r7, 0x81}], 0x8, &(0x7f0000000700)={0x77359400}, &(0x7f0000000740)={0x9}, 0x8) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r8 = openat$vcs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vcs\x00', 0x143006, 0x0) write$rfkill(r8, &(0x7f0000000080), 0x8) 12:48:04 executing program 3: mknod(&(0x7f0000000100)='./file1\x00', 0x8c, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = creat(&(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0) syz_execute_func(&(0x7f0000000480)="410f01f964ff0941c3c4e2c99758423e46d8731266420fe2e33e0f10c442019ccc6f") r2 = dup2(r0, r1) clone(0x3102001ff2, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000000)='./file1\x00', 0x0, 0x0) sendmsg$TIPC_NL_SOCK_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) [ 368.755922][T13234] overlayfs: './file0' not a directory 12:48:04 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c65318a1693e54b539b15f2dbde5e24b5efde5493ee605e7d71ec6e4935189bb11bee4f0ffed99215059d7aa2a49f904bccb0cbece4f5a6f0ccf8e878bc00f78c8f2a2e9ffe00ad99bf3f71afd98618e15b93663686ed7e1dfdae71ad720ee137c4c089e35452153f8e5e2ff4734bd7e13922a6be1a08e2b5d5"]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:04 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) syz_emit_ethernet(0xa6, &(0x7f0000000040)={@link_local, @dev, [], {@ipv6={0x86dd, {0x0, 0x6, 'v`Q', 0x30, 0x3a, 0xffffffffffffffff, @remote={0xfe, 0x80, [0x0, 0x2], 0xffffffffffffffff}, @mcast2={0xff, 0x2, [0x0, 0xfffffffffffff000]}, {[], @icmpv6=@dest_unreach={0xffffff87, 0x0, 0x0, 0x0, [0x14, 0x2], {0x0, 0x6, "c5961e", 0x0, 0x0, 0x0, @mcast1={0xff, 0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3801, 0x3, 0x0, 0x0, 0x4]}, @mcast2}}}}}}}, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1c5, 0x280800) setsockopt$netrom_NETROM_IDLE(r2, 0x103, 0x7, &(0x7f00000000c0)=0x3, 0x4) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) 12:48:04 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) fcntl$dupfd(r0, 0x0, r0) 12:48:04 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x1e}) [ 368.990466][T13256] overlayfs: failed to resolve './file1Š“åKS›òÛÞ^$µïÞT“î`^}qìnI5›±îOþÙ’z¢¤ŸKÌ°Ëìäõ¦ðÌøèx¼': -2 [ 369.040107][T13236] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 369.044356][T13256] overlayfs: failed to resolve './file1Š“åKS›òÛÞ^$µïÞT“î`^}qìnI5›±îOþÙ’z¢¤ŸKÌ°Ëìäõ¦ðÌøèx¼': -2 [ 369.070022][T13236] CPU: 1 PID: 13236 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 369.078045][T13236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 369.088109][T13236] Call Trace: [ 369.091418][T13236] dump_stack+0x172/0x1f0 [ 369.095774][T13236] dump_header+0x10f/0xb6c [ 369.100230][T13236] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 369.106062][T13236] ? ___ratelimit+0x60/0x595 [ 369.110675][T13236] ? do_raw_spin_unlock+0x57/0x270 [ 369.115821][T13236] oom_kill_process.cold+0x10/0x15 [ 369.120959][T13236] out_of_memory+0x79a/0x1280 [ 369.125657][T13236] ? lock_downgrade+0x880/0x880 [ 369.130523][T13236] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 12:48:05 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040)='trusted.overlay.upper\x00', &(0x7f0000000080)={0x0, 0xfb, 0x22, 0x5, 0x3f, "b3e13289c8a422d7789e5da4744882cf", "75571005d6fe1671aa73be6e89"}, 0x22, 0x2) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$UI_GET_VERSION(r0, 0x8004552d, &(0x7f0000000100)) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 369.136771][T13236] ? oom_killer_disable+0x280/0x280 [ 369.141981][T13236] ? find_held_lock+0x35/0x130 [ 369.146771][T13236] mem_cgroup_out_of_memory+0x1ca/0x230 [ 369.152342][T13236] ? memcg_event_wake+0x230/0x230 [ 369.157388][T13236] ? do_raw_spin_unlock+0x57/0x270 [ 369.162516][T13236] ? _raw_spin_unlock+0x2d/0x50 [ 369.162609][T13269] overlayfs: './file0' not a directory [ 369.167380][T13236] try_charge+0x102c/0x15c0 [ 369.167395][T13236] ? find_held_lock+0x35/0x130 [ 369.167418][T13236] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 12:48:05 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469723d2e6f66696c65302c6c6f776572646972b44ea54f8b7c153d2e2f66696c65312c776ff26b6469723d38c6380becaf46a2ea1b89e6e56d0494a075231a452cd1205570ad4cf773a3d7f80969f59cc994be00b14893d5785eaa95216547f830266e1464cb05a43d899e138d6fc6b3e71b1784c3f648c5f91394427a22a63087fadf14afe1e41a9666147d4a43d749536b36b747f89f6b5bee43cac5c8f1f958953bb9e4ebf3caf26a0c9a4b052cf1bf799c2f904c6d144b4f9d5eff6c8dab242d070c51d08032429da60ca2532d1aa00ed116f12320b8b6fac33dd1018a0c33133f5cc91be2ea85c00e5ebc2e8741f04dd9f118840e97dd00098e5c13"]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 369.167436][T13236] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 369.167461][T13236] ? kasan_check_read+0x11/0x20 [ 369.177448][T13236] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 369.187755][T13236] mem_cgroup_try_charge+0x24d/0x5e0 [ 369.187777][T13236] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 369.187793][T13236] __handle_mm_fault+0x1e1f/0x3ec0 [ 369.187823][T13236] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 369.187837][T13236] ? find_held_lock+0x35/0x130 [ 369.187862][T13236] ? handle_mm_fault+0x322/0xb30 [ 369.234087][T13265] device nr0 entered promiscuous mode [ 369.235707][T13236] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 369.247405][T13236] ? kasan_check_read+0x11/0x20 [ 369.252281][T13236] handle_mm_fault+0x43f/0xb30 [ 369.257078][T13236] __get_user_pages+0x7b6/0x1a40 [ 369.262040][T13236] ? follow_page_mask+0x19a0/0x19a0 [ 369.267245][T13236] ? __vma_adjust+0x1840/0x1840 [ 369.272088][T13236] ? lock_acquire+0x16f/0x3f0 [ 369.276750][T13236] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 369.283001][T13236] populate_vma_page_range+0x20d/0x2a0 [ 369.288462][T13236] __mm_populate+0x204/0x380 [ 369.293070][T13236] ? populate_vma_page_range+0x2a0/0x2a0 [ 369.298723][T13236] __x64_sys_mlockall+0x35c/0x520 [ 369.303742][T13236] do_syscall_64+0x103/0x610 [ 369.308316][T13236] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 369.314194][T13236] RIP: 0033:0x458da9 [ 369.318070][T13236] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 369.337681][T13236] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 369.346082][T13236] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 369.354136][T13236] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 369.362096][T13236] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 369.370061][T13236] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 369.378030][T13236] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff 12:48:05 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x1e00}) [ 369.391100][T13236] memory: usage 307200kB, limit 307200kB, failcnt 2138 [ 369.398244][T13236] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 369.415039][T13236] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 369.422028][T13236] Memory cgroup stats for /syz2: cache:0KB rss:297356KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:154808KB active_anon:13552KB inactive_file:0KB active_file:0KB unevictable:129152KB [ 369.446557][T13236] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13207,uid=0 [ 369.471858][T13236] Memory cgroup out of memory: Killed process 13207 (syz-executor.2) total-vm:72580kB, anon-rss:18104kB, file-rss:54328kB, shmem-rss:0kB [ 369.549456][T13283] overlayfs: unrecognized mount option "lowerdir´N¥O‹|=./file1" or missing value [ 369.577075][T13236] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 369.609687][T13236] CPU: 1 PID: 13236 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 369.617712][T13236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 369.627784][T13236] Call Trace: [ 369.631099][T13236] dump_stack+0x172/0x1f0 [ 369.635444][T13236] dump_header+0x10f/0xb6c [ 369.639875][T13236] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 369.645691][T13236] ? ___ratelimit+0x60/0x595 [ 369.650292][T13236] ? do_raw_spin_unlock+0x57/0x270 [ 369.660671][T13236] oom_kill_process.cold+0x10/0x15 [ 369.667537][T13236] out_of_memory+0x79a/0x1280 [ 369.672232][T13236] ? lock_downgrade+0x880/0x880 [ 369.677093][T13236] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 369.683350][T13236] ? oom_killer_disable+0x280/0x280 [ 369.698375][T13236] ? find_held_lock+0x35/0x130 [ 369.703263][T13236] mem_cgroup_out_of_memory+0x1ca/0x230 [ 369.708856][T13236] ? memcg_event_wake+0x230/0x230 [ 369.713900][T13236] ? do_raw_spin_unlock+0x57/0x270 [ 369.719028][T13236] ? _raw_spin_unlock+0x2d/0x50 [ 369.720821][T13283] overlayfs: unrecognized mount option "lowerdir´N¥O‹|=./file1" or missing value [ 369.723896][T13236] try_charge+0x102c/0x15c0 [ 369.723911][T13236] ? find_held_lock+0x35/0x130 [ 369.723931][T13236] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 369.723948][T13236] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 369.723967][T13236] ? kasan_check_read+0x11/0x20 [ 369.723989][T13236] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 369.765077][T13236] mem_cgroup_try_charge+0x24d/0x5e0 [ 369.770389][T13236] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 369.776049][T13236] __handle_mm_fault+0x1e1f/0x3ec0 [ 369.781185][T13236] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 369.786747][T13236] ? find_held_lock+0x35/0x130 [ 369.791522][T13236] ? handle_mm_fault+0x322/0xb30 [ 369.796482][T13236] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 369.802740][T13236] ? kasan_check_read+0x11/0x20 [ 369.807609][T13236] handle_mm_fault+0x43f/0xb30 [ 369.812403][T13236] __get_user_pages+0x7b6/0x1a40 [ 369.817367][T13236] ? follow_page_mask+0x19a0/0x19a0 [ 369.822578][T13236] ? __vma_adjust+0x1840/0x1840 [ 369.827448][T13236] ? lock_acquire+0x16f/0x3f0 [ 369.832130][T13236] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 369.838399][T13236] populate_vma_page_range+0x20d/0x2a0 [ 369.843877][T13236] __mm_populate+0x204/0x380 [ 369.848477][T13236] ? populate_vma_page_range+0x2a0/0x2a0 [ 369.854114][T13236] __x64_sys_mlockall+0x35c/0x520 [ 369.859130][T13236] do_syscall_64+0x103/0x610 [ 369.863729][T13236] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 369.869632][T13236] RIP: 0033:0x458da9 [ 369.873519][T13236] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 369.893120][T13236] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 369.901540][T13236] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 369.909528][T13236] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 369.917508][T13236] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 369.925470][T13236] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 369.933433][T13236] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 369.942174][T13236] memory: usage 288872kB, limit 307200kB, failcnt 2144 [ 369.949188][T13236] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 369.956755][T13236] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 369.964846][T13236] Memory cgroup stats for /syz2: cache:0KB rss:279288KB rss_huge:221184KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:154808KB active_anon:13552KB inactive_file:0KB active_file:0KB unevictable:111048KB [ 369.987193][T13236] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12267,uid=0 [ 369.987306][T13236] Memory cgroup out of memory: Killed process 12267 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 369.995367][ T1043] oom_reaper: reaped process 12267 (syz-executor.2), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 12:48:06 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = dup(r0) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000000), 0x4) mlockall(0xfffffffffffffffd) 12:48:06 executing program 4: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = dup3(r0, r0, 0x80000) write$FUSE_DIRENT(r1, &(0x7f00000001c0)=ANY=[@ANYBLOB="d000000000000000080000000000000005000000000000000900000000000000010000eb7500000003f96e35f2290000000000c50e00000100000000000000080000000000000001000000020000002a00000000000000050000000000000001000000010000001600000001ffffff2f70726f632f636170692f6361706932306e6363690000000400000000000000001000000000000016000000060000002f70726f632f6361ebd830c219483a2977d02629f8aa5e5d70692f6361706932306e63636900"/208], 0xd0) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20ncci\x00', 0x0, 0x0) ioctl$SNDRV_TIMER_IOCTL_PAUSE(r2, 0x54a3) r3 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x9, 0x200) ioctl$PPPIOCSFLAGS(r3, 0x40047459, &(0x7f0000000040)=0x2200) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r4, &(0x7f0000000080), 0x8) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000100)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1}) 12:48:06 executing program 3: clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setrlimit(0x7, &(0x7f0000000040)) socket$packet(0x11, 0x3, 0x300) io_setup(0xffff, &(0x7f0000000000)) 12:48:06 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) ioctl$VIDIOC_ENUM_FREQ_BANDS(r0, 0xc0405665, &(0x7f0000000080)={0xffffffffffffff93, 0x6, 0xff, 0x888, 0x2, 0x800, 0xa}) syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x800) setsockopt$RXRPC_SECURITY_KEY(r0, 0x110, 0x1, &(0x7f0000000100)='overlay\x00', 0x8) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) ioctl$EVIOCSKEYCODE(r0, 0x40084504, &(0x7f0000000040)=[0x6, 0x1]) 12:48:06 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x3f00}) 12:48:06 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) syz_genetlink_get_family_id$SEG6(&(0x7f0000000140)='SEG6\x00') ioctl$DRM_IOCTL_ADD_BUFS(r2, 0xc0206416, &(0x7f0000000040)={0x7, 0xa962, 0x100000001, 0x1, 0x1, 0x5}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r3 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000000c0)={'veth1_to_bridge\x00', &(0x7f0000000080)=@ethtool_gfeatures={0x3a, 0x2, [{0x1f, 0x100, 0x0, 0x8}, {0x400, 0x6, 0x47, 0x3f}]}}) 12:48:06 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) r1 = msgget(0x0, 0x4) msgctl$MSG_INFO(r1, 0xc, &(0x7f0000000000)=""/78) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r2 = socket$kcm(0x29, 0x1, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) 12:48:06 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x1000000}) 12:48:06 executing program 4: r0 = getpgrp(0xffffffffffffffff) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vcs\x00', 0x400000040, 0x0) write$rfkill(r1, &(0x7f0000000080), 0x8) 12:48:06 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x1e000000}) [ 370.374047][T13301] overlayfs: './file0' not a directory 12:48:06 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:06 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2, 0x30, r0, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) [ 370.612595][T13430] overlayfs: './file0' not a directory [ 370.702340][T13325] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 370.712759][T13325] CPU: 0 PID: 13325 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 370.720726][T13325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 370.730763][T13325] Call Trace: [ 370.734043][T13325] dump_stack+0x172/0x1f0 [ 370.738363][T13325] dump_header+0x10f/0xb6c [ 370.742765][T13325] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 370.748553][T13325] ? ___ratelimit+0x60/0x595 [ 370.753129][T13325] ? do_raw_spin_unlock+0x57/0x270 [ 370.758970][T13325] oom_kill_process.cold+0x10/0x15 [ 370.764067][T13325] out_of_memory+0x79a/0x1280 [ 370.768732][T13325] ? lock_downgrade+0x880/0x880 [ 370.773575][T13325] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 370.779806][T13325] ? oom_killer_disable+0x280/0x280 [ 370.785002][T13325] ? find_held_lock+0x35/0x130 [ 370.789785][T13325] mem_cgroup_out_of_memory+0x1ca/0x230 [ 370.795330][T13325] ? memcg_event_wake+0x230/0x230 [ 370.800340][T13325] ? do_raw_spin_unlock+0x57/0x270 [ 370.805436][T13325] ? _raw_spin_unlock+0x2d/0x50 [ 370.810272][T13325] try_charge+0x102c/0x15c0 [ 370.814758][T13325] ? find_held_lock+0x35/0x130 [ 370.819511][T13325] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 370.825041][T13325] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 370.831285][T13325] ? kasan_check_read+0x11/0x20 [ 370.836140][T13325] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 370.841677][T13325] mem_cgroup_try_charge+0x24d/0x5e0 [ 370.846952][T13325] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 370.852572][T13325] wp_page_copy+0x408/0x1740 [ 370.857148][T13325] ? find_held_lock+0x35/0x130 [ 370.861922][T13325] ? pmd_pfn+0x1d0/0x1d0 [ 370.866168][T13325] ? lock_downgrade+0x880/0x880 [ 370.871012][T13325] ? swp_swapcount+0x540/0x540 [ 370.875784][T13325] ? kasan_check_read+0x11/0x20 [ 370.880628][T13325] ? do_raw_spin_unlock+0x57/0x270 [ 370.885764][T13325] do_wp_page+0x48e/0x1500 [ 370.890191][T13325] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 370.895564][T13325] __handle_mm_fault+0x22e8/0x3ec0 [ 370.900662][T13325] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 370.906209][T13325] ? find_held_lock+0x35/0x130 [ 370.910978][T13325] ? handle_mm_fault+0x322/0xb30 [ 370.915903][T13325] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 370.922148][T13325] ? kasan_check_read+0x11/0x20 [ 370.926987][T13325] handle_mm_fault+0x43f/0xb30 [ 370.931739][T13325] __get_user_pages+0x7b6/0x1a40 [ 370.936683][T13325] ? follow_page_mask+0x19a0/0x19a0 [ 370.941874][T13325] ? lock_acquire+0x16f/0x3f0 [ 370.946543][T13325] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 370.952789][T13325] populate_vma_page_range+0x20d/0x2a0 [ 370.958258][T13325] __mm_populate+0x204/0x380 [ 370.962843][T13325] ? populate_vma_page_range+0x2a0/0x2a0 [ 370.968461][T13325] __x64_sys_mlockall+0x35c/0x520 [ 370.973480][T13325] do_syscall_64+0x103/0x610 [ 370.978069][T13325] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 370.983939][T13325] RIP: 0033:0x458da9 [ 370.987828][T13325] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 371.007461][T13325] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 371.015873][T13325] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 371.023844][T13325] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 371.031822][T13325] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 371.039797][T13325] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 371.047764][T13325] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 371.057482][T13325] memory: usage 307200kB, limit 307200kB, failcnt 2192 [ 371.064497][T13325] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 371.071954][T13325] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 371.078881][T13325] Memory cgroup stats for /syz2: cache:0KB rss:297400KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:164472KB active_anon:13556KB inactive_file:0KB active_file:0KB unevictable:119444KB [ 371.101170][T13325] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13312,uid=0 [ 371.116618][T13325] Memory cgroup out of memory: Killed process 13312 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 371.130880][ T1043] oom_reaper: reaped process 13312 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB 12:48:07 executing program 2: mlockall(0x3) arch_prctl$ARCH_GET_GS(0x1004, &(0x7f0000000200)) r0 = openat$vfio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vfio/vfio\x00', 0x40000, 0x0) setsockopt$netrom_NETROM_T4(r0, 0x103, 0x6, &(0x7f00000000c0)=0x6, 0x4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000100)={0x0, 0x7, 0x8000000000000336, [0x27, 0x200003ff, 0x7, 0x81, 0x6, 0x8, 0x0, 0x100000000000000, 0x7]}, &(0x7f0000000140)=0xffffffffffffff6a) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000180)={r1, 0x80000000, 0x800, 0xf771, 0x40, 0x30}, &(0x7f00000001c0)=0x14) 12:48:07 executing program 3: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$dspn(&(0x7f0000000240)='/dev/dsp#\x00', 0xfff, 0x141800) r1 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/btrfs-control\x00', 0x80000, 0x0) ioctl$VHOST_SET_VRING_CALL(r0, 0x4008af21, &(0x7f00000002c0)={0x2, r1}) r2 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x4, 0x600000) r3 = syz_genetlink_get_family_id$fou(&(0x7f0000000100)='fou\x00') sendmsg$FOU_CMD_GET(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x15}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="46000002", @ANYRES16=r3, @ANYBLOB="00042dbd7000fbdbdf25030000000800040000000000080002000a00000008000100f000000000080001004e2400"/62], 0x44}, 0x1, 0x0, 0x0, 0x4040000}, 0x20000000) mlockall(0x3) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000300), &(0x7f0000000340)=0x4) 12:48:07 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x3f000000}) 12:48:07 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f00006c65312c776f726b6469722d2e2f66696c65317710268ab1532b213c0f3d4ddf153e4a9fc8d5dc24538759b09a66a835d80a7c498c2bef73de81c99d934b3b814ec92228ea7ee0d8ac292a19426865b761b442b3df06000000000000226173b1c6f241fd8fb8595bef1aeb02f8c04d2b2a1562"]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:07 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0xfffffffffffffffc, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x3, 0x0, @perf_bp={&(0x7f0000000000), 0xc}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000004c0)={0x1, 0x28, &(0x7f0000000480)={0x0, 0x0}}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000500)={r0, 0x2, 0x18}, 0xc) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r1, &(0x7f0000000080), 0x8) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e24, 0x0, @empty, 0x2}}, [0xf2d, 0x0, 0x9, 0x2, 0xe205, 0x6, 0x1000, 0xf7, 0x3, 0x3, 0x1, 0x1000, 0x4, 0x0, 0x9]}, &(0x7f00000000c0)=0x100) utime(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)={0x4, 0x10001}) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000300)={r2, @in6={{0xa, 0x4e21, 0xfffffffffffffffc, @initdev={0xfe, 0x88, [], 0x1, 0x0}}}, [0x0, 0x401, 0x1f, 0x40, 0x90, 0x1, 0x8, 0x9, 0x8001, 0x9, 0x4, 0xffffffffffffef45, 0x7, 0xba0, 0x6]}, &(0x7f0000000100)=0x100) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000000040)={0x819, 0xd06, 0x4, 0x10, 0xe, 0x1f, 0x6, 0xffffffff, 0x39, 0x6, 0x35, 0x8}) 12:48:07 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) r2 = dup3(r1, r0, 0x80000) write$P9_RFLUSH(r2, &(0x7f0000000040)={0x7, 0x6d, 0x1}, 0x7) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) fsetxattr$trusted_overlay_opaque(r2, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x3) [ 371.307137][T13447] overlayfs: missing 'workdir' 12:48:07 executing program 4: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = accept4(r0, &(0x7f00000001c0)=@vsock={0x28, 0x0, 0x0, @my}, &(0x7f0000000240)=0x80, 0x80000) r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_open_dev$sndpcmp(&(0x7f0000000300)='/dev/snd/pcmC#D#p\x00', 0x4, 0x80) io_uring_enter(r3, 0x1, 0x8000, 0x2, &(0x7f0000000340)={0x18f7}, 0x8) perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x1ff, 0x0, 0x6, 0x4, 0x0, 0x0, 0x4080, 0x2, 0x363, 0x2, 0x80000001, 0xdb3, 0x100000000, 0x4, 0x9, 0x1, 0x0, 0x20, 0x2, 0x8, 0x6, 0x4, 0xfff, 0xc000000000000000, 0x1, 0x5, 0x4, 0x7, 0x7ff, 0x80000001, 0x0, 0x0, 0x753, 0x9, 0x3, 0xe, 0x0, 0x7, 0x2, @perf_config_ext={0x7, 0x800}, 0x0, 0xffff, 0x8, 0x0, 0x3, 0xfffffffffffffff8}, 0xffffffffffffffff, 0xffffffffffffffff, r2, 0x1) getrandom(&(0x7f0000000000)=""/41, 0x29, 0x3) ioctl$SIOCX25SFACILITIES(r3, 0x89e3, &(0x7f0000000380)={0x2f, 0x90f1, 0x7, 0xa, 0x3}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x8000, 0x0) fsetxattr$security_capability(r1, &(0x7f0000000280)='security.capability\x00', &(0x7f00000002c0)=@v2={0x2000000, [{0x10001, 0x6}, {0xa888, 0x7}]}, 0x14, 0x3) write$rfkill(r4, &(0x7f0000000080), 0x8) [ 371.370440][T13452] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 371.376586][T13447] overlayfs: missing 'workdir' [ 371.396782][T13452] CPU: 0 PID: 13452 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 371.404803][T13452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 371.414910][T13452] Call Trace: [ 371.418217][T13452] dump_stack+0x172/0x1f0 [ 371.422555][T13452] dump_header+0x10f/0xb6c [ 371.426991][T13452] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 371.432817][T13452] ? ___ratelimit+0x60/0x595 [ 371.437411][T13452] ? do_raw_spin_unlock+0x57/0x270 [ 371.442530][T13452] oom_kill_process.cold+0x10/0x15 [ 371.447654][T13452] out_of_memory+0x79a/0x1280 [ 371.452338][T13452] ? lock_downgrade+0x880/0x880 [ 371.457198][T13452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 371.463458][T13452] ? oom_killer_disable+0x280/0x280 [ 371.468663][T13452] ? find_held_lock+0x35/0x130 [ 371.473449][T13452] mem_cgroup_out_of_memory+0x1ca/0x230 [ 371.479012][T13452] ? memcg_event_wake+0x230/0x230 [ 371.484051][T13452] ? do_raw_spin_unlock+0x57/0x270 [ 371.489171][T13452] ? _raw_spin_unlock+0x2d/0x50 [ 371.494030][T13452] try_charge+0x102c/0x15c0 [ 371.498537][T13452] ? find_held_lock+0x35/0x130 [ 371.503313][T13452] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 371.508874][T13452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 371.515135][T13452] ? kasan_check_read+0x11/0x20 [ 371.519996][T13452] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 371.525552][T13452] mem_cgroup_try_charge+0x24d/0x5e0 [ 371.530863][T13452] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 371.536515][T13452] __handle_mm_fault+0x1e1f/0x3ec0 [ 371.541650][T13452] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 371.547209][T13452] ? find_held_lock+0x35/0x130 [ 371.551981][T13452] ? handle_mm_fault+0x322/0xb30 [ 371.556941][T13452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 371.563217][T13452] ? kasan_check_read+0x11/0x20 [ 371.568083][T13452] handle_mm_fault+0x43f/0xb30 [ 371.572868][T13452] __get_user_pages+0x7b6/0x1a40 [ 371.577834][T13452] ? follow_page_mask+0x19a0/0x19a0 [ 371.583039][T13452] ? __vma_adjust+0x1840/0x1840 [ 371.587904][T13452] ? lock_acquire+0x16f/0x3f0 [ 371.592593][T13452] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 371.598860][T13452] populate_vma_page_range+0x20d/0x2a0 [ 371.604351][T13452] __mm_populate+0x204/0x380 [ 371.608957][T13452] ? populate_vma_page_range+0x2a0/0x2a0 [ 371.614608][T13452] __x64_sys_mlockall+0x35c/0x520 [ 371.619645][T13452] do_syscall_64+0x103/0x610 [ 371.624444][T13452] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 371.630345][T13452] RIP: 0033:0x458da9 [ 371.634240][T13452] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 371.653850][T13452] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 371.662272][T13452] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 12:48:07 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff}) [ 371.670249][T13452] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 371.678226][T13452] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 371.686202][T13452] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 371.694453][T13452] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff 12:48:07 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) write$P9_RCLUNK(r0, &(0x7f0000000040)={0x7, 0x79, 0x2}, 0x7) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYRES32=r0]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) ioctl$sock_proto_private(r0, 0x89e0, &(0x7f0000000100)="9df60df47cd933f58efb67cfae39600c1afb3c45dc05d6040884539e9abf070fea8339df146ec5c5d42ca8d09c78559af9d923ec41fb3dc62482d1a228bd8acfc3685fcfd3a2d96d25abda84780eedb1b31ff811836bdfbd4c6e5a2ea9cf56d774ec0f6525fed8b7ca034dfaf16882c5c9d9770f2202afbfe954393597a1ecaf74d7756a147282fdd6d1533d46ab22f5aa5174b5b36eb90e02ae44a8f707fc92d94c0cd114e53e28f48431df33123069c3992be3eb886fe3ae0747c08ef51fe7a5ee5674") [ 371.768892][T13452] memory: usage 307200kB, limit 307200kB, failcnt 2211 [ 371.790236][T13452] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 12:48:07 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd}) [ 371.816161][T13452] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 371.832253][T13452] Memory cgroup stats for /syz2: cache:0KB rss:297524KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:170992KB active_anon:13572KB inactive_file:0KB active_file:0KB unevictable:112984KB [ 371.856765][T13452] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12334,uid=0 [ 371.870197][T13471] overlayfs: unrecognized mount option "" or missing value [ 371.873081][T13452] Memory cgroup out of memory: Killed process 12334 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB 12:48:07 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}) [ 371.921722][T13449] syz-executor.3 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 371.927181][T13476] overlayfs: unrecognized mount option "" or missing value [ 371.942154][T13449] CPU: 0 PID: 13449 Comm: syz-executor.3 Not tainted 5.1.0-rc6+ #88 [ 371.950180][T13449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 371.960253][T13449] Call Trace: [ 371.963558][T13449] dump_stack+0x172/0x1f0 [ 371.967899][T13449] dump_header+0x10f/0xb6c [ 371.972325][T13449] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 371.978155][T13449] ? ___ratelimit+0x60/0x595 [ 371.982749][T13449] ? do_raw_spin_unlock+0x57/0x270 [ 371.987885][T13449] oom_kill_process.cold+0x10/0x15 [ 371.993013][T13449] out_of_memory+0x79a/0x1280 [ 371.997707][T13449] ? oom_killer_disable+0x280/0x280 [ 372.002915][T13449] ? find_held_lock+0x35/0x130 [ 372.007700][T13449] mem_cgroup_out_of_memory+0x1ca/0x230 [ 372.013255][T13449] ? memcg_event_wake+0x230/0x230 [ 372.018300][T13449] ? do_raw_spin_unlock+0x57/0x270 [ 372.023427][T13449] ? _raw_spin_unlock+0x2d/0x50 [ 372.028292][T13449] try_charge+0x102c/0x15c0 [ 372.032803][T13449] ? find_held_lock+0x35/0x130 [ 372.037594][T13449] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 372.043159][T13449] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 372.049447][T13449] ? kasan_check_read+0x11/0x20 [ 372.054316][T13449] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 372.059876][T13449] mem_cgroup_try_charge+0x24d/0x5e0 [ 372.065180][T13449] mem_cgroup_try_charge_delay+0x1f/0xa0 12:48:08 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x1e00000000000000}) [ 372.070846][T13449] __handle_mm_fault+0x1e1f/0x3ec0 [ 372.075985][T13449] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 372.081543][T13449] ? find_held_lock+0x35/0x130 [ 372.086319][T13449] ? handle_mm_fault+0x322/0xb30 [ 372.091296][T13449] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 372.097556][T13449] ? kasan_check_read+0x11/0x20 [ 372.102454][T13449] handle_mm_fault+0x43f/0xb30 [ 372.107242][T13449] __get_user_pages+0x7b6/0x1a40 [ 372.112209][T13449] ? follow_page_mask+0x19a0/0x19a0 [ 372.117412][T13449] ? __vma_adjust+0x1840/0x1840 [ 372.122280][T13449] ? lock_acquire+0x16f/0x3f0 [ 372.126968][T13449] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 372.133226][T13449] populate_vma_page_range+0x20d/0x2a0 [ 372.138705][T13449] __mm_populate+0x204/0x380 [ 372.143336][T13449] ? populate_vma_page_range+0x2a0/0x2a0 [ 372.148991][T13449] __x64_sys_mlockall+0x35c/0x520 [ 372.149017][T13449] do_syscall_64+0x103/0x610 [ 372.158637][T13449] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 372.164538][T13449] RIP: 0033:0x458da9 [ 372.168438][T13449] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 372.168446][T13449] RSP: 002b:00007fe117e5fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 372.168461][T13449] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 372.168469][T13449] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 372.168484][T13449] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 372.220407][T13449] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe117e606d4 [ 372.228388][T13449] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 372.277667][T13449] memory: usage 307200kB, limit 307200kB, failcnt 35 [ 372.285102][T13449] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 372.292883][T13449] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 372.306262][T13449] Memory cgroup stats for /syz3: cache:44KB rss:290968KB rss_huge:262144KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:68936KB active_anon:19776KB inactive_file:8KB active_file:4KB unevictable:202384KB [ 372.339633][T13449] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz3,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz-executor.3,pid=9807,uid=0 [ 372.355600][T13449] Memory cgroup out of memory: Killed process 9807 (syz-executor.3) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB 12:48:08 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x88000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f00000000c0)={0x3, 0x1000, 0x16000000, 0x1, 0x9, 0x100000001}) 12:48:08 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) r2 = dup3(r1, r0, 0x80000) write$P9_RFLUSH(r2, &(0x7f0000000040)={0x7, 0x6d, 0x1}, 0x7) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) fsetxattr$trusted_overlay_opaque(r2, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x3) 12:48:08 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f00000001c0)='./file1/file0\x00', &(0x7f00000004c0)='overlay\x00', 0x20002, &(0x7f0000000940)=ANY=[@ANYRES32=r0, @ANYBLOB="4676b115f8d2f8e86b049ab75b3f20bae781a970837fb7715cc3bbaccc21adc371ed2ce7f7b32d363e0b03d053ff9dda750f372e0452d2c45269194debef732be13fcfcc17db9ecf979265bb637f35d4e8e98443045a18ed1e534c1ee285743635c0337cc12fc1e9a0ee6c8ad4ffb3df4dfd48c214f88bb3bf1a84f8de391882bbce9a688ec1c54535601e29f13728d509738cbabc757795136c980b21931cd73d90eb52d8054bf28d18cf5bcd9ec770c490a8353981e493db94b464338f482fbfbcf0ecd1d45611aa44238813f18b66975e1a5ae396bce7a4066c7119a2ca8dfee744a13c", @ANYPTR64=&(0x7f0000000180)=ANY=[@ANYRESHEX=r0], @ANYRES16=r0, @ANYBLOB="a1c03a08d6ee76193f07be79cd0556800fef3473c524812f7bbfb8ee8ee23b9bf8de739232304fe3f03bd8162867ee47d6cf8131a28b08e9706917bab8eec65fdc85af9406ec4463dd6dfbd91f51150d320dd72562ed29205dd572ad0bf5ae9591ec0746a0330aba555d5958c129e4c20a28dce98f4711d6eea5edd30608620deae7da", @ANYBLOB="fc5a3c881facf1d068287f6167e5e269eadacf522527e8e1", @ANYRESDEC=r0, @ANYBLOB="26c9a1efba119fe52c763b79a6c9b0caaa0e85ba956a914252026e50aed69e30d4c3f25077ef3b2677fe61433b2f283cd29bb1f60ddc5500d3a22f15c65988f0", @ANYRESHEX=0x0]) ioctl$TIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) chdir(&(0x7f0000000380)='./file0\x00') lsetxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)=@known='system.posix_acl_access\x00', &(0x7f0000000100)='overlay\x00', 0x8, 0x2) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:08 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) prctl$PR_SET_NAME(0xf, &(0x7f0000000000)='*]+]eth0[/)em1&\x00') 12:48:08 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000}) 12:48:08 executing program 5: syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2) ioctl$TCFLSH(r1, 0x540b, 0x1) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') bind$llc(r1, &(0x7f0000000040)={0x1a, 0x305, 0xc9e1, 0x81, 0x0, 0x5, @local}, 0x10) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) openat$cgroup_ro(r1, &(0x7f00000000c0)='io.stat\x00', 0x0, 0x0) [ 372.939967][T13498] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 372.950307][T13498] CPU: 0 PID: 13498 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 372.958292][T13498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 372.968358][T13498] Call Trace: [ 372.971662][T13498] dump_stack+0x172/0x1f0 [ 372.976019][T13498] dump_header+0x10f/0xb6c [ 372.980455][T13498] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 372.986294][T13498] ? ___ratelimit+0x60/0x595 [ 372.990897][T13498] ? do_raw_spin_unlock+0x57/0x270 [ 372.996030][T13498] oom_kill_process.cold+0x10/0x15 [ 373.001172][T13498] out_of_memory+0x79a/0x1280 [ 373.005869][T13498] ? lock_downgrade+0x880/0x880 [ 373.010732][T13498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 373.017081][T13498] ? oom_killer_disable+0x280/0x280 [ 373.022289][T13498] ? find_held_lock+0x35/0x130 [ 373.027079][T13498] mem_cgroup_out_of_memory+0x1ca/0x230 [ 373.032638][T13498] ? memcg_event_wake+0x230/0x230 [ 373.037683][T13498] ? do_raw_spin_unlock+0x57/0x270 [ 373.042803][T13498] ? _raw_spin_unlock+0x2d/0x50 [ 373.047679][T13498] try_charge+0x102c/0x15c0 [ 373.052208][T13498] ? find_held_lock+0x35/0x130 [ 373.056996][T13498] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 373.062550][T13498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 373.068821][T13498] ? kasan_check_read+0x11/0x20 [ 373.073691][T13498] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 373.079254][T13498] mem_cgroup_try_charge+0x24d/0x5e0 [ 373.084563][T13498] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 373.090215][T13498] __handle_mm_fault+0x1e1f/0x3ec0 [ 373.095345][T13498] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 373.100901][T13498] ? find_held_lock+0x35/0x130 [ 373.105802][T13498] ? handle_mm_fault+0x322/0xb30 [ 373.110774][T13498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 373.117040][T13498] ? kasan_check_read+0x11/0x20 [ 373.121907][T13498] handle_mm_fault+0x43f/0xb30 [ 373.126774][T13498] __get_user_pages+0x7b6/0x1a40 [ 373.131739][T13498] ? follow_page_mask+0x19a0/0x19a0 [ 373.136944][T13498] ? __vma_adjust+0x1840/0x1840 [ 373.141808][T13498] ? lock_acquire+0x16f/0x3f0 [ 373.146500][T13498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 373.152752][T13498] populate_vma_page_range+0x20d/0x2a0 [ 373.158223][T13498] __mm_populate+0x204/0x380 [ 373.162830][T13498] ? populate_vma_page_range+0x2a0/0x2a0 [ 373.168486][T13498] __x64_sys_mlockall+0x35c/0x520 [ 373.173524][T13498] do_syscall_64+0x103/0x610 [ 373.178144][T13498] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 373.184044][T13498] RIP: 0033:0x458da9 [ 373.187954][T13498] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 373.207584][T13498] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 373.216189][T13498] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 373.224188][T13498] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 373.232172][T13498] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 373.240207][T13498] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 373.248197][T13498] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 373.274015][T13498] memory: usage 307200kB, limit 307200kB, failcnt 2259 [ 373.288173][T13500] device nr0 entered promiscuous mode [ 373.303032][T13498] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 373.321076][T13498] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 12:48:09 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f0000000140)='./file1\x00', 0xfffffffffffffffe) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 373.346900][T13498] Memory cgroup stats for /syz2: cache:0KB rss:297428KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:177136KB active_anon:13572KB inactive_file:0KB active_file:0KB unevictable:106812KB [ 373.408997][T13498] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12383,uid=0 [ 373.431709][T13498] Memory cgroup out of memory: Killed process 12383 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB 12:48:09 executing program 1: r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_dccp_buf(r0, 0x21, 0x8e, &(0x7f0000000040)=""/86, &(0x7f0000000100)=0x56) mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r1 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000001c0)=[@in6={0xa, 0x4e20, 0x3, @mcast1, 0x3ff}, @in6={0xa, 0x4e21, 0x8, @mcast1, 0xe1}, @in6={0xa, 0x4e22, 0x9, @dev={0xfe, 0x80, [], 0x28}, 0x100}], 0x54) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,\x00\b\x00\x00\x00\x00\x00\x00=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') renameat(r1, &(0x7f0000000140)='./file0\x00', r1, &(0x7f0000000180)='./file0\x00') openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x280400, 0x8) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) finit_module(r1, &(0x7f00000002c0)='\x00', 0x3) [ 373.559145][T13595] overlayfs: missing 'lowerdir' [ 373.584697][T13624] overlayfs: missing 'lowerdir' 12:48:09 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff00000000}) 12:48:09 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) getsockopt$inet_sctp6_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000000), &(0x7f0000000040)=0x4) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:09 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x800}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) 12:48:09 executing program 3: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) r2 = dup3(r1, r0, 0x80000) write$P9_RFLUSH(r2, &(0x7f0000000040)={0x7, 0x6d, 0x1}, 0x7) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) fsetxattr$trusted_overlay_opaque(r2, &(0x7f0000000000)='trusted.overlay.opaque\x00', &(0x7f0000000080)='y\x00', 0x2, 0x3) [ 373.800406][T13636] overlayfs: './file0' not a directory [ 374.009422][T13498] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 374.019857][T13498] CPU: 1 PID: 13498 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 374.027844][T13498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 374.037934][T13498] Call Trace: [ 374.041219][T13498] dump_stack+0x172/0x1f0 [ 374.045547][T13498] dump_header+0x10f/0xb6c [ 374.049963][T13498] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 374.055762][T13498] ? ___ratelimit+0x60/0x595 [ 374.060344][T13498] ? do_raw_spin_unlock+0x57/0x270 [ 374.065470][T13498] oom_kill_process.cold+0x10/0x15 [ 374.070573][T13498] out_of_memory+0x79a/0x1280 [ 374.075252][T13498] ? lock_downgrade+0x880/0x880 [ 374.080098][T13498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 374.086326][T13498] ? oom_killer_disable+0x280/0x280 [ 374.091535][T13498] ? find_held_lock+0x35/0x130 [ 374.096399][T13498] mem_cgroup_out_of_memory+0x1ca/0x230 [ 374.101949][T13498] ? memcg_event_wake+0x230/0x230 [ 374.106968][T13498] ? do_raw_spin_unlock+0x57/0x270 [ 374.112064][T13498] ? _raw_spin_unlock+0x2d/0x50 [ 374.116912][T13498] try_charge+0x102c/0x15c0 [ 374.121424][T13498] ? find_held_lock+0x35/0x130 [ 374.126198][T13498] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 374.131732][T13498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 374.137960][T13498] ? kasan_check_read+0x11/0x20 [ 374.142830][T13498] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 374.148402][T13498] mem_cgroup_try_charge+0x24d/0x5e0 [ 374.153696][T13498] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 374.159328][T13498] wp_page_copy+0x408/0x1740 [ 374.163911][T13498] ? find_held_lock+0x35/0x130 [ 374.168675][T13498] ? pmd_pfn+0x1d0/0x1d0 [ 374.172924][T13498] ? lock_downgrade+0x880/0x880 [ 374.177769][T13498] ? swp_swapcount+0x540/0x540 [ 374.182556][T13498] ? kasan_check_read+0x11/0x20 [ 374.187420][T13498] ? do_raw_spin_unlock+0x57/0x270 [ 374.192554][T13498] do_wp_page+0x48e/0x1500 [ 374.196987][T13498] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 374.202463][T13498] __handle_mm_fault+0x22e8/0x3ec0 [ 374.207579][T13498] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 374.213119][T13498] ? find_held_lock+0x35/0x130 [ 374.217879][T13498] ? handle_mm_fault+0x322/0xb30 [ 374.222832][T13498] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 374.229081][T13498] ? kasan_check_read+0x11/0x20 [ 374.233938][T13498] handle_mm_fault+0x43f/0xb30 [ 374.238719][T13498] __get_user_pages+0x7b6/0x1a40 [ 374.243676][T13498] ? follow_page_mask+0x19a0/0x19a0 [ 374.248883][T13498] ? retint_kernel+0x2d/0x2d [ 374.253499][T13498] populate_vma_page_range+0x20d/0x2a0 [ 374.258961][T13498] __mm_populate+0x204/0x380 [ 374.263556][T13498] ? populate_vma_page_range+0x2a0/0x2a0 [ 374.269204][T13498] __x64_sys_mlockall+0x35c/0x520 [ 374.274232][T13498] do_syscall_64+0x103/0x610 [ 374.278829][T13498] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 374.284718][T13498] RIP: 0033:0x458da9 [ 374.288649][T13498] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 374.308241][T13498] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 374.316662][T13498] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 374.324634][T13498] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 374.332613][T13498] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 374.340590][T13498] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 374.348552][T13498] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 374.358429][T13498] memory: usage 307200kB, limit 307200kB, failcnt 2297 [ 374.365497][T13498] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 374.373039][T13498] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 374.379889][T13498] Memory cgroup stats for /syz2: cache:0KB rss:297340KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:161208KB active_anon:13552KB inactive_file:0KB active_file:0KB unevictable:122684KB [ 374.402146][T13498] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13497,uid=0 [ 374.418299][T13498] Memory cgroup out of memory: Killed process 13497 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 374.432891][ T1043] oom_reaper: reaped process 13497 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB 12:48:10 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:48:10 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'ip6_vti0\x00', 0x7101}) r1 = syz_open_dev$sndpcmc(&(0x7f0000000040)='/dev/snd/pcmC#D#c\x00', 0xf226, 0x84102) ioctl$SG_SET_COMMAND_Q(r1, 0x2271, &(0x7f00000000c0)=0x1) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') r3 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video37\x00', 0x2, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r3, 0xc040564a, &(0x7f0000000140)={0x9, 0x0, 0x1004, 0x0, 0x3, 0xb6, 0x10001}) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) 12:48:10 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000000}) 12:48:10 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000040)=ANY=[]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:10 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) r1 = shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffe000/0x2000)=nil) shmctl$SHM_UNLOCK(r1, 0xc) name_to_handle_at(r0, &(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)={0x6c, 0x2, "51fe2f30317167604129c7dc00fba6300e4d47682d1108fe4f9064edb728b701a86958edd0bbb4290444197687d85c95b19adcd152548f8a200327255357d0a3ac729fbf9913581540372f7b265a30fb67ee334a6f5b4ec6eba7c168e44f7a2b6b6e9d45"}, &(0x7f0000000040), 0x400) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r0, 0xc08c5336, &(0x7f00000001c0)={0x6, 0x8, 0x5, 'queue1\x00', 0x2}) 12:48:10 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e}) [ 374.586786][T13660] overlayfs: missing 'lowerdir' [ 374.627971][T13660] overlayfs: missing 'lowerdir' 12:48:10 executing program 3: syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2) ioctl$TCFLSH(r1, 0x540b, 0x1) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') bind$llc(r1, &(0x7f0000000040)={0x1a, 0x305, 0xc9e1, 0x81, 0x0, 0x5, @local}, 0x10) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) openat$cgroup_ro(r1, &(0x7f00000000c0)='io.stat\x00', 0x0, 0x0) 12:48:10 executing program 4: r0 = creat(&(0x7f0000000280)='./file0\x00', 0x83) readahead(r0, 0x0, 0x9) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x1, 0xffffffffffffffff, 0x2) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000840)=ANY=[@ANYBLOB="010000800000000002004e23ac1414aa000000000000000000000000d7f8e04d000000000000000000000f3400000000000000000000000000000000000000000000000000000000000000000000000009000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000200000002004e20e000000200000000000000000000000000000000000000000000000000000000000000001100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002004e22ac14142200"/400], 0x1) io_setup(0x85, &(0x7f0000000300)) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000200)=0xff) ioctl$PPPIOCATTCHAN(r1, 0x40047438, &(0x7f0000000240)=0x1) write$rfkill(r1, &(0x7f0000000080), 0x8) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040)='TIPC\x00') bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000340)={r0, r1, 0xd, 0x2}, 0x10) sendmsg$TIPC_CMD_SET_NODE_ADDR(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8884440}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0xfffffffffffffc65, r2, 0x100, 0x70bd2d, 0x25dfdbfc, {{}, 0x0, 0x8001, 0x0, {0xfc4f, 0x11, 0x8}}, ["", "", "", "", "", "", ""]}, 0xff74}, 0x1, 0x0, 0x0, 0x800}, 0x44) 12:48:10 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x2001, 0x110) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) 12:48:10 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1\x00', 0x0) getsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000180)={@loopback, 0x0}, &(0x7f00000003c0)=0x14) setsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000400)={@rand_addr=0x5, @multicast2, r1}, 0xc) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f00000002c0)='./file1/file0\x00') uselib(&(0x7f0000000140)='./file1/file0/file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) mount(&(0x7f0000000000)=ANY=[@ANYBLOB='/Gev/sg0\x00'], &(0x7f0000000040)='./file1/file0\x00', &(0x7f0000000080)='hfsplus\x00', 0x9000, &(0x7f0000000100)='overlay\x00') [ 374.710828][T13658] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 12:48:10 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e00}) [ 374.787661][T13658] CPU: 0 PID: 13658 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 374.795866][T13658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 374.805929][T13658] Call Trace: [ 374.809668][T13658] dump_stack+0x172/0x1f0 [ 374.814013][T13658] dump_header+0x10f/0xb6c [ 374.814503][T13680] device nr0 entered promiscuous mode [ 374.818443][T13658] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 374.818459][T13658] ? ___ratelimit+0x60/0x595 [ 374.818476][T13658] ? do_raw_spin_unlock+0x57/0x270 [ 374.818497][T13658] oom_kill_process.cold+0x10/0x15 [ 374.844558][T13658] out_of_memory+0x79a/0x1280 [ 374.849254][T13658] ? lock_downgrade+0x880/0x880 [ 374.854109][T13658] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 374.860375][T13658] ? oom_killer_disable+0x280/0x280 [ 374.865586][T13658] ? find_held_lock+0x35/0x130 [ 374.870385][T13658] mem_cgroup_out_of_memory+0x1ca/0x230 [ 374.875947][T13658] ? memcg_event_wake+0x230/0x230 [ 374.880995][T13658] ? do_raw_spin_unlock+0x57/0x270 12:48:10 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) accept4(r0, &(0x7f0000000000)=@x25, &(0x7f0000000080)=0x80, 0x80800) [ 374.886171][T13658] ? _raw_spin_unlock+0x2d/0x50 [ 374.891077][T13658] try_charge+0x102c/0x15c0 [ 374.895602][T13658] ? find_held_lock+0x35/0x130 [ 374.900383][T13658] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 374.905943][T13658] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 374.912199][T13658] ? kasan_check_read+0x11/0x20 [ 374.917063][T13658] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 374.922628][T13658] mem_cgroup_try_charge+0x24d/0x5e0 [ 374.927933][T13658] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 374.933588][T13658] __handle_mm_fault+0x1e1f/0x3ec0 [ 374.938727][T13658] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 374.944291][T13658] ? find_held_lock+0x35/0x130 [ 374.949078][T13658] ? handle_mm_fault+0x322/0xb30 [ 374.954043][T13658] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 374.958757][T13694] overlayfs: './file0' not a directory [ 374.960384][T13658] ? kasan_check_read+0x11/0x20 [ 374.960408][T13658] handle_mm_fault+0x43f/0xb30 [ 374.960429][T13658] __get_user_pages+0x7b6/0x1a40 [ 374.960454][T13658] ? follow_page_mask+0x19a0/0x19a0 [ 374.985626][T13658] ? perf_trace_lock+0xeb/0x510 [ 374.990481][T13658] ? __vma_adjust+0x1840/0x1840 [ 374.995353][T13658] ? lock_acquire+0x16f/0x3f0 [ 375.000040][T13658] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 375.000062][T13658] populate_vma_page_range+0x20d/0x2a0 [ 375.011760][T13658] __mm_populate+0x204/0x380 [ 375.011780][T13658] ? populate_vma_page_range+0x2a0/0x2a0 [ 375.011803][T13658] __x64_sys_mlockall+0x35c/0x520 [ 375.011832][T13658] do_syscall_64+0x103/0x610 [ 375.011853][T13658] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 375.011871][T13658] RIP: 0033:0x458da9 [ 375.041466][T13658] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 375.061078][T13658] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 375.069500][T13658] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 375.077481][T13658] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 375.085460][T13658] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 375.093437][T13658] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 375.101415][T13658] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 375.125438][T13658] memory: usage 307200kB, limit 307200kB, failcnt 2333 [ 375.136949][T13658] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 375.167971][T13658] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 375.175412][T13658] Memory cgroup stats for /syz2: cache:0KB rss:297400KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:168948KB active_anon:13580KB inactive_file:0KB active_file:0KB unevictable:114992KB [ 375.204048][T13658] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12428,uid=0 [ 375.228633][T13658] Memory cgroup out of memory: Killed process 12428 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 375.257874][ T1043] oom_reaper: reaped process 12428 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 375.520103][T13658] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 375.530626][T13658] CPU: 0 PID: 13658 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 375.538595][T13658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 375.548646][T13658] Call Trace: [ 375.551932][T13658] dump_stack+0x172/0x1f0 [ 375.556265][T13658] dump_header+0x10f/0xb6c [ 375.560689][T13658] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 375.566509][T13658] ? ___ratelimit+0x60/0x595 [ 375.571114][T13658] ? do_raw_spin_unlock+0x57/0x270 [ 375.576237][T13658] oom_kill_process.cold+0x10/0x15 [ 375.581458][T13658] out_of_memory+0x79a/0x1280 [ 375.586135][T13658] ? lock_downgrade+0x880/0x880 [ 375.590986][T13658] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 375.597253][T13658] ? oom_killer_disable+0x280/0x280 [ 375.602456][T13658] ? find_held_lock+0x35/0x130 [ 375.607239][T13658] mem_cgroup_out_of_memory+0x1ca/0x230 [ 375.612782][T13658] ? memcg_event_wake+0x230/0x230 [ 375.617794][T13658] ? do_raw_spin_unlock+0x57/0x270 [ 375.622910][T13658] ? _raw_spin_unlock+0x2d/0x50 [ 375.629817][T13658] try_charge+0x102c/0x15c0 [ 375.634310][T13658] ? find_held_lock+0x35/0x130 [ 375.639063][T13658] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 375.644643][T13658] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 375.657917][T13658] ? kasan_check_read+0x11/0x20 [ 375.662789][T13658] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 375.668362][T13658] mem_cgroup_try_charge+0x24d/0x5e0 [ 375.673653][T13658] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 375.679282][T13658] wp_page_copy+0x408/0x1740 [ 375.683884][T13658] ? find_held_lock+0x35/0x130 [ 375.688654][T13658] ? pmd_pfn+0x1d0/0x1d0 [ 375.692909][T13658] ? lock_downgrade+0x880/0x880 [ 375.697767][T13658] ? swp_swapcount+0x540/0x540 [ 375.702521][T13658] ? kasan_check_read+0x11/0x20 [ 375.707378][T13658] ? do_raw_spin_unlock+0x57/0x270 [ 375.712480][T13658] do_wp_page+0x48e/0x1500 [ 375.716884][T13658] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 375.722247][T13658] __handle_mm_fault+0x22e8/0x3ec0 [ 375.727350][T13658] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 375.732881][T13658] ? find_held_lock+0x35/0x130 [ 375.737637][T13658] ? handle_mm_fault+0x322/0xb30 [ 375.742567][T13658] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 375.748798][T13658] ? kasan_check_read+0x11/0x20 [ 375.753661][T13658] handle_mm_fault+0x43f/0xb30 [ 375.758415][T13658] __get_user_pages+0x7b6/0x1a40 [ 375.763356][T13658] ? follow_page_mask+0x19a0/0x19a0 [ 375.768576][T13658] ? lock_acquire+0x16f/0x3f0 [ 375.773255][T13658] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 375.779512][T13658] populate_vma_page_range+0x20d/0x2a0 [ 375.784962][T13658] __mm_populate+0x204/0x380 [ 375.789541][T13658] ? populate_vma_page_range+0x2a0/0x2a0 [ 375.795169][T13658] __x64_sys_mlockall+0x35c/0x520 [ 375.800182][T13658] do_syscall_64+0x103/0x610 [ 375.804759][T13658] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 375.810645][T13658] RIP: 0033:0x458da9 [ 375.814525][T13658] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 375.834132][T13658] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 375.842530][T13658] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 375.850501][T13658] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 375.858463][T13658] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 375.866432][T13658] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 375.874390][T13658] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 375.883485][T13658] memory: usage 307200kB, limit 307200kB, failcnt 2376 [ 375.890342][T13658] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 375.897901][T13658] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 375.904860][T13658] Memory cgroup stats for /syz2: cache:0KB rss:297420KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:161184KB active_anon:13564KB inactive_file:0KB active_file:0KB unevictable:122684KB [ 375.927318][T13658] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13656,uid=0 [ 375.942755][T13658] Memory cgroup out of memory: Killed process 13656 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB 12:48:11 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0xfffffffffffffffd, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x20}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x7, 0x2) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f00000000c0)={0x4, [0x5, 0x9, 0x3, 0x0]}, &(0x7f0000000100)=0xc) 12:48:11 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000000)='./file1/file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:11 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) setsockopt$RXRPC_UPGRADEABLE_SERVICE(r0, 0x110, 0x5, &(0x7f0000000000)=[0x0, 0x4], 0x2) 12:48:11 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) socket$kcm(0x29, 0x0, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/conntrack\x00', 0x2, 0x0) ioctl$KVM_SET_NESTED_STATE(r1, 0x4080aebf, &(0x7f0000000740)={0x2, 0x0, 0x2080, {0x10000, 0x0, 0x1}, [], "81b3cbdaa75785f41f1186e1a05028eece4913455fea02753f8710c30039cd3993847abf109fbf7fce648d09348ec65fb143209b19d96effca06945c1c35501848aaa97a0a5a06ef4b5ab5ff0e5c7df20c43cffc1290fc157efdd8ba907750c2297fbce59102ac85dc74bc17c0c05eb19c0be5f974f9ca388122467eca30abfc695b54410f7ce2fd92750b09f77af708563c5aff8e0e6bfc3ce7277f67ad270cce55c8f8c16703cca6fe20d93d7481a8d615306f0d533ddd9b96f9b22341bd5bb9a7171a8adefbd06185641f1ca907adb109fb10f03e56fa2fde92cc8e73d197d948e7f81fafc4eb219bd8aea02b4a0e5d6aaf2a795fc942cfd6c947caaae63b68aba0aff7bdaa1b7fd39b357992ba421478e805db4d8499c6198b95bd89e06d34668c7c596033224a2110d9b7c176b6c4642a7a99410f6c7112630e4cd1f5eb1599ba539fd5cede7c139d4d9277e4a9452155e7541e5e4ddc1057bc608595360320fb07c402ddc02bb5217356803f17fa4a1d175effce589fd7ac67651f935d41d83691019494f31d13ce1fc0e76d8e77803def6c87b25662b41388e583c3ba44a958189283d0c414583b8ba924af9b705f25a85385088b1cfc21134aed6008581f86c97ae2e0128bc8eb0e160384289bf7f0e19d1bb97aa598cc854069f99bcc70cf72f6eccf6ba80ed3177fbb0e2b680fc4dd00b5937f7879b6b122a839c0b08de729f076275eeaec5fe9b924baf44271609a496227a1542dae7ac5e4ec25a9faee8ce9b7dd4c6e43411bb6e664050866d2f6e93ac496b97e1e10d4c994e18618c825763e51477e8e93ef360482c653f4fb2ea9c631ee5fdb716c9b1e98665d11fcfc3eda137d5e63f2f70d8974638017665af1c6771d483c7822ad23b9d39b740a2eb61e7f9cbd2de1e1f52b7e45a161744f6a6f935efab270eb5510ffb53821fa484a7377fdb018b422e56275cffe13a56aa88f984ec2ec12cb03f9e7d91b2c44b6aa000be500d813e2d3a89ffc143d19fbc2451a6234d146b53ec2ffed84ef39ff5d7f194cf0b1a1c3ff377250d727705e8061e80b53cf8e3ac4a7c7dd80310785450482397d9952f325a35010d6e0fdf47c2e54c3f5e39f832a767f749b5a8bea7944338827b84dca24cd919e2ea50bdecb3fb10c2a0110d08f877e3d4eef5ff2a5ae25e531922dbf3b1fd8f14b364241853f81211d48d65d991c3feb72f4a4f3ec54e2b1c2fb11eaff5661acde4616d749c273d996eaf8af80eef6a8c90c94bfbb25e9c23e581530e323da7d37c6efa36fc68af0af203b2eb2eb1694df5bb51324384e10719700026239ba45d78d084f66a8c0530e07d414a87a9979f0f91a6a6d864fc404e45f694b4211e2233943a2b67858aabdac3f78026706e1d54bcf1a8f5638387603f0069cac50766dc2dea6870fd57c01043a8646c2f2b6f9303f02e15026fd648e5b375f7342373da6d95b0b4d909e359fac9ce085aca8305da977d75d40df8be1f2b586ae9f1b6c8c3b280633bfd820f43d8d341d685d0ffe1702cb9aab591bfd188f8b9eb3e64d12cd5fa7392d9e5ee8434f6774e0897e336032b8ad9e6b0d7d318f825411825cd38eed5613f636de7076d6ceeb7b0aa7ccd2ff8f270fe21cd806ae96e4f3fe0f9b037df97fbca3415d69eaf97704619500ec65e2c00d097f4310723235b16a89da8a5fd95627adebe2049b21fb9f1756d48a462979251fb700fee19d1ddd199156540c31e4a397007d060d8d0415ad562d67fac1361516d89e8e35a481aca743499a398a23b532eae6ee45179c618898680a2919fe0d8594b5261fe9bc92f0c99f9ae8927a9fe9e9775a5f31464c5e64815d835b17339076498280458082c1e549586cbdf1c075b0d1973177869c230aa68b98a8207faf89c1b73dc5a66d40857f5c9764b4a6fe29a938dc36527b3317549712642a73ab38b0db68f3b785b76a7c27dd600d70944fac015c0602c9addce7bd0732899b1dee2b3b9aa3608aa9b0b3ab9d3f403339e32da99535142242ee6e8ea92c1f64ee356e1ca40ad1695098d84271a563e12b5255a0a98e7220235e2dcd76b3bc08e9a8fccd03f182a77e5e6dabd3099d53bc09afb07fcf94c6a72625160f311aa7e2f016adea3067824d7346d1d6c04c26c43613cc4020ba158b03f85cbf72d83327caeae9517fd1e23916a0b871d1d9521b8d69cacf99823683e9e409076fe13ea3cd49e0a6a242287097a82414fcb4c2f03db6c184e74c61580cb464e8c3f5293678a1d834ddc7fd0ae5e94c13a77d9c81b4c348fe00b75c6770c5823ee88ab10a8d85e19750798ab9daf0b0a360f5c8a94ae44dbceea05fb51414f4fe3aa0ecfb754162880ba51d35391710c43af161bc112cb96fb80bbe99a8c7b57638ea9a4f37fbbc3533e8fb6f54bbce36e259bdc2d679be8319ea5be883f80afb1e44cfefa983e523fda0f47cf6ec1a2389a9f2e75a1ed29cef6d8d4f4b316c3afb18806f950f5d4663c392d54329a20f8eedbee93f5900a66234c9184e5fabb397cd55a6074785ff76d2249f668e5736159a861e09cf860b4c1fe8380da0e7e2ebf7f90a1c8c4a68ec779cc7d93df13aec13793f20d4566dabb8ef7f9dfea2e54a11ca9a8fcbeb650694f4a4a1a7eeee0b7928141d66e6efd03f509573f0126512b4033136dae331bb92a726070bad14b887739b81e7e512de9cd8ee3a37740bba93863ff2cc65933c706245fe6c80b1f0fb169dcd0c72d90ea7c927dbc5afb8e4baa1eb7dc9697e16264c4318055f192adee9c3f96fd8f388af1c12c4ecce33605604f573b1e1b23a9ea1c564abd56b088fd81e9baadfeb26c74dd064b4f34dad25c7e11295b876fc79163d02f6cfac7b2e52639c3fa5935b86058144d1d3ce2ef3dcf3585cfe0a78cb8561f091d1511778f9a7fba8f0147196f583cc34040bf21e842e1bd7d2778df49d47a5b874f17f3eb402b9cc0b1afcb21fc2ecef4d235594f56a55cdbe86d52d0663c56ed5623171d601ad5c0c0b201b1ff79dfe6661c73fa0f3fe07b766c0b27866352b61e43f65d0909a00aa7db3f115910b10131df6f72a41e4628e8755060d6f975e4b70bf7c83c4f5b3514cdf9ec86ffa625544a719318e3ea64050a10bb2af1128d95736813b55afc5c76935728dbc099a4347a4dce97649da07286c1268f603748f2e2828ff4fdac16ed0539a53b5d958aa100cf58b4e5ffe32ea9143fc87e875792d3e0ee1d90dcb047082ba13bf04b76c0796157e8a5f5974d87c56f6593c1207b528ecb6b26d16df17f5d3b30859fb8df095e667a22be1cceeb46613ec6fe7588eb5e505de4ded73c2e41a43e87812f36f09ffad491116126fdd8e8862ec8fffdc11137d35c4567320bb9f4654c371226c308717dd48335b83dd45ba8686f4357cfc4d5daac285120485a9eb85061c0d4cdb386fec1ce46896f550b8efcffd4b00306f364a153bcf393f4586aa6e394496828a161390e11957e0d3436a16e85160bdcf2e4ff52596118ff2a0259f238eeb0c39b3713092f782fcdc9994c7b7affbce17776b5e2eece5c54401a32e77804ac2af67f11c3f54ab41b5df5222590a9a0b2292585ad2d841925b6bd84c972d5ee7e0fa5fa276491a96cefe2bc463d197e680d977fa374cfc889968ba460b46670b2de22a644fc91ab6969818b42f6796806e04034d0bccf2b5023778a1633405b37cc617730564703cfb5845de47be6e9d5c634a88b6aa6ef5e30fcd33bf5d2ecfed07d591c261eceb400037e695c239e5292f13863948cd19d3c887ba8aff279a807b798195fc9ff822f1913e7a0e8d8a8f3b28b828ff64491413a4df1c20a09425da8c17d3c2a56645a84c19449c7607588bc46f9dec397300cbe0687c4a18a05ec22c56ad8b56c30858d6510108cd51dcca4d72da10ab74126da5a5dbd4a5f2f9595bcdecb542ecd2b498017ae83fc745735da56e8c34490924d9b4779eb1b43db0d1ff9b22794c440a7d0025ef63e02336a9256ae07f8d248a07c607ab7573d0f622510160b80ef18f6b2fd5396e900b7dbcebd21f1cb40a4c71705e3f738b0bbc640180f55e36b2891fed1a9073139555d3e37876e62b4fbb5cfd4b4f55841ce6c3a4fd8f26c4eb3d4cdf3b75861a859f74ec71da56bf9f495a33738558204ccb5bf45227fc332cc0386e1218b40d9f5fc867f557e1ba3b0b69a432e9178d38d94d3fcb97dcf3d276ff33def831b4125b9ee38bf47d44ad9a6cbd3cb0ccfe1f36d3f8ca20ca7f2e8651d59ef94665fe0885b169b11000af8d5ef35f4de306c0c8e732db7105fb2c023da2f1db041529446e979d25f587737d23d246106acadd59033ebfc66c088c743bc205d85c80e28ca5f695acb26bed6aa9a08e11fb9d9394663c1ceddd5b27b952bf75027a8deb3b55503ee725fd1094bee3af20fb1df7fc99fc407d60d2945c6ecb7bf94a951d641736d9c188b9a18ad6b71b7878530ef4f84a2d920db42a7b7fc0cfe335d55d93e0fbf0f918bf2da6835726a281b3fdaf03c3b68c90ed58b7fe899a0906c724501866c145ddff6aa5619ba317cc31d3b7d2cecb6694dd1281eab062a18774f1836203e9398cbf039faabf910dc81ebbe8ed614477dfbe45e48001807595f52e32bd0c4098399e48b540dcd4c693c7e1778a1aae08a933f240ccd901ecd87341e9800f3140bb190ed1e159c2916f29efb55b4259438c3b2fbf96676ebc18c355a2c8a02bf8396cd46dddb80d1e79ba430fe35382ec70bac4c3bbaaa85c62d767e007414dc761efc9cd5e2d931bf573e64709420680d3f7b1a99638cbefe7419155a2078874c66af76e10e66a2cad8746ef63b259530dcdc31e8bfca67f589c89b819622aac20313f3241866c445705cc80e4e25ba908094f98d6599194328c31ba9bd6e2d2419a39ca285cc80d9411838851985c207b8f898a927c2c162b6287a69b4b45b191e3986f7f35ffb825a35ab4275f9310fd78fd507fe53418274ebe2fd45e3b9b377f089f17f487d996e2c1892710343ccb665e802352f589d33226aade807290c3e53e5be4ffc3197a114d8e294ca60e348e900e04c052f44682858d98e736d7873ad59c7dd2183bba37fa299a93c0f67868f326427bb1548377c3c8c14c0492ed1f4823b61af88c6323a04e13e2b252c28df1066f4f0897301eb755dea667fc074774d47cdc4936b9c59a949361cef57d53de323116bfc6ad9014ece5f95f0bbffb376dbf1a0da11cec31f0f4364f070848ea91f1b789e6d1424121d123c980a6199e0d7c85798cb22a88cab6db5343a5d6f7a895a35513a2b2759abf2b5ae4d91d1a5f41adf5a56a39567ff0c8de5266bc5f18304e19358e83373baf1859abcf2a1f80a8a588b5cc25fec2f38aebcc888f360629b2fd8da0ba32daf0e855113c360bc01bc669c2bba6e9f978a9e6066ed667280c47a04b8d6b94af92128533ce372d3acd96cd1a13016a72efdd5f1696cc1e569dfe48ad31e96ab736da2bfa94c01d33021741441b64ee4ee37055aec5df6015fcb707d100a50c215e44226e6cd15ed26032e178c11fd4139738eaf43737060b3ceb9961f90e676235be5a086251c0bceb3e343881f19ff73f67e5d0c583bef3186877707984cc383141fdb0f7d21549bf84d37f5ab88a4a63d7a39d7858c23546477561ce44802ad23f501aad9c44088e00d0039ae8a1d94d187e68b19d3ca65ce72d4e41f3f170e21b75fe83a5eea09e9c93703b5a031b1d0bc161b51fc3f5d9393aba41fddf9998d65d2c67c1595e63", "9e244384734c08d0a1c5c09e3c47dd9524424d8444bd5b78ea0745e75e0c00c6eee820bc0f262383accb88ad2002aef568d1313ed02b7896959f6c364a24d7de90f27291c86a17f761f3404186f8a11477410eccce56011894043a4414c0d181e24d34366d045257fcfddf6393b22727fa46ad6cfbce0f712f0dd383de54265499f43802f6f5b5d270557803379c92b8af45ba614443fad2f00ea7750d11f5db9319d3e01be494c03de8d98499c81b039d120d68f1cbd3abe4ed2d3e128f7e2e2669d8138ca034ce6e8cce751e4ec77d94aed487d2ac233e63e90bfbc06a89493a72e4e6a631237e466e37df58288365b37c7cd43ee68c687a542d3f7a53c6ede5cac79575eb1902025e69ef02b904624514be02afcd31e2eebb25024c31ec47ce7bc23d4d220fc134491f753577428e492523cfd468d2f3aecb4b3053a8b87a1a679425c9bcf70026cba595e848b17899c3cd627a1d7c532e6cb45c08f0ba5cba603b8775b45d6feffb2c478cb50b5eed77fdc749f338208e2a38acfa60cd3a2965b89d4a5ae4a53e4e6371822701573d04ac6edd21f04a928d897a1a79e1ae1d9d939dd199f2c0b25023a42d15e2f580a03a31243e5301919cbb3ab77b40dd237126a5a0dbc00be3eaf96929abf1773d8ecc0dd2e6a896202f48bab45387486e34a614efb87de9c221dc236438da03ce07aa1628a4e11a515bb7f6642ba7de1d3dc6e0ace28404c13d897387efb4953165f59ad5c506c79e4766f8efd2bd9f4be7ed0c1a2e35e3802a6281ea797f2e3bc0eba459c321936623eabe12c8e87de94d4141da96ca871272c0256a8d63f977f9002cfb27e95fc2802a0987a8db509cdc4740af83ee1d19ee0bf0a3e585de9f08e57f44d02d477735e28b538c7bfa470d340ded6c76e4ec16d758afa855360c5ba489c8c2f07945ab84ae955905924ab09574d8f518513dd3ce0f72bb8d58f02b6a62f3d2b286c4ed953764fe97c542b5d6a83677954ffe71004eeddea33b23d1de2173b04def18b66ed7bd50ff8a6c7591c20387b818ec98328056460c378e2895ea58e98b6df76996ea3559136e1ca1e7c6fabd641f022be051be802f45f02ba6b7ab808e68f2ef7b9b03051edbfe0a79813b099474546dbd8547b64f514e206ec0b83d6d98cc8b2523eb73c3baa01fa692d57c4267029d0343e6952e9cf96522802866ff44db3fb13b79307a48c43f8f75181429ebbe2c702cc28c0a20645bdff70ee066dcd93ef15722902d5459614633a15492629196ab1803951ac5206bdc0975bf5f25b037472b0067236f9da0806d45c0c31745eb416df747d29f5517131091554946bef22fd7ff2d1848b92bb2e0165042a182f03421ec6f5c843d407c1f9b6e98237a361dfaaeba19cca1dc6e287b57568b3d7c27f0febfa83d8e18e36ee3f3d14ba675134df937f429d522c666834aa93dbd1a0dc4ff184e940e57d20c044dbef6bcbe6598ccff5d52b717d146926c8b7152eb58a546f47d5c6aca174b68e4a0b4a39c2771d9ceffbe85f4345e7836272fbaa8af895bc57691c14b35ce36b79693c3b993676e8e734bdabf45ce63ac6bc18265b3392b2ec5acaebada643b1edcc83325255fff7f2b55075267f92644c3e6063bbfdbd0a2bf681445069ff7c2e8f8857c54bde1ec13031362acb7a040477197715db1b864619b689ecd7b952e1f85976ff4c816d2976e7c9c58c29480726235c9e3d3bc850bb7509faaf7b14498b9d6657b88ae686aa391724d698c1253843a528fcda304f02628456536eb6cd19b37c22abd4a0452f2ed248cbc63fc440f1f75848609878fe4543f84ba3936d16d2a535272c296dd9149e5ff0883999dbd67bc0c52766f3b8024963844f7e05ba327c1c216f6467fe9d1fb8c1bd320fd8c4cd51d7eb8e5058ee71adf8c4803a31e985192e4e36f349332a811308b9bd799bea40a52e79ed364778077f14ef1145db0fd00b73e4a09c4b6273c156ed0933035f0aa6c164fd17a757612203793dd90712c5fab4e935c5f87bad8db1c392aea9589bf3b530f880c6935e2d51e9f8523b149acd6e233ad25dbf813e690be1addb1079cb75520f2fbc95b9467a3fa5d4ca026200564e9d9651996d24c4c43a62a4f817d7f1ec92d8a0f6e7bc329eb3703bc827d9034c7738ec6a8b3abf6ae831686783021041ca3a70a00351e11ad4202024e4c84b321cf4910071f9b0b7cd7535e5e753fe21f1b1bd1c6059a771cbd18f385b6bb0c903cdc5c92beb49c4d6b991f4fb1c1d69e840e01b56a700ea56ca3015f2316b5ad0edab0ad8162d6f1416139a51592fc310442eb05b4167e4a919457233cd75145f08b7b48c60a5dda62674909a347abbca6738ece73a4f90e8436cd5d61843b160d566eaad58b565ec2973820b6ba71c5251eabbd890e93b2cdeea429f02ec9c65b62ccae0446818a6007886582d805a7e05be0b55c4f046d864d02d7679b368076fa4e3055baab67e063886001f1a82352edab1f36c90f353b2ca6a43f5f6b31cc40ecbb261b03705dce741a3336f49562dc2c942348d916341b857a4146f49b8b1f4463c3c99e840f78cbe5220909bed920e8bbffd1dfa435aeb8dae723a74cc3ac8d1e2f91adcaa0f86a83525abffdb66421c2c9aa206de8a35b4a0cfcc5289172338e72ce6c53b58b1886e52c9d4592631a3467bb99a85f6bb48b17d729dac24e28ea0e38b01c07f9506476b2468cc61421b48dbdeab87e8a280c1f998e2ba5786e1be947c5f69bd10ceadb1a6941a4f4714d361d8ff97d5ae9cb04992aa55957c7bdee15aa6b4c8c92af7bd8cc9d2bd2e2449f533796e81105891cc1220e6b96831ccaca1f989dbc3ead437dea07faec7161508d4d88f75290e70c50850583daa883fb52033a20d1b566df926ef33d3576cf9045bb88930f1721f11569a1ba3ed4407ab407f4f3e62222329667e697557bd8cb66c4fcd1b09feceb86f3e324f2b7ba074c1486ce8530365905ecd5d6d21b09e2597de4ce5d7ae8138621338b7d0cd46dc058a4846e1b8b6c111869d09c7268ac847baf55b7da650a994d6d8ea26b3acf733770fbbeca2acbf9f644f594142d8585546d34fb7e07208243836823a7df69290b56529edadacdf638123aa72dd98bf7ec32999d302f0191c7781b54a2f2b00d0fd05bb600fe5e01cb2ee8445c7cd36c5f3bffa4b0ce86cc1dbd28a71aa94efc2d99fd311aa8d0c87dc982fa64f7c1c4d9a4ce6a1aa0317e94f85e699646eca7ec0f20307346a27d16aa232e9732918f05d028c4fba695a959c9560ae47a1512cf1c901c749afaf6bd49fd9bf331907f218e42f6bd8abe6917dee1e586d09376cda55f5911a1de93a945d1cf11ed84178250b3752a6f95c536b916c38d4125e6c9dab24277ae1e071b8410b811301d47d68cbf0ae95dd260aca489140035324b088a28219cfc6e1458268d765d6b0baf176c1fb399b14e7346baf183b344bf3250f5669f7ed061e080f9e789e571898a97f3f9ade8e6d6931fca846d36a0a7f84aa1beb223165b9fd75adc36890aad49b56f3b104218d687db8e7d102f6bb48488663450092681cd59e3d2495ba76739b5ab24263e3a425ef32341f1154d3e86ba7575db55f6ba9bbf38edcfb7cd637ca0696a09fb78dfcc227002ebec85473cfa515cbb73767e6246849c384e84cd4ca8b82d95a5905b1c0429e080b8befcb017bf4b81a40008a97112ca5346d75de0ffc4f8ef411df164992c1f79520d3f8851a22168dc0a0104b874ef8d921e86e06f5de9ca6469c388a9d6c2e4f88be4243cca72e22c1cf3394744f904edcb9cf747da3bc70e878362f77c18443165b81f35e5f24feaf2b73a491d8c0c8c959d3c171e53e187915783130c76f35e5331e22e1b62153954f8effdef66f7d6e22422a7a05898182eb0a90c66fc4870587de5bab02d063a0e12cdccd022913eb5f009f1bd62b35829a9c450c1067929c5d1728f0849fe000c307b712dca6fcaa1452bb95412a60a57888214db8d8fc168da724cfb206b085a79aafb0bb45f67c0f2a777faf60c89fa439c1f6f2bb6e29c81fae6a5ea473e7658d8e6872345787982d654e6296521d57f9ca1cf7c6199337e4af01ff46b36e39a080fbd5bb7abe49c45597a661d0f71b35ace0f7ed307a83056fdff7a5e645e5f81d2a671b616880b06b27ec12f6cea850a17282a7fd48041699ca7334c68ec1b2ca7c94c2a32b67c3a6fe85b1cbe7fb7edf460e01a4db17b6717ca60cb8fa599730723c487247c9a086fee254c720cb5a5948604662d082e2cadcfc2f595864308cf9adc5ab37b079452d964c6b788815887bd54d5d6fde840ff585ce084ba0929bd374becebb24f696689b532e5d7a05045f69b000f719990cd770736bc66f65fdcf11116996fb28fe1880c6383dee15438791be4ca1b447b0eac4bff330bc79c80f2b8875e4ad636a60bcc288181d54cfb27783992b7003d4bc9c17f5cdc713fd48e9e332efdaf1fb35a28f0e315b0bd7811a8473df3209797b635da938ed3fadf6a48cc57d5f5d90f2a9420eec07b64aab2272975123822c5fdff65307493f61de27c70563261412e959775695a51b459c7429e37713ecedc91513726c0837062e3ed7338d492eac50095c534532d4249c908bc1309a0d6d3e1d052686645fce98d8bf231c9007606e896d07c18e93b84e8df0ebf6c9a3d7a44294eb96ec3cb7613c9e06b7339005e5239e471db3d1d35342baa3f1c957d84c99fef86ddc79d40aced71e33394403125101f656c0f03c5d939826e17556c400f8e467196abad255b0a599abb253638705fa329dcd0185e876be14c30bd663ff009cd35b2fc467ac69642dad8e2b9915e6fccd6e45e861a611d609b0870fc1bd4c5314b5cc0acc82d710f07309a98918dc3bfd4d72af3690b212a69d8cfdc7ef972d396479961ebcef79fa3f8e98c08ef63213baf1035c6994315a4d47c51602300cd5903626072b57fee83d3b7984943ae60a9da1a517fe1b7f41c692b8fea405ffa2393d4ffe8bb801e451e0f535594113c3ced715d25130d5f7273339d1e3a34ffbd98459004d01311c53ca60a25d661e7ce715cb72b562d1692e7db50cabf1dc9890b4e4441fabb4f26da25046baa1511fc3b825c2444121a7a12604110f31aa5a6a975df9da233edfd76aca746a4d546cff3ee336b7931e05683fb248e9550e35e33058e4faa7357949b9923eff422efa4d502423c15c7a5b47469af3099952c32cd443b772c78b7d04e9852842737490f2cb1f925e3113c2b4caba844dd8df6ca9c74aae5229380743f0f76e74b22f4546b94948864088a57a3353456c96fbffdadefe5c364cc721353f430ac8914e3e309c1da721afcbce1a46b4e4e7e1e42ee7cd4fabcc7ae0fca11423aba7f604dba9ef77fb20fe5f5317d40d55055fa42b1d0e48e40a1846492d4b46132b5b09d590e4d9f58476f4b83030a839b770d88a752e1bf9b18ca66eb24d2a1515f85521cb74d980e49b6ce59c6b1f8e63cfc7e7841386ceaaf3744e47a896729a7c397be8fe4f9c77db1f25a98b326ec70f38fb592be6546345a9c5490835a77c879c2bf9b503bc27b54b37329191eec8fe4a9cc6c7243ee2987aad848b49bd540b8fa9942d00a14b1aee6cf25bbd861136da8dfbbdad755303dacf75082e419a480b6d29bb4d3315103dfb032a54e66f11857a751b20f5b1ea7e363395cc793c59545a45c330947e1c5687b834f0f0472ba5f40a4b68907e42a04ec7c3cfcdb113ef21a196f3e05ddf217"}) r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000700)='\x00') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) 12:48:11 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00}) 12:48:11 executing program 3: syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x2, 0x2) ioctl$TCFLSH(r1, 0x540b, 0x1) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') bind$llc(r1, &(0x7f0000000040)={0x1a, 0x305, 0xc9e1, 0x81, 0x0, 0x5, @local}, 0x10) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) openat$cgroup_ro(r1, &(0x7f00000000c0)='io.stat\x00', 0x0, 0x0) [ 376.076254][T13716] device nr0 entered promiscuous mode [ 376.083577][T13707] overlayfs: filesystem on './file0' not supported as upperdir 12:48:12 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000}) 12:48:12 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x1000000) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="75707065726469703d2e2f66696c65302c6c6f7765726469723d2e2f66696c65312c776f726b6469723d2e2f66696c6531ba91c1a012b74ac865f25d7dc6f8b28a06da21b35be3209a26fea5418a470e90cfcee8c7e8c4"]) acct(&(0x7f0000000040)='./file1/file0\x00') chdir(&(0x7f0000000380)='./file0\x00') mkdir(&(0x7f0000000000)='./file0\x00', 0x40) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:12 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000000)={0x0, 0x0, 0x3}, 0x8) [ 376.220490][T13719] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 376.245219][T13726] overlayfs: unrecognized mount option "upperdip=./file0" or missing value [ 376.274685][T13719] CPU: 0 PID: 13719 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 376.282714][T13719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 376.292863][T13719] Call Trace: [ 376.296036][T13726] [ 376.296165][T13719] dump_stack+0x172/0x1f0 [ 376.298622][T13726] ====================================================== [ 376.302943][T13719] dump_header+0x10f/0xb6c [ 376.309930][T13726] WARNING: possible circular locking dependency detected [ 376.309945][T13726] 5.1.0-rc6+ #88 Not tainted [ 376.314357][T13719] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 376.321337][T13726] ------------------------------------------------------ [ 376.321353][T13726] syz-executor.1/13726 is trying to acquire lock: [ 376.325933][T13719] ? ___ratelimit+0x60/0x595 [ 376.331710][T13726] 000000001360a557 (&acct->lock#2){+.+.}, at: acct_pin_kill+0x27/0x100 [ 376.338821][T13719] ? do_raw_spin_unlock+0x57/0x270 [ 376.345221][T13726] [ 376.345221][T13726] but task is already holding lock: [ 376.349806][T13719] oom_kill_process.cold+0x10/0x15 [ 376.358017][T13726] 0000000051a90dc6 (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0 [ 376.363123][T13719] out_of_memory+0x79a/0x1280 [ 376.370455][T13726] [ 376.370455][T13726] which lock already depends on the new lock. [ 376.370455][T13726] [ 376.375559][T13719] ? lock_downgrade+0x880/0x880 [ 376.383757][T13726] [ 376.383757][T13726] the existing dependency chain (in reverse order) is: [ 376.383772][T13726] [ 376.383772][T13726] -> #2 (sb_writers#3){.+.+}: [ 376.388471][T13719] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 376.398869][T13726] lock_acquire+0x16f/0x3f0 [ 376.403793][T13719] ? oom_killer_disable+0x280/0x280 [ 376.412799][T13726] __sb_start_write+0x20b/0x360 [ 376.419648][T13719] ? find_held_lock+0x35/0x130 [ 376.425880][T13726] ovl_write_iter+0x91b/0xc20 [ 376.430888][T13719] mem_cgroup_out_of_memory+0x1ca/0x230 [ 376.436064][T13726] new_sync_write+0x4c7/0x760 [ 376.441519][T13719] ? memcg_event_wake+0x230/0x230 [ 376.446319][T13726] __vfs_write+0xe4/0x110 [ 376.451661][T13719] ? do_raw_spin_unlock+0x57/0x270 [ 376.457193][T13726] vfs_write+0x20c/0x580 [ 376.462393][T13719] ? _raw_spin_unlock+0x2d/0x50 [ 376.467401][T13726] ksys_write+0x14f/0x2d0 [ 376.472239][T13719] try_charge+0x102c/0x15c0 [ 376.477513][T13726] __x64_sys_write+0x73/0xb0 [ 376.482270][T13719] ? find_held_lock+0x35/0x130 [ 376.487208][T13726] do_syscall_64+0x103/0x610 [ 376.492042][T13719] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 376.496531][T13726] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 376.501625][T13719] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 376.506362][T13726] [ 376.506362][T13726] -> #1 (&ovl_i_mutex_key[depth]){+.+.}: [ 376.511473][T13719] ? kasan_check_read+0x11/0x20 [ 376.517002][T13726] lock_acquire+0x16f/0x3f0 [ 376.523413][T13719] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 376.529766][T13726] down_write+0x38/0x90 [ 376.529789][T13726] ovl_write_iter+0x148/0xc20 [ 376.537584][T13719] mem_cgroup_try_charge+0x24d/0x5e0 [ 376.542417][T13726] new_sync_write+0x4c7/0x760 [ 376.547515][T13719] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 376.553046][T13726] __vfs_write+0xe4/0x110 [ 376.557709][T13719] __handle_mm_fault+0x1e1f/0x3ec0 [ 376.562891][T13726] __kernel_write+0x110/0x3b0 [ 376.568165][T13719] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 376.573351][T13726] do_acct_process+0xd37/0x1150 [ 376.578968][T13719] ? find_held_lock+0x35/0x130 [ 376.583822][T13726] acct_process+0x568/0x61e [ 376.588922][T13719] ? handle_mm_fault+0x322/0xb30 [ 376.594099][T13726] do_exit+0x17bd/0x2fa0 [ 376.599630][T13719] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 376.604986][T13726] do_group_exit+0x135/0x370 [ 376.609743][T13719] ? kasan_check_read+0x11/0x20 [ 376.614888][T13726] get_signal+0x399/0x1d50 [ 376.619755][T13719] handle_mm_fault+0x43f/0xb30 [ 376.625632][T13726] do_signal+0x87/0x1940 [ 376.625654][T13726] exit_to_usermode_loop+0x244/0x2c0 [ 376.631891][T13719] __get_user_pages+0x7b6/0x1a40 [ 376.636988][T13726] do_syscall_64+0x52d/0x610 [ 376.641841][T13719] ? follow_page_mask+0x19a0/0x19a0 [ 376.646928][T13726] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 376.651674][T13719] ? __vma_adjust+0x1840/0x1840 [ 376.656410][T13726] [ 376.656410][T13726] -> #0 (&acct->lock#2){+.+.}: [ 376.662299][T13719] ? lock_acquire+0x16f/0x3f0 [ 376.667214][T13726] __lock_acquire+0x239c/0x3fb0 [ 376.672314][T13719] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 376.677483][T13726] lock_acquire+0x16f/0x3f0 [ 376.677505][T13726] __mutex_lock+0xf7/0x1310 [ 376.683903][T13719] populate_vma_page_range+0x20d/0x2a0 [ 376.688735][T13726] mutex_lock_nested+0x16/0x20 [ 376.695654][T13719] __mm_populate+0x204/0x380 [ 376.700314][T13726] acct_pin_kill+0x27/0x100 [ 376.705671][T13719] ? populate_vma_page_range+0x2a0/0x2a0 [ 376.711936][T13726] pin_kill+0x18f/0x860 [ 376.716899][T13719] __x64_sys_mlockall+0x35c/0x520 [ 376.721911][T13726] acct_on+0x574/0x790 [ 376.727349][T13719] do_syscall_64+0x103/0x610 [ 376.732635][T13726] __x64_sys_acct+0xae/0x200 [ 376.737229][T13719] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 376.742243][T13726] do_syscall_64+0x103/0x610 [ 376.747892][T13719] RIP: 0033:0x458da9 [ 376.752559][T13726] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 376.759145][T13719] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 376.763720][T13726] [ 376.763720][T13726] other info that might help us debug this: [ 376.763720][T13726] [ 376.768316][T13719] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 376.773409][T13726] Chain exists of: [ 376.773409][T13726] &acct->lock#2 --> &ovl_i_mutex_key[depth] --> sb_writers#3 [ 376.773409][T13726] [ 376.779387][T13719] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 376.784504][T13726] Possible unsafe locking scenario: [ 376.784504][T13726] [ 376.788388][T13719] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 376.794771][T13726] CPU0 CPU1 [ 376.794786][T13726] ---- ---- [ 376.814406][T13719] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 376.824611][T13726] lock(sb_writers#3); [ 376.833030][T13719] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 376.846272][T13726] lock(&ovl_i_mutex_key[depth]); [ 376.854257][T13719] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 376.861691][T13726] lock(sb_writers#3); [ 376.922927][T13726] lock(&acct->lock#2); [ 376.927164][T13726] [ 376.927164][T13726] *** DEADLOCK *** [ 376.927164][T13726] [ 376.935307][T13726] 2 locks held by syz-executor.1/13726: [ 376.940846][T13726] #0: 000000004bb98710 (acct_on_mutex){+.+.}, at: __x64_sys_acct+0xa6/0x200 [ 376.949628][T13726] #1: 0000000051a90dc6 (sb_writers#3){.+.+}, at: mnt_want_write+0x3f/0xc0 [ 376.958243][T13726] [ 376.958243][T13726] stack backtrace: [ 376.964133][T13726] CPU: 1 PID: 13726 Comm: syz-executor.1 Not tainted 5.1.0-rc6+ #88 [ 376.972119][T13726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 376.982167][T13726] Call Trace: [ 376.985466][T13726] dump_stack+0x172/0x1f0 [ 376.989800][T13726] print_circular_bug.isra.0.cold+0x1cc/0x28f [ 376.995975][T13726] check_prev_add.constprop.0+0xf11/0x23c0 [ 377.001787][T13726] ? check_prev_add.constprop.0+0x664/0x23c0 [ 377.007777][T13726] ? check_usage+0x570/0x570 [ 377.012370][T13726] ? check_usage+0x570/0x570 [ 377.016957][T13726] ? __lockdep_reset_lock+0x450/0x450 [ 377.022353][T13726] ? graph_lock+0x7b/0x200 [ 377.026769][T13726] ? __lockdep_reset_lock+0x450/0x450 [ 377.032149][T13726] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 377.038418][T13726] __lock_acquire+0x239c/0x3fb0 [ 377.043365][T13726] ? mark_held_locks+0xf0/0xf0 [ 377.048150][T13726] lock_acquire+0x16f/0x3f0 [ 377.052657][T13726] ? acct_pin_kill+0x27/0x100 [ 377.057342][T13726] ? acct_pin_kill+0x27/0x100 [ 377.062029][T13726] __mutex_lock+0xf7/0x1310 [ 377.066535][T13726] ? acct_pin_kill+0x27/0x100 [ 377.071223][T13726] ? acct_pin_kill+0x27/0x100 [ 377.075977][T13726] ? rcu_preempt_deferred_qs_irqrestore+0x5b9/0xd20 [ 377.082568][T13726] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 377.088376][T13726] ? mutex_trylock+0x1e0/0x1e0 [ 377.093231][T13726] ? pin_kill+0x13b/0x860 [ 377.097561][T13726] ? find_held_lock+0x35/0x130 [ 377.102330][T13726] ? pin_kill+0x13b/0x860 [ 377.106670][T13726] mutex_lock_nested+0x16/0x20 [ 377.111441][T13726] ? mutex_lock_nested+0x16/0x20 [ 377.116412][T13726] acct_pin_kill+0x27/0x100 [ 377.120929][T13726] pin_kill+0x18f/0x860 [ 377.125088][T13726] ? pin_insert+0x60/0x60 [ 377.129419][T13726] ? __mutex_unlock_slowpath+0xf8/0x6b0 [ 377.135101][T13726] ? finish_wait+0x260/0x260 [ 377.139697][T13726] acct_on+0x574/0x790 [ 377.143767][T13726] __x64_sys_acct+0xae/0x200 [ 377.148362][T13726] do_syscall_64+0x103/0x610 [ 377.152950][T13726] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 377.158843][T13726] RIP: 0033:0x458da9 [ 377.162733][T13726] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 377.182339][T13726] RSP: 002b:00007fcf6eb6ec78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 377.190756][T13726] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 377.198751][T13726] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000040 [ 377.206720][T13726] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 377.214687][T13726] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcf6eb6f6d4 [ 377.222658][T13726] R13: 00000000004becd2 R14: 00000000004cfa50 R15: 00000000ffffffff [ 377.249439][T13719] memory: usage 307172kB, limit 307200kB, failcnt 2387 [ 377.258980][T13719] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 377.266669][T13719] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 377.273718][T13719] Memory cgroup stats for /syz2: cache:0KB rss:297368KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:168948KB active_anon:13580KB inactive_file:0KB active_file:0KB unevictable:114972KB [ 377.298270][T13719] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12476,uid=0 [ 377.302276][T13726] overlayfs: unrecognized mount option "upperdip=./file0" or missing value [ 377.315280][T13719] Memory cgroup out of memory: Killed process 12476 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 377.327457][T13709] kobject: 'rx-0' (0000000042ed4268): kobject_cleanup, parent 00000000069082e8 [ 377.337683][T13738] Process accounting resumed [ 377.349807][T13709] kobject: 'rx-0' (0000000042ed4268): auto cleanup 'remove' event [ 377.358131][T13709] kobject: 'rx-0' (0000000042ed4268): kobject_uevent_env [ 377.368288][T13709] kobject: 'rx-0' (0000000042ed4268): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' 12:48:13 executing program 4: r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x100, 0x0) ioctl$TIOCSISO7816(r1, 0xc0285443, &(0x7f0000000040)={0x7fff, 0xf8c, 0x9, 0x80000000, 0xfffffffffffffff9}) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) ioctl$KVM_GET_LAPIC(r1, 0x8400ae8e, &(0x7f0000000300)={"e7ceaf7295897deb5ffe1ad7ced8a395865fe1cbc0139f097a108cf74beba6b3834b4acc3ef73b7d12abf4f5ead5f4d559a7dd03d0e4b4913ce2cd6546b8975c1128b3e10f2141ea8b3b5fb39c4e8ed2a12f2060023c93820dc19d9e5f4bdfaeb7707271074ff3ec7bb438aa4a2c369e2fedf125aa992f991fb2461908da226257dc052b9f6646b97ea3562bb7d968dd0e76cb932884cb1dfb68d6f1e1748e69a5606d31474a264a541b7dc1e3c528a22ef36de219f58e5115fc9fe1bbe71ae89938f0a6d9fbe7b1e3570f46fb25102504ea590e9f9e37d1af6c957042d26ab21dc53f0caa4fc8d07303c28de499e6851a050dcf699e95cdae4fe1323a56e92397e8c137bc967c0da8c7bd85c38ce89be61bffebbe652e31d512bd0ab30f699dcf89b720d5bf7c2137b8591e24f91ac9ea4dcee339bc5224273e39e4b0af2fefa6d3945f83c5bafffdbee14b192e253eb153c1d56fc736d0a914434daf706c0864f3c4c8916f70d7bcc27b2d0290017e4028ea81a649fff4a76398031df7075834f9b0b24e946351c54db2a4aea478b383420a9a3d173a18d6a5a70e5238be1b980c09b36a766b1d5b912b4042209a826db3c963353256da6eee5c207f240b8b41d40d8d499134f1aafb7da61902a905a1ca1317b443de75050ffadc328635b8e9e57cfb788c9dd7608129a77183d6592261e24cec7224c56c1f4efa5e18b321cfeb323216b56fa88400fb20fc86305b5ad47c98962ccbfb592d61f6cbd4ccef4cb1f66136597c3c13d0cc7b4a1fb4e84d31440f074817d47420aacbb596c1bf74fa74e62e42177f5f24f851f36d9cad3ecf1d258c765b4fe37e99f60a04460d0d61c5575fecb296cec4ec12265306f36846bf84db3178ebe848b9c619a94385c98af52879e2c712a09c5982d912cc600012fc809703269f3393b3f95d45018adb362319bc7f02c5543558435de00a5f4ab86c0cf0fef879dff9308a8b22ce51f2df25d0b2281ed28fa799a64db5c33a7933fab727782a53a4f11486803b6501e2a6f6b37dfafd5d185c3bb2b59a64432fb578a48044aa983f36730a1c00ec7cb98f93299713bc78e0eae132c086bae1153dcd4c27a50685a523e1b707176eca934a7b56937edeaf5269745c1cdbf9d0d9a5bf95ff6d2a2ba8a9400f4db4d2d2ae8c3dee5fcf188ad837ae8f659c1bdcc582cade85c40fc5ce415733a7dd913496ff07d9bc09840416a1035c82f2a02d290d4d84bc8d1e88a88bcfa0218ff0d57d1f6694435852b0a34167dec033732ed3986e2ee5cc06ee50d980093208027333947180465103245e15decd288384b3dd9d0c93e0f24fabda978208b4cae96f520e80fe7b61d5b43b5a27331b8da00e7adc61cb1ab21dc53527abb79e540ef73429e6484c8bcaf0a15695c22bf8efe843ec4133cab713d302bf6a8dea73b6fc"}) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) write$rfkill(r2, &(0x7f0000000080), 0x8) personality(0x400000000440000b) [ 377.379992][T13709] kobject: 'rx-0' (0000000042ed4268): auto cleanup kobject_del [ 377.390494][T13709] kobject: 'rx-0' (0000000042ed4268): calling ktype release [ 377.397948][T13709] kobject: 'rx-0': free name [ 377.404896][ T3875] kobject: 'loop4' (000000005a3e9530): kobject_uevent_env [ 377.405765][T13709] kobject: 'tx-0' (000000000c7c304b): kobject_cleanup, parent 00000000069082e8 [ 377.412546][T13738] Process accounting resumed [ 377.421121][T13709] kobject: 'tx-0' (000000000c7c304b): auto cleanup 'remove' event [ 377.428537][ T3875] kobject: 'loop4' (000000005a3e9530): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 377.436222][T13709] kobject: 'tx-0' (000000000c7c304b): kobject_uevent_env [ 377.452148][T13742] QAT: Invalid ioctl [ 377.459455][T13742] QAT: Invalid ioctl 12:48:13 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="757070070000b6c9a5c95004b5000000000066696c65302c6c6f4e5d4130446843449f497765726469725e2e2f77b66c65312c776f726b643152df2ab9c1e1abc5ffabbf06aaecfa7f218f141b8c573580b99d735a03ee0ab75cdb6d41c2b3c6214eb4ebd24fe045a53d485bbb568ef3485685b6cbde2b0367852714f827513423964f8a74cde2cda0ca6f5fe59dbb7dcf26b5d0c22022b44b71ebccf2e3f3d68867193309a0"]) chdir(&(0x7f0000000380)='./file0\x00') ioctl$SG_SET_RESERVED_SIZE(r0, 0x2275, &(0x7f0000000100)=0x9) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 377.472657][T13709] kobject: 'tx-0' (000000000c7c304b): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 377.488287][ T3875] kobject: 'loop1' (00000000b39d6000): kobject_uevent_env [ 377.497961][ T3875] kobject: 'loop1' (00000000b39d6000): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 377.503715][T13709] kobject: 'tx-0' (000000000c7c304b): auto cleanup kobject_del [ 377.520351][T13745] overlayfs: unrecognized mount option "upp" or missing value [ 377.528848][T13709] kobject: 'tx-0' (000000000c7c304b): calling ktype release [ 377.545327][T13709] kobject: 'tx-0': free name [ 377.554574][T13709] kobject: 'queues' (00000000069082e8): kobject_cleanup, parent (null) [ 377.559296][T13745] overlayfs: unrecognized mount option "upp" or missing value [ 377.571257][T13709] kobject: 'queues' (00000000069082e8): calling ktype release 12:48:13 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f7765726469723d2e2f66696c65b12c776f726b64697266696c6531000000"]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000000)) [ 377.579515][T13709] kobject: 'queues' (00000000069082e8): kset_release [ 377.594877][T13709] kobject: 'queues': free name [ 377.600020][T13709] kobject: 'nr0' (000000009711840f): kobject_uevent_env [ 377.607503][ T3875] kobject: 'loop1' (00000000b39d6000): kobject_uevent_env [ 377.613786][T13719] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 377.617925][ T3875] kobject: 'loop1' (00000000b39d6000): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 377.638386][T13709] kobject: 'nr0' (000000009711840f): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 377.639077][T13754] overlayfs: unrecognized mount option "workdirfile1" or missing value [ 377.664854][T13719] CPU: 0 PID: 13719 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 377.678167][T13719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 377.678612][T13754] overlayfs: unrecognized mount option "workdirfile1" or missing value [ 377.688224][T13719] Call Trace: [ 377.688248][T13719] dump_stack+0x172/0x1f0 [ 377.688265][T13719] dump_header+0x10f/0xb6c [ 377.688279][T13719] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 377.688292][T13719] ? ___ratelimit+0x60/0x595 [ 377.688307][T13719] ? do_raw_spin_unlock+0x57/0x270 [ 377.688327][T13719] oom_kill_process.cold+0x10/0x15 [ 377.729227][T13719] out_of_memory+0x79a/0x1280 [ 377.733919][T13719] ? lock_downgrade+0x880/0x880 [ 377.738865][T13719] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 377.745101][T13719] ? oom_killer_disable+0x280/0x280 [ 377.750303][T13719] mem_cgroup_out_of_memory+0x1ca/0x230 [ 377.755857][T13719] ? memcg_event_wake+0x230/0x230 [ 377.760890][T13719] ? do_raw_spin_unlock+0x57/0x270 [ 377.765985][T13719] ? _raw_spin_unlock+0x2d/0x50 [ 377.770829][T13719] try_charge+0x102c/0x15c0 [ 377.775313][T13719] ? mem_cgroup_charge_statistics+0x430/0x430 [ 377.781368][T13719] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 377.786907][T13719] ? percpu_ref_tryget_live+0x111/0x290 [ 377.792459][T13719] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 377.798010][T13719] mem_cgroup_try_charge+0x24d/0x5e0 [ 377.803289][T13719] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 377.809030][T13719] wp_page_copy+0x408/0x1740 [ 377.813620][T13719] ? pmd_pfn+0x1d0/0x1d0 [ 377.817847][T13719] ? lock_downgrade+0x880/0x880 [ 377.822680][T13719] ? swp_swapcount+0x540/0x540 [ 377.827433][T13719] ? kasan_check_read+0x11/0x20 [ 377.832276][T13719] ? do_raw_spin_unlock+0x57/0x270 [ 377.837371][T13719] do_wp_page+0x48e/0x1500 [ 377.841777][T13719] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 377.847173][T13719] __handle_mm_fault+0x22e8/0x3ec0 [ 377.852291][T13719] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 377.857844][T13719] ? kasan_check_read+0x11/0x20 [ 377.862680][T13719] ? do_raw_spin_unlock+0x57/0x270 [ 377.867779][T13719] ? handle_mm_fault+0xb8/0xb30 [ 377.872635][T13719] ? trace_hardirqs_on+0x67/0x230 [ 377.877825][T13719] handle_mm_fault+0x43f/0xb30 [ 377.882613][T13719] __get_user_pages+0x7b6/0x1a40 [ 377.887542][T13719] ? follow_page_mask+0x19a0/0x19a0 [ 377.892725][T13719] ? lock_acquire+0x16f/0x3f0 [ 377.897384][T13719] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 377.903716][T13719] populate_vma_page_range+0x20d/0x2a0 [ 377.909165][T13719] __mm_populate+0x204/0x380 [ 377.913742][T13719] ? populate_vma_page_range+0x2a0/0x2a0 [ 377.919378][T13719] __x64_sys_mlockall+0x35c/0x520 [ 377.924388][T13719] do_syscall_64+0x103/0x610 [ 377.929001][T13719] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 377.934873][T13719] RIP: 0033:0x458da9 [ 377.938843][T13719] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 377.958461][T13719] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 377.966899][T13719] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 377.974870][T13719] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 377.982832][T13719] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 377.990888][T13719] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 377.998845][T13719] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 378.010032][ T3875] kobject: 'loop4' (000000005a3e9530): kobject_uevent_env [ 378.013136][T13719] memory: usage 307096kB, limit 307200kB, failcnt 2420 [ 378.024796][T13719] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 378.025116][ T3875] kobject: 'loop4' (000000005a3e9530): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 378.044149][T13713] kobject: 'rx-0' (00000000aab25abd): kobject_cleanup, parent 00000000a43e34a6 [ 378.049326][T13719] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 378.053149][T13713] kobject: 'rx-0' (00000000aab25abd): auto cleanup 'remove' event [ 378.053161][T13713] kobject: 'rx-0' (00000000aab25abd): kobject_uevent_env [ 378.053196][T13713] kobject: 'rx-0' (00000000aab25abd): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 378.053270][T13713] kobject: 'rx-0' (00000000aab25abd): auto cleanup kobject_del [ 378.063918][T13719] Memory cgroup stats for /syz2: cache:0KB rss:297288KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:161076KB active_anon:13568KB inactive_file:0KB active_file:0KB unevictable:122680KB [ 378.068820][T13713] kobject: 'rx-0' (00000000aab25abd): calling ktype release [ 378.082657][T13719] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13717,uid=0 [ 378.086668][T13713] kobject: 'rx-0': free name [ 378.096830][T13719] Memory cgroup out of memory: Killed process 13717 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 378.158370][T13713] kobject: 'tx-0' (00000000522dda14): kobject_cleanup, parent 00000000a43e34a6 [ 378.167524][T13713] kobject: 'tx-0' (00000000522dda14): auto cleanup 'remove' event [ 378.176236][T13713] kobject: 'tx-0' (00000000522dda14): kobject_uevent_env [ 378.183589][T13713] kobject: 'tx-0' (00000000522dda14): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 378.194867][T13713] kobject: 'tx-0' (00000000522dda14): auto cleanup kobject_del [ 378.202841][T13713] kobject: 'tx-0' (00000000522dda14): calling ktype release [ 378.210317][T13713] kobject: 'tx-0': free name [ 378.215272][T13713] kobject: 'queues' (00000000a43e34a6): kobject_cleanup, parent (null) [ 378.224746][T13713] kobject: 'queues' (00000000a43e34a6): calling ktype release 12:48:14 executing program 2: mlockall(0x3) r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0x2, 0x0) ioctl$VIDIOC_QUERYBUF(r0, 0xc0585609, &(0x7f0000000100)={0x5, 0x7, 0x4, 0x1000, {0x0, 0x7530}, {0x3, 0x0, 0x2, 0x3, 0x3, 0x8001, "a8da4c0a"}, 0x4, 0x0, @planes=&(0x7f00000000c0)={0x0, 0x8, @mem_offset=0x7, 0xffff}, 0x4}) ioctl$VIDIOC_ENUMOUTPUT(r0, 0xc0485630, &(0x7f0000000180)={0x100000000, "f68c40a43449eec1ed2873015c7744157262c4f234c42a1987938c4351e8c858", 0x1, 0x9, 0x20, 0x8000, 0xe}) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:48:14 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket(0x2000000000000021, 0x2, 0x2) sendmsg$alg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@iv={0x18, 0x110}], 0x18}, 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') mount(&(0x7f0000000000)=@sg0='/dev/sg0\x00', &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)='dax\x00', 0x80014, 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:14 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$rfkill(0xffffffffffffffff, &(0x7f0000000080), 0x8) ioctl$KVM_SET_CPUID(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000040)=ANY=[@ANYBLOB="05000000080001fbbab11c000080fbffffff0500000006ea000005000000000000000000bf4d45a6e35193e3b556a138"]) [ 378.232549][T13713] kobject: 'queues' (00000000a43e34a6): kset_release [ 378.243848][T13713] kobject: 'queues': free name [ 378.250149][ T3875] kobject: 'loop2' (0000000064d7cda6): kobject_uevent_env [ 378.267720][ T3875] kobject: 'loop2' (0000000064d7cda6): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 378.276147][T13713] kobject: 'nr0' (000000002a78380c): kobject_uevent_env [ 378.285879][T13713] kobject: 'nr0' (000000002a78380c): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 378.305312][T13709] kobject: 'nr0' (000000009711840f): kobject_cleanup, parent (null) [ 378.325504][T13761] overlayfs: './file0' not a directory [ 378.331734][T13709] kobject: 'nr0' (000000009711840f): calling ktype release [ 378.352564][T13713] kobject: 'nr0' (000000002a78380c): kobject_cleanup, parent (null) [ 378.358304][T13763] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 378.361706][T13709] kobject: 'nr0': free name [ 378.372707][T13763] CPU: 0 PID: 13763 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 378.382666][T13713] kobject: 'nr0' (000000002a78380c): calling ktype release [ 378.384449][T13763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 378.384454][T13763] Call Trace: [ 378.384478][T13763] dump_stack+0x172/0x1f0 [ 378.384499][T13763] dump_header+0x10f/0xb6c [ 378.393255][T13713] kobject: 'nr0': free name [ 378.401835][T13763] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 378.401851][T13763] ? ___ratelimit+0x60/0x595 [ 378.401874][T13763] ? do_raw_spin_unlock+0x57/0x270 12:48:14 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x2, 0x0) r2 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x1, 0x2000) ioctl$RFKILL_IOCTL_NOINPUT(r2, 0x5201) ioctl$sock_bt_cmtp_CMTPCONNDEL(r2, 0x400443c9, &(0x7f0000000040)={{0x1, 0x22, 0x3, 0x6, 0x0, 0x100}, 0x9eff}) ioctl$EVIOCGVERSION(r2, 0x80044501, &(0x7f0000000080)=""/47) ioctl$sock_bt_hci(r2, 0x800448f0, &(0x7f00000000c0)="55954389e0bd2caa94ee2522c45b57cce98d6028f2c813e897ab36bf9996b713d5d4363bbbca8cf29edc6d19205551982581d96807098f8ec35560995d6757f810d50c5522a7622ae887") ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000280)=[{&(0x7f00000000c0), 0xfffffffffffffdb0}, {&(0x7f0000000440)=""/141}], 0x2d1e02fc8df6291) 12:48:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e000000}) 12:48:14 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x1, 0x208000) r1 = getuid() ioctl$VIDIOC_ENUMAUDOUT(r0, 0xc0345642, &(0x7f0000000200)={0x0, "e6ac6deb2257b62e3ae3631e6e2d0e312d7a71dea2883af5ab21a74c9765eeb4", 0x1, 0x1}) ioctl$SIOCAX25DELUID(r0, 0x89e2, &(0x7f0000000140)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, r1}) r2 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c6565312c776f72576469723d2e2f66696c65313e8a648222237dea2300"/58]) getsockname(r2, &(0x7f0000000000)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000080)=0x80) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) connect$nfc_llcp(r2, &(0x7f0000000180)={0x27, 0x0, 0x1, 0x2, 0x1, 0x40, "e1073d6ed83bccc3a62610d363e93d7120b67be2eea10fd8124fdc8256397f57d4a2acb721a7c0b6d09fb23b5ae8ae507d3cd23b0cff9fa44ac038c2338d1b", 0x14}, 0x60) 12:48:14 executing program 3: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket(0x2000000000000021, 0x2, 0x2) sendmsg$alg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@iv={0x18, 0x110}], 0x18}, 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') mount(&(0x7f0000000000)=@sg0='/dev/sg0\x00', &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)='dax\x00', 0x80014, 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 378.432917][ T3875] kobject: 'loop3' (00000000ebc5bd7c): kobject_uevent_env [ 378.434011][T13763] oom_kill_process.cold+0x10/0x15 [ 378.434027][T13763] out_of_memory+0x79a/0x1280 [ 378.434048][T13763] ? lock_downgrade+0x880/0x880 [ 378.441179][ T3875] kobject: 'loop3' (00000000ebc5bd7c): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 378.446260][T13763] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 378.446273][T13763] ? oom_killer_disable+0x280/0x280 [ 378.446300][T13763] mem_cgroup_out_of_memory+0x1ca/0x230 [ 378.471688][T13770] kobject: 'nr0' (0000000000be290c): kobject_add_internal: parent: 'net', set: 'devices' [ 378.472265][T13763] ? memcg_event_wake+0x230/0x230 [ 378.481198][ T3875] kobject: 'loop5' (000000002cb8a305): kobject_uevent_env [ 378.483007][T13763] ? do_raw_spin_unlock+0x57/0x270 [ 378.483022][T13763] ? _raw_spin_unlock+0x2d/0x50 [ 378.483047][T13763] try_charge+0x102c/0x15c0 [ 378.494559][T13770] kobject: 'nr0' (0000000000be290c): kobject_uevent_env [ 378.497954][T13763] ? mem_cgroup_charge_statistics+0x430/0x430 [ 378.497973][T13763] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 378.497995][T13763] ? percpu_ref_tryget_live+0x111/0x290 [ 378.505270][ T3875] kobject: 'loop5' (000000002cb8a305): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 378.510333][T13763] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 378.510350][T13763] mem_cgroup_try_charge+0x24d/0x5e0 [ 378.510370][T13763] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 378.515378][T13770] kobject: 'nr0' (0000000000be290c): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 378.519782][T13763] __handle_mm_fault+0x1e1f/0x3ec0 [ 378.519801][T13763] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 378.519833][T13763] ? kasan_check_read+0x11/0x20 [ 378.538503][T13770] kobject: 'queues' (000000003f35c35d): kobject_add_internal: parent: 'nr0', set: '' [ 378.543448][T13763] ? do_raw_spin_unlock+0x57/0x270 [ 378.543470][T13763] ? handle_mm_fault+0xb8/0xb30 [ 378.543485][T13763] ? trace_hardirqs_on+0x67/0x230 [ 378.543506][T13763] handle_mm_fault+0x43f/0xb30 12:48:14 executing program 3: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket(0x2000000000000021, 0x2, 0x2) sendmsg$alg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@iv={0x18, 0x110}], 0x18}, 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') mount(&(0x7f0000000000)=@sg0='/dev/sg0\x00', &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)='dax\x00', 0x80014, 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 378.557344][T13770] kobject: 'queues' (000000003f35c35d): kobject_uevent_env [ 378.559188][T13763] __get_user_pages+0x7b6/0x1a40 [ 378.559209][T13763] ? follow_page_mask+0x19a0/0x19a0 [ 378.567523][T13770] kobject: 'queues' (000000003f35c35d): kobject_uevent_env: filter function caused the event to drop! [ 378.570019][T13763] ? __vma_adjust+0x1840/0x1840 [ 378.570038][T13763] ? lock_acquire+0x16f/0x3f0 [ 378.570059][T13763] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 378.580254][T13770] kobject: 'rx-0' (00000000b03ef89a): kobject_add_internal: parent: 'queues', set: 'queues' [ 378.585470][T13763] populate_vma_page_range+0x20d/0x2a0 [ 378.585487][T13763] __mm_populate+0x204/0x380 [ 378.585503][T13763] ? populate_vma_page_range+0x2a0/0x2a0 [ 378.585527][T13763] __x64_sys_mlockall+0x35c/0x520 [ 378.592675][T13770] kobject: 'rx-0' (00000000b03ef89a): kobject_uevent_env [ 378.596166][T13763] do_syscall_64+0x103/0x610 [ 378.596185][T13763] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 378.596203][T13763] RIP: 0033:0x458da9 12:48:14 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) setsockopt$inet_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000000), 0x4) [ 378.601277][T13770] kobject: 'rx-0' (00000000b03ef89a): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 378.611094][T13763] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 378.611101][T13763] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 378.611114][T13763] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 378.611127][T13763] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 378.611134][T13763] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 378.611140][T13763] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 378.611147][T13763] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 378.671651][T13763] memory: usage 307200kB, limit 307200kB, failcnt 2458 [ 378.698208][T13770] kobject: 'tx-0' (00000000028ef727): kobject_add_internal: parent: 'queues', set: 'queues' [ 378.703916][T13763] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 12:48:14 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000}) [ 378.709128][T13770] kobject: 'tx-0' (00000000028ef727): kobject_uevent_env [ 378.729445][T13763] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 378.747200][T13782] overlayfs: unrecognized mount option "worWdir=./file1>Šd‚"#}ê#" or missing value [ 378.796197][T13763] Memory cgroup stats for /syz2: cache:0KB rss:297388KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:168944KB active_anon:13584KB inactive_file:0KB active_file:0KB unevictable:114976KB [ 378.805857][ T3875] kobject: 'loop4' (000000005a3e9530): kobject_uevent_env [ 378.810379][T13770] kobject: 'tx-0' (00000000028ef727): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 378.819640][ T3875] kobject: 'loop4' (000000005a3e9530): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 378.828914][T13773] device nr0 entered promiscuous mode [ 378.837943][T13763] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12508,uid=0 [ 378.885321][ T3875] kobject: 'loop1' (00000000b39d6000): kobject_uevent_env 12:48:14 executing program 3: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket(0x2000000000000021, 0x2, 0x2) sendmsg$alg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@iv={0x18, 0x110}], 0x18}, 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') mount(&(0x7f0000000000)=@sg0='/dev/sg0\x00', &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)='dax\x00', 0x80014, 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 378.938945][T13763] Memory cgroup out of memory: Killed process 12508 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 378.944538][ T3875] kobject: 'loop1' (00000000b39d6000): fill_kobj_path: path = '/devices/virtual/block/loop1' 12:48:14 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f00000001c0)={r0, &(0x7f0000000000)="1bc400df7ef6df04ca2a51d30dd4a92471a2bfa03d929efa8dfdaedaa9d5dc4f04476e07bf0d28eb6d4004dadd6fe518e7f99dabdf049d93970a150b462d9d294cafd6362cc9672289a62ab145f43c92096dd2206c1ebec7c17793e5e8a5c5daedea81b69d3db64691abcd8ccb196c102cea6bb01cd41f15269bfa241d7437ccff51120ed435643918b54e72b7cc66c6607d9a325deafccadcd57253f5aa73faa738caef1e0ffa5db5345ef8e503fcca9f459b2f0e5efa35a1263ef977c574", &(0x7f0000000100)=""/190}, 0x18) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 379.003685][ T3875] kobject: 'loop3' (00000000ebc5bd7c): kobject_uevent_env [ 379.017524][ T3875] kobject: 'loop3' (00000000ebc5bd7c): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 379.047728][ T3875] kobject: 'loop1' (00000000b39d6000): kobject_uevent_env [ 379.073296][T13799] overlayfs: './file0' not a directory [ 379.084594][ T3875] kobject: 'loop1' (00000000b39d6000): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 379.117936][ T3875] kobject: 'loop4' (000000005a3e9530): kobject_uevent_env [ 379.141276][ T3875] kobject: 'loop4' (000000005a3e9530): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 379.151941][T13769] kobject: 'rx-0' (00000000b03ef89a): kobject_cleanup, parent 000000003f35c35d [ 379.161035][T13769] kobject: 'rx-0' (00000000b03ef89a): auto cleanup 'remove' event [ 379.169789][ T3875] kobject: 'loop3' (00000000ebc5bd7c): kobject_uevent_env [ 379.180295][T13769] kobject: 'rx-0' (00000000b03ef89a): kobject_uevent_env [ 379.185190][ T3875] kobject: 'loop3' (00000000ebc5bd7c): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 379.187758][T13769] kobject: 'rx-0' (00000000b03ef89a): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 379.211588][T13769] kobject: 'rx-0' (00000000b03ef89a): auto cleanup kobject_del [ 379.219498][T13769] kobject: 'rx-0' (00000000b03ef89a): calling ktype release [ 379.229426][T13769] kobject: 'rx-0': free name [ 379.232724][ T3875] kobject: 'loop1' (00000000b39d6000): kobject_uevent_env [ 379.240292][T13769] kobject: 'tx-0' (00000000028ef727): kobject_cleanup, parent 000000003f35c35d [ 379.245897][ T3875] kobject: 'loop1' (00000000b39d6000): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 379.268679][T13769] kobject: 'tx-0' (00000000028ef727): auto cleanup 'remove' event [ 379.277271][T13769] kobject: 'tx-0' (00000000028ef727): kobject_uevent_env [ 379.290869][T13769] kobject: 'tx-0' (00000000028ef727): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 379.326522][T13769] kobject: 'tx-0' (00000000028ef727): auto cleanup kobject_del [ 379.344968][T13769] kobject: 'tx-0' (00000000028ef727): calling ktype release [ 379.348476][T13763] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 379.352324][T13769] kobject: 'tx-0': free name [ 379.365380][T13763] CPU: 1 PID: 13763 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 379.368480][T13769] kobject: 'queues' (000000003f35c35d): kobject_cleanup, parent (null) [ 379.375197][T13763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 379.375202][T13763] Call Trace: [ 379.375224][T13763] dump_stack+0x172/0x1f0 [ 379.375240][T13763] dump_header+0x10f/0xb6c [ 379.375256][T13763] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 379.375276][T13763] ? ___ratelimit+0x60/0x595 [ 379.384880][T13769] kobject: 'queues' (000000003f35c35d): calling ktype release [ 379.395022][T13763] ? do_raw_spin_unlock+0x57/0x270 [ 379.395040][T13763] oom_kill_process.cold+0x10/0x15 [ 379.395054][T13763] out_of_memory+0x79a/0x1280 [ 379.395073][T13763] ? lock_downgrade+0x880/0x880 [ 379.398720][T13769] kobject: 'queues' (000000003f35c35d): kset_release [ 379.402663][T13763] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 379.402677][T13763] ? oom_killer_disable+0x280/0x280 [ 379.402697][T13763] mem_cgroup_out_of_memory+0x1ca/0x230 [ 379.402709][T13763] ? memcg_event_wake+0x230/0x230 [ 379.402730][T13763] ? do_raw_spin_unlock+0x57/0x270 [ 379.407439][T13769] kobject: 'queues': free name [ 379.412918][T13763] ? _raw_spin_unlock+0x2d/0x50 [ 379.412934][T13763] try_charge+0x102c/0x15c0 [ 379.412948][T13763] ? mem_cgroup_charge_statistics+0x430/0x430 [ 379.412971][T13763] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 379.418198][T13769] kobject: 'nr0' (0000000000be290c): kobject_uevent_env [ 379.424988][T13763] ? percpu_ref_tryget_live+0x111/0x290 [ 379.425008][T13763] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 379.425023][T13763] mem_cgroup_try_charge+0x24d/0x5e0 [ 379.425040][T13763] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 379.425057][T13763] wp_page_copy+0x408/0x1740 [ 379.425076][T13763] ? pmd_pfn+0x1d0/0x1d0 [ 379.430677][T13769] kobject: 'nr0' (0000000000be290c): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 379.435277][T13763] ? lock_downgrade+0x880/0x880 [ 379.435290][T13763] ? swp_swapcount+0x540/0x540 [ 379.435307][T13763] ? kasan_check_read+0x11/0x20 [ 379.435321][T13763] ? do_raw_spin_unlock+0x57/0x270 [ 379.435341][T13763] do_wp_page+0x48e/0x1500 [ 379.575402][T13763] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 379.580786][T13763] __handle_mm_fault+0x22e8/0x3ec0 [ 379.585909][T13763] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 379.591437][T13763] ? kasan_check_read+0x11/0x20 [ 379.596277][T13763] ? do_raw_spin_unlock+0x57/0x270 [ 379.601375][T13763] ? handle_mm_fault+0xb8/0xb30 [ 379.606210][T13763] ? trace_hardirqs_on+0x67/0x230 [ 379.611219][T13763] handle_mm_fault+0x43f/0xb30 [ 379.615974][T13763] __get_user_pages+0x7b6/0x1a40 [ 379.621008][T13763] ? follow_page_mask+0x19a0/0x19a0 [ 379.626194][T13763] ? retint_kernel+0x2d/0x2d [ 379.630772][T13763] populate_vma_page_range+0x20d/0x2a0 [ 379.636307][T13763] __mm_populate+0x204/0x380 [ 379.640894][T13763] ? populate_vma_page_range+0x2a0/0x2a0 [ 379.646512][T13763] __x64_sys_mlockall+0x35c/0x520 [ 379.651519][T13763] do_syscall_64+0x103/0x610 [ 379.656093][T13763] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 379.661986][T13763] RIP: 0033:0x458da9 [ 379.665864][T13763] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 379.685460][T13763] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 379.693876][T13763] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 379.701840][T13763] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 379.709799][T13763] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 379.717764][T13763] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 379.725739][T13763] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 379.735068][T13763] memory: usage 307200kB, limit 307200kB, failcnt 2482 [ 379.742034][T13763] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 379.749680][T13763] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 379.756672][T13763] Memory cgroup stats for /syz2: cache:0KB rss:297340KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:155028KB active_anon:13568KB inactive_file:0KB active_file:0KB unevictable:128828KB [ 379.779006][T13763] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13762,uid=0 [ 379.794470][T13763] Memory cgroup out of memory: Killed process 13762 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 379.808631][T13769] kobject: 'nr0' (0000000000be290c): kobject_cleanup, parent (null) [ 379.809197][ T1043] oom_reaper: reaped process 13762 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB [ 379.820006][T13769] kobject: 'nr0' (0000000000be290c): calling ktype release [ 379.839035][T13769] kobject: 'nr0': free name [ 379.844341][T13770] kobject: 'nr0' (000000007583a830): kobject_add_internal: parent: 'net', set: 'devices' [ 379.858365][T13770] kobject: 'nr0' (000000007583a830): kobject_uevent_env 12:48:15 executing program 2: mlockall(0x3) clone(0x8020000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x2) syz_open_dev$sndpcmp(&(0x7f0000000100)='/dev/snd/pcmC#D#p\x00', 0x9, 0x0) syz_open_dev$usb(&(0x7f0000000140)='/dev/bus/usb/00#/00#\x00', 0x8, 0x1) syz_open_dev$audion(&(0x7f0000000180)='/dev/audio#\x00', 0x0, 0x4e0001) syz_open_dev$usb(&(0x7f00000001c0)='/dev/bus/usb/00#/00#\x00', 0x6, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ubi_ctrl\x00', 0x200, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dlm_plock\x00', 0x2001, 0x0) openat$proc_capi20(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/capi/capi20\x00', 0x8000, 0x0) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000300)='/dev/dlm-monitor\x00', 0x8000, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sequencer\x00', 0x8000, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000380)='/dev/audio\x00', 0x8000, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f00000003c0)='/dev/snd/pcmC#D#p\x00', 0xfffffffffffffffd, 0x10400) ioctl$PIO_FONTRESET(r1, 0x4b6d, 0x0) r2 = fcntl$dupfd(r0, 0x406, r0) r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2) ioctl$TUNSETSTEERINGEBPF(r2, 0x800454e0, &(0x7f00000000c0)=r3) 12:48:15 executing program 4: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0xfffffffffffff518, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x200000000000, @perf_config_ext}, r0, 0x0, 0xffffffffffffffff, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r1, &(0x7f0000000080), 0x8) 12:48:15 executing program 3: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket(0x2000000000000021, 0x2, 0x2) sendmsg$alg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@iv={0x18, 0x110}], 0x18}, 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 379.871321][T13770] kobject: 'nr0' (000000007583a830): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 379.883745][T13770] kobject: 'queues' (00000000de68af97): kobject_add_internal: parent: 'nr0', set: '' [ 379.896993][T13770] kobject: 'queues' (00000000de68af97): kobject_uevent_env [ 379.913498][ T3875] kobject: 'loop2' (0000000064d7cda6): kobject_uevent_env [ 379.916445][T13770] kobject: 'queues' (00000000de68af97): kobject_uevent_env: filter function caused the event to drop! [ 379.920677][ T3875] kobject: 'loop2' (0000000064d7cda6): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 379.951710][T13770] kobject: 'rx-0' (0000000011a4aab2): kobject_add_internal: parent: 'queues', set: 'queues' [ 379.969847][T13814] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 379.970624][T13770] kobject: 'rx-0' (0000000011a4aab2): kobject_uevent_env [ 379.990434][ T3875] kobject: 'loop4' (000000005a3e9530): kobject_uevent_env [ 379.991908][T13814] CPU: 1 PID: 13814 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 380.002064][ T3875] kobject: 'loop4' (000000005a3e9530): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 380.005533][T13814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 380.005538][T13814] Call Trace: [ 380.005560][T13814] dump_stack+0x172/0x1f0 [ 380.005577][T13814] dump_header+0x10f/0xb6c [ 380.005592][T13814] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 380.005605][T13814] ? ___ratelimit+0x60/0x595 [ 380.005627][T13814] ? do_raw_spin_unlock+0x57/0x270 [ 380.005642][T13814] oom_kill_process.cold+0x10/0x15 [ 380.005653][T13814] out_of_memory+0x79a/0x1280 [ 380.005667][T13814] ? lock_downgrade+0x880/0x880 [ 380.005689][T13814] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 380.022151][T13770] kobject: 'rx-0' (0000000011a4aab2): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 380.025913][T13814] ? oom_killer_disable+0x280/0x280 [ 380.025932][T13814] mem_cgroup_out_of_memory+0x1ca/0x230 [ 380.025944][T13814] ? memcg_event_wake+0x230/0x230 [ 380.025961][T13814] ? do_raw_spin_unlock+0x57/0x270 [ 380.025984][T13814] ? _raw_spin_unlock+0x2d/0x50 [ 380.029401][T13770] kobject: 'tx-0' (00000000f9ae2ca7): kobject_add_internal: parent: 'queues', set: 'queues' [ 380.033584][T13814] try_charge+0x102c/0x15c0 [ 380.033597][T13814] ? mem_cgroup_charge_statistics+0x430/0x430 [ 380.033614][T13814] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 380.033632][T13814] ? percpu_ref_tryget_live+0x111/0x290 [ 380.033652][T13814] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 380.033667][T13814] mem_cgroup_try_charge+0x24d/0x5e0 [ 380.033686][T13814] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 380.040595][T13770] kobject: 'tx-0' (00000000f9ae2ca7): kobject_uevent_env [ 380.043885][T13814] __handle_mm_fault+0x1e1f/0x3ec0 [ 380.043903][T13814] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 380.043918][T13814] ? kasan_check_read+0x11/0x20 [ 380.043940][T13814] ? do_raw_spin_unlock+0x57/0x270 [ 380.048547][T13770] kobject: 'tx-0' (00000000f9ae2ca7): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 380.053637][T13814] ? handle_mm_fault+0xb8/0xb30 [ 380.053652][T13814] ? trace_hardirqs_on+0x67/0x230 [ 380.053666][T13814] handle_mm_fault+0x43f/0xb30 [ 380.053682][T13814] __get_user_pages+0x7b6/0x1a40 [ 380.053701][T13814] ? follow_page_mask+0x19a0/0x19a0 [ 380.053719][T13814] ? __vma_adjust+0x1840/0x1840 [ 380.061970][T13773] device nr0 entered promiscuous mode [ 380.063532][T13814] ? lock_acquire+0x16f/0x3f0 [ 380.063547][T13814] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 380.063564][T13814] populate_vma_page_range+0x20d/0x2a0 [ 380.063580][T13814] __mm_populate+0x204/0x380 [ 380.063601][T13814] ? populate_vma_page_range+0x2a0/0x2a0 [ 380.259804][T13814] __x64_sys_mlockall+0x35c/0x520 [ 380.264827][T13814] do_syscall_64+0x103/0x610 [ 380.269409][T13814] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 380.275286][T13814] RIP: 0033:0x458da9 [ 380.279163][T13814] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 380.298766][T13814] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 380.307163][T13814] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 380.315207][T13814] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 380.323165][T13814] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 380.331124][T13814] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 380.339083][T13814] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 380.347380][T13814] memory: usage 307200kB, limit 307200kB, failcnt 2516 [ 380.354394][T13814] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 380.361964][T13814] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 380.369117][T13814] Memory cgroup stats for /syz2: cache:0KB rss:297336KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:162800KB active_anon:13584KB inactive_file:0KB active_file:0KB unevictable:121096KB [ 380.393303][T13814] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12577,uid=0 [ 380.408939][T13814] Memory cgroup out of memory: Killed process 12577 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 380.412554][ T3875] kobject: 'loop3' (00000000ebc5bd7c): kobject_uevent_env [ 380.453148][ T3875] kobject: 'loop3' (00000000ebc5bd7c): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 380.508332][T13770] kobject: 'rx-0' (0000000011a4aab2): kobject_cleanup, parent 00000000de68af97 [ 380.517810][T13770] kobject: 'rx-0' (0000000011a4aab2): auto cleanup 'remove' event [ 380.528242][T13770] kobject: 'rx-0' (0000000011a4aab2): kobject_uevent_env [ 380.536150][T13770] kobject: 'rx-0' (0000000011a4aab2): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 380.547251][T13814] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 380.549852][T13770] kobject: 'rx-0' (0000000011a4aab2): auto cleanup kobject_del [ 380.557631][T13814] CPU: 1 PID: 13814 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 380.567736][T13770] kobject: 'rx-0' (0000000011a4aab2): calling ktype release [ 380.573009][T13814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 380.573015][T13814] Call Trace: [ 380.573036][T13814] dump_stack+0x172/0x1f0 [ 380.573052][T13814] dump_header+0x10f/0xb6c [ 380.573067][T13814] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 380.573087][T13814] ? ___ratelimit+0x60/0x595 [ 380.580524][T13770] kobject: 'rx-0': free name [ 380.590413][T13814] ? do_raw_spin_unlock+0x57/0x270 [ 380.590429][T13814] oom_kill_process.cold+0x10/0x15 [ 380.590442][T13814] out_of_memory+0x79a/0x1280 [ 380.590455][T13814] ? lock_downgrade+0x880/0x880 [ 380.590469][T13814] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 380.590482][T13814] ? oom_killer_disable+0x280/0x280 [ 380.590500][T13814] mem_cgroup_out_of_memory+0x1ca/0x230 [ 380.590520][T13814] ? memcg_event_wake+0x230/0x230 [ 380.598321][T13770] kobject: 'tx-0' (00000000f9ae2ca7): kobject_cleanup, parent 00000000de68af97 [ 380.602520][T13814] ? do_raw_spin_unlock+0x57/0x270 [ 380.602535][T13814] ? _raw_spin_unlock+0x2d/0x50 [ 380.602551][T13814] try_charge+0x102c/0x15c0 [ 380.602564][T13814] ? mem_cgroup_charge_statistics+0x430/0x430 [ 380.602583][T13814] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 380.609094][T13770] kobject: 'tx-0' (00000000f9ae2ca7): auto cleanup 'remove' event [ 380.612958][T13814] ? percpu_ref_tryget_live+0x111/0x290 [ 380.612977][T13814] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 380.612992][T13814] mem_cgroup_try_charge+0x24d/0x5e0 [ 380.613009][T13814] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 380.613025][T13814] wp_page_copy+0x408/0x1740 [ 380.613040][T13814] ? pmd_pfn+0x1d0/0x1d0 [ 380.613054][T13814] ? lock_downgrade+0x880/0x880 [ 380.613073][T13814] ? swp_swapcount+0x540/0x540 [ 380.621245][T13770] kobject: 'tx-0' (00000000f9ae2ca7): kobject_uevent_env [ 380.623752][T13814] ? kasan_check_read+0x11/0x20 [ 380.623762][T13814] ? do_raw_spin_unlock+0x57/0x270 [ 380.623772][T13814] do_wp_page+0x48e/0x1500 [ 380.623782][T13814] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 380.623793][T13814] __handle_mm_fault+0x22e8/0x3ec0 [ 380.623803][T13814] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 380.623818][T13814] ? kasan_check_read+0x11/0x20 [ 380.623827][T13814] ? do_raw_spin_unlock+0x57/0x270 [ 380.623837][T13814] ? handle_mm_fault+0xb8/0xb30 [ 380.623847][T13814] ? trace_hardirqs_on+0x67/0x230 [ 380.623856][T13814] handle_mm_fault+0x43f/0xb30 [ 380.623865][T13814] __get_user_pages+0x7b6/0x1a40 [ 380.623876][T13814] ? follow_page_mask+0x19a0/0x19a0 [ 380.623885][T13814] ? lock_acquire+0x16f/0x3f0 [ 380.623900][T13814] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 380.623908][T13814] populate_vma_page_range+0x20d/0x2a0 [ 380.623917][T13814] __mm_populate+0x204/0x380 [ 380.623926][T13814] ? populate_vma_page_range+0x2a0/0x2a0 [ 380.623935][T13814] __x64_sys_mlockall+0x35c/0x520 [ 380.623945][T13814] do_syscall_64+0x103/0x610 [ 380.623956][T13814] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 380.623962][T13814] RIP: 0033:0x458da9 [ 380.623971][T13814] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 380.623975][T13814] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 380.623983][T13814] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 380.623987][T13814] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 380.623992][T13814] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 380.623996][T13814] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 380.624001][T13814] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 380.624325][T13814] memory: usage 307200kB, limit 307200kB, failcnt 2553 [ 380.635428][T13770] kobject: 'tx-0' (00000000f9ae2ca7): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 380.639040][T13814] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 380.646198][T13770] kobject: 'tx-0' (00000000f9ae2ca7): auto cleanup kobject_del [ 380.650512][T13814] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 380.658524][T13770] kobject: 'tx-0' (00000000f9ae2ca7): calling ktype release [ 380.661098][T13814] Memory cgroup stats for /syz2: cache:0KB rss:297204KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:154980KB active_anon:13568KB inactive_file:0KB active_file:0KB unevictable:128828KB [ 380.670290][T13770] kobject: 'tx-0': free name [ 380.675208][T13814] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13813,uid=0 [ 380.682665][T13770] kobject: 'queues' (00000000de68af97): kobject_cleanup, parent (null) [ 380.684695][T13814] Memory cgroup out of memory: Killed process 13813 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 380.690577][T13770] kobject: 'queues' (00000000de68af97): calling ktype release [ 380.690585][T13770] kobject: 'queues' (00000000de68af97): kset_release [ 380.690600][T13770] kobject: 'queues': free name [ 380.690954][T13770] kobject: 'nr0' (000000007583a830): kobject_uevent_env [ 380.696974][ T1043] oom_reaper: reaped process 13813 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB [ 380.707165][T13770] kobject: 'nr0' (000000007583a830): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 380.785168][ T3875] kobject: 'loop2' (0000000064d7cda6): kobject_uevent_env [ 381.100443][ T3875] kobject: 'loop2' (0000000064d7cda6): fill_kobj_path: path = '/devices/virtual/block/loop2' 12:48:17 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000000)={'nr0\x01\x00', 0x1800}) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) 12:48:17 executing program 1: r0 = openat$full(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/full\x00', 0x101000, 0x0) getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f0000000100)={0x0, 0x7c, "0d06ee9d768696e7fdc8ed6e0271db340422ee566b1c1979ef02f8381917e3137d336a20e6b9e7e7e97f4c3c16c372063585df3501b3ccfeccf98b8f43bfd6b8252c4d113d62d5e606fc19df5d9a9b8ea1b4fe7ba1beee314b1b206d24469a0a2d8e7fd107c3e758789c7df444bc99c0d2f2982e16594b78612317c0"}, &(0x7f0000000040)=0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000080)={0x1ff, 0x401, 0x2, 0x40, 0x1000, 0x5, 0x7ff, 0x1f, r1}, 0x20) mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) ioctl$PPPIOCDISCONN(r0, 0x7439) socket$vsock_stream(0x28, 0x1, 0x0) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000000)='./file0\x00', &(0x7f00000002c0)) 12:48:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff}) 12:48:17 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) ioctl$EVIOCSABS0(r0, 0x401845c0, &(0x7f0000000040)={0x0, 0x3, 0x2, 0x6, 0x4bffcfc2, 0xc0}) ioctl$VHOST_SET_VRING_NUM(r0, 0x4008af10, &(0x7f0000000000)={0x2, 0x5}) 12:48:17 executing program 3: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket(0x2000000000000021, 0x2, 0x2) sendmsg$alg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@iv={0x18, 0x110}], 0x18}, 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:17 executing program 2: mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x50000, 0x1) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x30000014}) mlockall(0x3) r2 = msgget(0x1, 0x8) msgrcv(r2, &(0x7f00000001c0)=ANY=[@ANYBLOB="0000000000005200000000000000000000000800000000be307af8000000000000000036ec0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000524407c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000383675edaeff62aa7a000000000000000000"], 0xa9, 0x3, 0x800) [ 381.122527][T13770] kobject: 'nr0' (000000007583a830): kobject_cleanup, parent (null) [ 381.131530][T13770] kobject: 'nr0' (000000007583a830): calling ktype release [ 381.139022][T13770] kobject: 'nr0': free name 12:48:17 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x800000, &(0x7f0000000000)=ANY=[@ANYBLOB="7570706572646907000000000af28b000000302c6c6f7765726469723d2e896ffcfa65312c776f72c93b8e4f5504ea9e7faa6b64"]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 381.180704][ T3875] kobject: 'loop5' (000000002cb8a305): kobject_uevent_env [ 381.202684][ T3875] kobject: 'loop5' (000000002cb8a305): fill_kobj_path: path = '/devices/virtual/block/loop5' 12:48:17 executing program 3: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket(0x2000000000000021, 0x2, 0x2) sendmsg$alg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@iv={0x18, 0x110}], 0x18}, 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:17 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd}) [ 381.226650][ T3875] kobject: 'loop1' (00000000b39d6000): kobject_uevent_env [ 381.246179][ T3875] kobject: 'loop1' (00000000b39d6000): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 381.261356][T13834] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 381.269749][T13843] overlayfs: unrecognized mount option "upperdi" or missing value [ 381.284950][ T3875] kobject: 'loop3' (00000000ebc5bd7c): kobject_uevent_env [ 381.300780][ T3875] kobject: 'loop3' (00000000ebc5bd7c): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 381.323709][T13849] overlayfs: unrecognized mount option "upperdi" or missing value 12:48:17 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vcs\x00', 0x0, 0x0) ioctl$TIOCSISO7816(r1, 0xc0285443, &(0x7f0000000040)={0x2, 0x80000000, 0x7d3c0789, 0x9, 0x1}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$CAPI_GET_SERIAL(r1, 0xc0044308, &(0x7f0000000180)=0x9) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') ioctl$FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000440)) getpeername$llc(r1, &(0x7f0000000200)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000280)=0x10) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) ioctl$KVM_XEN_HVM_CONFIG(r0, 0x4038ae7a, &(0x7f00000001c0)={0x9, 0x0, &(0x7f0000000080)="ff8f7da378303926127a3a843e510ad5ff14e2d1e60186da361156d132ad9fe7aebb1ba6efdbec4c24413f9114c1c68019221dbcb246be46287c46a0b36c5287a4ee8808e8ec5e3af94410a2b97271c70fcf5a33357aab236524b34dedd9f22b477a3a14eb7fd1591cc2956842252832ad299fed8318accd9da40c68bfce19238b0ae4f3ac5ce5a668bc72ec37e7a4e49a8567c9f30cabc617a6d37c3e255a1fdaa44361f5a664780d99fd4677c624acc9f9143943a6ee39974089eae226a97a18d016ebefaad45d714dcb3c44435af8570bc9ec9ec504568093d38663fb11d8a6dfa375c33d1b664a71e5d3849c8e38946746c1bf14f5c371b48577", &(0x7f0000000180), 0xfc}) [ 381.339708][T13834] CPU: 1 PID: 13834 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 381.347723][T13834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 381.348887][ T3875] kobject: 'loop5' (000000002cb8a305): kobject_uevent_env [ 381.357786][T13834] Call Trace: [ 381.357819][T13834] dump_stack+0x172/0x1f0 [ 381.357834][T13834] dump_header+0x10f/0xb6c [ 381.357848][T13834] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 381.357861][T13834] ? ___ratelimit+0x60/0x595 12:48:17 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080), 0x8) r1 = syz_open_dev$audion(&(0x7f0000000100)='/dev/audio#\x00', 0x1000000000000009, 0x43ffe) ioctl$SNDRV_RAWMIDI_IOCTL_DRAIN(r1, 0x40045731, &(0x7f0000000040)=0x401) [ 381.357874][T13834] ? do_raw_spin_unlock+0x57/0x270 [ 381.357889][T13834] oom_kill_process.cold+0x10/0x15 [ 381.357901][T13834] out_of_memory+0x79a/0x1280 [ 381.357915][T13834] ? lock_downgrade+0x880/0x880 [ 381.357939][T13834] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 381.386549][ T3875] kobject: 'loop5' (000000002cb8a305): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 381.387423][T13834] ? oom_killer_disable+0x280/0x280 [ 381.414080][ T3875] kobject: 'loop4' (000000005a3e9530): kobject_uevent_env [ 381.423500][T13834] mem_cgroup_out_of_memory+0x1ca/0x230 [ 381.423515][T13834] ? memcg_event_wake+0x230/0x230 [ 381.423531][T13834] ? do_raw_spin_unlock+0x57/0x270 [ 381.423545][T13834] ? _raw_spin_unlock+0x2d/0x50 [ 381.423559][T13834] try_charge+0x102c/0x15c0 [ 381.423571][T13834] ? mem_cgroup_charge_statistics+0x430/0x430 [ 381.423592][T13834] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 381.472429][T13834] ? percpu_ref_tryget_live+0x111/0x290 [ 381.477998][T13834] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 381.483552][T13834] mem_cgroup_try_charge+0x24d/0x5e0 [ 381.488861][T13834] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 381.494504][T13834] __handle_mm_fault+0x1e1f/0x3ec0 [ 381.499632][T13834] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 381.505186][T13834] ? kasan_check_read+0x11/0x20 [ 381.510127][T13834] ? do_raw_spin_unlock+0x57/0x270 [ 381.515277][T13834] ? handle_mm_fault+0xb8/0xb30 [ 381.520130][T13834] ? trace_hardirqs_on+0x67/0x230 [ 381.525162][T13834] handle_mm_fault+0x43f/0xb30 [ 381.529957][T13834] __get_user_pages+0x7b6/0x1a40 [ 381.534912][T13834] ? follow_page_mask+0x19a0/0x19a0 [ 381.540116][T13834] ? trace_hardirqs_off+0x59/0x220 [ 381.545244][T13834] populate_vma_page_range+0x20d/0x2a0 [ 381.550716][T13834] __mm_populate+0x204/0x380 [ 381.555334][T13834] ? populate_vma_page_range+0x2a0/0x2a0 [ 381.561001][T13834] __x64_sys_mlockall+0x35c/0x520 [ 381.566121][T13834] do_syscall_64+0x103/0x610 [ 381.570721][T13834] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 381.576625][T13834] RIP: 0033:0x458da9 [ 381.580612][T13834] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 381.600315][T13834] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 381.608752][T13834] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 381.616729][T13834] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 381.624704][T13834] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 381.632680][T13834] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 381.640659][T13834] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 381.654344][T13858] kobject: 'nr0' (00000000258a6edd): kobject_add_internal: parent: 'net', set: 'devices' [ 381.664397][ T3875] kobject: 'loop4' (000000005a3e9530): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 381.675528][T13858] kobject: 'nr0' (00000000258a6edd): kobject_uevent_env 12:48:17 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c65302c6c6f77657264699965c7231f9bc853723d2e2f66696c65312c776f726b6469723d2e2f66696c6531"]) chdir(&(0x7f0000000380)='./file0\x00') r0 = socket$kcm(0x11, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000440)={&(0x7f0000000000)=@tipc=@name={0x1e, 0x2, 0x0, {{0x3, 0x1000000}}}, 0x80, 0x0}, 0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:17 executing program 3: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket(0x2000000000000021, 0x2, 0x2) sendmsg$alg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@iv={0x18, 0x110}], 0x18}, 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 381.688429][T13858] kobject: 'nr0' (00000000258a6edd): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 381.698565][T13858] kobject: 'queues' (00000000b23f8501): kobject_add_internal: parent: 'nr0', set: '' [ 381.709362][T13858] kobject: 'queues' (00000000b23f8501): kobject_uevent_env [ 381.725772][ T3875] kobject: 'loop1' (00000000b39d6000): kobject_uevent_env [ 381.733733][T13858] kobject: 'queues' (00000000b23f8501): kobject_uevent_env: filter function caused the event to drop! [ 381.744862][ T3875] kobject: 'loop1' (00000000b39d6000): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 381.750636][T13834] memory: usage 307180kB, limit 307200kB, failcnt 2572 [ 381.763297][T13858] kobject: 'rx-0' (00000000e9500fc5): kobject_add_internal: parent: 'queues', set: 'queues' [ 381.767701][T13865] overlayfs: unrecognized mount option "lowerdi™eÇ#›ÈSr=./file1" or missing value [ 381.787596][T13858] kobject: 'rx-0' (00000000e9500fc5): kobject_uevent_env [ 381.792178][T13834] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 381.805864][ T3875] kobject: 'loop3' (00000000ebc5bd7c): kobject_uevent_env [ 381.813298][ T3875] kobject: 'loop3' (00000000ebc5bd7c): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 381.817700][T13858] kobject: 'rx-0' (00000000e9500fc5): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 381.826013][T13834] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 12:48:17 executing program 3: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket(0x2000000000000021, 0x2, 0x2) sendmsg$alg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@iv={0x18, 0x110}], 0x18}, 0x0) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 381.847471][T13834] Memory cgroup stats for /syz2: cache:0KB rss:297400KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:162800KB active_anon:13584KB inactive_file:0KB active_file:0KB unevictable:121044KB [ 381.860951][T13858] kobject: 'tx-0' (00000000b25c3d3a): kobject_add_internal: parent: 'queues', set: 'queues' [ 381.880832][T13865] overlayfs: unrecognized mount option "lowerdi™eÇ#›ÈSr=./file1" or missing value [ 381.883157][T13834] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12718,uid=0 [ 381.894728][T13858] kobject: 'tx-0' (00000000b25c3d3a): kobject_uevent_env [ 381.920686][ T3875] kobject: 'loop3' (00000000ebc5bd7c): kobject_uevent_env [ 381.931165][ T3875] kobject: 'loop3' (00000000ebc5bd7c): fill_kobj_path: path = '/devices/virtual/block/loop3' 12:48:17 executing program 4: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x1ffe00000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000001, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x9}, 0x8) ioctl$TIOCLINUX4(r0, 0x541c, &(0x7f0000000000)) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r0, 0x4010ae68, &(0x7f0000000040)={0xf001, 0x106000}) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f00000001c0)=[@in={0x2, 0x4e24, @local}, @in6={0xa, 0x4e22, 0x4, @local, 0x8}, @in6={0xa, 0x4e20, 0x20, @empty, 0x9}], 0x48) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f00000000c0)={0x40, 0x1, 0x1}, 0x10) 12:48:17 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) futex(&(0x7f0000000000), 0x89, 0x2, &(0x7f0000000040)={0x0, 0x1c9c380}, 0xffffffffffffffff, 0x0) 12:48:17 executing program 3: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket(0x2000000000000021, 0x2, 0x2) sendmsg$alg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@iv={0x18, 0x110}], 0x18}, 0x0) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 381.938494][T13858] kobject: 'tx-0' (00000000b25c3d3a): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 381.944919][T13834] Memory cgroup out of memory: Killed process 12718 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 381.983039][ T3875] kobject: 'loop4' (000000005a3e9530): kobject_uevent_env [ 381.993633][T13860] device nr0 entered promiscuous mode [ 382.030191][ T3875] kobject: 'loop4' (000000005a3e9530): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 382.037417][T13884] overlayfs: filesystem on './file0' not supported as upperdir [ 382.060076][ T3875] kobject: 'loop1' (00000000b39d6000): kobject_uevent_env [ 382.079323][ T3875] kobject: 'loop1' (00000000b39d6000): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 382.116312][ T3875] kobject: 'loop3' (00000000ebc5bd7c): kobject_uevent_env [ 382.139469][ T3875] kobject: 'loop3' (00000000ebc5bd7c): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 382.151301][ T3875] kobject: 'loop1' (00000000b39d6000): kobject_uevent_env [ 382.161905][ T3875] kobject: 'loop1' (00000000b39d6000): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 382.232267][T13854] kobject: 'rx-0' (00000000e9500fc5): kobject_cleanup, parent 00000000b23f8501 [ 382.241384][T13854] kobject: 'rx-0' (00000000e9500fc5): auto cleanup 'remove' event [ 382.249632][T13854] kobject: 'rx-0' (00000000e9500fc5): kobject_uevent_env [ 382.257230][T13854] kobject: 'rx-0' (00000000e9500fc5): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 382.275617][T13854] kobject: 'rx-0' (00000000e9500fc5): auto cleanup kobject_del [ 382.289110][ T3875] kobject: 'loop4' (000000005a3e9530): kobject_uevent_env [ 382.290201][T13854] kobject: 'rx-0' (00000000e9500fc5): calling ktype release [ 382.303651][T13854] kobject: 'rx-0': free name [ 382.307723][ T3875] kobject: 'loop4' (000000005a3e9530): fill_kobj_path: path = '/devices/virtual/block/loop4' [ 382.308326][T13854] kobject: 'tx-0' (00000000b25c3d3a): kobject_cleanup, parent 00000000b23f8501 [ 382.327941][T13854] kobject: 'tx-0' (00000000b25c3d3a): auto cleanup 'remove' event [ 382.339120][T13854] kobject: 'tx-0' (00000000b25c3d3a): kobject_uevent_env [ 382.346751][T13834] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 382.346979][T13854] kobject: 'tx-0' (00000000b25c3d3a): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 382.365763][T13834] CPU: 0 PID: 13834 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 382.370413][T13854] kobject: 'tx-0' (00000000b25c3d3a): auto cleanup kobject_del [ 382.375783][T13834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 382.375789][T13834] Call Trace: [ 382.375820][T13834] dump_stack+0x172/0x1f0 [ 382.375838][T13834] dump_header+0x10f/0xb6c [ 382.375861][T13834] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 382.383481][T13854] kobject: 'tx-0' (00000000b25c3d3a): calling ktype release [ 382.393439][T13834] ? ___ratelimit+0x60/0x595 [ 382.393454][T13834] ? do_raw_spin_unlock+0x57/0x270 [ 382.393470][T13834] oom_kill_process.cold+0x10/0x15 [ 382.393489][T13834] out_of_memory+0x79a/0x1280 [ 382.396798][T13854] kobject: 'tx-0': free name [ 382.401067][T13834] ? lock_downgrade+0x880/0x880 [ 382.401083][T13834] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 382.401102][T13834] ? oom_killer_disable+0x280/0x280 [ 382.405585][T13854] kobject: 'queues' (00000000b23f8501): kobject_cleanup, parent (null) [ 382.411298][T13834] mem_cgroup_out_of_memory+0x1ca/0x230 [ 382.411318][T13834] ? memcg_event_wake+0x230/0x230 [ 382.418665][T13854] kobject: 'queues' (00000000b23f8501): calling ktype release [ 382.423164][T13834] ? do_raw_spin_unlock+0x57/0x270 [ 382.423179][T13834] ? _raw_spin_unlock+0x2d/0x50 [ 382.423199][T13834] try_charge+0x102c/0x15c0 [ 382.428320][T13854] kobject: 'queues' (00000000b23f8501): kset_release [ 382.433397][T13834] ? mem_cgroup_charge_statistics+0x430/0x430 [ 382.433415][T13834] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 382.433427][T13834] ? percpu_ref_tryget_live+0x111/0x290 [ 382.433447][T13834] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 382.438154][T13854] kobject: 'queues': free name [ 382.442691][T13834] mem_cgroup_try_charge+0x24d/0x5e0 [ 382.442707][T13834] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 382.442724][T13834] wp_page_copy+0x408/0x1740 [ 382.442743][T13834] ? pmd_pfn+0x1d0/0x1d0 [ 382.447970][T13854] kobject: 'nr0' (00000000258a6edd): kobject_uevent_env [ 382.453973][T13834] ? lock_downgrade+0x880/0x880 [ 382.453986][T13834] ? swp_swapcount+0x540/0x540 [ 382.454003][T13834] ? kasan_check_read+0x11/0x20 [ 382.454024][T13834] ? do_raw_spin_unlock+0x57/0x270 [ 382.459276][T13854] kobject: 'nr0' (00000000258a6edd): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 382.468306][T13834] do_wp_page+0x48e/0x1500 [ 382.468324][T13834] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 382.468348][T13834] __handle_mm_fault+0x22e8/0x3ec0 [ 382.605618][T13834] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 382.611241][T13834] ? kasan_check_read+0x11/0x20 [ 382.616082][T13834] ? do_raw_spin_unlock+0x57/0x270 [ 382.621279][T13834] ? handle_mm_fault+0xb8/0xb30 [ 382.626152][T13834] ? trace_hardirqs_on+0x67/0x230 [ 382.631168][T13834] handle_mm_fault+0x43f/0xb30 [ 382.635931][T13834] __get_user_pages+0x7b6/0x1a40 [ 382.641028][T13834] ? follow_page_mask+0x19a0/0x19a0 [ 382.646231][T13834] populate_vma_page_range+0x20d/0x2a0 [ 382.651688][T13834] __mm_populate+0x204/0x380 [ 382.656261][T13834] ? populate_vma_page_range+0x2a0/0x2a0 [ 382.661881][T13834] __x64_sys_mlockall+0x35c/0x520 [ 382.666893][T13834] do_syscall_64+0x103/0x610 [ 382.671483][T13834] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 382.677353][T13834] RIP: 0033:0x458da9 [ 382.681240][T13834] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 382.700832][T13834] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 382.709241][T13834] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 382.717193][T13834] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 382.725152][T13834] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 382.733134][T13834] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 382.741189][T13834] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 382.749929][T13834] memory: usage 307200kB, limit 307200kB, failcnt 2608 [ 382.757708][T13834] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 382.765229][T13834] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 382.772079][T13834] Memory cgroup stats for /syz2: cache:0KB rss:297212KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:154976KB active_anon:13568KB inactive_file:0KB active_file:0KB unevictable:128828KB [ 382.794472][T13834] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13833,uid=0 [ 382.809858][T13834] Memory cgroup out of memory: Killed process 13833 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB [ 382.824176][ T1043] oom_reaper: reaped process 13833 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB [ 382.842858][T13854] kobject: 'nr0' (00000000258a6edd): kobject_cleanup, parent (null) [ 382.851806][T13854] kobject: 'nr0' (00000000258a6edd): calling ktype release [ 382.859151][T13854] kobject: 'nr0': free name [ 382.864462][T13858] kobject: 'nr0' (00000000b3c3d340): kobject_add_internal: parent: 'net', set: 'devices' [ 382.875289][T13858] kobject: 'nr0' (00000000b3c3d340): kobject_uevent_env [ 382.882351][T13858] kobject: 'nr0' (00000000b3c3d340): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 382.898100][T13858] kobject: 'queues' (000000006762a0de): kobject_add_internal: parent: 'nr0', set: '' [ 382.908669][T13858] kobject: 'queues' (000000006762a0de): kobject_uevent_env [ 382.916179][T13858] kobject: 'queues' (000000006762a0de): kobject_uevent_env: filter function caused the event to drop! 12:48:18 executing program 2: mlockall(0x3) getcwd(&(0x7f00000000c0)=""/4096, 0x1000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:48:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000}) 12:48:18 executing program 3: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) r0 = socket(0x2000000000000021, 0x2, 0x2) sendmsg$alg(r0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@iv={0x18, 0x110}], 0x18}, 0x0) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:18 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000080)='./file1/file0\x00', 0x2) renameat(r0, &(0x7f0000000000)='./file1/file0\x00', r0, &(0x7f0000000040)='./file0\x00') mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB="75707065726469723d2e2f66696c64302c6c6f7765726469723d2e2f66696c6500000000726b6469723d2e0f66696c6531"]) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 382.927958][T13858] kobject: 'rx-0' (00000000ae352ebe): kobject_add_internal: parent: 'queues', set: 'queues' [ 382.929133][ T3875] kobject: 'loop2' (0000000064d7cda6): kobject_uevent_env [ 382.959192][T13897] overlayfs: missing 'workdir' [ 382.960601][T13858] kobject: 'rx-0' (00000000ae352ebe): kobject_uevent_env [ 382.969054][ T3875] kobject: 'loop2' (0000000064d7cda6): fill_kobj_path: path = '/devices/virtual/block/loop2' [ 382.981028][T13858] kobject: 'rx-0' (00000000ae352ebe): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 382.995290][T13904] overlayfs: missing 'workdir' [ 383.009846][T13903] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 383.022960][T13858] kobject: 'tx-0' (00000000a9f34afe): kobject_add_internal: parent: 'queues', set: 'queues' [ 383.028766][T13903] CPU: 1 PID: 13903 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 383.040299][T13858] kobject: 'tx-0' (00000000a9f34afe): kobject_uevent_env [ 383.041011][T13903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 383.048921][T13858] kobject: 'tx-0' (00000000a9f34afe): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 383.058096][T13903] Call Trace: [ 383.058121][T13903] dump_stack+0x172/0x1f0 [ 383.058137][T13903] dump_header+0x10f/0xb6c [ 383.058151][T13903] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 383.058164][T13903] ? ___ratelimit+0x60/0x595 [ 383.058177][T13903] ? do_raw_spin_unlock+0x57/0x270 [ 383.058191][T13903] oom_kill_process.cold+0x10/0x15 [ 383.058204][T13903] out_of_memory+0x79a/0x1280 [ 383.058218][T13903] ? lock_downgrade+0x880/0x880 [ 383.058232][T13903] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 383.058252][T13903] ? oom_killer_disable+0x280/0x280 [ 383.074377][ T3875] kobject: 'loop1' (00000000b39d6000): kobject_uevent_env [ 383.077249][T13903] mem_cgroup_out_of_memory+0x1ca/0x230 [ 383.077264][T13903] ? memcg_event_wake+0x230/0x230 [ 383.077287][T13903] ? do_raw_spin_unlock+0x57/0x270 [ 383.081714][ T3875] kobject: 'loop1' (00000000b39d6000): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 383.087486][T13903] ? _raw_spin_unlock+0x2d/0x50 [ 383.087500][T13903] try_charge+0x102c/0x15c0 [ 383.087512][T13903] ? mem_cgroup_charge_statistics+0x430/0x430 [ 383.087527][T13903] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 383.087537][T13903] ? percpu_ref_tryget_live+0x111/0x290 [ 383.087555][T13903] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 383.087571][T13903] mem_cgroup_try_charge+0x24d/0x5e0 [ 383.087586][T13903] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 383.087603][T13903] __handle_mm_fault+0x1e1f/0x3ec0 [ 383.087631][T13903] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 383.209606][T13903] ? kasan_check_read+0x11/0x20 [ 383.214472][T13903] ? do_raw_spin_unlock+0x57/0x270 [ 383.219606][T13903] ? handle_mm_fault+0xb8/0xb30 [ 383.224465][T13903] ? trace_hardirqs_on+0x67/0x230 [ 383.229470][T13903] handle_mm_fault+0x43f/0xb30 [ 383.234577][T13903] __get_user_pages+0x7b6/0x1a40 [ 383.239507][T13903] ? follow_page_mask+0x19a0/0x19a0 [ 383.244693][T13903] ? __vma_adjust+0x1840/0x1840 [ 383.249533][T13903] ? lock_acquire+0x16f/0x3f0 [ 383.254213][T13903] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 383.260475][T13903] populate_vma_page_range+0x20d/0x2a0 [ 383.265923][T13903] __mm_populate+0x204/0x380 [ 383.270507][T13903] ? populate_vma_page_range+0x2a0/0x2a0 [ 383.276136][T13903] __x64_sys_mlockall+0x35c/0x520 [ 383.281152][T13903] do_syscall_64+0x103/0x610 [ 383.285731][T13903] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 383.291640][T13903] RIP: 0033:0x458da9 [ 383.295519][T13903] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 383.315138][T13903] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 383.323552][T13903] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 383.331537][T13903] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 383.339493][T13903] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 383.347446][T13903] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 383.355400][T13903] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 383.368141][T13903] memory: usage 307200kB, limit 307200kB, failcnt 2623 [ 383.368676][ T3875] kobject: 'loop3' (00000000ebc5bd7c): kobject_uevent_env [ 383.375675][T13903] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 383.389967][ T3875] kobject: 'loop3' (00000000ebc5bd7c): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 383.390142][T13903] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 383.400774][T13872] kobject: 'rx-0' (00000000ae352ebe): kobject_cleanup, parent 000000006762a0de [ 383.407589][T13903] Memory cgroup stats for /syz2: cache:0KB rss:297340KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:162800KB active_anon:13584KB inactive_file:0KB active_file:0KB unevictable:121064KB [ 383.416806][T13872] kobject: 'rx-0' (00000000ae352ebe): auto cleanup 'remove' event [ 383.440887][T13903] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12836,uid=0 [ 383.450132][T13872] kobject: 'rx-0' (00000000ae352ebe): kobject_uevent_env [ 383.464997][T13903] Memory cgroup out of memory: Killed process 12836 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 383.479135][T13872] kobject: 'rx-0' (00000000ae352ebe): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 383.494300][T13872] kobject: 'rx-0' (00000000ae352ebe): auto cleanup kobject_del [ 383.502030][T13872] kobject: 'rx-0' (00000000ae352ebe): calling ktype release [ 383.509761][T13872] kobject: 'rx-0': free name [ 383.517157][T13872] kobject: 'tx-0' (00000000a9f34afe): kobject_cleanup, parent 000000006762a0de [ 383.526847][T13872] kobject: 'tx-0' (00000000a9f34afe): auto cleanup 'remove' event [ 383.538075][T13872] kobject: 'tx-0' (00000000a9f34afe): kobject_uevent_env [ 383.545523][T13872] kobject: 'tx-0' (00000000a9f34afe): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 383.559182][T13872] kobject: 'tx-0' (00000000a9f34afe): auto cleanup kobject_del [ 383.567306][T13872] kobject: 'tx-0' (00000000a9f34afe): calling ktype release [ 383.577292][T13872] kobject: 'tx-0': free name [ 383.582085][T13872] kobject: 'queues' (000000006762a0de): kobject_cleanup, parent (null) [ 383.591629][T13872] kobject: 'queues' (000000006762a0de): calling ktype release [ 383.601874][T13872] kobject: 'queues' (000000006762a0de): kset_release [ 383.608972][T13872] kobject: 'queues': free name [ 383.617244][T13872] kobject: 'nr0' (00000000b3c3d340): kobject_uevent_env [ 383.624792][T13872] kobject: 'nr0' (00000000b3c3d340): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 383.692961][T13872] kobject: 'nr0' (00000000b3c3d340): kobject_cleanup, parent (null) [ 383.702725][T13903] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 383.707170][T13872] kobject: 'nr0' (00000000b3c3d340): calling ktype release [ 383.719656][T13903] CPU: 1 PID: 13903 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 383.724931][T13872] kobject: 'nr0': free name [ 383.732400][T13903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 383.732406][T13903] Call Trace: [ 383.732430][T13903] dump_stack+0x172/0x1f0 [ 383.732446][T13903] dump_header+0x10f/0xb6c [ 383.732459][T13903] ? trace_hardirqs_on+0x5e/0x230 [ 383.732472][T13903] ? _raw_spin_unlock_irqrestore+0xbd/0xe0 [ 383.732483][T13903] ? ___ratelimit+0x60/0x595 [ 383.732498][T13903] ? do_raw_spin_unlock+0x57/0x270 [ 383.732517][T13903] oom_kill_process.cold+0x10/0x15 [ 383.784606][T13903] out_of_memory+0x79a/0x1280 [ 383.789285][T13903] ? lock_downgrade+0x880/0x880 [ 383.794118][T13903] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 383.800362][T13903] ? oom_killer_disable+0x280/0x280 [ 383.805560][T13903] mem_cgroup_out_of_memory+0x1ca/0x230 [ 383.811080][T13903] ? memcg_event_wake+0x230/0x230 [ 383.816084][T13903] ? do_raw_spin_unlock+0x57/0x270 [ 383.821187][T13903] ? _raw_spin_unlock+0x2d/0x50 [ 383.826016][T13903] try_charge+0x102c/0x15c0 [ 383.830496][T13903] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 383.836018][T13903] ? percpu_ref_tryget_live+0x111/0x290 [ 383.841546][T13903] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 383.847077][T13903] mem_cgroup_try_charge+0x24d/0x5e0 [ 383.852360][T13903] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 383.857987][T13903] wp_page_copy+0x408/0x1740 [ 383.862582][T13903] ? pmd_pfn+0x1d0/0x1d0 [ 383.866829][T13903] ? lock_downgrade+0x880/0x880 [ 383.871660][T13903] ? swp_swapcount+0x540/0x540 [ 383.876421][T13903] ? kasan_check_read+0x11/0x20 [ 383.881266][T13903] ? do_raw_spin_unlock+0x57/0x270 [ 383.886369][T13903] do_wp_page+0x48e/0x1500 [ 383.890779][T13903] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 383.896136][T13903] __handle_mm_fault+0x22e8/0x3ec0 [ 383.901250][T13903] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 383.906795][T13903] ? kasan_check_read+0x11/0x20 [ 383.911642][T13903] ? do_raw_spin_unlock+0x57/0x270 [ 383.916752][T13903] ? handle_mm_fault+0xb8/0xb30 [ 383.921589][T13903] ? trace_hardirqs_on+0x67/0x230 [ 383.926590][T13903] handle_mm_fault+0x43f/0xb30 [ 383.931346][T13903] __get_user_pages+0x7b6/0x1a40 [ 383.936286][T13903] ? follow_page_mask+0x19a0/0x19a0 [ 383.941469][T13903] ? retint_kernel+0x2d/0x2d [ 383.946157][T13903] ? populate_vma_page_range+0x37/0x2a0 [ 383.951709][T13903] populate_vma_page_range+0x20d/0x2a0 [ 383.957151][T13903] __mm_populate+0x204/0x380 [ 383.961724][T13903] ? populate_vma_page_range+0x2a0/0x2a0 [ 383.967337][T13903] __x64_sys_mlockall+0x35c/0x520 [ 383.972347][T13903] do_syscall_64+0x103/0x610 [ 383.976922][T13903] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 383.982789][T13903] RIP: 0033:0x458da9 [ 383.986665][T13903] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 384.006266][T13903] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 384.014656][T13903] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 384.022636][T13903] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 384.030588][T13903] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 12:48:19 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) r1 = socket$kcm(0x29, 0x5, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000018c0)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A') readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) 12:48:19 executing program 4: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x0) bind$ax25(r1, &(0x7f0000000040)={{0x3, @netrom, 0x1}, [@null, @null, @netrom, @null, @bcast, @netrom, @rose]}, 0x48) perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/vcs\x00', 0x143002, 0x0) write$rfkill(r2, &(0x7f0000000080), 0x8) openat(r2, &(0x7f00000000c0)='./file0\x00', 0x400, 0x54) connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e21}, 0x6e) 12:48:19 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r0, 0xc04c5349, &(0x7f0000000040)={0x7ff, 0x50, 0x100000000}) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000000)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:19 executing program 3: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) socket(0x2000000000000021, 0x2, 0x2) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:19 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1e00000000000000}) [ 384.038552][T13903] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 384.046506][T13903] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 384.056824][T13903] memory: usage 307200kB, limit 307200kB, failcnt 2677 [ 384.063954][T13903] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 384.071535][T13903] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 384.094215][ T3875] kobject: 'loop5' (000000002cb8a305): kobject_uevent_env [ 384.101474][ T3875] kobject: 'loop5' (000000002cb8a305): fill_kobj_path: path = '/devices/virtual/block/loop5' [ 384.102493][T13903] Memory cgroup stats for /syz2: cache:0KB rss:297260KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:154976KB active_anon:13568KB inactive_file:0KB active_file:0KB unevictable:128828KB [ 384.157380][T13921] kobject: 'nr0' (00000000c1ea381d): kobject_add_internal: parent: 'net', set: 'devices' [ 384.183307][T13921] kobject: 'nr0' (00000000c1ea381d): kobject_uevent_env [ 384.190094][T13903] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=13900,uid=0 12:48:20 executing program 3: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:20 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00000000c0)) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="6178ca8460b6de97ce14f09a2a6f7c39dce0fa615f9552e55c2c312e9909"], 0x1e) r1 = syz_open_pts(r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000040)={0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f00000000000000}) [ 384.190415][T13921] kobject: 'nr0' (00000000c1ea381d): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 384.221461][T13903] Memory cgroup out of memory: Killed process 13900 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:54328kB, shmem-rss:0kB 12:48:20 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) r0 = creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000000)={0x0, 0x7f}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000080)={r1}, 0x8) [ 384.235898][ T1043] oom_reaper: reaped process 13900 (syz-executor.2), now anon-rss:18236kB, file-rss:54324kB, shmem-rss:0kB [ 384.241281][T13919] overlayfs: './file0' not a directory [ 384.270588][ T3875] kobject: 'loop3' (00000000ebc5bd7c): kobject_uevent_env [ 384.270630][ T3875] kobject: 'loop3' (00000000ebc5bd7c): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 384.308354][T13921] kobject: 'queues' (000000004f10d06b): kobject_add_internal: parent: 'nr0', set: '' 12:48:20 executing program 2: mlockall(0x3) clone(0x80001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 12:48:20 executing program 3: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) 12:48:20 executing program 1: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./file1/file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 384.308382][T13921] kobject: 'queues' (000000004f10d06b): kobject_uevent_env 12:48:20 executing program 3: mkdir(&(0x7f0000000700)='./file1\x00', 0x0) creat(&(0x7f0000000280)='./file1/file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='overlay\x00', 0x0, &(0x7f0000000d40)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=./file1,workdir=./file1']) chdir(&(0x7f0000000380)='./file0\x00') stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000580)) [ 384.308393][T13921] kobject: 'queues' (000000004f10d06b): kobject_uevent_env: filter function caused the event to drop! [ 384.308418][T13921] kobject: 'rx-0' (00000000b9692c93): kobject_add_internal: parent: 'queues', set: 'queues' [ 384.308464][T13921] kobject: 'rx-0' (00000000b9692c93): kobject_uevent_env [ 384.308492][T13921] kobject: 'rx-0' (00000000b9692c93): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 384.308621][T13921] kobject: 'tx-0' (00000000fed1a0b7): kobject_add_internal: parent: 'queues', set: 'queues' [ 384.308777][T13921] kobject: 'tx-0' (00000000fed1a0b7): kobject_uevent_env [ 384.308805][T13921] kobject: 'tx-0' (00000000fed1a0b7): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 384.309696][T13925] device nr0 entered promiscuous mode [ 384.328910][ T3875] kobject: 'loop1' (00000000b39d6000): kobject_uevent_env [ 384.328941][ T3875] kobject: 'loop1' (00000000b39d6000): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 384.392342][ T3875] kobject: 'loop3' (00000000ebc5bd7c): kobject_uevent_env [ 384.392379][ T3875] kobject: 'loop3' (00000000ebc5bd7c): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 384.454291][ T3875] kobject: 'loop1' (00000000b39d6000): kobject_uevent_env [ 384.454323][ T3875] kobject: 'loop1' (00000000b39d6000): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 384.465827][ T3875] kobject: 'loop2' (0000000064d7cda6): kobject_uevent_env [ 384.465861][ T3875] kobject: 'loop2' (0000000064d7cda6): fill_kobj_path: path = '/devices/virtual/block/loop2' 12:48:20 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000300)={'nr0\x01\x00', 0x4009}) ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000000)={0x3ff, 0x800}) socket$kcm(0x29, 0x2, 0x0) readv(r0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/184, 0xb8}], 0x1) ioctl$TUNGETFEATURES(r0, 0x800454cf, &(0x7f0000000040)) [ 384.529870][T13948] overlayfs: failed to resolve './file0': -2 [ 384.534755][ T3875] kobject: 'loop3' (00000000ebc5bd7c): kobject_uevent_env [ 384.534784][ T3875] kobject: 'loop3' (00000000ebc5bd7c): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 384.572425][T13946] syz-executor.2 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 384.572442][T13946] CPU: 1 PID: 13946 Comm: syz-executor.2 Not tainted 5.1.0-rc6+ #88 [ 384.572451][T13946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 384.572456][T13946] Call Trace: [ 384.572478][T13946] dump_stack+0x172/0x1f0 [ 384.572497][T13946] dump_header+0x10f/0xb6c [ 384.572514][T13946] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 384.572530][T13946] ? ___ratelimit+0x60/0x595 [ 384.572545][T13946] ? do_raw_spin_unlock+0x57/0x270 [ 384.572562][T13946] oom_kill_process.cold+0x10/0x15 [ 384.572578][T13946] out_of_memory+0x79a/0x1280 [ 384.572594][T13946] ? lock_downgrade+0x880/0x880 [ 384.572610][T13946] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 384.572634][T13946] ? oom_killer_disable+0x280/0x280 [ 384.572657][T13946] mem_cgroup_out_of_memory+0x1ca/0x230 [ 384.572671][T13946] ? memcg_event_wake+0x230/0x230 [ 384.572690][T13946] ? do_raw_spin_unlock+0x57/0x270 [ 384.572705][T13946] ? _raw_spin_unlock+0x2d/0x50 [ 384.572722][T13946] try_charge+0x102c/0x15c0 [ 384.572735][T13946] ? mem_cgroup_charge_statistics+0x430/0x430 [ 384.572754][T13946] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 384.572777][T13946] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 384.572795][T13946] mem_cgroup_try_charge+0x24d/0x5e0 [ 384.572825][T13946] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 384.572845][T13946] __handle_mm_fault+0x1e1f/0x3ec0 [ 384.572866][T13946] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 384.572883][T13946] ? kasan_check_read+0x11/0x20 [ 384.572899][T13946] ? handle_mm_fault+0x322/0xb30 [ 384.572921][T13946] ? handle_mm_fault+0xb8/0xb30 [ 384.572938][T13946] ? trace_hardirqs_on+0x67/0x230 [ 384.572956][T13946] handle_mm_fault+0x43f/0xb30 [ 384.572980][T13946] __get_user_pages+0x7b6/0x1a40 [ 384.573004][T13946] ? follow_page_mask+0x19a0/0x19a0 [ 384.573016][T13946] ? perf_trace_lock+0xeb/0x510 [ 384.573029][T13946] ? __vma_adjust+0x1840/0x1840 [ 384.573048][T13946] ? lock_acquire+0x16f/0x3f0 [ 384.573063][T13946] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 384.573081][T13946] populate_vma_page_range+0x20d/0x2a0 [ 384.573100][T13946] __mm_populate+0x204/0x380 [ 384.573118][T13946] ? populate_vma_page_range+0x2a0/0x2a0 [ 384.573137][T13946] __x64_sys_mlockall+0x35c/0x520 [ 384.573155][T13946] do_syscall_64+0x103/0x610 [ 384.573172][T13946] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 384.573183][T13946] RIP: 0033:0x458da9 [ 384.573198][T13946] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 384.573206][T13946] RSP: 002b:00007f32eb5e1c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 384.573219][T13946] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000458da9 [ 384.573227][T13946] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 384.573236][T13946] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 384.573245][T13946] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f32eb5e26d4 [ 384.573254][T13946] R13: 00000000004c4ce4 R14: 00000000004d88e8 R15: 00000000ffffffff [ 384.578955][T13946] memory: usage 307200kB, limit 307200kB, failcnt 2712 [ 384.578967][T13946] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 384.578975][T13946] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 384.578980][T13946] Memory cgroup stats for /syz2: cache:0KB rss:297308KB rss_huge:237568KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:162800KB active_anon:13584KB inactive_file:0KB active_file:0KB unevictable:121052KB [ 384.579057][T13946] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz2,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz-executor.2,pid=12900,uid=0 [ 384.579131][T13946] Memory cgroup out of memory: Killed process 12900 (syz-executor.2) total-vm:72580kB, anon-rss:18236kB, file-rss:34816kB, shmem-rss:0kB [ 384.580630][ T1043] oom_reaper: reaped process 12900 (syz-executor.2), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 384.599399][T13920] kobject: 'rx-0' (00000000b9692c93): kobject_cleanup, parent 000000004f10d06b [ 384.599410][T13920] kobject: 'rx-0' (00000000b9692c93): auto cleanup 'remove' event [ 384.599419][T13920] kobject: 'rx-0' (00000000b9692c93): kobject_uevent_env [ 384.599451][T13920] kobject: 'rx-0' (00000000b9692c93): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 384.599516][T13920] kobject: 'rx-0' (00000000b9692c93): auto cleanup kobject_del [ 384.599549][T13920] kobject: 'rx-0' (00000000b9692c93): calling ktype release [ 384.599555][T13920] kobject: 'rx-0': free name [ 384.599603][T13920] kobject: 'tx-0' (00000000fed1a0b7): kobject_cleanup, parent 000000004f10d06b [ 384.599611][T13920] kobject: 'tx-0' (00000000fed1a0b7): auto cleanup 'remove' event [ 384.599619][T13920] kobject: 'tx-0' (00000000fed1a0b7): kobject_uevent_env [ 384.599649][T13920] kobject: 'tx-0' (00000000fed1a0b7): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 384.599708][T13920] kobject: 'tx-0' (00000000fed1a0b7): auto cleanup kobject_del [ 384.599787][T13920] kobject: 'tx-0' (00000000fed1a0b7): calling ktype release [ 384.599862][T13920] kobject: 'tx-0': free name [ 384.599886][T13920] kobject: 'queues' (000000004f10d06b): kobject_cleanup, parent (null) [ 384.599894][T13920] kobject: 'queues' (000000004f10d06b): calling ktype release [ 384.599902][T13920] kobject: 'queues' (000000004f10d06b): kset_release [ 384.599913][T13920] kobject: 'queues': free name [ 384.600305][T13920] kobject: 'nr0' (00000000c1ea381d): kobject_uevent_env [ 384.600338][T13920] kobject: 'nr0' (00000000c1ea381d): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 384.632070][ T3875] kobject: 'loop1' (00000000b39d6000): kobject_uevent_env [ 384.632097][ T3875] kobject: 'loop1' (00000000b39d6000): fill_kobj_path: path = '/devices/virtual/block/loop1' [ 384.642545][T13920] kobject: 'nr0' (00000000c1ea381d): kobject_cleanup, parent (null) [ 384.642554][T13920] kobject: 'nr0' (00000000c1ea381d): calling ktype release [ 384.642575][T13920] kobject: 'nr0': free name [ 384.643174][T13921] kobject: 'nr0' (000000006092be62): kobject_add_internal: parent: 'net', set: 'devices' [ 384.643869][T13921] kobject: 'nr0' (000000006092be62): kobject_uevent_env [ 384.643900][T13921] kobject: 'nr0' (000000006092be62): fill_kobj_path: path = '/devices/virtual/net/nr0' [ 384.643987][T13921] kobject: 'queues' (000000008ebc8c05): kobject_add_internal: parent: 'nr0', set: '' [ 384.644008][T13921] kobject: 'queues' (000000008ebc8c05): kobject_uevent_env [ 384.644021][T13921] kobject: 'queues' (000000008ebc8c05): kobject_uevent_env: filter function caused the event to drop! [ 384.644047][T13921] kobject: 'rx-0' (00000000ea12c579): kobject_add_internal: parent: 'queues', set: 'queues' [ 384.644095][T13921] kobject: 'rx-0' (00000000ea12c579): kobject_uevent_env [ 384.644135][T13921] kobject: 'rx-0' (00000000ea12c579): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 384.644218][T13921] kobject: 'tx-0' (00000000eff6aa8e): kobject_add_internal: parent: 'queues', set: 'queues' [ 384.644351][T13921] kobject: 'tx-0' (00000000eff6aa8e): kobject_uevent_env [ 384.644378][T13921] kobject: 'tx-0' (00000000eff6aa8e): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/tx-0' [ 384.646059][T13921] device nr0 entered promiscuous mode [ 384.687355][ T3875] kobject: 'loop3' (00000000ebc5bd7c): kobject_uevent_env [ 384.687388][ T3875] kobject: 'loop3' (00000000ebc5bd7c): fill_kobj_path: path = '/devices/virtual/block/loop3' [ 384.838485][T13920] kobject: 'rx-0' (00000000ea12c579): kobject_cleanup, parent 000000008ebc8c05 [ 384.838495][T13920] kobject: 'rx-0' (00000000ea12c579): auto cleanup 'remove' event [ 384.838504][T13920] kobject: 'rx-0' (00000000ea12c579): kobject_uevent_env [ 384.838547][T13920] kobject: 'rx-0' (00000000ea12c579): fill_kobj_path: path = '/devices/virtual/net/nr0/queues/rx-0' [ 384.838610][T13920] kobject: 'rx-0' (00000000ea12c579): auto cleanup kobject_del [ 384.838644][T13920] kobject: 'rx-0' (00000000ea12c579): calling ktype release [ 384