c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000600000010", 0x66, 0x400}], 0x0, 0x0) 05:19:27 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="020100021000000000000600000000000800120000ffff00000000000000000006000000000000000000800000000000e00000010000000000000000000035000000000000000000ee000003ed94c700030006000000000002000004000000bb000000000000000603000500000000000200423b000001000012b478407f8604"], 0x80}}, 0x0) socket$key(0xf, 0x3, 0x2) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x400000000000003, 0x0) [ 990.821580][ T5275] Mem-Info: [ 990.832273][ T5275] active_anon:145191 inactive_anon:660 isolated_anon:0 [ 990.832273][ T5275] active_file:21599 inactive_file:29010 isolated_file:0 [ 990.832273][ T5275] unevictable:4096 dirty:288 writeback:0 unstable:0 [ 990.832273][ T5275] slab_reclaimable:13085 slab_unreclaimable:98312 [ 990.832273][ T5275] mapped:58982 shmem:252 pagetables:1450 bounce:0 [ 990.832273][ T5275] free:1220014 free_pcp:500 free_cma:0 05:19:27 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}, 0x0, 0xffffffff00000000}) 05:19:27 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="020100021000000000000600000000000800120000ffff00000000000000000006000000000000000000800000000000e00000010000000000000000000035000000000000000000ee000003ed94c700030006000000000002000004000000bb000000000000000603000500000000000200423b000001000012b478407f8604"], 0x80}}, 0x0) socket$key(0xf, 0x3, 0x2) sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x400000000000003, 0x0) [ 991.011375][ T5275] Node 0 active_anon:582740kB inactive_anon:2644kB active_file:86252kB inactive_file:116072kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235808kB dirty:1188kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 540672kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 991.074985][ T5293] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 991.326484][ T5275] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 991.356268][ T5275] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 991.383956][ T5275] lowmem_reserve[]: 0 2547 2548 2548 [ 991.389270][ T5275] Node 0 DMA32 free:1093636kB min:36184kB low:45228kB high:54272kB active_anon:572284kB inactive_anon:2644kB active_file:85200kB inactive_file:115988kB unevictable:16384kB writepending:1180kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7520kB pagetables:5324kB bounce:0kB free_pcp:2972kB local_pcp:1508kB free_cma:0kB [ 991.422020][ T5275] lowmem_reserve[]: 0 0 1 1 [ 991.427724][ T5275] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 991.455615][ T5275] lowmem_reserve[]: 0 0 0 0 [ 991.460332][ T5275] Node 1 Normal free:3777784kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 991.488994][ T5275] lowmem_reserve[]: 0 0 0 0 [ 991.493618][ T5275] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 991.508307][ T5275] Node 0 DMA32: 9443*4kB (UME) 3299*8kB (UME) 1022*16kB (UME) 603*32kB (UME) 481*64kB (UME) 47*128kB (UM) 28*256kB (U) 25*512kB (U) 9*1024kB (UE) 7*2048kB (UME) 223*4096kB (UM) = 1093540kB [ 991.528640][ T5275] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 991.541322][ T5275] Node 1 Normal: 0*4kB 47*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777784kB [ 991.558142][ T5275] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 991.567861][ T5275] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 991.577230][ T5275] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 991.586896][ T5275] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 991.596267][ T5275] 50869 total pagecache pages [ 991.600946][ T5275] 0 pages in swap cache [ 991.605175][ T5275] Swap cache stats: add 0, delete 0, find 0/0 [ 991.611239][ T5275] Free swap = 0kB [ 991.615057][ T5275] Total swap = 0kB [ 991.618810][ T5275] 1965979 pages RAM [ 991.622731][ T5275] 0 pages HighMem/MovableOnly 05:19:28 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}, 0x0, 0xfffffffffffffffe}) 05:19:28 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="020100021000000000000600000000000800080000ffff00000000000000000006000000000000000000800000000000e00000010000000000000000000035000000000000000000ee000003ed94c700030006000000000002000006000000bb000000000000000603000500000000000200423b000001000012b478427f8604e43bc24e0ee6b7434c20418aada5e5977c862a3a387231b185169c7f1abbdced86"], 0x80}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, &(0x7f0000000180), 0x400000000000003, 0x0) 05:19:28 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000700000010", 0x66, 0x400}], 0x0, 0x0) 05:19:28 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x400000, 0x500]}) 05:19:28 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) flock(r1, 0x1c) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r3 = openat$cgroup_subtree(r2, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r3) openat$cgroup_int(r2, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r4, 0x800000c004500a, &(0x7f0000000300)) setxattr(&(0x7f0000000100)='./file0\x00', &(0x7f00000001c0)=@known='trusted.overlay.metacopy\x00', &(0x7f0000000280)='./cgroup\x00', 0x9, 0x1) readv(r4, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r4, &(0x7f0000000080), 0x8) ioctl$KIOCSOUND(r4, 0x4b2f, 0x7457) readv(r3, &(0x7f00000002c0), 0x1a5) 05:19:28 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="020100021000000000000600000000000800120000ffff00000000000000000006000000000000000000800000000000e00000010000000000000000000035000000000000000000ee000003ed94c700030006000000000002000004000000bb000000000000000603000500000000000200423b000001000012b478407f8604"], 0x80}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, 0x0, 0x0, 0x0) [ 991.627456][ T5275] 341179 pages reserved [ 991.631629][ T5275] 0 pages cma reserved [ 991.787009][ T5332] syz-executor.4: vmalloc: allocation failure: 10737426432 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 991.815967][ T5327] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities 05:19:28 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="020100021000000000000600000000000800120000ffff00000000000000000006000000000000000000800000000000e00000010000000000000000000035000000000000000000ee000003ed94c700030006000000000002000004000000bb000000000000000603000500000000000200423b000001000012b478407f8604"], 0x80}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, 0x0, 0x0, 0x0) 05:19:28 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) readv(r1, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r1, &(0x7f0000000080), 0x8) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000040)={0x29, 0x6, 0x0, {0x4, 0xfff}}, 0x29) r2 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r2, &(0x7f0000000140), 0x4924b68, 0x0) setsockopt$inet_sctp6_SCTP_NODELAY(r2, 0x84, 0x3, &(0x7f0000000000)=0x9, 0x4) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 991.839908][ T5332] CPU: 0 PID: 5332 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 991.848979][ T5332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 991.859054][ T5332] Call Trace: [ 991.862397][ T5332] dump_stack+0x172/0x1f0 [ 991.866761][ T5332] warn_alloc.cold+0x87/0x17f [ 991.871598][ T5332] ? zone_watermark_ok_safe+0x260/0x260 [ 991.877307][ T5332] ? mark_lock+0xc2/0x1220 [ 991.881936][ T5332] ? __lock_acquire+0x8a0/0x4a00 [ 991.886917][ T5332] __vmalloc_node_range+0x483/0x7e0 [ 991.892387][ T5332] ? is_bpf_text_address+0xac/0x170 [ 991.897601][ T5332] ? kvm_arch_create_memslot+0xc3/0x570 [ 991.903171][ T5332] __vmalloc_node_flags_caller+0x71/0x90 [ 991.908915][ T5332] ? kvm_arch_create_memslot+0xc3/0x570 [ 991.915612][ T5332] kvmalloc_node+0xdc/0x100 [ 991.920144][ T5332] kvm_arch_create_memslot+0xc3/0x570 [ 991.925517][ T5332] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 991.931754][ T5332] __kvm_set_memory_region+0x13b5/0x1d00 [ 991.937386][ T5332] ? gfn_to_hva+0x470/0x470 [ 991.941892][ T5332] ? lock_downgrade+0x920/0x920 [ 991.946757][ T5332] kvm_set_memory_region+0x2f/0x50 [ 991.951954][ T5332] kvm_vm_ioctl+0x729/0x1860 [ 991.956544][ T5332] ? debug_check_no_obj_freed+0x20a/0x43f [ 991.962280][ T5332] ? find_held_lock+0x35/0x130 [ 991.967061][ T5332] ? kvm_unregister_device_ops+0x70/0x70 [ 991.972701][ T5332] ? lock_downgrade+0x920/0x920 [ 991.977549][ T5332] ? rwlock_bug.part.0+0x90/0x90 [ 991.982623][ T5332] ? tomoyo_path_number_perm+0x214/0x520 [ 991.988268][ T5332] ? find_held_lock+0x35/0x130 [ 991.993066][ T5332] ? lock_downgrade+0x920/0x920 [ 991.998099][ T5332] ? lockdep_hardirqs_on+0x418/0x5d0 [ 992.003411][ T5332] ? tomoyo_path_number_perm+0x459/0x520 [ 992.009062][ T5332] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 992.015577][ T5332] ? tomoyo_path_number_perm+0x263/0x520 [ 992.021347][ T5332] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 992.027307][ T5332] ? kvm_unregister_device_ops+0x70/0x70 [ 992.033219][ T5332] do_vfs_ioctl+0xdb6/0x13e0 [ 992.037824][ T5332] ? ioctl_preallocate+0x210/0x210 [ 992.042944][ T5332] ? __fget+0x384/0x560 [ 992.047110][ T5332] ? ksys_dup3+0x3e0/0x3e0 [ 992.051542][ T5332] ? nsecs_to_jiffies+0x30/0x30 [ 992.056405][ T5332] ? tomoyo_file_ioctl+0x23/0x30 [ 992.061472][ T5332] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 992.067746][ T5332] ? security_file_ioctl+0x8d/0xc0 [ 992.073275][ T5332] ksys_ioctl+0xab/0xd0 [ 992.078973][ T5332] __x64_sys_ioctl+0x73/0xb0 [ 992.084359][ T5332] do_syscall_64+0xfa/0x760 [ 992.088912][ T5332] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 992.095009][ T5332] RIP: 0033:0x4598e9 [ 992.098918][ T5332] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 992.118674][ T5332] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 992.127185][ T5332] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 05:19:28 executing program 2: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f00000004c0)='cgroup.procs\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f00000001c0)=@ipx, 0x80, 0x0, 0x0, 0x0, 0x69e}}], 0x0, 0x0, 0x0) preadv(r1, &(0x7f00000009c0)=[{&(0x7f0000000500)=""/154, 0x9a}], 0x1, 0x3) [ 992.135663][ T5332] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 992.143675][ T5332] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 992.151761][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 992.159747][ T5332] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 992.171926][ T5332] Mem-Info: [ 992.175487][ T5332] active_anon:144641 inactive_anon:664 isolated_anon:0 [ 992.175487][ T5332] active_file:21601 inactive_file:29021 isolated_file:0 [ 992.175487][ T5332] unevictable:4096 dirty:246 writeback:18 unstable:0 [ 992.175487][ T5332] slab_reclaimable:13081 slab_unreclaimable:98532 [ 992.175487][ T5332] mapped:58971 shmem:254 pagetables:1382 bounce:0 [ 992.175487][ T5332] free:1220322 free_pcp:579 free_cma:0 [ 992.215072][ T5332] Node 0 active_anon:578604kB inactive_anon:2644kB active_file:86256kB inactive_file:116096kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235952kB dirty:1004kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 532480kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 992.244768][ T5332] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 992.272421][ T5332] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 992.307784][ T5332] lowmem_reserve[]: 0 2547 2548 2548 [ 992.313274][ T5332] Node 0 DMA32 free:1087220kB min:36184kB low:45228kB high:54272kB active_anon:578584kB inactive_anon:2644kB active_file:85204kB inactive_file:116012kB unevictable:16384kB writepending:996kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7808kB pagetables:5600kB bounce:0kB free_pcp:2220kB local_pcp:1292kB free_cma:0kB [ 992.350991][ T5332] lowmem_reserve[]: 0 0 1 1 [ 992.355675][ T5332] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:19:28 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) r3 = userfaultfd(0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) syz_extract_tcp_res(&(0x7f0000000100), 0x1, 0x7f) ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) fcntl$setsig(r3, 0xa, 0x3a) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) 05:19:29 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000184000)=ANY=[@ANYBLOB="020100021000000000000600000000000800120000ffff00000000000000000006000000000000000000800000000000e00000010000000000000000000035000000000000000000ee000003ed94c700030006000000000002000004000000bb000000000000000603000500000000000200423b000001000012b478407f8604"], 0x80}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmmsg(r1, 0x0, 0x0, 0x0) [ 992.472196][ T5332] lowmem_reserve[]: 0 0 0 0 [ 992.477983][ T5332] Node 1 Normal free:3777784kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:19:29 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000800000010", 0x66, 0x400}], 0x0, 0x0) 05:19:29 executing program 2: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_INITMSG(r0, 0x84, 0x7b, &(0x7f0000000000)={0x0, 0xffffffffffffffff}, 0x8) [ 992.603454][ T5332] lowmem_reserve[]: 0 0 0 0 [ 992.656604][ T5332] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB 05:19:29 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) ptrace$setsig(0x4203, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1}) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4(0xffffffffffffffff, &(0x7f00000006c0)=@tipc=@name, &(0x7f0000000440)=0x80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 992.764502][ T5332] Node 0 DMA32: 9403*4kB (UME) 3349*8kB (UME) 1030*16kB (UME) 598*32kB (ME) 479*64kB (UME) 45*128kB (UM) 28*256kB (U) 25*512kB (U) 9*1024kB (UE) 6*2048kB (UME) 220*4096kB (UM) = 1079028kB [ 992.836969][ T5332] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 992.851212][ T5332] Node 1 Normal: 0*4kB 47*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777784kB [ 992.855619][ T5359] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities 05:19:29 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) r1 = dup2(r0, r0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") write$P9_RMKNOD(r1, &(0x7f0000000000)={0x10305}, 0xfffffee2) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) syz_open_pts(r0, 0x0) 05:19:29 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x80) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r3, 0x81785501, &(0x7f0000000340)=""/94) connect$caif(r3, &(0x7f0000000200), 0x18) ioctl$TUNGETDEVNETNS(r3, 0x54e3, 0x0) ioctl$UI_SET_KEYBIT(r3, 0x40045565, 0xb2) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) [ 992.891801][ T5332] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 992.951476][ T5332] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 992.990653][ T5332] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 993.002328][ T5332] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 993.039581][ T5332] 50876 total pagecache pages [ 993.083884][ T5332] 0 pages in swap cache [ 993.091149][ T5332] Swap cache stats: add 0, delete 0, find 0/0 [ 993.117668][ T5332] Free swap = 0kB [ 993.139394][ T5332] Total swap = 0kB [ 993.152313][ T5332] 1965979 pages RAM [ 993.160949][ T5332] 0 pages HighMem/MovableOnly [ 993.246795][ T5332] 341179 pages reserved [ 993.272162][ T5332] 0 pages cma reserved 05:19:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x800000, 0x500]}) 05:19:29 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000900000010", 0x66, 0x400}], 0x0, 0x0) 05:19:29 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='dctcp-reno\x00', 0xb) 05:19:29 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3c6, 0x81}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffbfffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x2, 0x80) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r2, 0x81785501, &(0x7f0000000340)=""/94) ioctl$TUNGETDEVNETNS(r2, 0x54e3, 0x0) r3 = fspick(r2, &(0x7f0000000000)='./file0\x00', 0x1) fstat(r3, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) mmap$xdp(&(0x7f000047b000/0x4000)=nil, 0x4000, 0x4, 0x10, r2, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000180)) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:19:29 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x3, 0x10001) ioctl$PERF_EVENT_IOC_DISABLE(r2, 0x2401, 0x0) r3 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r3) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0xffffffffffffff87}], 0x1}}], 0x1, 0x0, 0x0) readv(r3, &(0x7f00000002c0), 0x1a5) [ 993.485818][ T5401] syz-executor.4: vmalloc: allocation failure: 10737434624 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:19:30 executing program 0: r0 = socket(0x10, 0x3, 0xc) write(r0, &(0x7f00000000c0)="1f0000000102ff40003b54c007110000f305010004000200007afbdf0264fa", 0x1f) [ 993.555864][ T5401] CPU: 0 PID: 5401 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 993.564939][ T5401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 993.575008][ T5401] Call Trace: [ 993.578333][ T5401] dump_stack+0x172/0x1f0 [ 993.582696][ T5401] warn_alloc.cold+0x87/0x17f [ 993.587447][ T5401] ? zone_watermark_ok_safe+0x260/0x260 [ 993.593033][ T5401] ? mark_lock+0xc2/0x1220 [ 993.597482][ T5401] ? __lock_acquire+0x8a0/0x4a00 05:19:30 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) r3 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r3, &(0x7f0000000140), 0x4924b68, 0x0) r4 = syz_open_dev$admmidi(&(0x7f00000003c0)='/dev/admmidi#\x00', 0x10001, 0x101002) r5 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r5, &(0x7f0000000140), 0x4924b68, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r5, 0x8933, &(0x7f0000000300)={'vcan0\x00', 0x0}) connect$can_bcm(r3, &(0x7f0000000340)={0x1d, r6}, 0x10) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000440)='TIPC\x00') sendmsg$TIPC_CMD_GET_BEARER_NAMES(r4, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2100000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r7, 0x400, 0x70bd28, 0x25dfdbfb, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x20000010) sendmsg$TIPC_CMD_GET_MAX_PORTS(r3, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r7, 0x100, 0x70bd2c, 0x25dfdbfc, {}, ["", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x28048080}, 0x4000000) openat$cgroup_int(r1, &(0x7f0000000080)='\x94#Y\x8f\x84\xe1A|1\xdc\xc6\xf6.O;x\xf5.c{\xb5\x19)\xc8\a\x00\x00\x00\xe1bi&\x13\xb7\xc7S\xcd\x8c#_\xd3\x88\xf6%\xf5\xe9\xfd\x1fl*\x85_\xa1\x97\'\xe0\r\x12\xfb\xa3\xb8\x1cQ\xf50\xea\xb5\xb7lR\xd6D\x93\xc6\x88Y\x8b\xb9wE\x1a\x12w\xabh\x061B\xe6}\x93\xd0h%rT\x1a\xecu\x03\xdd\x9f\x8d%\xe3-\xec\xa2D{;x\xb4`f\xcf\x82/% \xb1\xc8mx\x1c\x19D\x88yr3\bz\xbc\x1d\xfb\xaan\xa95\xa4\xaf\t-u\xb8\xb3\xc8n\xab\x9ep\xe7\x0e\x17\xc4Aa\x90\x1bK\xad\xb5}\xa6)\x1fA_\xc8\xb1\'U8`Pqf\xda$', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) syz_genetlink_get_family_id$tipc(&(0x7f00000002c0)='TIPC\x00') [ 993.602459][ T5401] __vmalloc_node_range+0x483/0x7e0 [ 993.607702][ T5401] ? is_bpf_text_address+0xac/0x170 [ 993.612948][ T5401] ? kvm_arch_create_memslot+0xc3/0x570 [ 993.618514][ T5401] __vmalloc_node_flags_caller+0x71/0x90 [ 993.624180][ T5401] ? kvm_arch_create_memslot+0xc3/0x570 [ 993.629757][ T5401] kvmalloc_node+0xdc/0x100 [ 993.634280][ T5401] kvm_arch_create_memslot+0xc3/0x570 [ 993.639676][ T5401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 993.645960][ T5401] __kvm_set_memory_region+0x13b5/0x1d00 [ 993.651639][ T5401] ? gfn_to_hva+0x470/0x470 05:19:30 executing program 1: perf_event_open(&(0x7f000001d000)={0x3, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x100, 0x671}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x3a}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r2 = openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/attr/current\x00', 0x2, 0x0) r3 = dup3(r2, r0, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r4, &(0x7f0000000140), 0x4924b68, 0x0) ioctl$SIOCX25SDTEFACILITIES(r4, 0x89eb, &(0x7f0000000480)={0x40, 0xff, 0x0, 0x8bf4, 0x40, 0xa, 0x23, "a36526b2ce901ddbc45bfebf37d5bc45441bdc6e", "c9fa0eaad7fe8d5d97665cecc02e074182a634f7"}) ioctl$EVIOCSFF(r3, 0x40304580, &(0x7f0000000040)={0x54, 0xfffffffffffffffe, 0x4, {0x7, 0x100}, {0x8, 0x4fd}, @ramp={0x400, 0x403, {0x7, 0x81, 0x7fff}}}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) syz_mount_image$hfsplus(&(0x7f0000000180)='hfsplus\x00', &(0x7f00000001c0)='./file0\x00', 0x1, 0x2, &(0x7f0000000340)=[{&(0x7f0000000200)="588314592f40a0cee62b3a5f1af30103f6af3e263329a258ef1214f08c240b279df470697bf455b6895e6aff0e189d7dfcbeb3d4d0b189b338f4a0a16b2a12c8c59e0da9ee72a2f114cc438443725dc9d41bc8fee64c047c4b33e398a274180253f3b7f9232168669b1ab8492f7a3afe40b40b9fe27ffa18318663b795941a49c151835813db806f0e7bf07fe4a62de0a3845f97034e769a9debd4076c28f8a3cf163fe74cb3db44cdc19804d874ac473e84088a704c2340d1b1e47c9782300e76d0516f18904129191dee28c849db5a60802b9ac544cd0d90dd6dd6d4cf095c54f3a4d382ab7880eb53752e38", 0xed, 0x7}, {&(0x7f0000000300)="cb702da5f634f609b089f6b4d3927fb0aa7024636660008ca96db15bc5c852e0bcf898a2a413f7b4699dbe63da9d34", 0x2f, 0x100}], 0x200010, &(0x7f0000000380)=ANY=[@ANYBLOB='barrier,umask=00000000000000000000006,decompose,decompose,smackfstransmute=/proc/thread-self/attr/current\x00,subj_type=/`roc/thread-self/attr/cuRrent\x00,smstS\a\x00\x00mu[nodev{&,subj_role=/proc/thread-self/attr/current\x00,measure,\x00\x00\x00\x00\x00']) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) open(&(0x7f0000000000)='./file0\x00', 0x34d40, 0xf) [ 993.656180][ T5401] ? lock_downgrade+0x920/0x920 [ 993.661075][ T5401] kvm_set_memory_region+0x2f/0x50 [ 993.666223][ T5401] kvm_vm_ioctl+0x729/0x1860 [ 993.670847][ T5401] ? debug_check_no_obj_freed+0x20a/0x43f [ 993.677001][ T5401] ? find_held_lock+0x35/0x130 [ 993.681797][ T5401] ? kvm_unregister_device_ops+0x70/0x70 [ 993.687461][ T5401] ? lock_downgrade+0x920/0x920 [ 993.692339][ T5401] ? rwlock_bug.part.0+0x90/0x90 [ 993.697303][ T5401] ? tomoyo_path_number_perm+0x214/0x520 [ 993.702956][ T5401] ? find_held_lock+0x35/0x130 [ 993.707726][ T5401] ? lock_downgrade+0x920/0x920 [ 993.707740][ T5401] ? lockdep_hardirqs_on+0x418/0x5d0 [ 993.707756][ T5401] ? tomoyo_path_number_perm+0x459/0x520 [ 993.707781][ T5401] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 993.718096][ T5401] ? tomoyo_path_number_perm+0x263/0x520 [ 993.718113][ T5401] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 993.718155][ T5401] ? kvm_unregister_device_ops+0x70/0x70 [ 993.747347][ T5401] do_vfs_ioctl+0xdb6/0x13e0 [ 993.751984][ T5401] ? ioctl_preallocate+0x210/0x210 [ 993.757210][ T5401] ? __fget+0x384/0x560 [ 993.761396][ T5401] ? ksys_dup3+0x3e0/0x3e0 [ 993.765812][ T5401] ? nsecs_to_jiffies+0x30/0x30 [ 993.765836][ T5401] ? tomoyo_file_ioctl+0x23/0x30 [ 993.765853][ T5401] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 993.765868][ T5401] ? security_file_ioctl+0x8d/0xc0 [ 993.765884][ T5401] ksys_ioctl+0xab/0xd0 [ 993.765901][ T5401] __x64_sys_ioctl+0x73/0xb0 [ 993.782315][ T5389] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 993.787054][ T5401] do_syscall_64+0xfa/0x760 [ 993.787077][ T5401] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 993.787088][ T5401] RIP: 0033:0x4598e9 [ 993.787103][ T5401] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 993.787117][ T5401] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 993.804447][ T5401] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 05:19:30 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0xf, &(0x7f0000000080)={0x0, @in6={{0xa, 0x4e24, 0x7ff, @remote, 0xfffffffffffeffff}}, 0x7, 0x101, 0x9, 0x7, 0xffffffffffff0000}, &(0x7f0000000140)=0x98) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r3 = openat$cgroup_subtree(r2, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = openat$autofs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/autofs\x00', 0x8242, 0x0) openat$cgroup_subtree(r4, &(0x7f0000000280)='cgroup.subtree_control\x00', 0x2, 0x0) close(r3) openat$cgroup_int(r2, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r3, &(0x7f00000002c0), 0x1a5) [ 993.804456][ T5401] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 993.804464][ T5401] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 993.804470][ T5401] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 993.804478][ T5401] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 993.859891][ T5401] Mem-Info: 05:19:30 executing program 0: getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000380), &(0x7f0000000180)=0x8) syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x100082) memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) socket$inet_udp(0x2, 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x2761, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) fsetxattr$system_posix_acl(r1, 0x0, &(0x7f0000000680)={{}, {}, [], {}, [{}]}, 0x2c, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x0, 0x0) sendfile(r0, r0, 0x0, 0x40fdf) [ 993.945789][ T5401] active_anon:145169 inactive_anon:660 isolated_anon:0 [ 993.945789][ T5401] active_file:21599 inactive_file:29042 isolated_file:0 [ 993.945789][ T5401] unevictable:4096 dirty:292 writeback:0 unstable:0 [ 993.945789][ T5401] slab_reclaimable:13102 slab_unreclaimable:98192 [ 993.945789][ T5401] mapped:58967 shmem:252 pagetables:1412 bounce:0 [ 993.945789][ T5401] free:1220241 free_pcp:406 free_cma:0 [ 993.997346][ T5401] Node 0 active_anon:580676kB inactive_anon:2640kB active_file:86252kB inactive_file:116168kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235868kB dirty:1164kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 536576kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:19:30 executing program 2: syz_genetlink_get_family_id$tipc2(0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x4, &(0x7f00000000c0)={&(0x7f0000000240)={0x14, 0x1, 0x1, 0xffffffffffffffff}, 0x14}}, 0x0) 05:19:30 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000a00000010", 0x66, 0x400}], 0x0, 0x0) [ 994.031560][ T26] audit: type=1800 audit(1568524770.483:40): pid=5419 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16522 res=0 [ 994.054932][ T5411] hfsplus: unable to parse mount options [ 994.151793][ T5401] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 994.339920][ T5401] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 994.420402][ T5401] lowmem_reserve[]: 0 2547 2548 2548 [ 994.439000][ T5401] Node 0 DMA32 free:1081288kB min:36184kB low:45228kB high:54272kB active_anon:585244kB inactive_anon:2640kB active_file:85200kB inactive_file:116084kB unevictable:16384kB writepending:1156kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:8160kB pagetables:5944kB bounce:0kB free_pcp:1648kB local_pcp:568kB free_cma:0kB [ 994.531725][ T5401] lowmem_reserve[]: 0 0 1 1 [ 994.552683][ T5401] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 994.618646][ T5401] lowmem_reserve[]: 0 0 0 0 [ 994.641307][ T5401] Node 1 Normal free:3777784kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 994.699826][ T5401] lowmem_reserve[]: 0 0 0 0 [ 994.706471][ T5401] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 994.731315][ T5401] Node 0 DMA32: 9210*4kB (UME) 3468*8kB (UME) 1093*16kB (UME) 611*32kB (UME) 485*64kB (UME) 43*128kB (UM) 28*256kB (U) 25*512kB (U) 9*1024kB (UE) 6*2048kB (UME) 221*4096kB (UM) = 1084856kB [ 994.785608][ T5401] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 994.801931][ T5401] Node 1 Normal: 0*4kB 47*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777784kB [ 994.828822][ T5401] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 994.841577][ T5401] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 994.858437][ T5401] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 994.878733][ T5401] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 994.889507][ T5401] 50899 total pagecache pages [ 994.901456][ T5401] 0 pages in swap cache [ 994.907578][ T5401] Swap cache stats: add 0, delete 0, find 0/0 [ 994.920943][ T5401] Free swap = 0kB [ 994.925397][ T5401] Total swap = 0kB [ 994.929649][ T5401] 1965979 pages RAM [ 994.941269][ T5401] 0 pages HighMem/MovableOnly [ 994.956136][ T5401] 341179 pages reserved [ 994.968465][ T5401] 0 pages cma reserved 05:19:31 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x80ffff, 0x500]}) 05:19:31 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) socket$vsock_dgram(0x28, 0x2, 0x0) openat$cgroup_procs(r1, &(0x7f0000000080)='cgroup.threads\x00', 0x2, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff}, 0x85000) setsockopt$netrom_NETROM_T4(r3, 0x103, 0x6, &(0x7f0000000280)=0xa25c, 0x4) readv(r2, &(0x7f00000002c0), 0x1a5) 05:19:31 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x800, 0x0) ioctl$SIOCX25SCAUSEDIAG(r1, 0x89ec, &(0x7f0000000040)={0x4, 0x3ff}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) semctl$IPC_STAT(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000100)=""/184) 05:19:31 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000013000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000040)="0f20e06635000001000f22e0660f71d300dadec4c3c5cf600b010500002e660f388209677d00640f1a070f01df65670fc79b00580000", 0x36}], 0x1, 0x0, 0x0, 0xffffffffffffff15) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000180)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="05000000000000007bf1551f07000000bd164466000000001f000000ce3c00009f0100000000000000000000000000000b40000007000000020000007c0776000100000006000000ff03000000000000000000000000000007000000000000000500000048000000cf"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:19:31 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202001000000010", 0x66, 0x400}], 0x0, 0x0) 05:19:31 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5ee47bf0700000") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) pwritev(r3, &(0x7f0000000540)=[{&(0x7f0000000800)="d9e75a8f44951bc25fea78c7825d932e21ebf3f01c28c82e506ec3cfe6fe988b330da8ef5161e20bf5f6aecd52166f3ed7a3f0acb92f0c76ed5c396df0064fc86929bc38fe41dcdcf1", 0x49}, {&(0x7f00000005c0)="76ab8cf4b6451dbff1fc875ef7c7fa075656cef34668d0b6032978a1bf810ceb41894727b83cfc98503d2d674db68d9da015a308d67fa8632cd8e2d6762218c62407cb305c682be4dd4fdbaea3e0025949b666dcab5545099b9852dd563b65d04d8e3dd928905c8a7a12a33505ace70da2c5ef9756dcfa1d1c54183c2afd84be2bea39a9f80afee86e8fb00867435d7e2d438757e3b6429085bb1a0cd19d82cd6aac82ca0b0182e89584f1219d3505fa13874e37878e744330a2e60c64347429a1b75c16299df62ba46bd0c50572af95762fbcb74dd1bc4d03035d17542c5dc13ff2c3c4742056b287a0033747f1718a8182faa50179469e80844735c80284998838ee2a26ba11093ad3160667c0321be83ed664993aa6007cc3c60ff103b6a66b1739b1df9b4bc29de448f997e766ea1b04ef27b61b0be5fae60dec46d82c316a06b0ac83a0002c6e536d9dc102038de7d9c563b7704cd295de9d774f69267d491f5fe245dcf69a2b1f991c198ee09f5e332a50f8ce7915c7aaa6fdb0c56385d8cde2cf", 0x184}, {&(0x7f0000000880)="c76c2599c93576b9b85447f4d362ad19dfd40526381ca724c68f33f8de76ff0b85cf5670759ae21f70c3e01160f6644e4808cf7552199e7e57ec20005edc92139cbaceec3d0e9f984ef39fefeb6080cdddc1d07255dd1decf991ef07042a14ba6eaf8100000033c29f7332e934f3f0457f04a9bd04f551143284d0d9078c348036f244207382012f91bfa5abb5", 0x387}, {&(0x7f0000000100)="51700562e9f1e83268be919c9a18ea150592f057443e21e0f6b81d121b026f0aa3bf4d7bb4c98772f55332414319174b1aa37c390b4aa3de02ac14d8e0db0fbbc7d3cabb11099526f562afdc53606e08", 0xffffffffffffff41}, {&(0x7f0000000780)="e77f90efa85f97639e1c79ce5dce0bb73b66ae1893295240fbcc2976e8cf8f473a9e3b7e7b9840e58e72604afa21a8c58f64442940829a89e83463817c6b9b6102288ff63fe802cf57714c72609157e0e37e040000000000000032cb673dc552c1439e5e6b5e268686557290c423abdc9e6c6c94aae0c2", 0x77}, {&(0x7f0000000440)="c80a580f3252a5e8b15e6330db0ce85e43a73f49687aa7888d78dd37cbde297ed261a6db7591ef8dcf94757fb5ff8124c4bb4fd317a7df4b292f77720327122c11c34c8ebd8367a245e5091d5a897e1e89348153cfd5070fc3b664d847a61843c558ae64630e5d98498219ec823816fa479dd92acf91811d5d137969b687b8739c0fe980efe7ceff326b103da3f84633d037ec1815f26a40de31cfc62c62f9c18da2515feb1e8f9529d59658ec31e2023bf59573961bcecd8341571ca162ca15d6c682446d357d", 0xc7}], 0x6, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) 05:19:31 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x1000000, 0x500]}) 05:19:32 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 995.642268][ T5474] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities 05:19:32 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = open(&(0x7f0000000080)='./file0\x00', 0x4801, 0x90) openat$audio(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio\x00', 0x60100, 0x0) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r3, 0x800000c004500a, &(0x7f0000000300)) readv(r3, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r3, &(0x7f0000000080), 0x8) move_mount(r2, &(0x7f00000000c0)='./file0\x00', r3, &(0x7f0000000100)='./file0\x00', 0x13) r4 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r4) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000340)={r3, 0x4ea9d901, 0x0, "81ec536ef2e86399bd611ae3663455d2e4d9d313ecd5c11a067db61cd0891fb1b3e9d6c5015ee279bf55edf5e26d3fa77a3f375510238a17bbc348d6010d2376147539573f793289e99d37c71f296c077fda6b82da80839cec887182df74c5c21978b1b2fa0acad48383e6a1ba5d3933c39c499eb089072c6c22b17856a19a962a20be75a253d99d908689d0e6093b69d0803f36a38d75b21ec9e562e2d0510f120073489ceb73b2420cc1719c7958a960be79ced137788ab44b3159e3a5eb7f85de05f4599c5950c6c6cb8ef2eed09284e30a9539bb2127457c4b92a8f3f04ec7c12fd2bbd9"}) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r5, 0x800000c004500a, &(0x7f0000000300)) readv(r5, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r5, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r5, &(0x7f0000000080), 0x8) r6 = openat$cgroup_int(r5, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r6, &(0x7f0000000740)=[{&(0x7f0000000640)=""/215, 0x40}, {&(0x7f00000001c0)=""/17, 0x11}, {&(0x7f0000000280)=""/9, 0x9}, {&(0x7f0000000580)=""/173, 0xfffffe91}], 0x10000000000000c1) [ 995.705721][ T5492] syz-executor.4: vmalloc: allocation failure: 10737451008 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:19:32 executing program 2: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000340)='./file0\x00', 0x0, 0x4) r1 = openat$cgroup_subtree(r0, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000180)={[{0x800000000002b, 'pids'}]}, 0x6) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000012, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) lseek(r2, 0x56, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000380)={'bond0\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f00000003c0)={@mcast2, @empty, @mcast2, 0xfffffffffffffc01, 0x9b6, 0xc27aa40000000000, 0x800, 0x3, 0x10000, r3}) [ 995.812750][ T5492] CPU: 0 PID: 5492 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 995.821830][ T5492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 995.831987][ T5492] Call Trace: [ 995.835308][ T5492] dump_stack+0x172/0x1f0 [ 995.839936][ T5492] warn_alloc.cold+0x87/0x17f [ 995.844811][ T5492] ? zone_watermark_ok_safe+0x260/0x260 [ 995.850399][ T5492] ? mark_lock+0xc2/0x1220 [ 995.854838][ T5492] ? __lock_acquire+0x8a0/0x4a00 [ 995.859809][ T5492] __vmalloc_node_range+0x483/0x7e0 [ 995.865033][ T5492] ? is_bpf_text_address+0xac/0x170 [ 995.870267][ T5492] ? kvm_arch_create_memslot+0xc3/0x570 [ 995.876096][ T5492] __vmalloc_node_flags_caller+0x71/0x90 [ 995.881764][ T5492] ? kvm_arch_create_memslot+0xc3/0x570 [ 995.887483][ T5492] kvmalloc_node+0xdc/0x100 [ 995.892550][ T5492] kvm_arch_create_memslot+0xc3/0x570 [ 995.897961][ T5492] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 995.904237][ T5492] __kvm_set_memory_region+0x13b5/0x1d00 [ 995.910000][ T5492] ? gfn_to_hva+0x470/0x470 [ 995.914734][ T5492] ? lock_downgrade+0x920/0x920 [ 995.919626][ T5492] kvm_set_memory_region+0x2f/0x50 [ 995.924916][ T5492] kvm_vm_ioctl+0x729/0x1860 [ 995.929546][ T5492] ? debug_check_no_obj_freed+0x20a/0x43f [ 995.935294][ T5492] ? find_held_lock+0x35/0x130 [ 995.940089][ T5492] ? kvm_unregister_device_ops+0x70/0x70 [ 995.945754][ T5492] ? lock_downgrade+0x920/0x920 [ 995.950631][ T5492] ? rwlock_bug.part.0+0x90/0x90 [ 995.955684][ T5492] ? tomoyo_path_number_perm+0x214/0x520 [ 995.961348][ T5492] ? find_held_lock+0x35/0x130 [ 995.966159][ T5492] ? lock_downgrade+0x920/0x920 [ 995.971040][ T5492] ? lockdep_hardirqs_on+0x418/0x5d0 [ 995.976365][ T5492] ? tomoyo_path_number_perm+0x459/0x520 [ 995.982051][ T5492] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 995.988318][ T5492] ? tomoyo_path_number_perm+0x263/0x520 [ 995.993978][ T5492] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 995.999832][ T5492] ? kvm_unregister_device_ops+0x70/0x70 [ 996.005494][ T5492] do_vfs_ioctl+0xdb6/0x13e0 [ 996.010205][ T5492] ? ioctl_preallocate+0x210/0x210 [ 996.015316][ T5492] ? __fget+0x384/0x560 [ 996.019474][ T5492] ? ksys_dup3+0x3e0/0x3e0 [ 996.024875][ T5492] ? nsecs_to_jiffies+0x30/0x30 [ 996.029724][ T5492] ? tomoyo_file_ioctl+0x23/0x30 [ 996.034659][ T5492] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 996.040903][ T5492] ? security_file_ioctl+0x8d/0xc0 [ 996.046018][ T5492] ksys_ioctl+0xab/0xd0 [ 996.050163][ T5492] __x64_sys_ioctl+0x73/0xb0 [ 996.054748][ T5492] do_syscall_64+0xfa/0x760 [ 996.059248][ T5492] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 996.065131][ T5492] RIP: 0033:0x4598e9 [ 996.069021][ T5492] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 996.089093][ T5492] RSP: 002b:00007f92b6da3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 996.097499][ T5492] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 996.105476][ T5492] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 05:19:32 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202002300000010", 0x66, 0x400}], 0x0, 0x0) 05:19:32 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) r1 = syz_open_dev$media(&(0x7f0000000140)='/dev/media#\x00', 0x4, 0x2040) ioctl$SG_GET_LOW_DMA(r1, 0x227a, &(0x7f0000000180)) r2 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r2, &(0x7f0000000140), 0x4924b68, 0x0) sendmsg$key(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x2, 0x6, 0x0, 0x4, 0x7, 0x0, 0x70bd27, 0x25dfdbfd, [@sadb_x_filter={0x5, 0x1a, @in=@dev={0xac, 0x14, 0x14, 0x1d}, @in6=@local, 0x10, 0x4, 0x10}]}, 0x38}}, 0x40005) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 996.113437][ T5492] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 996.121397][ T5492] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6da46d4 [ 996.129368][ T5492] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 996.171539][ T5492] Mem-Info: [ 996.182415][ T5492] active_anon:146217 inactive_anon:661 isolated_anon:512 [ 996.182415][ T5492] active_file:21599 inactive_file:29057 isolated_file:0 [ 996.182415][ T5492] unevictable:4096 dirty:327 writeback:0 unstable:0 [ 996.182415][ T5492] slab_reclaimable:13080 slab_unreclaimable:97890 [ 996.182415][ T5492] mapped:58952 shmem:253 pagetables:1475 bounce:0 [ 996.182415][ T5492] free:1218091 free_pcp:745 free_cma:0 05:19:32 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:32 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x418, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000100)={0x0, 0x69, 0x7, 0x9, [], [], [], 0x5, 0x6, 0x3, 0x0, "df6ebd11aec682a66bff371b79cd5049"}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 996.239315][ T5492] Node 0 active_anon:584868kB inactive_anon:2644kB active_file:86252kB inactive_file:116228kB unevictable:16384kB isolated(anon):2048kB isolated(file):0kB mapped:235808kB dirty:1304kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 557056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 996.302632][ T5507] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 996.361675][ T5492] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:19:32 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 996.396517][ T5492] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 996.435059][ T5492] lowmem_reserve[]: 0 2547 2548 2548 05:19:32 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202002d00000010", 0x66, 0x400}], 0x0, 0x0) [ 996.475172][ T5492] Node 0 DMA32 free:1085088kB min:36184kB low:45228kB high:54272kB active_anon:580764kB inactive_anon:2644kB active_file:85200kB inactive_file:116144kB unevictable:16384kB writepending:1296kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7808kB pagetables:5752kB bounce:0kB free_pcp:2492kB local_pcp:1096kB free_cma:0kB [ 996.562495][ T5492] lowmem_reserve[]: 0 0 1 1 [ 996.567879][ T5492] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 996.596925][ T5492] lowmem_reserve[]: 0 0 0 0 [ 996.601633][ T5492] Node 1 Normal free:3777532kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:244kB local_pcp:244kB free_cma:0kB 05:19:33 executing program 2: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x100000, 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f0000000640)='.', 0x0, 0x23080, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x80000, 0x0) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) mount(&(0x7f0000000080), &(0x7f0000000140)='.', 0x0, 0x5110, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) mount(&(0x7f0000000000), &(0x7f0000000140)='.', 0x0, 0x2003002480, 0x0) [ 996.656849][ T5492] lowmem_reserve[]: 0 0 0 0 [ 996.665227][ T5492] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 996.689662][ T5492] Node 0 DMA32: 9644*4kB (UME) 3963*8kB (UME) 1521*16kB (UME) 703*32kB (UME) 480*64kB (ME) 48*128kB (UM) 28*256kB (U) 25*512kB (U) 9*1024kB (UE) 5*2048kB (UME) 217*4096kB (UM) = 1082232kB [ 996.713322][ T5492] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 996.726059][ T5527] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 996.777942][ T5492] Node 1 Normal: 1*4kB (U) 15*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777532kB 05:19:33 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 996.819885][ T5492] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 996.870976][ T5492] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 996.920165][ T5492] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 996.967592][ T5492] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 997.004161][ T5492] 50908 total pagecache pages [ 997.009210][ T5492] 0 pages in swap cache [ 997.023616][ T5492] Swap cache stats: add 0, delete 0, find 0/0 [ 997.037972][ T5492] Free swap = 0kB [ 997.041740][ T5492] Total swap = 0kB [ 997.084023][ T5492] 1965979 pages RAM [ 997.089294][ T5492] 0 pages HighMem/MovableOnly [ 997.099481][ T5492] 341179 pages reserved [ 997.106992][ T5492] 0 pages cma reserved 05:19:33 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x2000000, 0x500]}) 05:19:33 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) 05:19:33 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202004800000010", 0x66, 0x400}], 0x0, 0x0) 05:19:33 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x40950, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1160}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) r1 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0) accept4$llc(r1, &(0x7f0000000980)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @link_local}, &(0x7f00000009c0)=0x10, 0x80800) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r2 = getuid() r3 = openat$vsock(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vsock\x00', 0x40, 0x0) sendmsg$kcm(r3, &(0x7f0000000940)={&(0x7f0000000200)=@ipx={0x4, 0x2, 0x6, "aba9b31aec0f", 0xfff}, 0x80, &(0x7f0000000540)=[{&(0x7f0000000280)="5c412eca4e167574a9f69a4050daa7871f59aec35feec2c368126d7bf9071745c7526613668ab6236d3a91a7740bccea306b6fb93f4c955fb0005ea9b3210e74d34c7ecf48392e54256df9aedfab4521376bef8fe68b22c7bd27cf375aad6e13fb3901ba39f552485a3ba1c74283a56ac0b97fb2839e8d28a874c6539aa7aed7aa4c1f4b103e46250599a1dbfcb9054a90558110843a7de9708c454e4e807982bf32ba9d881ab6fe826a11d9fe93d6aaf9417c1622761b81b46ffc078ac459eed0b29fd36be3260f85439da1905c6eaeb9a6c4e29bc88a55e5ff862666", 0xdd}, {&(0x7f0000000380)="76b51b4bbd01cd56195232a7c59237d67ad77fc95a07a8d8e7d315c47bdd9e8205c27e31deaf37341a7948407c41addab8c3e71c7e068fb8f800d311c72ab9ae1daa2ffc27b2fc7d3a2dd3255713c19397e6633040d66c0936553bbb2588d1f61ba55f5f51e4746ccc7d07", 0x6b}, {&(0x7f0000000400)="e8c91014e822e5", 0x7}, {&(0x7f0000000440)="cd17bdd1c47913debc0d25c4458a4233ed295fe2a1b93ba238b59b2755defe10e533400d765e997c2de7735dacc240f8", 0x30}, {&(0x7f0000000480)="bd195b008087f2a32a0b5bcbcc4af5bda69edab269eb6ce505134f66fa3806c969518168abca44aa842b5e8cd1b11c2dab0bd67f4f162c731627864782a4124c7671d2427e7b3c0a48738cbe1b9a9e18c448eaf118fe807c7a22d09a7764908d1598de273b467a737547880ba0ba6c0baf30045190ddbf6a79d8b4d5cfd386fc2710d679e12a519d8a18b94ec958ee06b48de5da6bfab37a5f5ad56cafd161540ea8b0fa03ca324cb7fc2d", 0xab}], 0x5, &(0x7f00000005c0)=[{0x100, 0xc, 0x3, "d9ba6c5e347aaa35926f5e1d60434c4c3b33249de4450b3ede37385b6faf2768580eab6b0133376ad185b3084dab465aa558eab8ff02f59fc902b20c026c4a77dbb4194349cae79ca1b3a94121f1f8a0855ede27cfd3cd05c1eb6339b0f03943a39d52e3fbead4dbfbcc9135162321073d2416bf9464e5ccffe4797ea7e70c53e46f2fb140400895dff7b4b4afeff76a66e61d1faaedca9a881b87b9b1c3b43b79157e4d34816e809101b4a0b90a04a9dedb951161e76e0018fc90fe868e0acc45094306af4ad15ad68ceff335893fd08d86eb69c54a94ca24086d3ec8d30df5909611fb949412bf961628e42b51ae57"}, {0x20, 0x10b, 0x7, "b8ca849d4678151d7b"}, {0x40, 0x102, 0x7f, "e1b554970be13a3c2867701e96517abd948db775d1779d08f35b5d3dc81468affb791f3965191fde66"}, {0xc0, 0x4b1e658539b890a9, 0x8, "4b97e858d00ad81e1539c18632003dea3a647046fcf3981daeee6fff5f5466c7f1e0e8b628a7e66a6a7e08f715671666c1b8f7faa04156d469044d80eadfde5262cd1a81f455c3778e8d1a4d605bcec82d6e277bf38bb9f5adf0cca2277f421ea031df6ec593775286fcb872e217f030b71fed5385a4501b9af111cd122f5dfebd2c2c1985435a1ccf37ab377751e0c256c5774471fd133676d99c8b47ff592ee840869e1298952b59637225"}, {0xd8, 0x6, 0x100000000, "5c8fe23c6d1f99204162eb2c5cc491c46a3e0952284521cc4574d4031103b1b5da66b82508c52b11ed0c8bd9b3802a6c60aa69c3491a9d4f3d72518253b533aa78e5c9040922cf3368e4512a1e6326bba4cbf52f02fdbc066d63f78b3132c42374e1299b409f5f7264e49a02b55b10f861fa3baa3383f14b0dfc1fc7ed6103551992e66006c0d21899f822c97f5349a37fb05ef2d9d597dd54576ce383a661c5e3d904f601799e1793150bc92f9dcddbe7a591510006a711f26e37a15928cd2743bf40"}, {0x30, 0x112, 0x9, "17da673ebcf94ef229eff163a2f82bfdffc10104dc8a90a7a60320025e5b563b"}, {0x30, 0x116, 0x800, "b3db0fb99a5246ef0e9eeb3a3826b5848312a690ee599fcd6038c1"}, {0x28, 0x101, 0x80000001, "53740a4f5c6b4cd11716ceaa9001f7e63f1a3746acf32ff1"}], 0x380}, 0x80) mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='overlay\x00', 0x2004000, &(0x7f0000000100)={[{@xino_off='xino=off'}, {@xino_off='xino=off'}], [{@uid_eq={'uid', 0x3d, r2}}, {@hash='hash'}, {@fsuuid={'fsuuid', 0x3d, {[0x64, 0x30, 0x30, 0x3, 0x39, 0x35, 0x61, 0x64], 0x2d, [0x66, 0x61, 0x32, 0x36], 0x2d, [0x32, 0x3c, 0x33, 0x66], 0x2d, [0x85d93b3d68252241, 0x32, 0x56, 0x38], 0x2d, [0x34, 0x50, 0x65, 0x77, 0x65, 0x34, 0x552286ced6dfad3f, 0x5b]}}}, {@subj_type={'subj_type', 0x3d, 'selinux'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '{.securityvmnet1'}}]}) 05:19:33 executing program 2: getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x3d, &(0x7f0000000180)=""/191, &(0x7f0000000100)=0xbf) r0 = socket(0x200000000000011, 0x4000000000080002, 0x81) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'dummy0\x00', 0x0}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="ecee8b1483f4"}, 0x14) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x2640, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) 05:19:33 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:33 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) mkdir(&(0x7f0000000080)='./file0\x00', 0x10) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r3, &(0x7f0000000140), 0x4924b68, 0x0) sendmsg$nfc_llcp(r3, &(0x7f0000000580)={&(0x7f00000000c0)={0x27, 0x0, 0x2, 0x1fc3d540fcc909d, 0x0, 0x7fff, "ef1dceb7f147af3b2559d198625fb5e8d66f70cfcf9d7850d576238f41652f1ccc7375179414512bb613a09e4ca83584629cd741c8fdc0097a1ab4a9622f8a", 0x12}, 0x60, &(0x7f0000000140)=[{&(0x7f0000000280)="f0fb1c7eef8e26e0de7bcc3a85a0b59671e68294c4ba84f60260d17819954e76905155145015d87e10bd870ac2b8219d997cabc9d3adead69f695d25c863b85116382c47ac11ae87fb769d4a3d27658cb060836f9fd1c3b4eebbb9472f29add17ff586c54668c5ad08b6470410ce2704b4c0fb94a0e60f38b3eaa2fd00241cd6c065ab6bcd5c5911f42fe1dfc4ef7a5034a12835f21a8f6eee97546e26cbe233b6818e9107374b9c476029861adb0fa1a541adb16e50cc5ecaaf3e1a25233b1ffa8c43c5903d50788775735b25fe172943df83ba3fa02d7b8fa97e783a671de34ceb472b3e411432f9b34030ab98da0a417c3672c3cb3d67ea756e146986ac", 0xff}, {&(0x7f00000001c0)="8a785f17126b39a0ce7e0d3eb4a7aca201d7be7085d556d5f8e4efeb42f0b6a258ce9a1c7d51f533dc1b63318c2c87c4119167ee51ebd002aff33734c8598447bd5e4b6f40ec48c8832e359472b43fd193f499a64574882708ad084fd7d110d12bffb08b62765730945b71f83e7c65932c52454992265e1b79eead", 0x7b}, {&(0x7f0000000380)="9c2ab9398fbaca903b7752947e74e6fcc5495879fa372970e4b4cd1bdfd58baf2d83e1cbdc691eb549f6144ba9f30bab6c08418c85263f5ff8e7dc638ef19dd575563ee6e29c21a3d27b72df82a446528c6a8d41886616929a598623a7478dd39c739b7fc60dde93c9e5f65cedb58ef416abd2b8245effdf7483f4a17e9b61bc3280c48a05166511ded686620881f9af885e6aa8461709591a75c52750a6a1145c947970478e3f234da7ab6e087e2ca71fd36ecb44b1b192a221eaefbb017d34610c27ae69a9b64fabda7cc9a8e097f8e49c127debe119338e40fa1233d39363b05c4f8383c08724f054618e4dbee648b79265efb9358265d728", 0xfa}], 0x3, &(0x7f0000000480)={0xf8, 0xc548a2cd34a12dc5, 0xf8, "253ca6cf97817648f48ce679906af9999d1af736c6fd34f291058ba8be24e682fe0b4345623b10b0f2809ca01e0d71033d447557c58ba1f2cd87f54bd3481640ebed31b5f6529671ebdeccf2d4d48d747973039e7a06b837d65b9de1780bc17b394b122198c274c5a88e9a557bcc2a1d541c28cfe94575a53cd9f070fa473f9e090f7c8e3d07fde03232dbd27430c01df1ab8543a0f43bcb23fbe5978f90cf8dd0eb2668d0e5f3df4fb9117509cfcccc1fe5d62562799367fead0d58e4aa46e3519688960cbfb1977eeb79a710a0c519eee64f545956736e157294fd4c52d45cbf0850e87b"}, 0xf8, 0x1e339e0e3191cd2d}, 0x4040) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940), 0x0, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) [ 997.357763][ T5566] syz-executor.4: vmalloc: allocation failure: 10737483776 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 997.399327][ T5560] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 997.431808][ T5566] CPU: 1 PID: 5566 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 05:19:33 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 997.440883][ T5566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 997.451040][ T5566] Call Trace: [ 997.454352][ T5566] dump_stack+0x172/0x1f0 [ 997.458718][ T5566] warn_alloc.cold+0x87/0x17f [ 997.463428][ T5566] ? zone_watermark_ok_safe+0x260/0x260 [ 997.469276][ T5566] ? mark_lock+0xc2/0x1220 [ 997.473717][ T5566] ? __lock_acquire+0x8a0/0x4a00 [ 997.478675][ T5566] __vmalloc_node_range+0x483/0x7e0 [ 997.483887][ T5566] ? is_bpf_text_address+0xac/0x170 [ 997.489114][ T5566] ? kvm_arch_create_memslot+0xc3/0x570 [ 997.494725][ T5566] __vmalloc_node_flags_caller+0x71/0x90 [ 997.500385][ T5566] ? kvm_arch_create_memslot+0xc3/0x570 [ 997.505970][ T5566] kvmalloc_node+0xdc/0x100 [ 997.510489][ T5566] kvm_arch_create_memslot+0xc3/0x570 [ 997.515883][ T5566] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 997.522145][ T5566] __kvm_set_memory_region+0x13b5/0x1d00 [ 997.527811][ T5566] ? gfn_to_hva+0x470/0x470 [ 997.532336][ T5566] ? lock_downgrade+0x920/0x920 [ 997.537222][ T5566] kvm_set_memory_region+0x2f/0x50 [ 997.542436][ T5566] kvm_vm_ioctl+0x729/0x1860 [ 997.547047][ T5566] ? debug_check_no_obj_freed+0x20a/0x43f [ 997.552793][ T5566] ? find_held_lock+0x35/0x130 [ 997.558809][ T5566] ? kvm_unregister_device_ops+0x70/0x70 [ 997.564584][ T5566] ? lock_downgrade+0x920/0x920 [ 997.569453][ T5566] ? rwlock_bug.part.0+0x90/0x90 [ 997.574405][ T5566] ? tomoyo_path_number_perm+0x214/0x520 [ 997.580056][ T5566] ? find_held_lock+0x35/0x130 [ 997.584853][ T5566] ? lock_downgrade+0x920/0x920 [ 997.589717][ T5566] ? lockdep_hardirqs_on+0x418/0x5d0 [ 997.595021][ T5566] ? tomoyo_path_number_perm+0x459/0x520 [ 997.600677][ T5566] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 997.606938][ T5566] ? tomoyo_path_number_perm+0x263/0x520 [ 997.612759][ T5566] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 997.618630][ T5566] ? kvm_unregister_device_ops+0x70/0x70 [ 997.624278][ T5566] do_vfs_ioctl+0xdb6/0x13e0 [ 997.628893][ T5566] ? ioctl_preallocate+0x210/0x210 [ 997.634799][ T5566] ? __fget+0x384/0x560 [ 997.638976][ T5566] ? ksys_dup3+0x3e0/0x3e0 [ 997.643428][ T5566] ? nsecs_to_jiffies+0x30/0x30 [ 997.648298][ T5566] ? tomoyo_file_ioctl+0x23/0x30 [ 997.653341][ T5566] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 997.659593][ T5566] ? security_file_ioctl+0x8d/0xc0 [ 997.664724][ T5566] ksys_ioctl+0xab/0xd0 [ 997.668902][ T5566] __x64_sys_ioctl+0x73/0xb0 [ 997.673636][ T5566] do_syscall_64+0xfa/0x760 [ 997.678335][ T5566] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 997.684255][ T5566] RIP: 0033:0x4598e9 [ 997.688163][ T5566] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 997.708137][ T5566] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 997.717195][ T5566] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 997.726310][ T5566] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 997.734537][ T5566] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 997.742662][ T5566] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 05:19:34 executing program 1: r0 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x50040, 0x80) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0xffffffffffffffff, 0x8, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffff7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, r0, 0x3) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 997.750654][ T5566] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 997.788190][ T5566] Mem-Info: [ 997.791675][ T5566] active_anon:144131 inactive_anon:661 isolated_anon:0 [ 997.791675][ T5566] active_file:21599 inactive_file:29057 isolated_file:0 [ 997.791675][ T5566] unevictable:4096 dirty:152 writeback:0 unstable:0 [ 997.791675][ T5566] slab_reclaimable:13080 slab_unreclaimable:97345 [ 997.791675][ T5566] mapped:59002 shmem:253 pagetables:1401 bounce:0 [ 997.791675][ T5566] free:1221884 free_pcp:654 free_cma:0 [ 997.831021][ T5566] Node 0 active_anon:576524kB inactive_anon:2644kB active_file:86252kB inactive_file:116228kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:236008kB dirty:604kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 557056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 997.907885][ T5566] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 997.952342][ T5566] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:19:34 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202004c00000010", 0x66, 0x400}], 0x0, 0x0) [ 998.115194][ T5566] lowmem_reserve[]: 0 2547 2548 2548 05:19:34 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) r3 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ubi_ctrl\x00', 0x2000, 0x0) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f00000000c0)=0x8000, 0x4) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) 05:19:34 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 998.168465][ T5566] Node 0 DMA32 free:1094524kB min:36184kB low:45228kB high:54272kB active_anon:576584kB inactive_anon:2640kB active_file:85200kB inactive_file:116192kB unevictable:16384kB writepending:692kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7840kB pagetables:5704kB bounce:0kB free_pcp:2456kB local_pcp:1320kB free_cma:0kB [ 998.302233][ T5566] lowmem_reserve[]: 0 0 1 1 [ 998.307108][ T5566] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 998.381084][ T5587] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 998.439882][ T5566] lowmem_reserve[]: 0 0 0 0 [ 998.445173][ T5566] Node 1 Normal free:3777532kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:244kB local_pcp:244kB free_cma:0kB [ 998.475671][ T5566] lowmem_reserve[]: 0 0 0 0 [ 998.480393][ T5566] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 998.529527][ T5566] Node 0 DMA32: 8441*4kB (UME) 4509*8kB (UME) 1751*16kB (UME) 754*32kB (UME) 481*64kB (UME) 51*128kB (UM) 29*256kB (U) 25*512kB (U) 9*1024kB (UE) 6*2048kB (UME) 219*4096kB (UM) = 1098044kB [ 998.565096][ T5566] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 998.592290][ T5566] Node 1 Normal: 1*4kB (U) 15*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777532kB [ 998.626054][ T5566] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 998.639224][ T5566] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 998.658400][ T5566] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 998.669170][ T5566] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 998.680093][ T5566] 50919 total pagecache pages [ 998.685029][ T5566] 0 pages in swap cache 05:19:35 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x3000000, 0x500]}) 05:19:35 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) write$FUSE_NOTIFY_INVAL_ENTRY(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="4b00000003000000000000000000000004000000000000002a000000000000006d643573756d545e70707030776c616e3140295c6367720000702c5e5e2e736575726974792d2f6c6f0000"], 0x4b) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:19:35 executing program 2: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x0, 0x0) read$alg(r0, &(0x7f0000000180)=""/207, 0xcf) ioctl$int_in(r0, 0x800000c0045002, &(0x7f0000000940)) read$char_usb(r0, &(0x7f00000003c0)=""/100, 0x64) 05:19:35 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) r3 = syz_open_dev$usb(&(0x7f0000000080)='/dev/bus/usb/00#/00#\x00', 0x3, 0x0) r4 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x80) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r4, 0x81785501, &(0x7f0000000340)=""/94) connect$caif(r4, &(0x7f0000000200), 0x18) ioctl$TUNGETDEVNETNS(r4, 0x54e3, 0x0) io_uring_register$IORING_REGISTER_EVENTFD(r3, 0x4, &(0x7f00000000c0)=r4, 0x1) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) 05:19:35 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:35 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202006000000010", 0x66, 0x400}], 0x0, 0x0) [ 998.689649][ T5566] Swap cache stats: add 0, delete 0, find 0/0 [ 998.696228][ T5566] Free swap = 0kB [ 998.700237][ T5566] Total swap = 0kB [ 998.704094][ T5566] 1965979 pages RAM [ 998.708599][ T5566] 0 pages HighMem/MovableOnly [ 998.714504][ T5566] 341179 pages reserved [ 998.718822][ T5566] 0 pages cma reserved [ 998.884543][ T5619] syz-executor.4: vmalloc: allocation failure: 10737516544 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:19:35 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 998.935638][ T5616] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 998.978302][ T5619] CPU: 1 PID: 5619 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 998.987368][ T5619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 998.997580][ T5619] Call Trace: [ 999.001984][ T5619] dump_stack+0x172/0x1f0 [ 999.006610][ T5619] warn_alloc.cold+0x87/0x17f [ 999.011319][ T5619] ? zone_watermark_ok_safe+0x260/0x260 [ 999.017002][ T5619] ? mark_lock+0xc2/0x1220 [ 999.021440][ T5619] ? __lock_acquire+0x8a0/0x4a00 [ 999.026431][ T5619] __vmalloc_node_range+0x483/0x7e0 [ 999.031764][ T5619] ? is_bpf_text_address+0xac/0x170 [ 999.036980][ T5619] ? kvm_arch_create_memslot+0xc3/0x570 [ 999.042537][ T5619] __vmalloc_node_flags_caller+0x71/0x90 [ 999.048162][ T5619] ? kvm_arch_create_memslot+0xc3/0x570 [ 999.053704][ T5619] kvmalloc_node+0xdc/0x100 [ 999.058213][ T5619] kvm_arch_create_memslot+0xc3/0x570 [ 999.063597][ T5619] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 999.069872][ T5619] __kvm_set_memory_region+0x13b5/0x1d00 [ 999.075516][ T5619] ? gfn_to_hva+0x470/0x470 [ 999.080015][ T5619] ? lock_downgrade+0x920/0x920 [ 999.084876][ T5619] kvm_set_memory_region+0x2f/0x50 [ 999.089983][ T5619] kvm_vm_ioctl+0x729/0x1860 [ 999.094588][ T5619] ? debug_check_no_obj_freed+0x20a/0x43f [ 999.100396][ T5619] ? find_held_lock+0x35/0x130 [ 999.105196][ T5619] ? kvm_unregister_device_ops+0x70/0x70 [ 999.110838][ T5619] ? lock_downgrade+0x920/0x920 [ 999.115698][ T5619] ? rwlock_bug.part.0+0x90/0x90 [ 999.120677][ T5619] ? tomoyo_path_number_perm+0x214/0x520 [ 999.126318][ T5619] ? find_held_lock+0x35/0x130 [ 999.131098][ T5619] ? lock_downgrade+0x920/0x920 [ 999.135946][ T5619] ? lockdep_hardirqs_on+0x418/0x5d0 [ 999.141231][ T5619] ? tomoyo_path_number_perm+0x459/0x520 [ 999.146961][ T5619] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 999.153316][ T5619] ? tomoyo_path_number_perm+0x263/0x520 [ 999.158967][ T5619] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 999.164839][ T5619] ? kvm_unregister_device_ops+0x70/0x70 [ 999.170653][ T5619] do_vfs_ioctl+0xdb6/0x13e0 [ 999.175288][ T5619] ? ioctl_preallocate+0x210/0x210 [ 999.180417][ T5619] ? __fget+0x384/0x560 [ 999.184580][ T5619] ? ksys_dup3+0x3e0/0x3e0 [ 999.189004][ T5619] ? nsecs_to_jiffies+0x30/0x30 [ 999.193892][ T5619] ? tomoyo_file_ioctl+0x23/0x30 [ 999.198827][ T5619] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 999.205072][ T5619] ? security_file_ioctl+0x8d/0xc0 [ 999.210186][ T5619] ksys_ioctl+0xab/0xd0 [ 999.214338][ T5619] __x64_sys_ioctl+0x73/0xb0 [ 999.218924][ T5619] do_syscall_64+0xfa/0x760 [ 999.223432][ T5619] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 999.229313][ T5619] RIP: 0033:0x4598e9 [ 999.233195][ T5619] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 999.252799][ T5619] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 999.261206][ T5619] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 999.269192][ T5619] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 05:19:35 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) r3 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x80) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r3, 0x81785501, &(0x7f0000000340)=""/94) connect$caif(r3, &(0x7f0000000200), 0x18) ioctl$TUNGETDEVNETNS(r3, 0x54e3, 0x0) ioctl$KVM_GET_NESTED_STATE(r3, 0xc080aebe, &(0x7f0000001880)={0x0, 0x0, 0x2080}) readv(r2, &(0x7f00000002c0), 0x1a5) [ 999.277180][ T5619] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 999.285294][ T5619] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 999.293459][ T5619] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 999.316380][ T5619] Mem-Info: [ 999.320021][ T5619] active_anon:144128 inactive_anon:661 isolated_anon:0 05:19:35 executing program 1: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) readv(r0, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r0, &(0x7f0000000080), 0x8) mq_getsetattr(r0, &(0x7f0000000180)={0x8, 0x4, 0x1, 0x6b, 0x1, 0x8000, 0x800, 0x8}, &(0x7f00000001c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) r2 = add_key$user(0x0, &(0x7f0000000300)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r2, 0x0, 0x0) socketpair$unix(0x1, 0x1000000000005, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_inet_SIOCSIFDSTADDR(r3, 0x8918, &(0x7f0000000280)={'caif0\x00', {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1e}}}) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000200)={r2, 0x2e}, &(0x7f0000000240)=ANY=[@ANYBLOB="656e633d706b63733120686173681a706f6c793100"/63], &(0x7f00000002c0)="52cc629803636331acefaf6a59592927de5a3b2f8f1b76a674cd5ab9d52361bc84282512cd6afa4bdd353bb6dfb8", &(0x7f0000000340)) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000200000/0x4000)=nil, 0x4000}}) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x8000, 0x0) getsockopt$inet_dccp_buf(r4, 0x21, 0xe, &(0x7f0000000100)=""/85, &(0x7f0000000040)=0x55) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 999.320021][ T5619] active_file:21599 inactive_file:29075 isolated_file:0 [ 999.320021][ T5619] unevictable:4096 dirty:190 writeback:0 unstable:0 [ 999.320021][ T5619] slab_reclaimable:13047 slab_unreclaimable:97088 [ 999.320021][ T5619] mapped:58972 shmem:252 pagetables:1391 bounce:0 [ 999.320021][ T5619] free:1222312 free_pcp:513 free_cma:0 [ 999.359884][ T5619] Node 0 active_anon:576512kB inactive_anon:2644kB active_file:86252kB inactive_file:116300kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235888kB dirty:756kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 550912kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 999.389457][ T5619] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:19:35 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") seccomp(0x2, 0x0, &(0x7f0000000080)={0x0, 0x0}) [ 999.389466][ T5619] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 999.389499][ T5619] lowmem_reserve[]: 0 2547 2548 2548 [ 999.389518][ T5619] Node 0 DMA32 free:1095592kB min:36184kB low:45228kB high:54272kB active_anon:576492kB inactive_anon:2644kB active_file:85200kB inactive_file:116216kB unevictable:16384kB writepending:748kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7808kB pagetables:5564kB bounce:0kB free_pcp:2048kB local_pcp:1292kB free_cma:0kB [ 999.389552][ T5619] lowmem_reserve[]: 0 0 1 1 [ 999.389569][ T5619] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 999.389598][ T5619] lowmem_reserve[]: 0 0 0 0 [ 999.389615][ T5619] Node 1 Normal free:3777732kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 999.389652][ T5619] lowmem_reserve[]: 0 0 0 0 [ 999.444056][ T5619] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB 05:19:36 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202006800000010", 0x66, 0x400}], 0x0, 0x0) 05:19:36 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = creat(&(0x7f0000000080)='./file0\x00', 0x8) ioctl$CAPI_REGISTER(r1, 0x400c4301, &(0x7f00000000c0)={0x2, 0x0, 0x649}) r2 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r2, &(0x7f0000000140), 0x4924b68, 0x0) getsockopt$bt_BT_FLUSHABLE(r2, 0x112, 0x8, &(0x7f0000000100)=0x80000001, &(0x7f0000000140)=0x4) ioctl(r0, 0x1000008912, &(0x7f0000000040)="1180000000000000005970") r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r4 = openat$cgroup_subtree(r3, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r4) openat$cgroup_int(r3, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r4, &(0x7f00000002c0), 0x1a5) [ 999.645755][ T5619] Node 0 DMA32: 7995*4kB (UME) 4557*8kB (UME) 1809*16kB (UME) 761*32kB (UME) 480*64kB (UME) 52*128kB (UM) 29*256kB (U) 25*512kB (U) 9*1024kB (UE) 4*2048kB (UE) 218*4096kB (UM) = 1089668kB [ 999.732204][ T5619] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 999.793599][ T5619] Node 1 Normal: 0*4kB 46*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777776kB [ 999.886949][ T5619] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 999.909186][ T5647] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 999.938005][ T5619] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 999.954478][ T5619] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 999.969197][ T5619] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 999.981272][ T5619] 50936 total pagecache pages [ 1000.022209][ T5619] 0 pages in swap cache [ 1000.026698][ T5619] Swap cache stats: add 0, delete 0, find 0/0 [ 1000.037541][ T5619] Free swap = 0kB [ 1000.045218][ T5619] Total swap = 0kB [ 1000.052583][ T5619] 1965979 pages RAM [ 1000.060046][ T5619] 0 pages HighMem/MovableOnly [ 1000.068641][ T5619] 341179 pages reserved [ 1000.076653][ T5619] 0 pages cma reserved 05:19:36 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x4000000, 0x500]}) 05:19:36 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getuid() gettid() r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x200004) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) r3 = socket(0x0, 0x0, 0xc) getsockopt$IP_VS_SO_GET_SERVICES(r3, 0x0, 0x482, 0x0, 0x0) 05:19:36 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(0xffffffffffffffff, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:36 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) socket$unix(0x1, 0x2, 0x0) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) 05:19:36 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202006c00000010", 0x66, 0x400}], 0x0, 0x0) [ 1000.259874][ T5671] syz-executor.4: vmalloc: allocation failure: 10737549312 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:19:36 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(0xffffffffffffffff, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1000.360894][ T5671] CPU: 0 PID: 5671 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1000.369970][ T5671] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1000.380056][ T5671] Call Trace: [ 1000.383373][ T5671] dump_stack+0x172/0x1f0 [ 1000.387744][ T5671] warn_alloc.cold+0x87/0x17f [ 1000.392456][ T5671] ? zone_watermark_ok_safe+0x260/0x260 [ 1000.398048][ T5671] ? mark_lock+0xc2/0x1220 [ 1000.402492][ T5671] ? __lock_acquire+0x8a0/0x4a00 [ 1000.407462][ T5671] __vmalloc_node_range+0x483/0x7e0 [ 1000.412679][ T5671] ? is_bpf_text_address+0xac/0x170 [ 1000.417909][ T5671] ? kvm_arch_create_memslot+0xc3/0x570 [ 1000.423486][ T5671] __vmalloc_node_flags_caller+0x71/0x90 [ 1000.429145][ T5671] ? kvm_arch_create_memslot+0xc3/0x570 [ 1000.434716][ T5671] kvmalloc_node+0xdc/0x100 [ 1000.439263][ T5671] kvm_arch_create_memslot+0xc3/0x570 [ 1000.444668][ T5671] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1000.451061][ T5671] __kvm_set_memory_region+0x13b5/0x1d00 [ 1000.456731][ T5671] ? gfn_to_hva+0x470/0x470 05:19:36 executing program 2: waitid(0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x89f7, &(0x7f0000000080)={'sit0\x00', @ifru_flags}) [ 1000.461269][ T5671] ? lock_downgrade+0x920/0x920 [ 1000.466188][ T5671] kvm_set_memory_region+0x2f/0x50 [ 1000.471326][ T5671] kvm_vm_ioctl+0x729/0x1860 [ 1000.475939][ T5671] ? debug_check_no_obj_freed+0x20a/0x43f [ 1000.481685][ T5671] ? find_held_lock+0x35/0x130 [ 1000.486482][ T5671] ? kvm_unregister_device_ops+0x70/0x70 [ 1000.492141][ T5671] ? lock_downgrade+0x920/0x920 [ 1000.497016][ T5671] ? rwlock_bug.part.0+0x90/0x90 [ 1000.501975][ T5671] ? tomoyo_path_number_perm+0x214/0x520 05:19:37 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(0xffffffffffffffff, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1000.508425][ T5671] ? find_held_lock+0x35/0x130 [ 1000.513230][ T5671] ? lock_downgrade+0x920/0x920 [ 1000.518115][ T5671] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1000.523415][ T5671] ? tomoyo_path_number_perm+0x459/0x520 [ 1000.523439][ T5671] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1000.523453][ T5671] ? tomoyo_path_number_perm+0x263/0x520 [ 1000.523470][ T5671] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1000.523502][ T5671] ? kvm_unregister_device_ops+0x70/0x70 [ 1000.523517][ T5671] do_vfs_ioctl+0xdb6/0x13e0 [ 1000.523532][ T5671] ? ioctl_preallocate+0x210/0x210 [ 1000.523550][ T5671] ? __fget+0x384/0x560 [ 1000.535687][ T5671] ? ksys_dup3+0x3e0/0x3e0 [ 1000.535705][ T5671] ? nsecs_to_jiffies+0x30/0x30 [ 1000.535725][ T5671] ? tomoyo_file_ioctl+0x23/0x30 [ 1000.535742][ T5671] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1000.535758][ T5671] ? security_file_ioctl+0x8d/0xc0 [ 1000.535772][ T5671] ksys_ioctl+0xab/0xd0 [ 1000.535789][ T5671] __x64_sys_ioctl+0x73/0xb0 [ 1000.574595][ T5668] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1000.575954][ T5671] do_syscall_64+0xfa/0x760 [ 1000.575978][ T5671] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1000.575990][ T5671] RIP: 0033:0x4598e9 [ 1000.576003][ T5671] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1000.576018][ T5671] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1000.651887][ T5671] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 05:19:37 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) socket$inet6(0xa, 0x6, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r1, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1000.651903][ T5671] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1000.667830][ T5671] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1000.667839][ T5671] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1000.667846][ T5671] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1000.704082][ T5671] Mem-Info: 05:19:37 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x11000008912, &(0x7f0000000000)="11dca50d6c0bcfe47bf070") r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/igmp6\x00') preadv(r1, &(0x7f0000000340)=[{&(0x7f0000000500)=""/4096, 0x1000}], 0x1, 0x0) 05:19:37 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) readv(r1, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r1, &(0x7f0000000080), 0x8) ioctl$BLKGETSIZE64(r1, 0x80081272, &(0x7f0000000000)) [ 1000.707474][ T5671] active_anon:144138 inactive_anon:660 isolated_anon:0 [ 1000.707474][ T5671] active_file:21599 inactive_file:29109 isolated_file:0 [ 1000.707474][ T5671] unevictable:4096 dirty:200 writeback:0 unstable:0 [ 1000.707474][ T5671] slab_reclaimable:13053 slab_unreclaimable:96733 [ 1000.707474][ T5671] mapped:58971 shmem:253 pagetables:1397 bounce:0 [ 1000.707474][ T5671] free:1222674 free_pcp:536 free_cma:0 [ 1000.747830][ T5671] Node 0 active_anon:576552kB inactive_anon:2640kB active_file:86252kB inactive_file:116436kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235884kB dirty:796kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 557056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1000.778164][ T5671] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1000.807817][ T5671] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1000.848657][ T5671] lowmem_reserve[]: 0 2547 2548 2548 [ 1000.854688][ T5671] Node 0 DMA32 free:1097308kB min:36184kB low:45228kB high:54272kB active_anon:576532kB inactive_anon:2640kB active_file:85200kB inactive_file:116352kB unevictable:16384kB writepending:788kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7776kB pagetables:5736kB bounce:0kB free_pcp:1764kB local_pcp:936kB free_cma:0kB 05:19:37 executing program 2: r0 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) write$binfmt_script(r0, &(0x7f0000000300)=ANY=[@ANYRES32], 0x1037b) recvmmsg(r0, &(0x7f0000007b00)=[{{&(0x7f00000057c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, 0x0}}], 0x1, 0x0, 0x0) [ 1001.027486][ T5671] lowmem_reserve[]: 0 0 1 1 [ 1001.033993][ T5671] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1001.125284][ T5671] lowmem_reserve[]: 0 0 0 0 [ 1001.164681][ T5671] Node 1 Normal free:3777776kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1001.215293][ T5671] lowmem_reserve[]: 0 0 0 0 [ 1001.220412][ T5671] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1001.236257][ T5671] Node 0 DMA32: 7414*4kB (UME) 4686*8kB (UME) 1946*16kB (UME) 802*32kB (UME) 483*64kB (UME) 56*128kB (UM) 26*256kB (U) 25*512kB (U) 9*1024kB (UE) 7*2048kB (UME) 218*4096kB (UM) = 1097960kB [ 1001.255986][ T5671] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1001.269423][ T5671] Node 1 Normal: 0*4kB 46*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777776kB [ 1001.287673][ T5671] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1001.304673][ T5671] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1001.315431][ T5671] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1001.325701][ T5671] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1001.336547][ T5671] 50943 total pagecache pages [ 1001.341352][ T5671] 0 pages in swap cache [ 1001.347211][ T5671] Swap cache stats: add 0, delete 0, find 0/0 [ 1001.353638][ T5671] Free swap = 0kB [ 1001.357385][ T5671] Total swap = 0kB [ 1001.361107][ T5671] 1965979 pages RAM 05:19:37 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x5000000, 0x500]}) 05:19:37 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) socket$inet6(0xa, 0x6, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r1, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:37 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202007400000010", 0x66, 0x400}], 0x0, 0x0) 05:19:37 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='cpuacct.usage_percpu\x00', 0x0, 0x0) bind$bt_sco(r2, &(0x7f00000000c0)={0x1f, {0x80, 0x3, 0x8, 0x5394, 0x96, 0x100000000}}, 0x8) r3 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r3) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) ioctl$TIOCEXCL(r2, 0x540c) readv(r3, &(0x7f00000002c0), 0x1a5) 05:19:37 executing program 2: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x20002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffdffffffffffffd, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x200000000011, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r2, &(0x7f00000000c0)={0x2, 0x4e23, @broadcast}, 0x10) sendto$inet(r2, 0x0, 0xfea2, 0x20000802, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) sendto$inet(r2, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0xffffffd8) [ 1001.365035][ T5671] 0 pages HighMem/MovableOnly [ 1001.369714][ T5671] 341179 pages reserved [ 1001.375122][ T5671] 0 pages cma reserved 05:19:38 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) socket$inet6(0xa, 0x6, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r1, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1001.541231][ T5727] syz-executor.4: vmalloc: allocation failure: 10737582080 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:19:38 executing program 5: socket$inet_udplite(0x2, 0x2, 0x88) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r1) openat$cgroup_int(r0, &(0x7f00000000c0)='\x87\xe9[E\xff!4y`\xb5\xc68J=\xa8\xf8Of\xee\x9f\x8a\xfb\xf4\xae6\xe1\x01B\xf4\x1a,\xcb\x0f\x86\t\xcb\x00J\xadD\xa7/N\x90pF~u7\x03\xbb\xdbj\x95PO_\x1ac?\xbe{i\x12\xf44E\xebsg\xd2eI<\x92\x13\xf6\x84](\xcf:\x9c\xd9y\xcc\x9e\xe7,\xd7X\x87\x10\x01W\x99\xc6\xe3\x9e\xe2.\x98]\a\x8b\xc3H\xd3 >\xb5\x7fH\x16\xe6X\xf8{\x1a\xb1I\x97=\x1e\xec\xf6\x85\xbdX=\x8fc\x01\t\x18\xa8#?\xca@\x89\xab\x82Ek\x14\xd8u\xea\xd2\xc8\xae\xf6f\xe8\b\xb9\xc5;\xba', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x30a}}], 0x1, 0x0, 0x0) readv(r1, &(0x7f0000000840)=[{&(0x7f0000000280)=""/121, 0x79}, {&(0x7f0000000300)=""/225, 0xe1}, {&(0x7f00000001c0)=""/37, 0x25}, {&(0x7f0000000400)=""/250, 0xfa}, {&(0x7f0000000500)}, {&(0x7f0000000540)=""/112, 0x70}, {&(0x7f00000005c0)=""/251, 0xfb}, {&(0x7f00000006c0)=""/200, 0xc8}, {&(0x7f00000007c0)=""/73, 0x49}], 0x9) [ 1001.609632][ T5727] CPU: 0 PID: 5727 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1001.618899][ T5727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1001.618906][ T5727] Call Trace: [ 1001.618931][ T5727] dump_stack+0x172/0x1f0 [ 1001.618954][ T5727] warn_alloc.cold+0x87/0x17f [ 1001.618971][ T5727] ? zone_watermark_ok_safe+0x260/0x260 [ 1001.619001][ T5727] ? mark_lock+0xc2/0x1220 [ 1001.619013][ T5727] ? __lock_acquire+0x8a0/0x4a00 [ 1001.619035][ T5727] __vmalloc_node_range+0x483/0x7e0 [ 1001.619050][ T5727] ? is_bpf_text_address+0xac/0x170 [ 1001.619071][ T5727] ? kvm_arch_create_memslot+0xc3/0x570 [ 1001.619086][ T5727] __vmalloc_node_flags_caller+0x71/0x90 [ 1001.619100][ T5727] ? kvm_arch_create_memslot+0xc3/0x570 [ 1001.619117][ T5727] kvmalloc_node+0xdc/0x100 [ 1001.619134][ T5727] kvm_arch_create_memslot+0xc3/0x570 [ 1001.619152][ T5727] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1001.619172][ T5727] __kvm_set_memory_region+0x13b5/0x1d00 [ 1001.704269][ T5727] ? gfn_to_hva+0x470/0x470 [ 1001.704294][ T5727] ? lock_downgrade+0x920/0x920 [ 1001.704323][ T5727] kvm_set_memory_region+0x2f/0x50 [ 1001.704340][ T5727] kvm_vm_ioctl+0x729/0x1860 [ 1001.704355][ T5727] ? debug_check_no_obj_freed+0x20a/0x43f [ 1001.704368][ T5727] ? find_held_lock+0x35/0x130 [ 1001.704386][ T5727] ? kvm_unregister_device_ops+0x70/0x70 [ 1001.704405][ T5727] ? lock_downgrade+0x920/0x920 [ 1001.704422][ T5727] ? rwlock_bug.part.0+0x90/0x90 [ 1001.746291][ T5727] ? tomoyo_path_number_perm+0x214/0x520 [ 1001.756227][ T5727] ? find_held_lock+0x35/0x130 [ 1001.756249][ T5727] ? lock_downgrade+0x920/0x920 [ 1001.756263][ T5727] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1001.756281][ T5727] ? tomoyo_path_number_perm+0x459/0x520 [ 1001.782579][ T5727] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1001.788855][ T5727] ? tomoyo_path_number_perm+0x263/0x520 [ 1001.794516][ T5727] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1001.800364][ T5727] ? kvm_unregister_device_ops+0x70/0x70 [ 1001.806032][ T5727] do_vfs_ioctl+0xdb6/0x13e0 [ 1001.810647][ T5727] ? ioctl_preallocate+0x210/0x210 [ 1001.816143][ T5727] ? __fget+0x384/0x560 [ 1001.820326][ T5727] ? ksys_dup3+0x3e0/0x3e0 [ 1001.824855][ T5727] ? nsecs_to_jiffies+0x30/0x30 [ 1001.829770][ T5727] ? tomoyo_file_ioctl+0x23/0x30 [ 1001.834998][ T5727] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1001.841260][ T5727] ? security_file_ioctl+0x8d/0xc0 [ 1001.846482][ T5727] ksys_ioctl+0xab/0xd0 [ 1001.850663][ T5727] __x64_sys_ioctl+0x73/0xb0 [ 1001.855270][ T5727] do_syscall_64+0xfa/0x760 05:19:38 executing program 5: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$DRM_IOCTL_GET_MAP(r0, 0xc0286404, &(0x7f00000000c0)={&(0x7f0000ffe000/0x2000)=nil, 0xfffffffeffffffff, 0x12646e7c0fc9d263, 0x105, &(0x7f0000ff9000/0x4000)=nil, 0x8000}) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r2, &(0x7f0000000140), 0x4924b68, 0x0) getpeername$inet(r2, &(0x7f0000000100)={0x2, 0x0, @loopback}, &(0x7f0000000140)=0x10) ioctl(r1, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r3 = syz_open_dev$admmidi(&(0x7f00000003c0)='/dev/admmidi#\x00', 0x10001, 0x101002) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000440)='TIPC\x00') sendmsg$TIPC_CMD_GET_BEARER_NAMES(r3, &(0x7f0000000500)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x2100000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r4, 0x400, 0x70bd28, 0x25dfdbfb, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x20000010) sendmsg$TIPC_CMD_RESET_LINK_STATS(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f0000000540)=ANY=[@ANYBLOB="c0b82c1d01b7e36127ef89e67556a7110e470fc5f9d1996926ee5230acbd21a7bd2879aefd4a62f8518417be1fdcae6a7dd045a2a091f3adc2f4cec65ca875603630e1f857fd902b6d4e8e3364c558cfba40a6332b6fd73c5145af61e5fc2fa899abbe0f6bbb1172f685ca0f29c694aa07c249d383933bc551a2d52d54d2a0802dccd085357473e82959ab072f131a77b52748d956b0475b9ee8bc03990ffca2255124d1803b7a247035", @ANYRES16=r4, @ANYBLOB="000025bd7000fcdbdf2501000000000000000c4100000014001462726f6164636173742d6c696e6b0000"], 0x30}, 0x1, 0x0, 0x0, 0x20000080}, 0x1000) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r6 = openat$cgroup_subtree(r5, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) timer_create(0x3, &(0x7f00000001c0)={0x0, 0x3c, 0x4, @tid=0xffffffffffffffff}, &(0x7f0000000280)=0x0) clock_gettime(0x0, &(0x7f00000002c0)={0x0, 0x0}) timer_settime(r7, 0x668482581934e281, &(0x7f0000000300)={{0x77359400}, {r8, r9+10000000}}, &(0x7f0000000340)) close(r6) openat$cgroup_int(r5, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r6, &(0x7f00000002c0), 0x1a5) [ 1001.859981][ T5727] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1001.865892][ T5727] RIP: 0033:0x4598e9 [ 1001.869800][ T5727] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1001.889547][ T5727] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1001.898312][ T5727] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 05:19:38 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r1, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1001.898328][ T5727] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1001.914553][ T5727] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1001.922530][ T5727] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1001.922540][ T5727] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1001.939560][ T5719] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities 05:19:38 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x80001, 0x0) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000040)={0x29, 0x6, 0x0, {0x4, 0x2}}, 0x29) r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x80) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r2, 0x81785501, &(0x7f0000000340)=""/94) connect$caif(r2, &(0x7f0000000200), 0x18) ioctl$TUNGETDEVNETNS(r2, 0x54e3, 0x0) r3 = creat(&(0x7f0000000280)='./file0\x00', 0x0) close(r3) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f0000000000)=[{}, {}], r5, 0x1, 0x1, 0x400000}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f0000000140)={0x16, 0x98, 0xfa00, {&(0x7f0000000100), 0x3, r5, 0x10, 0x1, @ib={0x1b, 0x3, 0x7, {"20086e98f03a2c2b4fba77e04d476755"}, 0x7fff, 0x2, 0x7}}}, 0xa0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1001.997985][ T5727] Mem-Info: [ 1002.001435][ T5727] active_anon:144655 inactive_anon:661 isolated_anon:0 [ 1002.001435][ T5727] active_file:21600 inactive_file:29098 isolated_file:0 [ 1002.001435][ T5727] unevictable:4096 dirty:224 writeback:0 unstable:0 [ 1002.001435][ T5727] slab_reclaimable:13046 slab_unreclaimable:96320 [ 1002.001435][ T5727] mapped:58990 shmem:253 pagetables:1439 bounce:0 [ 1002.001435][ T5727] free:1221811 free_pcp:495 free_cma:0 [ 1002.058764][ T5727] Node 0 active_anon:578620kB inactive_anon:2644kB active_file:86256kB inactive_file:116392kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235960kB dirty:892kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 550912kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1002.095651][ T5727] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:19:38 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202007a00000010", 0x66, 0x400}], 0x0, 0x0) 05:19:38 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}, 0x10000000}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) [ 1002.336017][ T5727] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1002.392798][ T5727] lowmem_reserve[]: 0 2547 2548 2548 [ 1002.398584][ T5727] Node 0 DMA32 free:1098004kB min:36184kB low:45228kB high:54272kB active_anon:576672kB inactive_anon:2644kB active_file:85204kB inactive_file:116308kB unevictable:16384kB writepending:884kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7936kB pagetables:5756kB bounce:0kB free_pcp:1944kB local_pcp:1108kB free_cma:0kB [ 1002.498843][ T5765] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1002.534785][ T5727] lowmem_reserve[]: 0 0 1 1 [ 1002.544932][ T5727] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1002.573494][ T5727] lowmem_reserve[]: 0 0 0 0 [ 1002.578048][ T5727] Node 1 Normal free:3777768kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1002.610537][ T5727] lowmem_reserve[]: 0 0 0 0 [ 1002.615315][ T5727] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1002.629859][ T5727] Node 0 DMA32: 6893*4kB (UME) 4509*8kB (UME) 2181*16kB (UME) 822*32kB (UME) 483*64kB (UME) 56*128kB (UM) 26*256kB (U) 25*512kB (U) 9*1024kB (UE) 6*2048kB (UME) 219*4096kB (UM) = 1100908kB [ 1002.649103][ T5727] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1002.662510][ T5727] Node 1 Normal: 0*4kB 45*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777768kB [ 1002.698925][ T5727] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1002.718500][ T5727] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1002.728905][ T5727] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1002.739123][ T5727] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 05:19:39 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x6000000, 0x500]}) 05:19:39 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r1, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") seccomp(0x2, 0x0, &(0x7f00000005c0)={0xfffffffffffffd08, 0x0}) 05:19:39 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdf6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:19:39 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) r3 = openat$md(0xffffffffffffff9c, &(0x7f0000000080)='/dev/md0\x00', 0xa20c2, 0x0) ioctl$BLKGETSIZE(r3, 0x1260, &(0x7f00000000c0)) readv(r2, &(0x7f00000002c0), 0x1a5) 05:19:39 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000003000010", 0x66, 0x400}], 0x0, 0x0) [ 1002.758596][ T5727] 50950 total pagecache pages [ 1002.764283][ T5727] 0 pages in swap cache [ 1002.768533][ T5727] Swap cache stats: add 0, delete 0, find 0/0 [ 1002.775302][ T5727] Free swap = 0kB [ 1002.779333][ T5727] Total swap = 0kB [ 1002.783602][ T5727] 1965979 pages RAM [ 1002.790713][ T5727] 0 pages HighMem/MovableOnly [ 1002.796681][ T5727] 341179 pages reserved [ 1002.800957][ T5727] 0 pages cma reserved 05:19:39 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r1, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1002.944280][ T5787] syz-executor.4: vmalloc: allocation failure: 10737614848 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1003.016887][ T5787] CPU: 0 PID: 5787 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1003.025989][ T5787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1003.036054][ T5787] Call Trace: [ 1003.039396][ T5787] dump_stack+0x172/0x1f0 [ 1003.043761][ T5787] warn_alloc.cold+0x87/0x17f [ 1003.048462][ T5787] ? zone_watermark_ok_safe+0x260/0x260 [ 1003.054110][ T5787] ? mark_lock+0xc2/0x1220 [ 1003.058546][ T5787] ? __lock_acquire+0x8a0/0x4a00 05:19:39 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000940)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x80) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r2, 0x81785501, &(0x7f0000000340)=""/94) connect$caif(r2, &(0x7f0000000200), 0x18) ioctl$VIDIOC_G_EDID(r2, 0xc0285628, &(0x7f00000006c0)={0x0, 0x1000, 0x9, [], &(0x7f0000000680)=0x9}) ioctl$TUNGETDEVNETNS(r2, 0x54e3, 0x0) ioctl$ION_IOC_HEAP_QUERY(r2, 0xc0184908, &(0x7f00000000c0)={0x34, 0x0, &(0x7f0000000080)}) r3 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r3) r4 = syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0x80, 0x20400) recvmsg$kcm(r4, &(0x7f0000000300)={&(0x7f0000000280)=@x25, 0x80, &(0x7f00000001c0)=[{&(0x7f00000003c0)=""/67, 0x43}, {&(0x7f0000000140)=""/63, 0x3f}, {&(0x7f0000000440)=""/131, 0x83}, {&(0x7f0000000500)=""/116, 0x74}], 0x4, &(0x7f0000000580)=""/242, 0xf2}, 0x10100) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r3, &(0x7f0000000900)=[{&(0x7f0000000700)=""/120}, {&(0x7f0000000780)=""/196}, {&(0x7f0000000880)=""/31}, {&(0x7f00000008c0)=""/22}], 0x77) [ 1003.063607][ T5787] __vmalloc_node_range+0x483/0x7e0 [ 1003.069032][ T5787] ? is_bpf_text_address+0xac/0x170 [ 1003.074368][ T5787] ? kvm_arch_create_memslot+0xc3/0x570 [ 1003.079928][ T5787] __vmalloc_node_flags_caller+0x71/0x90 [ 1003.085583][ T5787] ? kvm_arch_create_memslot+0xc3/0x570 [ 1003.091394][ T5787] kvmalloc_node+0xdc/0x100 [ 1003.096012][ T5787] kvm_arch_create_memslot+0xc3/0x570 [ 1003.101401][ T5787] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1003.107632][ T5787] __kvm_set_memory_region+0x13b5/0x1d00 [ 1003.113272][ T5787] ? gfn_to_hva+0x470/0x470 [ 1003.117785][ T5787] ? lock_downgrade+0x920/0x920 [ 1003.122652][ T5787] kvm_set_memory_region+0x2f/0x50 [ 1003.127766][ T5787] kvm_vm_ioctl+0x729/0x1860 [ 1003.132350][ T5787] ? debug_check_no_obj_freed+0x20a/0x43f [ 1003.138073][ T5787] ? find_held_lock+0x35/0x130 [ 1003.142828][ T5787] ? kvm_unregister_device_ops+0x70/0x70 [ 1003.148565][ T5787] ? lock_downgrade+0x920/0x920 [ 1003.153514][ T5787] ? rwlock_bug.part.0+0x90/0x90 [ 1003.158562][ T5787] ? tomoyo_path_number_perm+0x214/0x520 [ 1003.164292][ T5787] ? find_held_lock+0x35/0x130 [ 1003.169183][ T5787] ? lock_downgrade+0x920/0x920 [ 1003.174343][ T5787] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1003.180130][ T5787] ? tomoyo_path_number_perm+0x459/0x520 [ 1003.185788][ T5787] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1003.192126][ T5787] ? tomoyo_path_number_perm+0x263/0x520 [ 1003.197757][ T5787] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1003.203586][ T5787] ? kvm_unregister_device_ops+0x70/0x70 [ 1003.209259][ T5787] do_vfs_ioctl+0xdb6/0x13e0 [ 1003.213935][ T5787] ? ioctl_preallocate+0x210/0x210 [ 1003.219272][ T5787] ? __fget+0x384/0x560 [ 1003.223454][ T5787] ? ksys_dup3+0x3e0/0x3e0 [ 1003.227861][ T5787] ? nsecs_to_jiffies+0x30/0x30 [ 1003.232815][ T5787] ? tomoyo_file_ioctl+0x23/0x30 [ 1003.237922][ T5787] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1003.244184][ T5787] ? security_file_ioctl+0x8d/0xc0 [ 1003.249308][ T5787] ksys_ioctl+0xab/0xd0 [ 1003.253453][ T5787] __x64_sys_ioctl+0x73/0xb0 [ 1003.258048][ T5787] do_syscall_64+0xfa/0x760 [ 1003.262550][ T5787] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1003.268757][ T5787] RIP: 0033:0x4598e9 [ 1003.272659][ T5787] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1003.292457][ T5787] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1003.301412][ T5787] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1003.309588][ T5787] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 05:19:39 executing program 2: r0 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0xc7b3, 0x0) ioctl$EVIOCGABS3F(r0, 0x8018457f, &(0x7f0000000200)=""/120) [ 1003.317546][ T5787] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1003.325755][ T5787] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1003.333812][ T5787] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1003.358288][ T5787] Mem-Info: [ 1003.361717][ T5787] active_anon:143583 inactive_anon:661 isolated_anon:0 05:19:39 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3ff, 0x44580, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x7, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0xfffefffffffffffc, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) fanotify_init(0x45, 0x1000) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$TUNSETTXFILTER(0xffffffffffffffff, 0x400454d1, &(0x7f0000000040)={0x1, 0x3, [@broadcast, @remote, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x91600fa02460f43c}]}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r1 = syz_open_dev$vivid(&(0x7f0000000000)='/dev/video#\x00', 0x0, 0x2) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x84001, 0x0) renameat2(r2, &(0x7f0000000140)='./file0\x00', r1, &(0x7f0000000180)='./file0\x00', 0x1) [ 1003.361717][ T5787] active_file:21599 inactive_file:29108 isolated_file:0 [ 1003.361717][ T5787] unevictable:4096 dirty:243 writeback:0 unstable:0 [ 1003.361717][ T5787] slab_reclaimable:13039 slab_unreclaimable:96391 [ 1003.361717][ T5787] mapped:58992 shmem:252 pagetables:1380 bounce:0 [ 1003.361717][ T5787] free:1223567 free_pcp:559 free_cma:0 [ 1003.418319][ T5784] EXT4-fs (loop3): Can't mount with encoding and encryption 05:19:40 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:40 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) socketpair(0xf6cc09690dadf848, 0x80000, 0x7ff, &(0x7f0000000080)) readv(r2, &(0x7f00000002c0), 0x1a5) [ 1003.539062][ T5787] Node 0 active_anon:576600kB inactive_anon:2644kB active_file:86252kB inactive_file:116432kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235868kB dirty:968kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 550912kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1003.590399][ T5787] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1003.619693][ T5787] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1003.745882][ T5787] lowmem_reserve[]: 0 2547 2548 2548 [ 1003.766694][ T5787] Node 0 DMA32 free:1099684kB min:36184kB low:45228kB high:54272kB active_anon:572340kB inactive_anon:2644kB active_file:85200kB inactive_file:116348kB unevictable:16384kB writepending:960kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7680kB pagetables:5816kB bounce:0kB free_pcp:1952kB local_pcp:1200kB free_cma:0kB [ 1003.818647][ T5787] lowmem_reserve[]: 0 0 1 1 [ 1003.823773][ T5787] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1003.854372][ T5787] lowmem_reserve[]: 0 0 0 0 [ 1003.858932][ T5787] Node 1 Normal free:3777768kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1003.890213][ T5787] lowmem_reserve[]: 0 0 0 0 [ 1003.895183][ T5787] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1003.919427][ T5787] Node 0 DMA32: 6865*4kB (UME) 4076*8kB (UME) 2236*16kB (UME) 872*32kB (UME) 484*64kB (UME) 57*128kB (UM) 26*256kB (U) 25*512kB (U) 9*1024kB (UE) 7*2048kB (UME) 219*4096kB (UM) = 1102052kB [ 1003.938610][ T5787] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1003.952273][ T5787] Node 1 Normal: 0*4kB 44*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777760kB [ 1003.969884][ T5787] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1003.979544][ T5787] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1003.988874][ T5787] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1003.998631][ T5787] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1004.008042][ T5787] 50967 total pagecache pages [ 1004.012809][ T5787] 0 pages in swap cache 05:19:40 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x7000000, 0x500]}) 05:19:40 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202001004000010", 0x66, 0x400}], 0x0, 0x0) 05:19:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000013000/0x18000)=nil, &(0x7f00000008c0)=[@textreal={0x8, &(0x7f0000000040)="0f20e06635000001000f22e0660f71d300dadec4c3c5cf600b010500002e660f388209677d00640f1a070f01df65670fc79b00580000", 0x36}], 0x1, 0x0, 0x0, 0xffffffffffffff15) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000180)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000240)=ANY=[@ANYBLOB="05000000000000007bf1551f07000000bd164466000000001f000000ce3c00009f0100000000000000000000000000000b40000007000000020000007c0776000100000006000000ff03000000000000000000000000000007000000000000000500000048000000cfdd67089b"]) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:19:40 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:40 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) sendto(0xffffffffffffffff, &(0x7f0000000100)="5eca21fc31d51cfde70557544325f99b3708d91cf64b2405644725bce70b2626d62bdb4c2e6f18da551d9cacb34384d6a4bca1d83acebe09d2b03ca6512c23e7e35259ca6c0228a90bc1d70d270195f194f5d0daf90a3997f1419330f1c24791986551e377609c7d3a16bfcb4124e0413fe3da8a2ce8bc8aea835109971e12a7ac7b8be17e4a4f5a99756907d7648683793f57a546e26949f5b49b832ac3a56ffe963647bfcea5d300a540dd9fc2dd27b5e3c1cada78c058b3d788fd4ba5c288d4ffb4af9629a816139a1c293eaf22a6176ac6c1741ea9e65a223328811509136205c794c1f06d3589b63cf273a98db46c9976f7682aa10e27fbde4f8d4be58cc37297eca10e82d05303410c52b44f357f4430f94a707c663625c8b8aaced2f5207b144c6492637fbc9cf044eb75f78e2291adfdfda1002285e11df7c9f047370988c2aa07cade0127a2e9ea8479f0926c14a40ba31e81299dc5b10e6715110e80a6c574415a67c405b3580d689c21c7011729b7354cefa7bb5c704d7f64c5c6e33e359454a5bf8564d67970c4636fc3df0603a023ee9bd3763c4e652c8f61fe68a919fb225591c1bf28378721b873b9dd551db99e11bf5232a69f95d3c9f7624922710fcde81c301734b2e7e3c912e47c596824182048c0be763f97bfca97aeae0a4a4e2de4dd97f66a87d3ba553297df5088acded20280e6a7926e81a89e01e5587ae46e1dd10d70cf24af637096b544d36ba08c4a882cb24f16a17481eb6db3da64debb714075834dc27c90350da2ff47051641079a08152b1c72475b38bcf4f6edcb8c0fe26c83eedff39d59454663cabf917683ab48fe73b5c393710e4e5d8e10d6e1c01c682ff419f53360b0481659c2bcbf655fcc0b2b6f40188ec3f8f3dc6457264e2645c558082491043b69828516706213af9135a17dcb9ce84a521539d170a24c97a7944d497667c281f5f4398412065bec82035259294a68490c1e2f3995193a8ff968f171e0b9b40b364623ad9ef88a7307b3683d4906f571bf5f083be76f687be235287d17fc464d10ed06b09030962ed24b91edb19760c5312d1697477b84a60226268532305fcf53e4a623545c2f7685e5f8cd6f5526f86bb4f98301c935619cc7ce795450972803d7799cd9fd65589b98b67644919a486fa8c7dcc706ae3c23bf521e901bd40fa5566aee56f62d1e0a67623e6c3f83e608b8fab6619ff954fe4c3f800878e2a68e938d875b475d26528ef7acc3c30556d1c42ba6264e22e41c69fb6f5ab50f1ce58aa0da61f92770ac26e350d215d83b45f2452f1e3b4014d7331e8b01458d7bb766ba44758f2476346c465bb18b78d0019bbaadc56c6d1ff1365c5fc1c56c304a2348e76fe109e24b55d93ff1457e7aee757bb70144b70fd8dd2dd802ad75b950c663a95fd50a3bf11e838daaa75d44b6b90601d2e5c158edfb83190f6a0a19a3864bcf35593ad7d8a8c5bc59fc27c2187656b6f03d795f8db997e0b039670a75c51d1d9c2211f51f130666381ee845d60d22c7c9bddafc4e061f8a309ac43127bf3074ba99092e23cb51c19f38bad5f5fed04f5c73c73a8ed98c12a2dcd5382adc249b43ab2825064e62e1f589644f5a68f76c43cc87d3a9a051743df8d1a85619ca41e72ee82bfa47866db6b5edcc11dc776b6671db93f49a06d7ed2b5a1e9f0fb1d6a6a1e689134ae9e21e7353dcd94577902635ab8da529863b8f123cc1e75a5e766c2acc3a2b1ca69c785088642327879f0dbd084ea8a45efed0f681e8fd738bec1a14f34845795bf875eaf8c8ce8997d34bab6db2d03f68f9f46c285339ef3e19072ed1445c3f54ac6378b41738d2c0e0e970e8333fca1aa6760d085e083c23f4ae7bb08013f6f7e1e6a6aa276a7e01058c049df42a47901e627f6cf832ddbdb2f760ebad48e0f4d121915ff55e3d5777ef3e3f0b554a5084f2ff070eb99b2125ac8be94d1f87a6fc67c8d541ed235f2664780cc4ecd5c7b7318cb16727d405d069a825236c60169506d74140501ef59148956b0bea4d6616898bc592227bcacd619390e5fb56d97216701263d79ac612759ff5e5d652cbf15b011ae16f67cdd2d8845cfd1b9dd649ff95690d85130185c48f0fe8a4268c0051886c6eeec402e998342db4758bf43014a832c6da42a3a9275b29cb7c64045d3e0366af2f89ce0c627021a21e179b19856d3d29eef39d0386754ec37ab89f1671cfa9ff3a80b92fc2f253348919090cebf588f6d383f42538658a885e41cff98e5b5ffbedcd2760da973f8f12aed43ac5c0c322b239df9098b9b8d8a8cbf9043b2caa027caa0d8cd12a1518b41b06a9801ac120840f52126225ea7707b7675736ced34b060a41fb48766d2bd7f33c00d519d18874499bce8e44a5732a8ceb4730ca0869008092b02a51c48ed73c0f064f4360ba91f3cb264129ce1ebf88687b4feca93c3ffb3509be9dc4fc333833c07bc051754967d3109f5f57059d6c111342d03dbf264f55e8b3adba0a302a9443b63f547d4a662f685b74c8224f7b62e15c6ec7d1d68c194a4b0de43c16654723d091df3ff5a61af4410dfdc7cba4522a2bc12e25844d6a092e53b079e020541866fa34cd26c21fc7edca41fbd8e718d9026cdd856a5f700f3a2caed002b93945e486232d8484a1730b484910cf7aa8c9a7ed13fd12f153e6be69fd1418fd775d7cf043e2d53c8af6fdb95e55e2cec17db78879c95da704018d13a6fe6efe984dfde0f63dc9070fceffe66a987268119e7f4212046632fc932e79f1ed531e5d0cd890c067a657f882ef6a5d1ad827c0020556521a56b21877b22b76eea56684cf44252d96609f219981ca62b1d1fbef654d2d2778494e383cb9c483c466b40217eb83118ddd1ce09d7e1eb9a55897411ece7bd276f9143491fceb5ac47828ee79526ed29e6b9c9f8fe941f2bb8fe157a225eb724ea7c379f2789d0b1864a2ee52bf94ceb33885d22f993e3c54a06d21a5a0d368239129abb8fc1b7fb687cc172c823433b8c80e09976a63f72b34071778484a3653b6539004e32dea68276a942d37e41702f1aff4da5c0d2d78ccb813e92d26ef7e628f6b4ce851eee76febdbad723f7f4c4d51cc3c66189c053f3df727a85cdbe30bf068ea653f767d4647a2d75f4364c53e45c3944de7529ab84d23993982933d12b4e4c9ac05821135ded1411dc677d62aa8c47b9d9da27da50cbdba9e177033a0a19a6910eff53aa40dfbc57e1eb69cc2e51dc6805e38ae5051fb32e2f4ec120e6fcc0bef43ac90e1689d90622f36636ac43b75bbcb09194ce1a43e65fcaa129aa0a65d2dae3e26f3c3a2d2627660bcb57ad31852d0a3a88575b63022fd54f5038d6d85dc53486c7f34b0d8e4f451b289c191062dc53dcf31e9ae739b4a060944e25854a44fa00d907b2be809278a2cf9d147d212e0f4b60d7a95bfee650a9b505bb9222d0c860d9921d07ae362f3164082565817294cc6cf88c5dd1a50c5eaabbd61066815e89ebf7983dbadcc8a6067ad647333af5045f8ee114ac5734076b6912c81fe4bfb6b9730ab9f897d6568799caae2830a5b65e0f65c88c99690d47d2ea9528e449b117c3e59ba9b9455393bb06f9a507b8768a2b6ac7b0891221ccfbf794b3f724b8cccae5ed3c3a25c936a06f2bb764c5d84b7a26aa2e7b4498c15823ceda031b9af80d1b0e86392920bb1bb3a28278f601021e329ef008aefaa0bedb78dddd594095d888da1b4348b3111e42beca395f9a103c0527f53b66b4ac7bd528ef28789b5f8206300e26de871a6e3714296970a30efe81e50d37b7632ef73c3c06f1df95858fbcc5454bd194220228a52606961267bbac6714d4c85843fec3b537397e0d392e7b548124d098ef9b455cb6a5f401ca6d6f1cb26e41f40b4f8b147a11e1777b08c1c482fdc763126aa6b888f2bc3c823ab1ad8c579fbc8f7e5e9933371f2ca51bba4cec849e2de264a6a106a2b49db4e736502177778602aa39bd5dac6f8cdb0458e0cbe6c5761619253c633920c04daef47985656df6e474fd09ec0f95e926389e387695e8a7335dafdd98a43af5fbb3d8c4f00d4c633ac4c254a171dc9041e1da9a80eb627b28f28b437eb1683e55b58bb6f95a14699a1ddf01b2f5025db09a150b5ae8a19d50f02330d59fba1d5969c5ec8fd8d7f83124c419ef1d4befef491bb81c734382bacc38b159113c67ece0e2cef52a8b31cd08ea867a6a9d6e05b2b92ab669eff0f45d1f36818b16612bd405a509219574d705109fa1b0b6cd198d1befaf3b1101912fccac32895d424f2454c0aad3977c68ddfcd999515395de9f426fe3bb98f3c4a4e3e01bd8037c1531699be1f8d338e9b8851d22653ca0954d14f13cea1d8e00e8e17ce842a0bf1bcc18f537fffe30df28d1452112efda435858fd115bbbe590bf13153a91b5e3e89bf11ad1ef93308a1df2c8c1d26542b9e15f828e4550e02e31ce675c69e866cbbcb98b13931d2f6710874f3aa37a25093ba2b7e12f234b09f939966678cd4dd7d73433769f8172f584bf0d43f13ab21a74785c25b8f98313e4c74682e51e4dfe21d81bb0bb7df4319635069eb261d23075bb0e123dddac401fb7a4bfca04bd9a0aeabe662d1e9c6cc985fe5f0a1665e3220413dbe7b8afd31e194a091263b5cb9b622927669e3ff8cd5bc3ae121ee2d20be9aa1c8c77b98e817322e02f73bb418b066734ac03dcf2986a2b2989d53caa8085fac0c281b2c43f053bb31667070df469d76f7eee28cd9bfd6b8ec9ba1bb7ed80abe2ff6300ab85e16a37ed5f721504f5e554a1183b63ef48565c59be6affa2e8ed9f601d85a520bef97b76701a39f03180f9f5cb639a57ef1c03bbf6c36b149d7561e90923389c5cfa786b63b7c40db5282d4f2607c006f325960c61f386661fbad96f36b4c0956257a18ee73675f3396859722c2457d63978b86f85603fc8bc58f71326a6e6ccd9b3b7f6e0b787bc2cb46826a767ca2f116a99c227b547bf1635a717ba7f9c900a5b9e19177fdfb91e93eca3efe9c4a728086754f2430ed7537e9c7ae9590c218ea4e4ea7a0bd3c4caeec497be44c26917fd8d8d8d897e0ab5bcc1249cf83a01ceeba63ffaf110a0359f2c563768c7e4deb6fc69e3808419e4090280707f488a483fe4ec1c09300cae3b8f7a7bcbde986f7abb9b732e116764e990eda4ece057df642e5fc5d39c694ecad672a8f73e2a3de15ea82705575ee17e7b0783dc4c8bd4d76eb47b028f8419d5755029e85c19d17e1d6835b7101d0ac673d924b6b6e31c3db75be05a9f8780f19a7c9fc0c2b36e242a16d1a117c575b7bdba524a66163d85d2a0c6412ce943dffc04429dc77e0c1457321bf9e32a740dd38b61b16103c577e3671fff9c8be28cc5288abff45b9d5e5cd8cb31e44815345cd626f3de9bfdbaed75a2f064e6f3043a1a6f2aef41382d5746bcba719ec2dd2c92440e548a1dc7b7923b278458c91be9efc109c1b0002de5bca5ee1324b40186e5061a76d13ed7c9502faf1bf6430b7fa0c0794c945df64203defe0529a6cac7f7340a5d51cb4faa3f56c4a917cea99594ca97754a72f8fdf39c606422640f8d68356d364365f107c5af2509b13650fd5920516849e753a128c022e0103ffcd4d860c56e3d74196b6cea5abc06025f779c1498a60f39788775b6effd78652051b7f244e181bcd9aaaa211b9159567fbd892deca255324141c9643155ca5eb5c905378b2a1478847fcae9eff79842914cf99321b864295b74555a9665bc46cbfc0bdd4b555", 0x1000, 0x4040001, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4, 0x1, 0x1, 0x1}}, 0x80) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x80) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r1, 0x81785501, &(0x7f0000000340)=""/94) connect$caif(r1, &(0x7f0000000200), 0x18) ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000001100)='/dev/audio\x00', 0x306000, 0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000001140)={0xaa, 0x1}) 05:19:40 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940), 0x1, 0x80012041, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) [ 1004.016974][ T5787] Swap cache stats: add 0, delete 0, find 0/0 [ 1004.023126][ T5787] Free swap = 0kB [ 1004.026849][ T5787] Total swap = 0kB [ 1004.030568][ T5787] 1965979 pages RAM [ 1004.034449][ T5787] 0 pages HighMem/MovableOnly [ 1004.039161][ T5787] 341179 pages reserved [ 1004.043386][ T5787] 0 pages cma reserved 05:19:40 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1004.234175][ T5838] syz-executor.4: vmalloc: allocation failure: 10737647616 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:19:40 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="11dcf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x40000, 0x0) ioctl$PPPIOCSDEBUG(r3, 0x40047440, &(0x7f00000000c0)=0x3) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1a2}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) [ 1004.312273][ T5838] CPU: 1 PID: 5838 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1004.321339][ T5838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1004.331392][ T5838] Call Trace: [ 1004.334701][ T5838] dump_stack+0x172/0x1f0 [ 1004.339034][ T5838] warn_alloc.cold+0x87/0x17f [ 1004.343704][ T5838] ? zone_watermark_ok_safe+0x260/0x260 [ 1004.349688][ T5838] ? mark_lock+0xc2/0x1220 [ 1004.354094][ T5838] ? __lock_acquire+0x8a0/0x4a00 [ 1004.359047][ T5838] __vmalloc_node_range+0x483/0x7e0 [ 1004.364246][ T5838] ? is_bpf_text_address+0xac/0x170 [ 1004.369450][ T5838] ? kvm_arch_create_memslot+0xc3/0x570 [ 1004.375011][ T5838] __vmalloc_node_flags_caller+0x71/0x90 [ 1004.380664][ T5838] ? kvm_arch_create_memslot+0xc3/0x570 [ 1004.386207][ T5838] kvmalloc_node+0xdc/0x100 [ 1004.390703][ T5838] kvm_arch_create_memslot+0xc3/0x570 [ 1004.396071][ T5838] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1004.402318][ T5838] __kvm_set_memory_region+0x13b5/0x1d00 [ 1004.407955][ T5838] ? gfn_to_hva+0x470/0x470 [ 1004.412461][ T5838] ? lock_downgrade+0x920/0x920 [ 1004.418106][ T5838] kvm_set_memory_region+0x2f/0x50 [ 1004.423232][ T5838] kvm_vm_ioctl+0x729/0x1860 [ 1004.427818][ T5838] ? debug_check_no_obj_freed+0x20a/0x43f [ 1004.433533][ T5838] ? find_held_lock+0x35/0x130 [ 1004.438294][ T5838] ? kvm_unregister_device_ops+0x70/0x70 [ 1004.443927][ T5838] ? lock_downgrade+0x920/0x920 [ 1004.448781][ T5838] ? rwlock_bug.part.0+0x90/0x90 [ 1004.453721][ T5838] ? tomoyo_path_number_perm+0x214/0x520 [ 1004.459353][ T5838] ? find_held_lock+0x35/0x130 [ 1004.464392][ T5838] ? lock_downgrade+0x920/0x920 [ 1004.469246][ T5838] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1004.474533][ T5838] ? tomoyo_path_number_perm+0x459/0x520 [ 1004.480262][ T5838] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1004.487011][ T5838] ? tomoyo_path_number_perm+0x263/0x520 [ 1004.492632][ T5838] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1004.498447][ T5838] ? kvm_unregister_device_ops+0x70/0x70 [ 1004.504069][ T5838] do_vfs_ioctl+0xdb6/0x13e0 [ 1004.508665][ T5838] ? ioctl_preallocate+0x210/0x210 [ 1004.513765][ T5838] ? __fget+0x384/0x560 [ 1004.517920][ T5838] ? ksys_dup3+0x3e0/0x3e0 [ 1004.522328][ T5838] ? nsecs_to_jiffies+0x30/0x30 [ 1004.527170][ T5838] ? tomoyo_file_ioctl+0x23/0x30 [ 1004.532118][ T5838] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1004.538351][ T5838] ? security_file_ioctl+0x8d/0xc0 [ 1004.543476][ T5838] ksys_ioctl+0xab/0xd0 [ 1004.547636][ T5838] __x64_sys_ioctl+0x73/0xb0 [ 1004.552227][ T5838] do_syscall_64+0xfa/0x760 [ 1004.556728][ T5838] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1004.562609][ T5838] RIP: 0033:0x4598e9 [ 1004.566501][ T5838] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1004.586103][ T5838] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1004.594508][ T5838] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1004.602468][ T5838] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1004.613061][ T5838] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1004.621021][ T5838] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1004.628997][ T5838] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff 05:19:41 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0xb0000, 0x0) bind$nfc_llcp(r1, &(0x7f0000000100)={0x27, 0x0, 0x2, 0x4, 0x68cf804, 0x5, "fd25cc55c24025f9d4bfdee6afd3d394fa68bb5cdcdc06cf0b44d5aac1a44f11663d99894dc9938708655d694f1f15f43dde5c2ad18a5b9d27cdd05bbcf3b3", 0xf}, 0x60) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1004.659769][ T5836] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities 05:19:41 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1004.780296][ T5838] Mem-Info: [ 1004.788003][ T5838] active_anon:145203 inactive_anon:661 isolated_anon:0 [ 1004.788003][ T5838] active_file:21599 inactive_file:29117 isolated_file:0 [ 1004.788003][ T5838] unevictable:4096 dirty:252 writeback:0 unstable:0 [ 1004.788003][ T5838] slab_reclaimable:13036 slab_unreclaimable:96498 [ 1004.788003][ T5838] mapped:58988 shmem:252 pagetables:1451 bounce:0 [ 1004.788003][ T5838] free:1221744 free_pcp:508 free_cma:0 05:19:41 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000005000010", 0x66, 0x400}], 0x0, 0x0) 05:19:41 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003c80)=[{{&(0x7f0000000100)=@ipx, 0x0, &(0x7f0000000480)=[{&(0x7f0000000280)=""/75}, {&(0x7f0000000300)=""/159}, {&(0x7f00000001c0)=""/49}, {&(0x7f00000003c0)=""/28}, {&(0x7f0000000400)=""/119}], 0x0, &(0x7f0000000500)=""/221}, 0x2}, {{&(0x7f0000000600)=@ll, 0x0, &(0x7f0000001c00)=[{&(0x7f0000000680)=""/160}, {&(0x7f0000000740)=""/4096}, {&(0x7f0000001740)=""/124}, {&(0x7f00000017c0)=""/94}, {&(0x7f0000001880)=""/172}, {&(0x7f0000001940)=""/241}, {&(0x7f0000001a40)=""/242}, {&(0x7f0000001b40)=""/57}, {&(0x7f0000001b80)=""/77}], 0x0, &(0x7f0000001cc0)=""/227}, 0x7fffffff}, {{&(0x7f0000001dc0)=@vsock={0x28, 0x0, 0x0, @hyper}, 0x0, &(0x7f0000002240)=[{&(0x7f0000001e40)=""/238}, {&(0x7f0000001f40)=""/38}, {&(0x7f0000001f80)=""/112}, {&(0x7f0000002000)=""/99}, {&(0x7f0000002080)=""/220}, {&(0x7f0000002180)=""/184}], 0x0, &(0x7f00000022c0)=""/216}, 0x5}, {{&(0x7f00000023c0)=@in6={0xa, 0x0, 0x0, @local}, 0x0, &(0x7f0000002580)=[{&(0x7f0000002440)=""/30}, {&(0x7f0000002480)=""/221}], 0x0, &(0x7f00000025c0)=""/4096}, 0x8000}, {{&(0x7f00000035c0)=@in={0x2, 0x0, @empty}, 0x0, &(0x7f0000003840)=[{&(0x7f0000003640)=""/221}, {&(0x7f0000003740)=""/244}]}, 0x1f}, {{&(0x7f0000003880)=@xdp, 0x0, &(0x7f0000003b80)=[{&(0x7f0000003900)=""/77}, {&(0x7f0000003980)=""/18}, {&(0x7f00000039c0)=""/130}, {&(0x7f0000003a80)=""/220, 0x30}], 0x0, &(0x7f0000003bc0)=""/135}, 0x6}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) [ 1004.841619][ T5838] Node 0 active_anon:580812kB inactive_anon:2644kB active_file:86252kB inactive_file:116468kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235952kB dirty:1004kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 544768kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1004.943639][ T5838] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1005.187806][ T5838] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1005.217418][ T5838] lowmem_reserve[]: 0 2547 2548 2548 [ 1005.232267][ T5866] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1005.251084][ T5838] Node 0 DMA32 free:1100684kB min:36184kB low:45228kB high:54272kB active_anon:574476kB inactive_anon:2636kB active_file:85200kB inactive_file:116420kB unevictable:16384kB writepending:1032kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7616kB pagetables:5472kB bounce:0kB free_pcp:2396kB local_pcp:1460kB free_cma:0kB [ 1005.284444][ T5838] lowmem_reserve[]: 0 0 1 1 [ 1005.289191][ T5838] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1005.317057][ T5838] lowmem_reserve[]: 0 0 0 0 [ 1005.321782][ T5838] Node 1 Normal free:3777760kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1005.352671][ T5838] lowmem_reserve[]: 0 0 0 0 [ 1005.357547][ T5838] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1005.374214][ T5838] Node 0 DMA32: 6777*4kB (UME) 4019*8kB (UME) 2319*16kB (UME) 890*32kB (UME) 494*64kB (UME) 51*128kB (UM) 26*256kB (U) 25*512kB (U) 9*1024kB (UE) 8*2048kB (UME) 218*4096kB (UM) = 1100972kB [ 1005.393436][ T5838] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1005.427048][ T5838] Node 1 Normal: 0*4kB 44*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777760kB [ 1005.444207][ T5838] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1005.455194][ T5838] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1005.464988][ T5838] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1005.474997][ T5838] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 05:19:42 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x9000000, 0x500]}) 05:19:42 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:42 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x2, 0x2) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000500)=ANY=[@ANYBLOB="010000000000174f135aa440eb6017ac4b1d830300000000000000c9df23954211c924b440305584aa258b71717123af00d6e66ece3bce028d42241ca43ac92c7f1ace90ea4989ab5c8133120836064851632b58b7d8164ff101d15ff19f678d17622c140d8fea9f519f1e728a5310d8802ba9b0dec214243e74031cd2f4278aba3961757b8ff15af3c575b48ab90f64b18e15d38da335210234b2655c78821a402aebac1049f7e51049c70b9570e687425accbb5454572075697ca6c4c6a3277cfdde1b5e8cb7ba6456d917f99663352b7e893000000000000000000000000000000000f010ce5454fd13fbf94253885538723fcd085b8d7d36a15668e01e941923b5e9c60a48c9c2eeb3a193fbbf10cd13e66cb17171a63e15bc9e89ed36bacab4f916af8dd07691b4a8a2d7d7e2836c501596c4c96009a62354e51a7b6987fb0970df028c572e0c177fb35e7259f55def9cc7acf3e10707b9e02bbe525bb0c1ff956e9f", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f0000000440)={r4, @in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x84) syz_mount_image$erofs(&(0x7f00000001c0)='erofs\x00', &(0x7f0000000280)='./file0\x00', 0x7, 0x1, &(0x7f0000000380)=[{&(0x7f00000002c0)="602ae7858381cd51601cde440a672ed67e7fa5fcd45abd6600f91ed64e705ffbdb65d2ebb8f536e89a8ae64c9aafc6725018867f6b485f7b1d1d746fd771dd80138573a81d9d8c26bc2ee9dbbf50b9ef86f075447d2ee813d0ade8cba90c81de772283fb02896591b95b4d9738aa118062edf108ec840c66e0c97512bd4d501a2d02e3ffb3d59249", 0x88, 0x5}], 0x401000, &(0x7f0000000680)={[{@noacl='noacl'}, {@acl='acl'}, {@user_xattr='user_xattr'}, {@user_xattr='user_xattr'}, {@user_xattr='user_xattr'}, {@noacl='noacl'}], [{@uid_gt={'uid>'}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/cec#\x00'}}, {@subj_role={'subj_role', 0x3d, 'cgroup.subtree_control\x00'}}]}) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffffff, 0x84, 0x7c, &(0x7f0000000080)={r4, 0xfff, 0x5}, &(0x7f00000000c0)=0x8) r5 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r5) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) ioctl$sock_SIOCGSKNS(r3, 0x894c, &(0x7f0000000140)=0x1) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r5, &(0x7f00000002c0), 0x1a5) 05:19:42 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x3, 0x4, 0x0, 0x1000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xff}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x80) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r1, 0x81785501, &(0x7f0000000340)=""/94) connect$caif(r1, &(0x7f0000000200), 0x18) ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0) ioctl$VIDIOC_S_FBUF(r1, 0x4030560b, &(0x7f0000000100)={0x0, 0x21, &(0x7f0000000000)="faa0ff63e9d11f46d202bb949c7bdcc7802578ca678ffb23a53ec03dcbccdfc9e3e21621f0ef71488416271abe858f2474831c02dddab4c843f15f8959691dd161a912f0ec7d35fb", {0xc4a0, 0x2, 0x50565559, 0x4, 0x9, 0x7f, 0xc, 0x100000001}}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) r2 = semget$private(0x0, 0x8, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vga_arbiter\x00', 0x2, 0x0) ioctl$KVM_ARM_SET_DEVICE_ADDR(r3, 0x4010aeab, &(0x7f00000001c0)={0x5, 0x15000}) lsetxattr$security_selinux(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='security.selinux\x00', &(0x7f00000002c0)='system_u:object_r:devpts_t:s0\x00', 0x1e, 0x1) semctl$IPC_RMID(r2, 0x0, 0x0) semctl$SETVAL(r2, 0x0, 0x10, &(0x7f0000000140)=0x8) semctl$GETPID(r2, 0x181160c53090dd4c, 0xb, &(0x7f0000000140)=""/16) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:19:42 executing program 2: ioctl$TCGETS2(0xffffffffffffffff, 0x802c542a, &(0x7f0000000000)) perf_event_open(&(0x7f0000000400)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = geteuid() lsetxattr$security_capability(&(0x7f0000000000)='./bus\x00', 0x0, 0x0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) close(0xffffffffffffffff) r2 = socket(0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000007c0)=ANY=[@ANYBLOB="01f1"], 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(r2, 0x84, 0x71, &(0x7f0000000040), 0x0) socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_sctp6_SCTP_ADD_STREAMS(0xffffffffffffffff, 0x84, 0x79, &(0x7f00000002c0)={0x0, 0x8673, 0x520}, 0x8) connect$inet6(r1, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) ioprio_set$uid(0x3, r0, 0x4) openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x141000, 0x0) 05:19:42 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000006000010", 0x66, 0x400}], 0x0, 0x0) [ 1005.486920][ T5838] 50976 total pagecache pages [ 1005.491881][ T5838] 0 pages in swap cache [ 1005.496564][ T5838] Swap cache stats: add 0, delete 0, find 0/0 [ 1005.503119][ T5838] Free swap = 0kB [ 1005.507012][ T5838] Total swap = 0kB [ 1005.510845][ T5838] 1965979 pages RAM [ 1005.515158][ T5838] 0 pages HighMem/MovableOnly [ 1005.519968][ T5838] 341179 pages reserved [ 1005.524649][ T5838] 0 pages cma reserved 05:19:42 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:42 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f0000000080), 0x0) [ 1005.761158][ T5903] syz-executor.4: vmalloc: allocation failure: 10737713152 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:19:42 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) vmsplice(r1, &(0x7f0000000500)=[{&(0x7f0000000040)="3a4c80432c2b3015d25c943b627e6ae66183dfa2398dd3a83098370db5457215ba1b54ae8c6fa2b5b3", 0x29}, {&(0x7f0000000100)="94f6c9a03f8d790df8bada6b1031dc3bed71b66d2c4bd363176ce9f559cc0ff3cddefc3f46fd451db548d777e0f4b43dc5ce7b987fbfb4a6a06416fcbebd7bbfaa44ae4dbafa90c698dad96a6cf14c488228c083a45e54cad8aa078d19b92af90a4e772a4bbb55469b675eab29c9f46d9978cfe463a359ad191eb277c398c7f4186e9aea0025092c7151a0729aeb40b71ab7886f2b9e8861f81bf1909c461d14cf292b1c", 0xa4}, {&(0x7f00000001c0)="dfd1320deb5367fdb8610ae88d374ca3819bf859855c5d8fe5f0bff428025d52416a728cea78947f11e17ea917a62833f0aa0c2523162111a88b8a8cea4b21918c87f27b2feb9875733a7f8ae8012859e2ddaa692797157049ea5af8275e6773984932a879f8e105ba6ed9597d31b4f3425987694f622f9eec0f96e45d16ef04ebc9171424e7690453db11a98fa59deee8bcedf86d2523e7d1d8b6c4ae04543f09c60a33951e11061ccc5e6e5799a64cc3bd072a89d96957c243613f899872365d0386", 0xc3}, {&(0x7f00000002c0)="920b040613fad6a275941a70b13c5388ea603625a53f3b0b5d4b1a54febb22e1e7c24351d6c3a22dc9cc2a0fe649e8e15b3030a8198c95936cc1611f86cd1ed6fe0342032ba0365568a4220d24296616bc81b36216818abccbeddcbe1685e4c0dd07b4db1d7cc4fd169aae8b1d2d984fbef738b418c00568a0cca6667bf79a7a6f6148dafd4e4682b997ae2cf34257e1ae3c29e6dcbcb4d4b2422dcfa4f2c10864fed103de12095f7f526f15", 0xac}, {&(0x7f0000000380)="fac144cbda22cda64547ad3d21bfedb14860923c23e2bf1eaa97333117f92ce7817ca467d145f80a13843f2875909528065d319d174acb7eca5803cc7968c0e687e4b59a1396ffade513b3447d97733abab6a54433f9cf6cd56bd64dc9ec7c3bf4bb86d8e2035341d4e7924a6347281d473d282605a03ebffac004eb7e6afa79e05ca76c88ff247e9dbd906405e951b6da2ea4b358699c30f3e836990c2614e6d700f80e917a56ebf2aaae3f8a6bcf52300a2a1a2b32fbe52e157807fa718d497d87d2202275077cea", 0xc9}, {&(0x7f0000000480)="002b90c8838f7511f03d88eb", 0xc}, {&(0x7f00000004c0)="c5", 0x1}], 0x7, 0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) r2 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r2, &(0x7f0000000140), 0x4924b68, 0x0) ioctl$IMCTRLREQ(r2, 0x80044945, &(0x7f0000000580)={0x400a, 0x1f, 0x9a, 0x3b}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x610180, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1005.858901][ T5892] EXT4-fs (loop3): Encoding requested by superblock is unknown [ 1005.909207][ T5903] CPU: 0 PID: 5903 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1005.918514][ T5903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1005.928597][ T5903] Call Trace: [ 1005.932609][ T5903] dump_stack+0x172/0x1f0 [ 1005.932631][ T5903] warn_alloc.cold+0x87/0x17f [ 1005.932651][ T5903] ? zone_watermark_ok_safe+0x260/0x260 [ 1005.947275][ T5903] ? mark_lock+0xc2/0x1220 [ 1005.951716][ T5903] ? __lock_acquire+0x8a0/0x4a00 05:19:42 executing program 2: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x1000, &(0x7f0000000000/0x1000)=nil}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x1ff}, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000380)=ANY=[@ANYBLOB="33bfdc3adb4ecc67c25972e7898aa0166df6c0f91912ec91598a8e17ca5d0255867dfe06c5ffbc5d25552d85299af73ded5a5837d9744c14909fbc8faeec8c29"], 0x40) r1 = getpid() sched_setattr(r1, 0x0, 0x0) ioctl$TUNSETNOCSUM(0xffffffffffffffff, 0x400454c8, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x144, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x100, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7, @perf_bp={&(0x7f0000000000), 0x1}, 0x22000, 0x0, 0x0, 0x2, 0x0, 0x0, 0x90c2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r2, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42}) r3 = socket(0x80001040000000a, 0x2, 0x0) r4 = creat(&(0x7f0000002500)='./file0/bus\x00', 0xcebb6064bb566d03) fcntl$lock(r0, 0x24, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, r1}) dup2(r3, r4) connect$unix(r3, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, 0x0) pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000400)=0x80000000) setsockopt$IP_VS_SO_SET_EDITDEST(0xffffffffffffffff, 0x0, 0x489, &(0x7f0000000040)={{0x62, @broadcast, 0x4e24, 0x3, 'dh\x00', 0x0, 0x10000000000009, 0x42}, {@multicast2, 0x0, 0x0, 0x98, 0x5, 0x6}}, 0x44) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a) r5 = socket$unix(0x1, 0x1, 0x0) bind$unix(r5, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) r6 = creat(0x0, 0x0) dup2(0xffffffffffffffff, r6) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000ac0)='TIPC\x00') sendmsg$TIPC_CMD_SET_LINK_TOL(r6, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000780)=ANY=[@ANYBLOB="30f73c00983da14f5ab303746a30000000", @ANYRES16=r7, @ANYBLOB="000827bd7000ffdbdf2501000000000000000741000000140018000001017564703a73797a3000000000bad1c5d9e545f7829261446f97bda2fa67e66be145435fa7e17332553311aa122bfaa3fd540d0f80cecd7dd31546d121c421a7e5ad4cde03c378ba2ac20de2f103fdd1777b3641e9682394b1f5fe21fc5884c9c51df39cdb1513596565c2e68ced50ba61030d7c5c4995da2e03fe7ad049df117fca65ac639903f1ca35a1a241b257faf9953e8c54717fc4ed146fe0fc5f1fa8372454cec4e5102ac8a53a4272b358641348"], 0x30}, 0x1, 0x0, 0x0, 0x40000}, 0x4020) 05:19:42 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1005.956688][ T5903] __vmalloc_node_range+0x483/0x7e0 [ 1005.961915][ T5903] ? is_bpf_text_address+0xac/0x170 [ 1005.967148][ T5903] ? kvm_arch_create_memslot+0xc3/0x570 [ 1005.972744][ T5903] __vmalloc_node_flags_caller+0x71/0x90 [ 1005.978426][ T5903] ? kvm_arch_create_memslot+0xc3/0x570 [ 1005.983996][ T5903] kvmalloc_node+0xdc/0x100 [ 1005.988543][ T5903] kvm_arch_create_memslot+0xc3/0x570 [ 1005.994234][ T5903] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1006.000487][ T5903] __kvm_set_memory_region+0x13b5/0x1d00 [ 1006.006142][ T5903] ? gfn_to_hva+0x470/0x470 [ 1006.010674][ T5903] ? lock_downgrade+0x920/0x920 [ 1006.015771][ T5903] kvm_set_memory_region+0x2f/0x50 [ 1006.020911][ T5903] kvm_vm_ioctl+0x729/0x1860 [ 1006.025534][ T5903] ? debug_check_no_obj_freed+0x20a/0x43f [ 1006.031294][ T5903] ? find_held_lock+0x35/0x130 [ 1006.036066][ T5903] ? kvm_unregister_device_ops+0x70/0x70 [ 1006.041698][ T5903] ? lock_downgrade+0x920/0x920 [ 1006.046542][ T5903] ? rwlock_bug.part.0+0x90/0x90 [ 1006.051622][ T5903] ? tomoyo_path_number_perm+0x214/0x520 [ 1006.057454][ T5903] ? find_held_lock+0x35/0x130 [ 1006.062404][ T5903] ? lock_downgrade+0x920/0x920 [ 1006.067269][ T5903] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1006.072680][ T5903] ? tomoyo_path_number_perm+0x459/0x520 [ 1006.078335][ T5903] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1006.084611][ T5903] ? tomoyo_path_number_perm+0x263/0x520 [ 1006.090241][ T5903] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1006.096056][ T5903] ? kvm_unregister_device_ops+0x70/0x70 [ 1006.101870][ T5903] do_vfs_ioctl+0xdb6/0x13e0 [ 1006.106487][ T5903] ? ioctl_preallocate+0x210/0x210 [ 1006.111612][ T5903] ? __fget+0x384/0x560 [ 1006.115832][ T5903] ? ksys_dup3+0x3e0/0x3e0 [ 1006.120452][ T5903] ? nsecs_to_jiffies+0x30/0x30 [ 1006.125322][ T5903] ? tomoyo_file_ioctl+0x23/0x30 [ 1006.131831][ T5903] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1006.138143][ T5903] ? security_file_ioctl+0x8d/0xc0 [ 1006.143257][ T5903] ksys_ioctl+0xab/0xd0 [ 1006.147418][ T5903] __x64_sys_ioctl+0x73/0xb0 [ 1006.152004][ T5903] do_syscall_64+0xfa/0x760 [ 1006.156519][ T5903] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1006.162399][ T5903] RIP: 0033:0x4598e9 [ 1006.166408][ T5903] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1006.186366][ T5903] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1006.195032][ T5903] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1006.203169][ T5903] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1006.211296][ T5903] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1006.219621][ T5903] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1006.227705][ T5903] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1006.238192][ T5903] Mem-Info: [ 1006.241413][ T5903] active_anon:144168 inactive_anon:660 isolated_anon:0 [ 1006.241413][ T5903] active_file:21600 inactive_file:29134 isolated_file:0 05:19:42 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r3, 0x800000c004500a, &(0x7f0000000300)) readv(r3, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r3, &(0x7f0000000080), 0x8) ioctl$VIDIOC_STREAMOFF(r3, 0x40045613, &(0x7f0000000080)=0x1000) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r4, &(0x7f0000000140), 0x4924b68, 0x0) recvmmsg(r0, &(0x7f0000005940), 0x400000000000252, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) [ 1006.241413][ T5903] unevictable:4096 dirty:270 writeback:0 unstable:0 [ 1006.241413][ T5903] slab_reclaimable:13047 slab_unreclaimable:96642 [ 1006.241413][ T5903] mapped:59009 shmem:253 pagetables:1389 bounce:0 [ 1006.241413][ T5903] free:1222711 free_pcp:496 free_cma:0 [ 1006.281943][ T5903] Node 0 active_anon:574520kB inactive_anon:2640kB active_file:86256kB inactive_file:116536kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:236036kB dirty:1076kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 548864kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1006.311831][ T5903] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1006.339622][ T5903] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1006.368544][ T5903] lowmem_reserve[]: 0 2547 2548 2548 [ 1006.368570][ T5903] Node 0 DMA32 free:1099088kB min:36184kB low:45228kB high:54272kB active_anon:574500kB inactive_anon:2640kB active_file:85204kB inactive_file:116452kB unevictable:16384kB writepending:1068kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7712kB pagetables:5408kB bounce:0kB free_pcp:2228kB local_pcp:776kB free_cma:0kB [ 1006.368605][ T5903] lowmem_reserve[]: 0 0 1 1 [ 1006.368622][ T5903] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1006.368654][ T5903] lowmem_reserve[]: 0 0 0 0 [ 1006.368672][ T5903] Node 1 Normal free:3777760kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1006.368706][ T5903] lowmem_reserve[]: 0 0 0 0 [ 1006.407080][ T5903] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1006.582139][ T5903] Node 0 DMA32: 6702*4kB (UME) 3979*8kB (UME) 2261*16kB (UME) 892*32kB (UME) 494*64kB (UME) 51*128kB (UM) 26*256kB (U) 25*512kB (U) 9*1024kB (UE) 5*2048kB (UME) 218*4096kB (UM) = 1093344kB [ 1006.701578][ T5903] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1006.758191][ T5903] Node 1 Normal: 0*4kB 44*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777760kB [ 1006.782541][ T5903] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1006.794365][ T5903] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1006.806393][ T5903] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1006.818530][ T5903] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1006.828251][ T5903] 50986 total pagecache pages [ 1006.851828][ T5903] 0 pages in swap cache [ 1006.878275][ T5903] Swap cache stats: add 0, delete 0, find 0/0 [ 1006.896762][ T5903] Free swap = 0kB [ 1006.900926][ T5903] Total swap = 0kB [ 1006.906895][ T5903] 1965979 pages RAM [ 1006.919883][ T5903] 0 pages HighMem/MovableOnly [ 1006.925142][ T5903] 341179 pages reserved [ 1006.931934][ T5903] 0 pages cma reserved 05:19:43 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0xa000000, 0x500]}) 05:19:43 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000007000010", 0x66, 0x400}], 0x0, 0x0) 05:19:43 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r2 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r2, &(0x7f0000000140), 0x4924b68, 0x0) r3 = accept4$x25(r2, &(0x7f0000000000)={0x9, @remote}, &(0x7f0000000040)=0x12, 0x800) dup3(r1, r3, 0x80000) 05:19:43 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:43 executing program 2: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x9d, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@remote, 0x800, 0x0, 0xff, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x380000, @loopback}, 0x1c) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@remote, 0x800, 0x1}, 0x20) [ 1007.135513][ T5950] syz-executor.4: vmalloc: allocation failure: 10737745920 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1007.200597][ T5950] CPU: 1 PID: 5950 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1007.209909][ T5950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1007.220605][ T5950] Call Trace: [ 1007.223915][ T5950] dump_stack+0x172/0x1f0 [ 1007.228313][ T5950] warn_alloc.cold+0x87/0x17f [ 1007.233003][ T5950] ? zone_watermark_ok_safe+0x260/0x260 [ 1007.238687][ T5950] ? mark_lock+0xc2/0x1220 [ 1007.243100][ T5950] ? __lock_acquire+0x8a0/0x4a00 [ 1007.248053][ T5950] __vmalloc_node_range+0x483/0x7e0 [ 1007.253265][ T5950] ? is_bpf_text_address+0xac/0x170 [ 1007.258469][ T5950] ? kvm_arch_create_memslot+0xc3/0x570 [ 1007.264152][ T5950] __vmalloc_node_flags_caller+0x71/0x90 [ 1007.269778][ T5950] ? kvm_arch_create_memslot+0xc3/0x570 [ 1007.275320][ T5950] kvmalloc_node+0xdc/0x100 [ 1007.279839][ T5950] kvm_arch_create_memslot+0xc3/0x570 [ 1007.285205][ T5950] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1007.291439][ T5950] __kvm_set_memory_region+0x13b5/0x1d00 [ 1007.297086][ T5950] ? gfn_to_hva+0x470/0x470 [ 1007.301607][ T5950] ? lock_downgrade+0x920/0x920 [ 1007.306458][ T5950] kvm_set_memory_region+0x2f/0x50 [ 1007.311564][ T5950] kvm_vm_ioctl+0x729/0x1860 [ 1007.316150][ T5950] ? debug_check_no_obj_freed+0x20a/0x43f [ 1007.321959][ T5950] ? find_held_lock+0x35/0x130 [ 1007.326718][ T5950] ? kvm_unregister_device_ops+0x70/0x70 [ 1007.332607][ T5950] ? lock_downgrade+0x920/0x920 [ 1007.337566][ T5950] ? rwlock_bug.part.0+0x90/0x90 [ 1007.342640][ T5950] ? tomoyo_path_number_perm+0x214/0x520 [ 1007.348312][ T5950] ? find_held_lock+0x35/0x130 [ 1007.353088][ T5950] ? lock_downgrade+0x920/0x920 [ 1007.357927][ T5950] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1007.363212][ T5950] ? tomoyo_path_number_perm+0x459/0x520 [ 1007.368851][ T5950] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1007.375240][ T5950] ? tomoyo_path_number_perm+0x263/0x520 [ 1007.380882][ T5950] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1007.386698][ T5950] ? kvm_unregister_device_ops+0x70/0x70 [ 1007.392324][ T5950] do_vfs_ioctl+0xdb6/0x13e0 [ 1007.396909][ T5950] ? ioctl_preallocate+0x210/0x210 [ 1007.402007][ T5950] ? __fget+0x384/0x560 [ 1007.406171][ T5950] ? ksys_dup3+0x3e0/0x3e0 [ 1007.410578][ T5950] ? nsecs_to_jiffies+0x30/0x30 [ 1007.415425][ T5950] ? tomoyo_file_ioctl+0x23/0x30 [ 1007.420354][ T5950] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1007.426595][ T5950] ? security_file_ioctl+0x8d/0xc0 [ 1007.431714][ T5950] ksys_ioctl+0xab/0xd0 [ 1007.435878][ T5950] __x64_sys_ioctl+0x73/0xb0 [ 1007.440468][ T5950] do_syscall_64+0xfa/0x760 [ 1007.444972][ T5950] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1007.450852][ T5950] RIP: 0033:0x4598e9 [ 1007.454737][ T5950] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1007.474331][ T5950] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1007.482732][ T5950] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1007.490695][ T5950] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1007.498659][ T5950] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1007.506622][ T5950] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1007.514590][ T5950] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1007.563359][ T5947] EXT4-fs (loop3): Can't mount with encoding and encryption [ 1007.603127][ T5950] Mem-Info: 05:19:44 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1007.607731][ T5950] active_anon:144674 inactive_anon:661 isolated_anon:444 [ 1007.607731][ T5950] active_file:21599 inactive_file:29147 isolated_file:0 [ 1007.607731][ T5950] unevictable:4096 dirty:239 writeback:0 unstable:0 [ 1007.607731][ T5950] slab_reclaimable:13050 slab_unreclaimable:97245 [ 1007.607731][ T5950] mapped:58967 shmem:251 pagetables:1464 bounce:0 [ 1007.607731][ T5950] free:1220626 free_pcp:451 free_cma:0 05:19:44 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000009000010", 0x66, 0x400}], 0x0, 0x0) 05:19:44 executing program 2: creat(&(0x7f0000000280)='./bus\x00', 0x0) lsetxattr$security_ima(&(0x7f0000000100)='./bus\x00', &(0x7f0000000140)='security.ima\x00', &(0x7f00000001c0)=@ng={0x4, 0x8}, 0x2, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) [ 1007.872378][ T5950] Node 0 active_anon:578608kB inactive_anon:2644kB active_file:86252kB inactive_file:116588kB unevictable:16384kB isolated(anon):1776kB isolated(file):0kB mapped:235868kB dirty:952kB writeback:0kB shmem:1004kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 552960kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:19:44 executing program 0: setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(0xffffffffffffffff, 0x5) r0 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r1, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1007.964146][ T26] audit: type=1804 audit(1568524784.423:41): pid=5972 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir399519666/syzkaller.JhXwGG/948/bus" dev="sda1" ino=17253 res=1 [ 1008.034553][ T5950] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:19:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x200001000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") syz_emit_ethernet(0x36, &(0x7f0000000040)={@local, @link_local, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @remote}, @tcp={{0x0, 0x0, 0x42424242, 0x42424242, 0x0, 0x0, 0x5}}}}}}, 0x0) [ 1008.091884][ T5969] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities 05:19:44 executing program 0: setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(0xffffffffffffffff, 0x5) r0 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r1, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1008.121568][ T5950] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1008.150281][ T5950] lowmem_reserve[]: 0 2547 2548 2548 [ 1008.155889][ T5950] Node 0 DMA32 free:1091644kB min:36184kB low:45228kB high:54272kB active_anon:576612kB inactive_anon:2640kB active_file:85200kB inactive_file:116536kB unevictable:16384kB writepending:976kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7712kB pagetables:5604kB bounce:0kB free_pcp:1828kB local_pcp:1168kB free_cma:0kB [ 1008.187643][ T5950] lowmem_reserve[]: 0 0 1 1 [ 1008.224501][ T5950] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:19:44 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='memory.events\x00', 0x0, 0x0) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000c34000)={0xaa, 0xe5b41998b63e5bc9}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r3 = userfaultfd(0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r4, &(0x7f0000000140), 0x4924b68, 0x0) setsockopt$IP_VS_SO_SET_DEL(r4, 0x0, 0x484, &(0x7f0000000000)={0x87, @loopback, 0x4e20, 0x3, 'dh\x00', 0x31, 0x6, 0x4d}, 0x2c) ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r5 = userfaultfd(0x0) stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0}) syz_mount_image$ext4(&(0x7f0000000140)='ext3\x00', &(0x7f0000000180)='./file0\x00', 0x1000, 0x1, &(0x7f0000000200)=[{&(0x7f00000001c0)="5f3c89ea6f0137c55ee95a0c3f7cc6fd05dc9a87d817aa176e5576e705bd998b616541", 0x23, 0x1000}], 0x1804000, &(0x7f0000000300)={[{@block_validity='block_validity'}, {@journal_async_commit='journal_async_commit'}, {@grpquota='grpquota'}, {@mblk_io_submit='mblk_io_submit'}, {@noload='noload'}], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@audit='audit'}, {@subj_type={'subj_type', 0x3d, 'dh\x00'}}, {@fowner_eq={'fowner', 0x3d, r6}}, {@fsuuid={'fsuuid', 0x3d, {[0x61, 0x33, 0x4322ac8403bcda99, 0x32, 0x0, 0x31, 0x30, 0x2ab0a033ba05709c], 0x2d, [0x7, 0x59, 0x31, 0x32], 0x2d, [0x55, 0x33, 0x33, 0x61], 0x2d, [0x30, 0x37, 0x65, 0x50], 0x2d, [0x36, 0x30, 0x34, 0x31, 0x39, 0x0, 0x0, 0x63]}}}]}) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000c34000)) ioctl$FS_IOC_GETFLAGS(r1, 0x80086601, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) ioctl$FICLONE(r3, 0x40049409, r5) [ 1008.337296][ T5950] lowmem_reserve[]: 0 0 0 0 [ 1008.342001][ T5950] Node 1 Normal free:3777760kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1008.415893][ T5950] lowmem_reserve[]: 0 0 0 0 [ 1008.420775][ T5950] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1008.495526][ T5950] Node 0 DMA32: 5640*4kB (UME) 3929*8kB (UME) 2397*16kB (UME) 938*32kB (UME) 488*64kB (UME) 57*128kB (UM) 26*256kB (U) 25*512kB (U) 9*1024kB (UE) 5*2048kB (UME) 218*4096kB (UM) = 1092728kB [ 1008.540704][ T5950] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1008.562877][ T5950] Node 1 Normal: 0*4kB 44*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777760kB [ 1008.586840][ T5950] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1008.598323][ T5950] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1008.614605][ T5950] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1008.628949][ T5950] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1008.643729][ T5996] EXT4-fs (loop1): VFS: Can't find ext4 filesystem [ 1008.646862][ T5950] 51005 total pagecache pages [ 1008.657885][ T5950] 0 pages in swap cache [ 1008.669458][ T5950] Swap cache stats: add 0, delete 0, find 0/0 [ 1008.678357][ T5950] Free swap = 0kB [ 1008.687140][ T5950] Total swap = 0kB [ 1008.691054][ T5950] 1965979 pages RAM [ 1008.697568][ T5950] 0 pages HighMem/MovableOnly [ 1008.707209][ T5950] 341179 pages reserved [ 1008.711577][ T5950] 0 pages cma reserved 05:19:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x20000000, 0x500]}) 05:19:45 executing program 0: setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(0xffffffffffffffff, 0x5) r0 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r1, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:45 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200000a000010", 0x66, 0x400}], 0x0, 0x0) 05:19:45 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x11000008912, &(0x7f0000000000)="11dca50d6c0bcfe47bf070") setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000040)=0x1, 0x4) 05:19:45 executing program 0: r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1008.982963][ T6004] EXT4-fs (loop3): Encoding requested by superblock is unknown [ 1008.996076][ T6010] syz-executor.4: vmalloc: allocation failure: 10738466816 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1009.041540][ T6010] CPU: 1 PID: 6010 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1009.051388][ T6010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1009.061459][ T6010] Call Trace: [ 1009.064773][ T6010] dump_stack+0x172/0x1f0 [ 1009.069250][ T6010] warn_alloc.cold+0x87/0x17f [ 1009.073947][ T6010] ? zone_watermark_ok_safe+0x260/0x260 [ 1009.079527][ T6010] ? mark_lock+0xc2/0x1220 [ 1009.083962][ T6010] ? __lock_acquire+0x8a0/0x4a00 [ 1009.088922][ T6010] __vmalloc_node_range+0x483/0x7e0 [ 1009.094133][ T6010] ? is_bpf_text_address+0xac/0x170 [ 1009.099354][ T6010] ? kvm_arch_create_memslot+0xc3/0x570 [ 1009.104919][ T6010] __vmalloc_node_flags_caller+0x71/0x90 [ 1009.110599][ T6010] ? kvm_arch_create_memslot+0xc3/0x570 [ 1009.116163][ T6010] kvmalloc_node+0xdc/0x100 [ 1009.120899][ T6010] kvm_arch_create_memslot+0xc3/0x570 [ 1009.126299][ T6010] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1009.132685][ T6010] __kvm_set_memory_region+0x13b5/0x1d00 05:19:45 executing program 5: r0 = syz_open_dev$sndpcmp(&(0x7f0000000140)='/dev/snd/pcmC#D#p\x00', 0x5, 0x80a00) r1 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0) getpeername$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f00000002c0)=0x14) r3 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000006c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000680)={&(0x7f0000000300)=@deltfilter={0x348, 0x2d, 0x100, 0x70bd2d, 0x25dfdbff, {0x0, r2, {0xfff3, 0xb}, {0xa, 0x3}, {0x2, 0x2}}, [@TCA_RATE={0x8, 0x5, {0x8001, 0x1ff}}, @TCA_CHAIN={0x8, 0xb, 0x4}, @filter_kind_options=@f_matchall={{0x10, 0x1, 'matchall\x00'}, {0x150, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x3, 0xd}}, @TCA_MATCHALL_ACT={0x13c, 0x2, @m_bpf={0x138, 0x10, {{0x8, 0x1, 'bpf\x00'}, {0xe0, 0x2, [@TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_OPS={0x54, 0x4, [{0x42c3, 0x6, 0x0, 0x7}, {0x7, 0x9, 0x7fff, 0x6}, {0x3b, 0x7ff, 0x8, 0x2}, {0x5, 0x400, 0x97f, 0x6}, {0x4, 0x5, 0x5161c41a, 0x400}, {0x10001, 0x9, 0x8, 0x8}, {0xfffffffffffffffc, 0x7fff, 0x6, 0x8001}, {0x3, 0x4, 0x100000000, 0x8000}, {0x1f, 0x81, 0x2, 0x40}, {0x0, 0x3179, 0x1, 0x3f}]}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1000, 0x3, 0x1800000f, 0xfffffffffffffff8}}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x9, 0x3f, 0x3, 0x6, 0x732e}}, @TCA_ACT_BPF_OPS_LEN={0x8, 0x3, 0x1}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_FD={0x8, 0x5, r3}, @TCA_ACT_BPF_NAME={0xc, 0x6, './file0\x00'}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x5, 0x10000, 0xfffffffffffffffa, 0x9, 0x1000000000}}]}, {0x48, 0x6, "ec2173b018a390c4c467b8b75811c324cb8cd846e9c5cab7a7bf1190401e7f6ed7e1720892c58207ca1972d74a5a6fea56915e5347df0d53ed07cc4ee43711740875"}}}}, @TCA_MATCHALL_FLAGS={0x8}]}}, @TCA_RATE={0x8}, @TCA_RATE={0x8, 0x5, {0x7, 0x6}}, @filter_kind_options=@f_u32={{0x8, 0x1, 'u32\x00'}, {0x19c, 0x2, [@TCA_U32_CLASSID={0x8, 0x1, {0xf}}, @TCA_U32_ACT={0x15c, 0x7, @m_ife={0x158, 0x12, {{0x8, 0x1, 'ife\x00'}, {0x50, 0x2, [@TCA_IFE_SMAC={0xc, 0x4, @random="5e34bd03ef84"}, @TCA_IFE_DMAC={0xc, 0x3, @broadcast}, @TCA_IFE_METALST={0x1c, 0x6, [@IFE_META_PRIO={0x8, 0x3, @val=0x268}, @IFE_META_SKBMARK={0x8, 0x1, @val=0x4}, @IFE_META_SKBMARK={0x8, 0x1, @val=0xfffffffffffffffa}]}, @TCA_IFE_SMAC={0xc, 0x4, @remote}, @TCA_IFE_DMAC={0xc, 0x3, @remote}]}, {0xf8, 0x6, "301429a55720ead6cc53572a1603764a1046e6af77f931b6ee2714337d0e4acffdd7c22eb816286d8cc91862b966778d8c29682460eea3dad7a9f2e0dbb4a5a2b1fc9a344363dcfe3edf9c83e7617a4b019cec7e106ad49236dada025e9643c3f55f796e80699914991007f1d9b125e04f8c0faa76ab5e2eb637994d833ddfbbdcf1bf5e200c754661a273731f934d10f53da4356f77c56a3e88c47ec32b82404de4d5dc849b84aca37d1c5f796e7d0e80aa8326132211af91d8c4476bb4f723215b998728159b0946c75d90d91f3e1bea85f9aa50acfb00c9359e9d65c54002708a91a4b7532811d840c2650e9df8df08506f71"}}}}, @TCA_U32_FLAGS={0x8, 0xb, 0x5}, @TCA_U32_FLAGS={0x8, 0xb, 0x4}, @TCA_U32_POLICE={0xc, 0x6, @TCA_POLICE_AVRATE={0x8, 0x4, 0x9}}, @TCA_U32_MARK={0x10, 0xa, {0x2, 0x24e40000}}, @TCA_U32_HASH={0x8, 0x2, 0x2}]}}]}, 0x348}, 0x1, 0x0, 0x0, 0x4000040}, 0x10040000) setns(0xffffffffffffffff, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r4, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r6 = openat$cgroup_subtree(r5, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r6) openat$cgroup_int(r5, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r6, &(0x7f00000002c0), 0x1a5) [ 1009.138345][ T6010] ? gfn_to_hva+0x470/0x470 [ 1009.142882][ T6010] ? lock_downgrade+0x920/0x920 [ 1009.147767][ T6010] kvm_set_memory_region+0x2f/0x50 [ 1009.152983][ T6010] kvm_vm_ioctl+0x729/0x1860 [ 1009.157619][ T6010] ? debug_check_no_obj_freed+0x20a/0x43f [ 1009.163382][ T6010] ? find_held_lock+0x35/0x130 [ 1009.168172][ T6010] ? kvm_unregister_device_ops+0x70/0x70 [ 1009.173837][ T6010] ? lock_downgrade+0x920/0x920 [ 1009.179016][ T6010] ? rwlock_bug.part.0+0x90/0x90 [ 1009.184014][ T6010] ? tomoyo_path_number_perm+0x214/0x520 05:19:45 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x202000, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(r3, 0x0, 0x0) ioctl$SIOCAX25ADDUID(r1, 0x89e1, &(0x7f00000000c0)={0x3, @null, r3}) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000002c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) r5 = openat$cgroup_subtree(r4, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r5) openat$cgroup_int(r4, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940), 0x1, 0x0, 0x0) readv(r5, &(0x7f00000002c0), 0x1a5) [ 1009.189675][ T6010] ? find_held_lock+0x35/0x130 [ 1009.194477][ T6010] ? lock_downgrade+0x920/0x920 [ 1009.199380][ T6010] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1009.204687][ T6010] ? tomoyo_path_number_perm+0x459/0x520 [ 1009.210349][ T6010] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1009.216633][ T6010] ? tomoyo_path_number_perm+0x263/0x520 [ 1009.222283][ T6010] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1009.228154][ T6010] ? kvm_unregister_device_ops+0x70/0x70 [ 1009.233899][ T6010] do_vfs_ioctl+0xdb6/0x13e0 [ 1009.238520][ T6010] ? ioctl_preallocate+0x210/0x210 [ 1009.243654][ T6010] ? __fget+0x384/0x560 [ 1009.247942][ T6010] ? ksys_dup3+0x3e0/0x3e0 [ 1009.252374][ T6010] ? nsecs_to_jiffies+0x30/0x30 [ 1009.257298][ T6010] ? tomoyo_file_ioctl+0x23/0x30 [ 1009.262244][ T6010] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1009.268507][ T6010] ? security_file_ioctl+0x8d/0xc0 [ 1009.273763][ T6010] ksys_ioctl+0xab/0xd0 [ 1009.277936][ T6010] __x64_sys_ioctl+0x73/0xb0 [ 1009.282736][ T6010] do_syscall_64+0xfa/0x760 [ 1009.287243][ T6010] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1009.293525][ T6010] RIP: 0033:0x4598e9 [ 1009.297627][ T6010] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1009.318115][ T6010] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1009.326631][ T6010] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1009.334734][ T6010] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 05:19:45 executing program 2: r0 = syz_open_dev$sndseq(&(0x7f00000007c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000000)={0x0, 0x0, {0x2}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}) [ 1009.342713][ T6010] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1009.350731][ T6010] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1009.358704][ T6010] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1009.382185][ T6010] Mem-Info: [ 1009.385572][ T6010] active_anon:144705 inactive_anon:660 isolated_anon:14 [ 1009.385572][ T6010] active_file:21599 inactive_file:29161 isolated_file:0 [ 1009.385572][ T6010] unevictable:4096 dirty:254 writeback:0 unstable:0 [ 1009.385572][ T6010] slab_reclaimable:13011 slab_unreclaimable:97230 [ 1009.385572][ T6010] mapped:58987 shmem:253 pagetables:1402 bounce:0 [ 1009.385572][ T6010] free:1221450 free_pcp:702 free_cma:0 [ 1009.424903][ T6010] Node 0 active_anon:578820kB inactive_anon:2640kB active_file:86252kB inactive_file:116644kB unevictable:16384kB isolated(anon):56kB isolated(file):0kB mapped:235948kB dirty:1012kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 552960kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1009.455981][ T6010] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1009.497953][ T6010] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:19:46 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x54}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:19:46 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000410000010", 0x66, 0x400}], 0x0, 0x0) 05:19:46 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x89b0, &(0x7f0000000080)={'sit0\x00', @ifru_flags}) [ 1009.669600][ T6010] lowmem_reserve[]: 0 2547 2548 2548 [ 1009.677016][ T6010] Node 0 DMA32 free:1089772kB min:36184kB low:45228kB high:54272kB active_anon:581248kB inactive_anon:2640kB active_file:85200kB inactive_file:116560kB unevictable:16384kB writepending:1004kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7872kB pagetables:5904kB bounce:0kB free_pcp:2672kB local_pcp:1332kB free_cma:0kB 05:19:46 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000080)={0x0, r0, 0x3, 0xfffffffffffffff9, 0x8, 0x27}) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r3 = openat$cgroup_subtree(r2, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r3) openat$cgroup_int(r2, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCOUTQNSD(r4, 0x894b, &(0x7f0000000140)) getsockopt$inet6_dccp_buf(r0, 0x21, 0xd, &(0x7f0000000280)=""/4096, &(0x7f00000001c0)=0x1000) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) readv(r3, &(0x7f00000002c0), 0x1a5) [ 1009.921519][ T6010] lowmem_reserve[]: 0 0 1 1 [ 1009.940277][ T6010] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1010.005094][ T6010] lowmem_reserve[]: 0 0 0 0 [ 1010.027736][ T6010] Node 1 Normal free:3777760kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1010.093813][ T6044] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1010.099941][ T6010] lowmem_reserve[]: 0 0 0 0 [ 1010.122242][ T6010] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1010.137101][ T6010] Node 0 DMA32: 6086*4kB (UME) 3850*8kB (UME) 2448*16kB (UME) 1048*32kB (UME) 480*64kB (UME) 71*128kB (UM) 29*256kB (UM) 25*512kB (U) 9*1024kB (UE) 7*2048kB (UME) 216*4096kB (UM) = 1096168kB [ 1010.156222][ T6010] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1010.177817][ T6010] Node 1 Normal: 0*4kB 44*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777760kB [ 1010.195545][ T6010] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1010.218780][ T6010] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1010.228720][ T6010] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1010.242152][ T6010] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1010.253881][ T6010] 51020 total pagecache pages [ 1010.258679][ T6010] 0 pages in swap cache [ 1010.263497][ T6010] Swap cache stats: add 0, delete 0, find 0/0 [ 1010.269990][ T6010] Free swap = 0kB [ 1010.279192][ T6010] Total swap = 0kB [ 1010.285465][ T6010] 1965979 pages RAM [ 1010.289383][ T6010] 0 pages HighMem/MovableOnly 05:19:46 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x200a0000, 0x500]}) 05:19:46 executing program 0: r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:46 executing program 2: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="2c0000001600010400000000000000000a00000021fe000014000100fe800000475d29f500000000000000aa3f873e0d183ca4a38032780b463921c71ff3e9d72b0ede952af041c9963a0252f5210fb53e9d8ca420da2ee757492dc32a83bf6fced89de972d53599c1afc74b1582e4d4e3b4319ff765967ca3a245c661f16c17ce573e6de4b413000dbee7e667aa14a27c905dcfdadc5d294b57906dc8e1552d0e452d732a52dc9a610beb4b6e49a9ce579d1e6a5ed5ad8a9fcdc323e9b11daf21e90952cca73a48b659b8315d3ae65b7e4130fab60d574ad5686201ee2a17fb99e73d088cee7c3d6c60120ff3d224ea2c92902f5660df7c57b3ed81ac64a2437aff102e2427da6495cb67dc4255b5b48e31c7a013715091813717059c5c3c240abbfe24c0f9b519f9e9a07fae443e83fc24573ef7e1d4962e8e1a49b50046a8b7ec1c750e5792938d0e77b60f990bbe89b3b250650e5cb108eaa52a107cc35f3dcfcba17b1808e0e4c50ddc25829ebbaf484d026c43019b98a5e68dcae7aab1d737c9bb79e92033b6b818fa50735afe9143c3b54bb4c5f73af8ac7defe027de45656bfd6d43ffac6c42cb7f8f8dabebcb0c1dcea6397453babd4e7db14c32e96b8b750e65c1e08bd8a956460ab2644d23a0f570d4c5cf1b81626c462dd8c4621ac624ad5bd26f35193c11758ff2871400e36345127d309518a3e6d16bd8f4833285"], 0x1}}, 0x0) r0 = add_key$keyring(&(0x7f00000002c0)='keyring\x00', &(0x7f00000003c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key(&(0x7f0000000280)='asymmetric\x00', 0x0, &(0x7f0000000340)="04", 0x2, r0) 05:19:46 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000000)={{&(0x7f000037e000/0x2000)=nil, 0x2000}}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:19:46 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r3, &(0x7f0000000140), 0x4924b68, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) getsockopt$inet6_udp_int(r3, 0x11, 0xa, &(0x7f00000000c0), &(0x7f0000000340)=0x4) r5 = syz_open_dev$sndpcmc(&(0x7f0000000380)='/dev/snd/pcmC#D#c\x00', 0x7, 0x80000) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@getrule={0x14, 0x22, 0x20, 0x70bd25, 0x25dfdbfe, {}, ["", ""]}, 0x14}}, 0x8004) sendmsg$can_bcm(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x1d, r4}, 0x10, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="020000005f6dc43c0100000000000000", @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="01000000110100000400e1800736ec001ef1ebfd74285274fc4660cdfd5eac8df9e0f34a2ae72e7381896f6d1b73a35d56e33bc69f19a664841bc96cb0319154966d732c9523ec24a44fa23cb1099641259040a6513966e921dc96a6ff894a302c27fd4d1a897acb06b1f0549b049ec08b63493dd5da8b4647113b899de6ef65dbc8d4439ba78ad0228d49d57419"], 0x48}, 0x1, 0x0, 0x0, 0x816954e363036659}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) 05:19:46 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202002010000010", 0x66, 0x400}], 0x0, 0x0) [ 1010.294910][ T6010] 341179 pages reserved [ 1010.299155][ T6010] 0 pages cma reserved 05:19:46 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='nv\x00', 0x2dd) write$binfmt_script(r0, &(0x7f00000009c0)=ANY=[], 0x200107af) [ 1010.480785][ T6076] syz-executor.4: vmalloc: allocation failure: 10738468096 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:19:47 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0x200, 0x404a00) write$P9_RWALK(r1, &(0x7f0000000100)={0x30, 0x6f, 0x1, {0x3, [{0x9c, 0x2, 0x7}, {0x19, 0x1, 0x4}, {0x4, 0x0, 0x4}]}}, 0x30) r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x80) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r2, 0x81785501, &(0x7f0000000340)=""/94) connect$caif(r2, &(0x7f0000000200), 0x18) ioctl$TUNGETDEVNETNS(r2, 0x54e3, 0x0) openat$cgroup_int(r2, &(0x7f00000000c0)='io.bfq.weight\x00', 0x2, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x200, 0x0) r4 = openat$cgroup_subtree(r3, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r4) openat$cgroup_int(r3, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r4, &(0x7f00000002c0), 0x1a5) [ 1010.530580][ T6066] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1010.582569][ T6076] CPU: 0 PID: 6076 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1010.591667][ T6076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1010.601740][ T6076] Call Trace: [ 1010.605063][ T6076] dump_stack+0x172/0x1f0 [ 1010.609426][ T6076] warn_alloc.cold+0x87/0x17f [ 1010.614162][ T6076] ? zone_watermark_ok_safe+0x260/0x260 [ 1010.619766][ T6076] ? mark_lock+0xc2/0x1220 [ 1010.624203][ T6076] ? __lock_acquire+0x8a0/0x4a00 05:19:47 executing program 0: r0 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1010.629181][ T6076] __vmalloc_node_range+0x483/0x7e0 [ 1010.634403][ T6076] ? is_bpf_text_address+0xac/0x170 [ 1010.639639][ T6076] ? kvm_arch_create_memslot+0xc3/0x570 [ 1010.645216][ T6076] __vmalloc_node_flags_caller+0x71/0x90 [ 1010.650962][ T6076] ? kvm_arch_create_memslot+0xc3/0x570 [ 1010.656548][ T6076] kvmalloc_node+0xdc/0x100 [ 1010.661078][ T6076] kvm_arch_create_memslot+0xc3/0x570 [ 1010.666483][ T6076] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1010.672759][ T6076] __kvm_set_memory_region+0x13b5/0x1d00 [ 1010.678433][ T6076] ? gfn_to_hva+0x470/0x470 05:19:47 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1010.682963][ T6076] ? lock_downgrade+0x920/0x920 [ 1010.687861][ T6076] kvm_set_memory_region+0x2f/0x50 [ 1010.692992][ T6076] kvm_vm_ioctl+0x729/0x1860 [ 1010.697935][ T6076] ? debug_check_no_obj_freed+0x20a/0x43f [ 1010.703972][ T6076] ? find_held_lock+0x35/0x130 [ 1010.708860][ T6076] ? kvm_unregister_device_ops+0x70/0x70 [ 1010.714531][ T6076] ? lock_downgrade+0x920/0x920 [ 1010.719584][ T6076] ? rwlock_bug.part.0+0x90/0x90 [ 1010.724527][ T6076] ? tomoyo_path_number_perm+0x214/0x520 [ 1010.730170][ T6076] ? find_held_lock+0x35/0x130 [ 1010.734960][ T6076] ? lock_downgrade+0x920/0x920 [ 1010.739974][ T6076] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1010.745519][ T6076] ? tomoyo_path_number_perm+0x459/0x520 [ 1010.751164][ T6076] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1010.757678][ T6076] ? tomoyo_path_number_perm+0x263/0x520 [ 1010.763332][ T6076] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1010.769163][ T6076] ? kvm_unregister_device_ops+0x70/0x70 [ 1010.774804][ T6076] do_vfs_ioctl+0xdb6/0x13e0 [ 1010.779395][ T6076] ? ioctl_preallocate+0x210/0x210 [ 1010.784497][ T6076] ? __fget+0x384/0x560 [ 1010.788678][ T6076] ? ksys_dup3+0x3e0/0x3e0 [ 1010.793089][ T6076] ? nsecs_to_jiffies+0x30/0x30 [ 1010.797936][ T6076] ? tomoyo_file_ioctl+0x23/0x30 [ 1010.802935][ T6076] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1010.809295][ T6076] ? security_file_ioctl+0x8d/0xc0 [ 1010.814564][ T6076] ksys_ioctl+0xab/0xd0 [ 1010.818900][ T6076] __x64_sys_ioctl+0x73/0xb0 [ 1010.823511][ T6076] do_syscall_64+0xfa/0x760 [ 1010.828027][ T6076] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1010.833925][ T6076] RIP: 0033:0x4598e9 [ 1010.837821][ T6076] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1010.857798][ T6076] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1010.866299][ T6076] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1010.874496][ T6076] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1010.882488][ T6076] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1010.890607][ T6076] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1010.898963][ T6076] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1010.909399][ T6076] Mem-Info: [ 1010.912925][ T6076] active_anon:144722 inactive_anon:660 isolated_anon:0 [ 1010.912925][ T6076] active_file:21599 inactive_file:29170 isolated_file:0 [ 1010.912925][ T6076] unevictable:4096 dirty:265 writeback:0 unstable:0 [ 1010.912925][ T6076] slab_reclaimable:12989 slab_unreclaimable:97695 [ 1010.912925][ T6076] mapped:58983 shmem:252 pagetables:1408 bounce:0 [ 1010.912925][ T6076] free:1220958 free_pcp:676 free_cma:0 [ 1010.953171][ T6076] Node 0 active_anon:578872kB inactive_anon:2640kB active_file:86256kB inactive_file:116696kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235972kB dirty:1092kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 561152kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1010.983013][ T6076] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1010.983021][ T6076] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1010.983052][ T6076] lowmem_reserve[]: 0 2547 2548 2548 [ 1010.983070][ T6076] Node 0 DMA32 free:1089592kB min:36184kB low:45228kB high:54272kB active_anon:578852kB inactive_anon:2640kB active_file:85204kB inactive_file:116612kB unevictable:16384kB writepending:1084kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7776kB pagetables:5632kB bounce:0kB free_pcp:2720kB local_pcp:1292kB free_cma:0kB [ 1010.983101][ T6076] lowmem_reserve[]: 0 0 1 1 [ 1010.983118][ T6076] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1010.983150][ T6076] lowmem_reserve[]: 0 0 0 0 [ 1010.983168][ T6076] Node 1 Normal free:3777760kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1010.983198][ T6076] lowmem_reserve[]: 0 0 0 0 [ 1010.983212][ T6076] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1010.983287][ T6076] Node 0 DMA32: 6126*4kB (UME) 3756*8kB (UME) 2366*16kB (UME) 1024*32kB (UME) 482*64kB (UME) 71*128kB (UM) 29*256kB (UM) 25*512kB (U) 9*1024kB (UE) 7*2048kB (UME) 215*4096kB (UM) = 1089528kB [ 1011.072123][ T6076] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB 05:19:47 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000140)) sendmmsg$alg(r3, &(0x7f0000000140), 0x4924b68, 0x0) recvmmsg(r3, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) lstat(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000280)={{{@in6=@dev={0xfe, 0x80, [], 0xb}, @in6=@rand_addr="d7f0b2820979ff97bf355ac0da1169dd", 0x4e23, 0xc5, 0x4e22, 0x0, 0x2, 0xa0, 0x60, 0x3c, 0x0, r4}, {0x0, 0x1, 0x0, 0x0, 0xa2b, 0x0, 0x6, 0x6}, {0x8001, 0x7ff, 0xffffffff, 0x1}, 0x9, 0x0, 0x3, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x21}, 0x4d3, 0xff}, 0xa, @in=@broadcast, 0x3507, 0x4, 0x3, 0x9, 0x200, 0x8000, 0x1f}}, 0xe8) 05:19:47 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r1 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x8000, 0x0) getpeername$ax25(r1, &(0x7f0000000100)={{0x3, @default}, [@netrom, @default, @netrom, @null, @null, @rose, @null, @netrom]}, &(0x7f0000000040)=0x48) [ 1011.289761][ T6076] Node 1 Normal: 0*4kB 44*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777760kB [ 1011.393729][ T6076] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1011.437531][ T6076] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1011.470136][ T6076] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1011.490293][ T6076] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1011.502578][ T6076] 51031 total pagecache pages [ 1011.511996][ T6076] 0 pages in swap cache [ 1011.520398][ T6076] Swap cache stats: add 0, delete 0, find 0/0 [ 1011.535665][ T6076] Free swap = 0kB [ 1011.539672][ T6076] Total swap = 0kB [ 1011.545885][ T6076] 1965979 pages RAM [ 1011.563969][ T6076] 0 pages HighMem/MovableOnly [ 1011.575988][ T6076] 341179 pages reserved [ 1011.583004][ T6076] 0 pages cma reserved 05:19:48 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x3f000000, 0x500]}) 05:19:48 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:48 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200da19000010", 0x66, 0x400}], 0x0, 0x0) 05:19:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") seccomp(0x3, 0x0, &(0x7f00000005c0)={0xfffffffffffffd08, 0x0}) 05:19:48 executing program 1: rseq(&(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0, 0x1, 0x1000, 0x200, 0x15}, 0x4}, 0x20, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x7f, 0x24000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x0, 0x0) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @empty, @broadcast}, &(0x7f0000000080)=0xc) 05:19:48 executing program 2: getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, 0x0, 0x0) syz_open_dev$usb(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x0, 0x220000) r0 = syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x100082) r1 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) socket$inet_udp(0x2, 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) fsetxattr$system_posix_acl(r2, &(0x7f0000000240)='system.posix_acl_access\x00', &(0x7f0000000680)={{}, {}, [{}], {}, [{}]}, 0x34, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x2, 0x0) pwritev(r1, &(0x7f0000000340)=[{0x0}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, 0x0, 0x40fdf) [ 1011.781647][ T6130] syz-executor.4: vmalloc: allocation failure: 10739482624 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1011.869731][ T6130] CPU: 1 PID: 6130 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1011.878840][ T6130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1011.888914][ T6130] Call Trace: [ 1011.892236][ T6130] dump_stack+0x172/0x1f0 [ 1011.896617][ T6130] warn_alloc.cold+0x87/0x17f [ 1011.901370][ T6130] ? zone_watermark_ok_safe+0x260/0x260 [ 1011.906963][ T6130] ? mark_lock+0xc2/0x1220 [ 1011.911403][ T6130] ? __lock_acquire+0x8a0/0x4a00 [ 1011.916593][ T6130] __vmalloc_node_range+0x483/0x7e0 [ 1011.921815][ T6130] ? is_bpf_text_address+0xac/0x170 [ 1011.927044][ T6130] ? kvm_arch_create_memslot+0xc3/0x570 [ 1011.932613][ T6130] __vmalloc_node_flags_caller+0x71/0x90 [ 1011.938354][ T6130] ? kvm_arch_create_memslot+0xc3/0x570 [ 1011.943942][ T6130] kvmalloc_node+0xdc/0x100 [ 1011.948730][ T6130] kvm_arch_create_memslot+0xc3/0x570 [ 1011.954136][ T6130] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1011.960507][ T6130] __kvm_set_memory_region+0x13b5/0x1d00 05:19:48 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x1000000000, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) readv(r1, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) r2 = accept4$inet(r1, &(0x7f0000000000)={0x2, 0x0, @remote}, &(0x7f0000000040)=0x10, 0x800) r3 = syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x2, 0x2) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r3, 0x84, 0x5, &(0x7f0000000440)={r5, @in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x84) ioctl$SIOCAX25CTLCON(r1, 0x89e8, &(0x7f00000001c0)={@bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x9, 0x0, 0x3, [@default, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r2, 0x84, 0x19, &(0x7f0000000100)={r5, 0x3}, 0x8) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r1, &(0x7f0000000080), 0x8) ioctl$DRM_IOCTL_AGP_RELEASE(r1, 0x6431) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1011.966183][ T6130] ? gfn_to_hva+0x470/0x470 [ 1011.970733][ T6130] ? lock_downgrade+0x920/0x920 [ 1011.975623][ T6130] kvm_set_memory_region+0x2f/0x50 [ 1011.980771][ T6130] kvm_vm_ioctl+0x729/0x1860 [ 1011.985389][ T6130] ? debug_check_no_obj_freed+0x20a/0x43f [ 1011.991138][ T6130] ? find_held_lock+0x35/0x130 [ 1011.995928][ T6130] ? kvm_unregister_device_ops+0x70/0x70 [ 1012.001686][ T6130] ? lock_downgrade+0x920/0x920 [ 1012.006572][ T6130] ? rwlock_bug.part.0+0x90/0x90 [ 1012.011535][ T6130] ? tomoyo_path_number_perm+0x214/0x520 [ 1012.017195][ T6130] ? find_held_lock+0x35/0x130 [ 1012.021985][ T6130] ? lock_downgrade+0x920/0x920 [ 1012.022001][ T6130] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1012.022020][ T6130] ? tomoyo_path_number_perm+0x459/0x520 [ 1012.022044][ T6130] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1012.032197][ T6130] ? tomoyo_path_number_perm+0x263/0x520 [ 1012.032216][ T6130] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1012.032250][ T6130] ? kvm_unregister_device_ops+0x70/0x70 [ 1012.032265][ T6130] do_vfs_ioctl+0xdb6/0x13e0 05:19:48 executing program 2: r0 = getpgrp(0x0) capget(&(0x7f0000000800)={0x20080522, r0}, &(0x7f0000000840)) [ 1012.032281][ T6130] ? ioctl_preallocate+0x210/0x210 [ 1012.032294][ T6130] ? __fget+0x384/0x560 [ 1012.032312][ T6130] ? ksys_dup3+0x3e0/0x3e0 [ 1012.032329][ T6130] ? nsecs_to_jiffies+0x30/0x30 [ 1012.032348][ T6130] ? tomoyo_file_ioctl+0x23/0x30 [ 1012.032368][ T6130] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1012.070099][ T6123] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1012.071416][ T6130] ? security_file_ioctl+0x8d/0xc0 [ 1012.071436][ T6130] ksys_ioctl+0xab/0xd0 [ 1012.071456][ T6130] __x64_sys_ioctl+0x73/0xb0 05:19:48 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1012.114119][ T6130] do_syscall_64+0xfa/0x760 [ 1012.123255][ T6130] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1012.123268][ T6130] RIP: 0033:0x4598e9 [ 1012.123283][ T6130] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1012.123290][ T6130] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1012.123302][ T6130] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1012.123310][ T6130] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1012.123317][ T6130] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1012.123324][ T6130] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1012.123331][ T6130] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1012.157978][ T6130] Mem-Info: [ 1012.208806][ T6130] active_anon:145207 inactive_anon:662 isolated_anon:0 [ 1012.208806][ T6130] active_file:21599 inactive_file:29186 isolated_file:0 [ 1012.208806][ T6130] unevictable:4096 dirty:282 writeback:0 unstable:0 [ 1012.208806][ T6130] slab_reclaimable:12995 slab_unreclaimable:98092 [ 1012.208806][ T6130] mapped:58967 shmem:253 pagetables:1432 bounce:0 [ 1012.208806][ T6130] free:1220116 free_pcp:553 free_cma:0 [ 1012.248866][ T6130] Node 0 active_anon:580828kB inactive_anon:2648kB active_file:86252kB inactive_file:116744kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235868kB dirty:1124kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 563200kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1012.394606][ T6130] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:19:48 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000020000010", 0x66, 0x400}], 0x0, 0x0) 05:19:48 executing program 2: r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x0, 0x0) read$alg(r0, &(0x7f0000000180)=""/207, 0xcf) ioctl$int_in(r0, 0x800000c0045009, &(0x7f0000000940)) read$char_usb(r0, &(0x7f00000003c0)=""/100, 0x64) 05:19:48 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) ioctl(r1, 0x1000008912, &(0x7f0000000080)="11dca50d5e0bcfe47bf0707e87bfd8094d72f4b9c4a23baf74636ed6862d75b83f3d62ac5473ded3a5da11063eb5dc0180000003789d2504acc30000000000000007ec72983ee7e93c560ae22115b53b72f9499f117dcaf54bb8fd5697f1fde722923f46df000000000000000000") r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) write$P9_ROPEN(r0, &(0x7f0000000040)={0x18, 0x71, 0x1, {{0x66, 0x4, 0x8}, 0x80000000}}, 0x18) r3 = openat$cgroup_subtree(r2, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r4, &(0x7f0000000140), 0x4924b68, 0x0) r5 = syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x2, 0x2) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r5, 0x84, 0x5, &(0x7f0000000440)={r7, @in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000280)={r7, @in6={{0xa, 0x4e23, 0x20, @local, 0x3}}, [0x0, 0x10001, 0x7, 0x0, 0x6491, 0x0, 0x1d, 0x401, 0x3, 0x100000000, 0xb5b, 0x1, 0x5, 0x1, 0x9]}, &(0x7f0000000100)=0x100) getsockopt$inet_sctp_SCTP_CONTEXT(r4, 0x84, 0x11, &(0x7f0000000140)={r8, 0x8a96}, &(0x7f00000001c0)=0x8) close(r3) openat$cgroup_int(r2, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r3, &(0x7f00000002c0), 0x1a5) [ 1012.439079][ T6130] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1012.615557][ T6130] lowmem_reserve[]: 0 2547 2548 2548 [ 1012.620931][ T6130] Node 0 DMA32 free:1077932kB min:36184kB low:45228kB high:54272kB active_anon:589124kB inactive_anon:2648kB active_file:85200kB inactive_file:116660kB unevictable:16384kB writepending:1116kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:8000kB pagetables:6024kB bounce:0kB free_pcp:1680kB local_pcp:744kB free_cma:0kB [ 1012.707261][ T6130] lowmem_reserve[]: 0 0 1 1 [ 1012.717156][ T6158] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1012.725978][ T6130] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1012.765317][ T6130] lowmem_reserve[]: 0 0 0 0 [ 1012.770031][ T6130] Node 1 Normal free:3777760kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1012.798675][ T6130] lowmem_reserve[]: 0 0 0 0 [ 1012.803284][ T6130] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1012.818173][ T6130] Node 0 DMA32: 6606*4kB (UME) 3872*8kB (UME) 2019*16kB (UME) 1067*32kB (UME) 487*64kB (UME) 71*128kB (UM) 29*256kB (UM) 25*512kB (U) 9*1024kB (UE) 6*2048kB (UME) 215*4096kB (UM) = 1086472kB [ 1012.836991][ T6130] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1012.849311][ T6130] Node 1 Normal: 0*4kB 43*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777752kB [ 1012.866943][ T6130] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1012.876713][ T6130] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1012.886271][ T6130] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1012.896168][ T6130] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1012.896177][ T6130] 51037 total pagecache pages [ 1012.896184][ T6130] 0 pages in swap cache [ 1012.896194][ T6130] Swap cache stats: add 0, delete 0, find 0/0 [ 1012.896200][ T6130] Free swap = 0kB [ 1012.896204][ T6130] Total swap = 0kB [ 1012.896213][ T6130] 1965979 pages RAM [ 1012.896218][ T6130] 0 pages HighMem/MovableOnly [ 1012.896222][ T6130] 341179 pages reserved [ 1012.896227][ T6130] 0 pages cma reserved 05:19:49 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x40000000, 0x500]}) 05:19:49 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:49 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.net/syz0\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) r3 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) getsockopt$netrom_NETROM_T1(r3, 0x103, 0x1, &(0x7f0000000080), &(0x7f0000000100)=0x4) 05:19:49 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202001020000010", 0x66, 0x400}], 0x0, 0x0) 05:19:49 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f00000000c0)="6d773645ba6ef76ae1339cb38f8a38e71d2759b75deb72c4", 0x18}], 0x1) readv(r2, &(0x7f00000002c0), 0x1a5) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r3, 0x800000c004500a, &(0x7f0000000300)) readv(r3, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000340)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r3, &(0x7f0000000480)={&(0x7f00000002c0), 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x50, r4, 0x2, 0x70bd2b, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0x34, 0x2, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x4}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x490}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x8, 0xb, 0x2}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e22}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffffffffffff9526}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xb0}]}, 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x4044000) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r3, &(0x7f0000000080), 0x17661bcb2d38da94) syz_open_dev$midi(&(0x7f00000001c0)='/dev/midi#\x00', 0x9, 0xa000) ioctl$VIDIOC_S_AUDOUT(r3, 0x40345632, &(0x7f0000000280)={0xfffffffffffffffe, "0176fb201c6db6d951c41518b2a714fe3d08f77068d09ded7884f82b0e60de06", 0x1, 0x452fc0bcc786cb2}) ioctl$VIDIOC_S_FREQUENCY(r3, 0x402c5639, &(0x7f0000000080)={0x9, 0x1, 0x7ff}) [ 1013.156822][ T6180] syz-executor.4: vmalloc: allocation failure: 10739515392 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1013.222410][ T6180] CPU: 0 PID: 6180 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1013.231486][ T6180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1013.241564][ T6180] Call Trace: [ 1013.244882][ T6180] dump_stack+0x172/0x1f0 [ 1013.249232][ T6180] warn_alloc.cold+0x87/0x17f [ 1013.253927][ T6180] ? zone_watermark_ok_safe+0x260/0x260 [ 1013.259508][ T6180] ? mark_lock+0xc2/0x1220 [ 1013.263949][ T6180] ? __lock_acquire+0x8a0/0x4a00 [ 1013.268927][ T6180] __vmalloc_node_range+0x483/0x7e0 [ 1013.274161][ T6180] ? is_bpf_text_address+0xac/0x170 [ 1013.279406][ T6180] ? kvm_arch_create_memslot+0xc3/0x570 [ 1013.284971][ T6180] __vmalloc_node_flags_caller+0x71/0x90 [ 1013.284991][ T6180] ? kvm_arch_create_memslot+0xc3/0x570 [ 1013.285009][ T6180] kvmalloc_node+0xdc/0x100 [ 1013.285025][ T6180] kvm_arch_create_memslot+0xc3/0x570 [ 1013.285045][ T6180] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1013.285070][ T6180] __kvm_set_memory_region+0x13b5/0x1d00 [ 1013.285091][ T6180] ? gfn_to_hva+0x470/0x470 [ 1013.285116][ T6180] ? lock_downgrade+0x920/0x920 [ 1013.285154][ T6180] kvm_set_memory_region+0x2f/0x50 [ 1013.296344][ T6180] kvm_vm_ioctl+0x729/0x1860 [ 1013.296361][ T6180] ? debug_check_no_obj_freed+0x20a/0x43f [ 1013.296376][ T6180] ? find_held_lock+0x35/0x130 [ 1013.296393][ T6180] ? kvm_unregister_device_ops+0x70/0x70 [ 1013.296413][ T6180] ? lock_downgrade+0x920/0x920 [ 1013.296428][ T6180] ? rwlock_bug.part.0+0x90/0x90 [ 1013.296442][ T6180] ? tomoyo_path_number_perm+0x214/0x520 [ 1013.296459][ T6180] ? find_held_lock+0x35/0x130 [ 1013.333729][ T6182] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1013.337287][ T6180] ? lock_downgrade+0x920/0x920 [ 1013.337301][ T6180] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1013.337320][ T6180] ? tomoyo_path_number_perm+0x459/0x520 [ 1013.337341][ T6180] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1013.337359][ T6180] ? tomoyo_path_number_perm+0x263/0x520 [ 1013.412339][ T6180] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1013.418174][ T6180] ? kvm_unregister_device_ops+0x70/0x70 [ 1013.423819][ T6180] do_vfs_ioctl+0xdb6/0x13e0 [ 1013.428411][ T6180] ? ioctl_preallocate+0x210/0x210 [ 1013.433531][ T6180] ? __fget+0x384/0x560 [ 1013.437694][ T6180] ? ksys_dup3+0x3e0/0x3e0 [ 1013.442403][ T6180] ? nsecs_to_jiffies+0x30/0x30 [ 1013.447268][ T6180] ? tomoyo_file_ioctl+0x23/0x30 [ 1013.452470][ T6180] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1013.458814][ T6180] ? security_file_ioctl+0x8d/0xc0 [ 1013.464183][ T6180] ksys_ioctl+0xab/0xd0 [ 1013.468466][ T6180] __x64_sys_ioctl+0x73/0xb0 [ 1013.473164][ T6180] do_syscall_64+0xfa/0x760 [ 1013.477698][ T6180] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1013.483819][ T6180] RIP: 0033:0x4598e9 [ 1013.487834][ T6180] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1013.507456][ T6180] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1013.515895][ T6180] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 05:19:50 executing program 2: r0 = creat(&(0x7f0000000280)='./bus\x00', 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) readv(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f00000000c0)=""/91, 0x5b}], 0x1) write$P9_RSTAT(r0, &(0x7f00000028c0)=ANY=[@ANYBLOB="910000007d020000008a00ffff00000000f50400000001000000000000000000848c01f8ff7f5a00000070000000000000002d002e70707030292b707070313e766d6e657431657468316b657972696e6773797374656d73797374656d656d302512002da0a83b2f696e7075742f120000000000ffff7f7075742f6d6f7573652300d9c4f5e5d0b8964347c3a671682544f78d83218e77b2db1545fd0f00"/186], 0x91) syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0x9, 0x41) sync_file_range(r0, 0x3f, 0xfc0, 0x1) r1 = open(&(0x7f0000000180)='./bus\x00', 0x101100, 0x0) sendfile(r0, r1, 0x0, 0x8000fffffffe) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(0xffffffffffffffff, 0xc08c5336, &(0x7f0000000000)={0x8, 0x97, 0x4, 'queue0\x00', 0x1}) semctl$IPC_STAT(0x0, 0x0, 0x2, &(0x7f0000002700)=""/181) [ 1013.523874][ T6180] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1013.531926][ T6180] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1013.539896][ T6180] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1013.547994][ T6180] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1013.567773][ T6180] Mem-Info: [ 1013.571125][ T6180] active_anon:146237 inactive_anon:661 isolated_anon:0 [ 1013.571125][ T6180] active_file:21598 inactive_file:29194 isolated_file:0 [ 1013.571125][ T6180] unevictable:4096 dirty:293 writeback:0 unstable:0 [ 1013.571125][ T6180] slab_reclaimable:12970 slab_unreclaimable:97798 [ 1013.571125][ T6180] mapped:58952 shmem:252 pagetables:1426 bounce:0 [ 1013.571125][ T6180] free:1219308 free_pcp:667 free_cma:0 [ 1013.610310][ T6180] Node 0 active_anon:584948kB inactive_anon:2644kB active_file:86248kB inactive_file:116776kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235908kB dirty:1164kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 555008kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1013.640224][ T6180] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1013.668038][ T6180] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1013.696453][ T6180] lowmem_reserve[]: 0 2547 2548 2548 [ 1013.704561][ T6180] Node 0 DMA32 free:1084272kB min:36184kB low:45228kB high:54272kB active_anon:584928kB inactive_anon:2644kB active_file:85196kB inactive_file:116692kB unevictable:16384kB writepending:1152kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7808kB pagetables:5704kB bounce:0kB free_pcp:2352kB local_pcp:992kB free_cma:0kB [ 1013.753519][ T26] audit: type=1804 audit(1568524790.213:42): pid=6191 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir399519666/syzkaller.JhXwGG/959/bus" dev="sda1" ino=17292 res=1 [ 1013.779351][ T6180] lowmem_reserve[]: 0 0 1 1 [ 1013.784058][ T6180] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:12kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1013.851193][ T6180] lowmem_reserve[]: 0 0 0 0 [ 1013.860414][ T6180] Node 1 Normal free:3777752kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:8kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1013.983226][ T6180] lowmem_reserve[]: 0 0 0 0 [ 1014.020394][ T6180] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1014.042632][ T6180] Node 0 DMA32: 6895*4kB (UME) 3836*8kB (UME) 2007*16kB (UME) 1075*32kB (UME) 490*64kB (UME) 78*128kB (UM) 30*256kB (UM) 25*512kB (U) 9*1024kB (UE) 7*2048kB (UME) 215*4096kB (UM) = 1090796kB [ 1014.065139][ T6180] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1014.079827][ T6180] Node 1 Normal: 0*4kB 43*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777752kB [ 1014.097163][ T6180] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1014.107362][ T6180] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1014.117427][ T6180] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1014.127624][ T6180] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1014.137565][ T6180] 51175 total pagecache pages [ 1014.143657][ T6180] 0 pages in swap cache [ 1014.148142][ T6180] Swap cache stats: add 0, delete 0, find 0/0 [ 1014.154927][ T6180] Free swap = 0kB [ 1014.158920][ T6180] Total swap = 0kB [ 1014.163253][ T6180] 1965979 pages RAM [ 1014.167290][ T6180] 0 pages HighMem/MovableOnly [ 1014.172604][ T6180] 341179 pages reserved [ 1014.177023][ T6180] 0 pages cma reserved [ 1014.549033][ T26] audit: type=1804 audit(1568524791.003:43): pid=6192 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.2" name="/root/syzkaller-testdir399519666/syzkaller.JhXwGG/959/bus" dev="sda1" ino=17292 res=1 [ 1014.583445][ T26] audit: type=1804 audit(1568524791.043:44): pid=6202 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir399519666/syzkaller.JhXwGG/959/bus" dev="sda1" ino=17292 res=1 05:19:51 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000023000010", 0x66, 0x400}], 0x0, 0x0) 05:19:51 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:51 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000000000000008, &(0x7f0000000040)="13f3a50d3ca998b23c0b5e") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) r4 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x380, 0x4000) r5 = syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x2, 0x2) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f0000000300)=ANY=[@ANYBLOB="0217c318180c5d09daf3864dc96097d1967b24f1c927388041b6964f0b0e5cd3a9781020d5a3ab7333d10f82ef084d57909a7082677476f55aca6dc293266f0fdb5f22765e823a271eaca4", @ANYRES32=0x0], &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r5, 0x84, 0x5, &(0x7f0000000440)={r7, @in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x84) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(0xffffffffffffffff, 0x84, 0x73, &(0x7f00000000c0)={r7, 0x3, 0x0, 0x1, 0x3}, &(0x7f0000000100)=0x18) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r4, 0x84, 0x18, &(0x7f0000000140)={r8, 0x8}, 0x8) r9 = syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x2, 0x2) r10 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r10, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r9, 0x84, 0x5, &(0x7f0000000440)={r11, @in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x84) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000500)={r11, 0xbd, "4f726fffcaf87d0d5d5eff02b9ed14f26d3eaa246a6fc793b17305fbc46446b6957528bcdeb90e75ae93ba01bcac98c9ffc7616a7687fe9c5f48d42adfdc8ac4d732f105b0b21ec6a10b2b0f812a6c3a90b538ab943e7a8e6c61b104462bfb2f0b928b340246091fbc0f75edc6340f84bb1d2686fe16e32b6caa22967eb3852343d0be7cc9fa49905f8095354dc17f764d6aa5b4c227e88677323355e6f2f8a0730ad9e67a4a7e29fa32ae419e18b99dada1f9e2ce46033528093ade66"}, &(0x7f0000000380)=0xc5) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000200)="d800000018008100e00f80ecdb4cb904021d65ef0b007c06e87c55a1bc000900b8000699030000000500150006008178a80016000f000200e558f03003ac000000d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f27260e9703", 0xd8}], 0x1}, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) 05:19:51 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x400c0000, 0x500]}) 05:19:51 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x1100082) ioctl$LOOP_SET_STATUS64(r0, 0x127d, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "7001e0f57c8cf6270b24e415e96042aae51d871554c11cd59cc8fb47081025bad6b39d77f70a7c0f30f66157a96aae15813f0dceb29700", "a8a4cd01e527e6fd3de45387daf7b1ac786d0e8a75e8904655361fe06f308fe6033a61edb75c8d51c055faf7f4fdb16e0cdaa4276939a341033400", "2f18ffe4532a434e624ac93616105829576904e70bfeb59800f97c97644ab8a7"}) [ 1015.147767][ T6211] syz-executor.4: vmalloc: allocation failure: 10739516928 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1015.168877][ T6210] netlink: 11 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1015.229508][ T6211] CPU: 0 PID: 6211 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1015.238598][ T6211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1015.248691][ T6211] Call Trace: [ 1015.252016][ T6211] dump_stack+0x172/0x1f0 [ 1015.256377][ T6211] warn_alloc.cold+0x87/0x17f [ 1015.261088][ T6211] ? zone_watermark_ok_safe+0x260/0x260 [ 1015.266675][ T6211] ? mark_lock+0xc2/0x1220 [ 1015.271119][ T6211] ? __lock_acquire+0x8a0/0x4a00 [ 1015.276097][ T6211] __vmalloc_node_range+0x483/0x7e0 [ 1015.281328][ T6211] ? is_bpf_text_address+0xac/0x170 [ 1015.286571][ T6211] ? kvm_arch_create_memslot+0xc3/0x570 [ 1015.292145][ T6211] __vmalloc_node_flags_caller+0x71/0x90 [ 1015.297817][ T6211] ? kvm_arch_create_memslot+0xc3/0x570 [ 1015.303397][ T6211] kvmalloc_node+0xdc/0x100 [ 1015.307941][ T6211] kvm_arch_create_memslot+0xc3/0x570 [ 1015.313781][ T6211] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1015.320057][ T6211] __kvm_set_memory_region+0x13b5/0x1d00 05:19:51 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:51 executing program 2: perf_event_open(&(0x7f0000000040)={0x2000000005, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, @perf_bp={&(0x7f0000000000), 0x1}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket(0x2, 0x1000000000000002, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000000), 0x4) [ 1015.325753][ T6211] ? gfn_to_hva+0x470/0x470 [ 1015.330299][ T6211] ? lock_downgrade+0x920/0x920 [ 1015.335203][ T6211] kvm_set_memory_region+0x2f/0x50 05:19:51 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) readv(r0, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ubi_ctrl\x00', 0x591800, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000740)={0x0, 0x7fff, 0x38}, &(0x7f0000000780)=0xc) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f00000007c0)={r2, 0x20}, 0x8) ioctl$BLKROTATIONAL(r1, 0x127e, &(0x7f0000000180)) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000340)) ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f0000000380)="53502b6bf1d72a98f66653b26992edc60f0ec285a0cf890738a89b93c47aec22b7b2b82f874e7d65c6fb06b50e2ba766592608e227b83658af319b60ac9c26a528e3d570e9d4574252f2047800862c15246733cd6f950f5b97cc0d9cf030f94a44a8c6c906f29ee8da3e2db712b257d6b73b3850fd59582901fde75d3ea71fd4df8e8e294a87992ea6eb85d9ce1b7356c9a5f71f2c154cc0f8431f02f7528124f0b5e67e0c9e8f32f9dd52b236cf1738cc7a76cb93ee61e3fae9889f7ee22330d73fe908fbc10782017ae683941c9acce85b14dae33b6b18292c8ccbe27fc67d97a0f360") clock_gettime(0x0, &(0x7f00000008c0)={0x0, 0x0}) write$input_event(r1, &(0x7f0000000900)={{r3, r4/1000+30000}, 0x16, 0x40, 0x2ee3a49b}, 0x18) ioctl$DRM_IOCTL_RES_CTX(r1, 0xc0106426, &(0x7f0000000980)={0x7, &(0x7f0000000140)=[{0x0}, {}, {}, {}, {}, {}, {}]}) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000600)=""/225, &(0x7f0000000700)=0xe1) getsockopt$inet_sctp_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000040)={0x0, 0x6, 0x140a09e5, 0x1, 0x9, 0x3}, &(0x7f0000000540)=0x14) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r1, 0x84, 0x19, &(0x7f0000000580)={r6, 0x100}, 0xffffffffffffffe9) ioctl$DRM_IOCTL_GET_SAREA_CTX(r1, 0xc010641d, &(0x7f0000000300)={r5, &(0x7f0000000480)=""/112}) ioctl$DRM_IOCTL_NEW_CTX(r0, 0x40086425, &(0x7f0000000100)={r5, 0x863c80ceb496405a}) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r0, &(0x7f0000000080), 0x8) ioctl$VIDIOC_ENUMAUDOUT(r0, 0xc0345642, &(0x7f0000000040)={0x800, "e0abdae686519b89bdb77255dad82ad08ab933026c9c07a45262aea5138c9d23", 0x3, 0x1}) r7 = userfaultfd(0x0) ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000c34000)) r8 = syz_open_dev$vcsa(&(0x7f00000001c0)='/dev/vcsa#\x00', 0x8, 0x80) ioctl$NBD_CLEAR_QUE(r8, 0xab05) ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r7, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) setsockopt$inet6_mreq(r7, 0x29, 0x1b, &(0x7f0000000000)={@mcast1}, 0x14) [ 1015.340373][ T6211] kvm_vm_ioctl+0x729/0x1860 [ 1015.340391][ T6211] ? debug_check_no_obj_freed+0x20a/0x43f [ 1015.340407][ T6211] ? find_held_lock+0x35/0x130 [ 1015.340422][ T6211] ? kvm_unregister_device_ops+0x70/0x70 [ 1015.340447][ T6211] ? lock_downgrade+0x920/0x920 [ 1015.340461][ T6211] ? rwlock_bug.part.0+0x90/0x90 [ 1015.340476][ T6211] ? tomoyo_path_number_perm+0x214/0x520 [ 1015.340490][ T6211] ? find_held_lock+0x35/0x130 [ 1015.340513][ T6211] ? lock_downgrade+0x920/0x920 [ 1015.340526][ T6211] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1015.340543][ T6211] ? tomoyo_path_number_perm+0x459/0x520 [ 1015.340564][ T6211] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1015.340577][ T6211] ? tomoyo_path_number_perm+0x263/0x520 [ 1015.340593][ T6211] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1015.340627][ T6211] ? kvm_unregister_device_ops+0x70/0x70 [ 1015.340642][ T6211] do_vfs_ioctl+0xdb6/0x13e0 [ 1015.340658][ T6211] ? ioctl_preallocate+0x210/0x210 [ 1015.340671][ T6211] ? __fget+0x384/0x560 [ 1015.340689][ T6211] ? ksys_dup3+0x3e0/0x3e0 [ 1015.340706][ T6211] ? nsecs_to_jiffies+0x30/0x30 [ 1015.340726][ T6211] ? tomoyo_file_ioctl+0x23/0x30 [ 1015.340740][ T6211] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1015.340756][ T6211] ? security_file_ioctl+0x8d/0xc0 [ 1015.340772][ T6211] ksys_ioctl+0xab/0xd0 [ 1015.340788][ T6211] __x64_sys_ioctl+0x73/0xb0 [ 1015.340810][ T6211] do_syscall_64+0xfa/0x760 05:19:51 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) r3 = syz_open_dev$sndpcmc(&(0x7f0000000140)='/dev/snd/pcmC#D#c\x00', 0x8, 0x181241) openat$cgroup_ro(r3, &(0x7f00000001c0)='cpuacct.usage_user\x00', 0x0, 0x0) openat$audio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x88400, 0x0) r4 = socket(0x10, 0x3, 0x0) r5 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r5, &(0x7f0000000140), 0x4924b68, 0x0) ioctl$SIOCX25SCUDMATCHLEN(r5, 0x89e7, &(0x7f00000003c0)={0x3}) sendmmsg$alg(r4, &(0x7f0000000140), 0x4924b68, 0x0) sendmsg$key(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x2, 0x9, 0x7fff, 0x2, 0x27, 0x0, 0x70bd26, 0x25dfdbfd, [@sadb_spirange={0x2, 0x10, 0x4d5, 0x4d6}, @sadb_lifetime={0x4, 0x4, 0x0, 0x33e4552b, 0x2, 0x480000000000}, @sadb_x_sa2={0x2, 0x13, 0x5, 0x0, 0x0, 0x70bd2c, 0x3504}, @sadb_x_filter={0x5, 0x1a, @in=@remote, @in6=@remote, 0x3, 0x10, 0x16}, @sadb_x_sec_ctx={0x16, 0x18, 0x4, 0x9, 0xa5, "788718a4f7943b97cc1be46e6003507af8c8133220bc36813d1154c5eac74b8c8ff67db8294a3711673a3174b495e05759afd9fbf18b236673891141020e294aded506a272fa1d27fc6f92dc6e280be2212e34688f996ef478747a0aa3a195316ddae914deea4c9884ec77c9a5f03e982ad912ebd15f11a6b258765530863b6c74191d6e852a27de353659cb3c1851c456ab89cbae2107e4e52d4c5a1654773ee1ae47a735"}, @sadb_x_sa2={0x2, 0x13, 0x9, 0x0, 0x0, 0x70bd27, 0x3501}]}, 0x138}}, 0x800) [ 1015.340830][ T6211] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1015.340842][ T6211] RIP: 0033:0x4598e9 [ 1015.340857][ T6211] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1015.340865][ T6211] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1015.340878][ T6211] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1015.340886][ T6211] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 05:19:52 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") rt_sigreturn() r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) r3 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x80) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r3, 0x81785501, &(0x7f0000000340)=""/94) connect$caif(r3, &(0x7f0000000200), 0x18) ioctl$TUNGETDEVNETNS(r3, 0x54e3, 0x0) r4 = openat(r3, &(0x7f0000000080)='./file0\x00', 0x8000, 0x20) ioctl$KVM_PPC_ALLOCATE_HTAB(r4, 0xc004aea7, &(0x7f00000000c0)=0x6) [ 1015.340894][ T6211] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1015.340909][ T6211] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1015.340917][ T6211] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1015.395212][ T6211] Mem-Info: [ 1015.419044][ T6211] active_anon:144722 inactive_anon:662 isolated_anon:0 [ 1015.419044][ T6211] active_file:21599 inactive_file:29206 isolated_file:0 [ 1015.419044][ T6211] unevictable:4096 dirty:305 writeback:0 unstable:0 [ 1015.419044][ T6211] slab_reclaimable:12990 slab_unreclaimable:98069 [ 1015.419044][ T6211] mapped:58977 shmem:252 pagetables:1410 bounce:0 [ 1015.419044][ T6211] free:1220837 free_pcp:342 free_cma:0 [ 1015.453018][ T6211] Node 0 active_anon:576836kB inactive_anon:2648kB active_file:86252kB inactive_file:116824kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235908kB dirty:1212kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 555008kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1015.479573][ T6215] EXT4-fs (loop3): Can't mount with encoding and encryption [ 1015.566484][ T6211] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:19:52 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x4, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x20000000, 0x0, 0x8, 0x2, 0x800000000000, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) write$apparmor_exec(r1, &(0x7f0000000100)={'\x9bc\xba\xac\x8e\xe0Q\xee\xbd%a\xe6\xcc\x8e\x11>\xcd\xf4\xb1\xcc\x04A:v\a\x18\xf1f\x93\x9eY\x18\xfa\xc9\x03p\x1c\x87G9\x92IJ\xb3b\x90S\xe8Wu\a\xfc\xaah3\\\xc8\x14U\x80\xc6sIs%\x05\xddI\xa6V\x00'/91, '}\x00'}, 0x5d) [ 1015.645678][ T6211] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1015.686727][ T6211] lowmem_reserve[]: 0 2547 2548 2548 05:19:52 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000080)={r0}) recvmmsg(r3, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3}], 0xfffffffffffffed}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) syz_open_dev$vcsa(&(0x7f00000000c0)='/dev/vcsa#\x00', 0x8, 0x101000) [ 1015.812236][ T6211] Node 0 DMA32 free:1088152kB min:36184kB low:45228kB high:54272kB active_anon:578876kB inactive_anon:2648kB active_file:85200kB inactive_file:116740kB unevictable:16384kB writepending:1200kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7872kB pagetables:5936kB bounce:0kB free_pcp:1640kB local_pcp:924kB free_cma:0kB 05:19:52 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200002d000010", 0x66, 0x400}], 0x0, 0x0) 05:19:52 executing program 2: r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000000040)=0x800, 0x4) r1 = socket$netlink(0x10, 0x3, 0x400000000000004) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000100)="480000001400190d09004beafd0d8c562c84ed7a80ffe0060f000000000000a2bc5603ca00000f7f89000000200000000101ff0000000309ff5bffff00c7e5ed4e00000000000000", 0x48}], 0x1) 05:19:52 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x2000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) readv(r1, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r1, &(0x7f0000000080), 0x8) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f0000000000)={0x4, 0x70, 0x0, 0x5, 0x7, 0xd3, 0x0, 0x200, 0x8, 0x4, 0x8, 0xbfd, 0x40c0, 0x8001, 0x1, 0x7, 0x7fffffff, 0x5, 0x1ff, 0x401, 0x1, 0x3, 0x3, 0x2, 0x6, 0x8, 0xcef5, 0x2, 0x8, 0x84, 0xffffffff, 0x7ff, 0x400, 0x9a8, 0x8000, 0xff, 0x9272, 0x5, 0x0, 0x1, 0x5, @perf_config_ext={0xe20, 0x800}, 0x1002, 0x411, 0xfffffffffffffffd, 0x6, 0x2, 0x7fffffff, 0x4}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1016.006300][ T6211] lowmem_reserve[]: 0 0 1 1 [ 1016.089616][ T6211] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:12kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1016.192600][ T6260] syz-executor.4: vmalloc: allocation failure: 10739516928 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1016.215591][ T6258] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1016.252175][ T6260] CPU: 1 PID: 6260 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1016.261682][ T6260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1016.271190][ T6211] lowmem_reserve[]: 0 0 0 0 [ 1016.272076][ T6260] Call Trace: [ 1016.272103][ T6260] dump_stack+0x172/0x1f0 [ 1016.272125][ T6260] warn_alloc.cold+0x87/0x17f [ 1016.272140][ T6260] ? zone_watermark_ok_safe+0x260/0x260 [ 1016.272172][ T6260] ? mark_lock+0xc2/0x1220 [ 1016.272183][ T6260] ? __lock_acquire+0x8a0/0x4a00 [ 1016.272204][ T6260] __vmalloc_node_range+0x483/0x7e0 [ 1016.272217][ T6260] ? is_bpf_text_address+0xac/0x170 [ 1016.272239][ T6260] ? kvm_arch_create_memslot+0xc3/0x570 [ 1016.278338][ T6211] Node 1 Normal free:3777752kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:8kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1016.280181][ T6260] __vmalloc_node_flags_caller+0x71/0x90 [ 1016.280200][ T6260] ? kvm_arch_create_memslot+0xc3/0x570 [ 1016.280219][ T6260] kvmalloc_node+0xdc/0x100 [ 1016.280238][ T6260] kvm_arch_create_memslot+0xc3/0x570 [ 1016.289828][ T6211] lowmem_reserve[]: 0 0 0 0 [ 1016.295048][ T6260] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1016.295067][ T6260] __kvm_set_memory_region+0x13b5/0x1d00 [ 1016.295088][ T6260] ? gfn_to_hva+0x470/0x470 [ 1016.295110][ T6260] ? lock_downgrade+0x920/0x920 [ 1016.295138][ T6260] kvm_set_memory_region+0x2f/0x50 [ 1016.295154][ T6260] kvm_vm_ioctl+0x729/0x1860 [ 1016.295168][ T6260] ? debug_check_no_obj_freed+0x20a/0x43f [ 1016.295183][ T6260] ? find_held_lock+0x35/0x130 [ 1016.295199][ T6260] ? kvm_unregister_device_ops+0x70/0x70 [ 1016.295218][ T6260] ? lock_downgrade+0x920/0x920 [ 1016.295230][ T6260] ? rwlock_bug.part.0+0x90/0x90 [ 1016.295246][ T6260] ? tomoyo_path_number_perm+0x214/0x520 [ 1016.295260][ T6260] ? find_held_lock+0x35/0x130 [ 1016.295284][ T6260] ? lock_downgrade+0x920/0x920 [ 1016.300788][ T6211] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1016.304627][ T6260] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1016.304647][ T6260] ? tomoyo_path_number_perm+0x459/0x520 [ 1016.304666][ T6260] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1016.304678][ T6260] ? tomoyo_path_number_perm+0x263/0x520 [ 1016.304693][ T6260] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1016.304727][ T6260] ? kvm_unregister_device_ops+0x70/0x70 [ 1016.304743][ T6260] do_vfs_ioctl+0xdb6/0x13e0 [ 1016.304761][ T6260] ? ioctl_preallocate+0x210/0x210 [ 1016.304775][ T6260] ? __fget+0x384/0x560 [ 1016.304794][ T6260] ? ksys_dup3+0x3e0/0x3e0 [ 1016.315729][ T6211] Node 0 DMA32: 5306*4kB (UME) 3904*8kB (UME) 2182*16kB (UME) 1088*32kB (UME) 497*64kB (UME) 78*128kB (UM) 30*256kB (UM) 25*512kB (U) 9*1024kB (UE) 5*2048kB (UME) 215*4096kB (UM) = 1084552kB [ 1016.320708][ T6260] ? nsecs_to_jiffies+0x30/0x30 [ 1016.320730][ T6260] ? tomoyo_file_ioctl+0x23/0x30 [ 1016.320748][ T6260] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1016.320763][ T6260] ? security_file_ioctl+0x8d/0xc0 [ 1016.320780][ T6260] ksys_ioctl+0xab/0xd0 [ 1016.355035][ T6211] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1016.360250][ T6260] __x64_sys_ioctl+0x73/0xb0 [ 1016.360269][ T6260] do_syscall_64+0xfa/0x760 [ 1016.360292][ T6260] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1016.360303][ T6260] RIP: 0033:0x4598e9 [ 1016.360320][ T6260] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1016.367927][ T6211] Node 1 Normal: 0*4kB 43*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777752kB [ 1016.370163][ T6260] RSP: 002b:00007f92b6d82c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1016.370177][ T6260] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1016.370186][ T6260] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1016.370194][ T6260] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1016.370209][ T6260] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6d836d4 [ 1016.378906][ T6211] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1016.381090][ T6260] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1016.403201][ T6211] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1016.442946][ T6211] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1016.462664][ T6211] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1016.491805][ T6211] 51065 total pagecache pages [ 1016.542752][ T6211] 0 pages in swap cache [ 1016.645519][ T6211] Swap cache stats: add 0, delete 0, find 0/0 [ 1016.726828][ T6211] Free swap = 0kB [ 1016.741457][ T6211] Total swap = 0kB [ 1016.745345][ T6211] 1965979 pages RAM [ 1016.749555][ T6211] 0 pages HighMem/MovableOnly 05:19:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x48000000, 0x500]}) 05:19:53 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x0, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:53 executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x8000000000006, 0x0) r1 = dup2(r0, r0) write$P9_RMKNOD(r1, &(0x7f0000000000)={0x10305}, 0xfffffee2) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r2 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000040)={0x25}) 05:19:53 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x80) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r3, 0x81785501, &(0x7f0000000340)=""/94) connect$caif(r3, &(0x7f0000000200), 0x2fc64d1b8bb89612) ioctl$TUNGETDEVNETNS(r3, 0x54e3, 0x0) ioctl$VIDIOC_G_STD(r3, 0x80085617, &(0x7f0000000080)) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) 05:19:53 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200003f000010", 0x66, 0x400}], 0x0, 0x0) [ 1016.754944][ T6211] 341179 pages reserved [ 1016.759134][ T6211] 0 pages cma reserved [ 1016.931778][ T6282] syz-executor.4: vmalloc: allocation failure: 10739777536 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1017.006155][ T6282] CPU: 1 PID: 6282 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1017.015227][ T6282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1017.025296][ T6282] Call Trace: [ 1017.028616][ T6282] dump_stack+0x172/0x1f0 [ 1017.032987][ T6282] warn_alloc.cold+0x87/0x17f [ 1017.037682][ T6282] ? zone_watermark_ok_safe+0x260/0x260 [ 1017.043267][ T6282] ? mark_lock+0xc2/0x1220 [ 1017.047739][ T6282] ? __lock_acquire+0x8a0/0x4a00 [ 1017.052707][ T6282] __vmalloc_node_range+0x483/0x7e0 [ 1017.057916][ T6282] ? is_bpf_text_address+0xac/0x170 [ 1017.063146][ T6282] ? kvm_arch_create_memslot+0xc3/0x570 [ 1017.068700][ T6282] __vmalloc_node_flags_caller+0x71/0x90 [ 1017.074367][ T6282] ? kvm_arch_create_memslot+0xc3/0x570 [ 1017.081317][ T6282] kvmalloc_node+0xdc/0x100 [ 1017.085837][ T6282] kvm_arch_create_memslot+0xc3/0x570 [ 1017.091237][ T6282] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1017.097496][ T6282] __kvm_set_memory_region+0x13b5/0x1d00 [ 1017.103147][ T6282] ? gfn_to_hva+0x470/0x470 [ 1017.107668][ T6282] ? lock_downgrade+0x920/0x920 [ 1017.112578][ T6282] kvm_set_memory_region+0x2f/0x50 [ 1017.117717][ T6282] kvm_vm_ioctl+0x729/0x1860 [ 1017.122319][ T6282] ? debug_check_no_obj_freed+0x20a/0x43f [ 1017.128048][ T6282] ? find_held_lock+0x35/0x130 [ 1017.132822][ T6282] ? kvm_unregister_device_ops+0x70/0x70 [ 1017.138490][ T6282] ? lock_downgrade+0x920/0x920 [ 1017.143346][ T6282] ? rwlock_bug.part.0+0x90/0x90 [ 1017.148292][ T6282] ? tomoyo_path_number_perm+0x214/0x520 [ 1017.153966][ T6282] ? find_held_lock+0x35/0x130 [ 1017.158980][ T6282] ? lock_downgrade+0x920/0x920 [ 1017.163859][ T6282] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1017.169340][ T6282] ? tomoyo_path_number_perm+0x459/0x520 [ 1017.175015][ T6282] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1017.181283][ T6282] ? tomoyo_path_number_perm+0x263/0x520 [ 1017.186946][ T6282] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1017.192805][ T6282] ? kvm_unregister_device_ops+0x70/0x70 [ 1017.198455][ T6282] do_vfs_ioctl+0xdb6/0x13e0 [ 1017.203081][ T6282] ? ioctl_preallocate+0x210/0x210 [ 1017.208217][ T6282] ? __fget+0x384/0x560 [ 1017.212502][ T6282] ? ksys_dup3+0x3e0/0x3e0 [ 1017.216947][ T6282] ? nsecs_to_jiffies+0x30/0x30 [ 1017.221817][ T6282] ? tomoyo_file_ioctl+0x23/0x30 [ 1017.226859][ T6282] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1017.233116][ T6282] ? security_file_ioctl+0x8d/0xc0 [ 1017.238259][ T6282] ksys_ioctl+0xab/0xd0 [ 1017.242428][ T6282] __x64_sys_ioctl+0x73/0xb0 [ 1017.247041][ T6282] do_syscall_64+0xfa/0x760 [ 1017.251566][ T6282] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1017.257473][ T6282] RIP: 0033:0x4598e9 [ 1017.261394][ T6282] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1017.281189][ T6282] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1017.289619][ T6282] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1017.297609][ T6282] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 05:19:53 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, 0x0, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:53 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$ASHMEM_SET_NAME(r0, 0x41007701, &(0x7f0000000000)='bdev\x00') r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) 05:19:53 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) socketpair$unix(0x1, 0x1000000000005, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r4, &(0x7f0000000140), 0x4924b68, 0x0) ioctl$SIOCAX25GETINFOOLD(r4, 0x89e9, &(0x7f0000001a00)) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000017c0)={0x0}, &(0x7f0000001800)=0xc) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001880)={{{@in=@empty, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@remote}}, &(0x7f0000001980)=0xe8) lstat(&(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setgroups(0x2, &(0x7f0000000100)=[r7, 0x0]) setregid(0x0, r7) setsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000019c0)={r5, r6, r7}, 0xc) sendmsg$inet(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000001640)=[{&(0x7f00000000c0)="e64e0e601dd1010336c362672d1889a42df4e57cda1a57a5f3183a9f4ed549455c56bb50d558ac87911e3cda1241afc5eb0b9bb52934ed75f7ddfe2f86", 0x3d}, {&(0x7f0000000100)="1ad0ac9a8f5f33f9187afa0ac195258ce4c35a9e522aaf563459e75274e71a72ed671977bbc27272215471", 0x2b}, {&(0x7f0000000280)="3f761c163e7a308473c3a2d062c9143791e8dd42540f3042ad7c395984c50068df6da1fe4f42046a8a38bed747e4bb4ef87d6516578d9161bf786c2d8a5f1abc5ca32fa860ebc6e27924b8e0c8514cb23ceb0401185c4b2343f63d8391cf5e511286145bee4e7d38629a678ba1ac3ca26741d7e926f82c5a5b68fb6a08aa5d6c1aeda03e6051bbd56296904d99a8a30daf5a379e5a62866341a669e8d59c1aa646cdd41b70d1fd8990f4908b6a760c6662dad9ba30f655c583b836b218295caae684c5743b61eeaf6327c94dd2d701a54090ee9b713eecf74e3d3867e2075f81cdad3eb7efbe", 0xe6}, {&(0x7f0000000380)="5ace78f01d3e923a8ee4c62ac6e8de5ffe5b6dacbfbabf38374dca0c11bc9304bad1f53f20731a58017f76a9af6aa0cebb379468f74babb965615e1d706912ca24e41c974315ef05347fa932a120c3e3455f3c946ad54d9be4f3500d7aa41e0f0918d22021324d9f8a23a069ce766f3e148d40dc4501f45afbc064cf96cf89c53caa59ce73378db36c38715888761c40f3c49b09319812d63a191fdb05c8a6155498d1c4a807cc59cc927b4e2008298f4b0deb8715c6952dc7c28cfa141268984a53d3be38bf674bb61fea22ffd9ccf6f2fb8fb0be02a5d0b2433332ab75e3f7536b1b9c107bad24d6a5a45b1b7c8419c8747961ed02a9226cc667a07beef239cdd3f7dcd91941bfb4fb4d180d8f6b999a1e30e01e35c8376783ca4304e13f835217950cfb940304958e081ae26a691b95d80ecf526222e0440c1a2cd2e35815c59836c4eea711d6d3350ef9adcf9d0be29fdf2758d83b7be9f7d94885ccd019189e478f0952f0c0894b0cc8c83d1691315d898dfe0872c3bba1611b9953ea32e1e4f009f07d93dc373e147400d97c06ff952e1ecedc16fb556b88b45df20154ffcb0c7fc57f918f3c5170ad6d66881e82822330de6564708874f3661502814d482bd53dd3c7028032c9dae84538565fd5cde4a31d8ad1ed5f120e39a0383c665d7e9d3bed616ae7a79b6a2b5e05d14bf3be73c5fa7d969bc41406f617f0df1ba9150e2105fbb104590b20ca26de3099a2b5a893f67f5f0f93cf6c1e16962060292688a7ec8497a31022b4c199c964f8b9042fbf68a67b88c90ac96a0891ce91e5e3abe5d0f7a3b3cee07e5919c931964e2c7b3e237075be158b25cc634432f8da5b8ffc66eb12ca60af21a030632bce75854b0649c88b280d53581d855c42d062279daa0019617343324a10863a21a56a764de7549c36f83e965b84de12a3a0ea1b2d7134bde14a7aff9d2ad420d646b43b607655121b75828d5eeb518c76913654a345622b04ee9329dec1dd844196db88081b3ec822fe40979871b7cffe92092f9c58daab3e3e26d06b97b0bc792f2bf988ced3ff38a500c7776ff4041a26e4c4831ccdc7d6622e406327fe41802a29959d24e89a2979c6e50535dc8f777aec7674e1525eca162f7ef26cf7e28d135cb9d747aa915449e643545f377cc0b863d5a1403a16ca512e6e65e4e68dab96055e4598e77a1a0f793680fa470b03ff6945095458652f29ba63a3325ccfdecd160a3bae322e227a4d2af3258170e77de60a92479b4dcc20b6166e3a88ef78d8a971f6ef0d23f9a5805e5e1cf3de50e63da03a3c8f6573092d4d8f09537b1e8640ca4286496f39ca41544723f6a539eee5fbca69c846d2a4c08f562729681da8efbfe2a14dd5efc08ff4447815c7b7227acb91f898d1a4593c550b984a34d5fd28374e6b35f1a693a9ae84c88ab21178fa37784d4d648f75f67174e4d67c229ca807f4618131375ed721a77929808fc856ffd271ebeb1b5b43a0ce4b6e32ee4c47d11a916c244b2a283db892a43349eb91f9f4c4a91479fce5516fb26409c8b476d79b9bbdd1b28f6634647dd5c6a955ac14804a94997f741b9a00a7d877a5a6b412d8ffd4b774c3f82682b9c97d3008f49fb12832c9d1339d01eb8ceee568a08215c9fbed16d5962a7f8177cc56805dbb5556c7e6b0d6c886feb777e625759e13b8df5eac042489955319f34d8674f8e1d0c6a8715c399a7a63f478862174ae7431011331536ee0f719addb836b3880cf8c6ae2bbae4932f2d904cab2366c2199c7b3e695cfcae3f098d9e9aaeed5c01955a98229173b219247d859e861f9c5b35aadce5f68da1102555dc6704c0e58f14b4c578d8620ca87b5e384fe6b166a515e1a11390de95cf2db11861b6cc5f77be42af53daa6271fa93d5684f1d6374e419c7c8c4e2b979c45dc063b67f2fac78f9f468629334e0cfca5b63bf55f1d2ea493868e4bd13455920d0dd364ff1921c28f42b5e9ecea341eb92799b56908cc1cbe65bba8713b877f1612208af9dcc7624550411b76703059064680477ec86bb00ed3e4101c050fe06f8fe83ea25dfe31c0d37c4dc2edeec388576c32b548a021d7ef8d794d787c46e8875e96d9f5ab906789c61fe7424f6665435cafb43e2f1c57b7705b454c99051f6f8a9021da9c2d403424c08d9f83080a12d64c974158a5bdbf2f262e27d75da6aceff224fdec07ec37614320d9aa1587c862e8ef4fd18d3ed9a2c7c46b0becb2ef84bb58e9036e357b3e3de6725b1fe745cbaf16aee2fca4f5fe6e33e0c207f5c601a60965dab5d66152d5357b0eb394196e0d91cd8b36d5b769a9af10b01774385e34e1e47d1bdba2453ff1956e6286c3e10259c396337ba604fa9c8f7e1fa7d37ade4412286b59090703384f809e6a4c52bd16314a411bf12d6c446ce386a0e3a2eaecc989a3b4a82d8c075dbeaffaed1752890d9f1bc1ce1ef38a027056ef24ff3f3344829b445b0c2a9c87489b0fa775b510e216f830165b336959fa477dd208b4a59ff37478d6228dc7cdac847c9dd1e1ea03062a232b04770926e4b4a73efb3d9c155e551044d4f2cfc5ce06952f1ef73d1c30fc292f5c9821205b44e3400f2670ec48a83b6a84875af3989c396e02fb8d72758e9c9ed82adc158bd8be71f4a90b18344d84d78762204d053f8d944c1132649b8592bc67e07645a0548ffb2e3ee320e2400c4e8fcba6479c1e4fb42f0f9b96fa6eccff4323c5b0c32f8ae87abd61d181d8e2cf70bb21bc38bb762cd551059263b4e7d54722aac4855ca4a5b455b7ddc0d987922a50aa4169993cdcd8f1f80b7e2d3a42e3feb06cffcbbdce52167bbad02e5e77a80bddce11297e88ea58480f5131010ff38d5613f66ead30327f81e8545c588131c1b3a9a2f09dfe19877d014ff2586ce63e82c7ae1c1464dc743fd844d6fd9f68d764f7ea6d1c1371a0763c473644adbe127b4c1cb68df3b5f8ecd8bca875ff3f43ea7096b0883fefc364aff8905fabb5d9d3f3f8a80bb3fe34c619afb5c2c15f55ba6f2d85fb84ce8bfa63cdf20cb3fdb589f7aaabdc7d86710f2e7c87bcf40f88ba106b382cf2d41d8ec4ae2119af165436a2245efdd47f77e8aef52fe9fb2d299620c0aa654697816c44ce26ded13db49be3b43e7177d2eeb6e0484a263aaa7c9da978197602a3462333149690e14bc9715a68ddc19b01cad6752759df8f72e5941ecf768f9ec0abda01ee4bc46372448b4bedc90cf9673e7a606aaa3a08132bcce6b260ab0fed48a0cc29605d85ed763e973043e430e9065106b504aa85e8fd9c3177a8f92bc76581def406950c92f2d9d54ed9920b52a4f508d79b8140c84aa9b3d71c5e03a8d6db03d0ecbed122a89dd4c8148280f495535814716682297d9770787545eda5d847dc43c2d0d748688c9f13c4c4e6c25a9158b8ee36d1b6cd7b580e3fdafb64c38d401a95a7199c30b905554e783c1954f9c76cd98bae367147cf4e6dbd00cffcfa5e3d91ceb216094f12098f1c59ff92a9a09252fe56436e01911341c2cd8915435265eb069e2b10c24e0e0804a4318667057310e520bcf2110d78b891e09aad51d0d3f44912a34896573e5a6efa5c227d6bead11b451e9400c3f753e5d25a7cc0ee25428f713abdf0524357065f65a51671a5a10287d687c7a8207d20cd32d111cf33ff479e74995a8c0d25675b42331051fd528e4d0860b0fafecd627c639ab44639e89b74de1e6e9022844c90732abf3f60397de0a2d65240d55612ac1861a6a35a7cee5cc0bc45459c8cea1261d5b08cb3316249aead50770c2fd836974896e88efd8bf4f42209980e9c2380e4519c39f89094d65d76a14fc5ed8e67ff7df4f257cc8541780a6540775a11ab3596169a1400532e17d0686ca7f503eae5f9f677929f06fc0bdd65ac4cffbf593e9843bfda22ef0626e5312d762afae8b1c05b15369ccffb74e3a4455c768d1168734c4700bdef764c496966f1a3a0f68bb8774b92b9a258f9aa77b4f278cbc8b1016d19385b8d29fdc867786bb969a9a588e82b0836924e4157e22075f208328809463929037eca7408b82a028cc437f72c450eadc1b5f08193bcaeb3fbb6c9aaee0b2ee073f0bea0ab0520f0dd8439d923f6d89fbdbf5b66d17d8294b986fba269785bb7f4f2c74a5cfdbcee95b8a177e3a4b493483df53c88829f409e3b2aeb8c416e74004e444f9de5d0a46c9fcc67cf657d26a761b77efb4b6954487e730d52d61963ce4ebebf1f8addc5bd37b7837d725a5cf4d7ab86947f8c216cdbd6458742bf55d970cdb9873563ec17eb241cbbe86e55714c7b36dfea966bfe67143dbb87b7feb24af66ccca2e2a319775d0e62d189d8cf70058f8b5b62e61e0da099356909ae911ff5b70b4b9b06c53644ee0463c2f43ee9a84ab0066580706dab301c9e6b4bed575f3062656ae917e292dfd9ea2a3d722622031a5ff6746187206a74883fdfc906d4948257b3f2a9ce01467bdc20717ff52b6ca0fd4878073ce9eeff959c89923585e32e799dffb576b9ccb438bc5aff837760a4e8fae255e0fae48845a20711853665fd73715cb31aaec59fc28b571f852c62ae3e0854f0fd02f716fec5a69498049dc13c10bf76f486e4a4062096522b0f6b0455276aafdf999d33fa258bcf3e8658d70b7bbc0993632edc6fc1bcd1ce74efc31f43f00fa8df75b8f5d0feea57a9f1e81fb073fa56668232adef7473f3c300c21d1a4cb4b4acf324fcf58a3bed87e5f7e80367fa08e39a9facfba8a58d1bd32ca7889ab61e64ed21c43df5d335008d7bdd8c907b692f6b8b21c4f81be8dc32d4a7c1d166295b162c20eae82ce8626b7c81519a256812e8d1c01af97212007f1c475a2cbe628f12a385047bfe99e2e3c4195901e1a0d272c72aadd32be086edd55eff9ff7e80ec312fd51bfd9ca078018deeb77b68de8172986e363cd1216da129c277d037cc58cc0beb2ff47ce25c767cf3ed5e93ad626fdff8e7355f00ee60b43c0da466296f05d0fbe158919756c58c143bd1351478d41f89d7dc9b47b1edb665c19e7348eef604ae3d20b261e12c5a3c3a09fdc109edb261c7860a1c6953d4173f8e26d63b9584c11adc332b2d29bafe2d7747c381a658f59ea61e7741c5574196033d04e7add5f02d5297346a3088083a075da2b20c59019bf325e7be07802497af78fa6dae3431077430245a8e5c74adb48c337bdf7a609ba583277edc6ef776f97c6014841eb6eac0977d90bcaa75e1f630350837666893365a6d492fa3999d96f9ce0ef0122668b3a7b10e953303817728ac7e8bd3d2ad3d5fbcd21e01f535d0ed6f85c9f6966ac7a91b6a921d68ed14b14c33168f12022e4633ad6b4a0473602d319c5cc8a8920b8ebd33d6f99338651003f5b29195abda9007a1a4543a3999e0e35dfc2e40fbef3002a78825cc30f34860a1eb1fb91f3572788bc50de08c4ad92d3278d90dcb110753f97d15e00eaed694207cf88d263d8d2adb737b30a82a71e197c149b1b1928f8304b27d1201303a6ff1adaaf0be4a39e5309b25c809359455fd426969f0406dc4053f0287633d15e11d988c2c7947b061317c600040f9fe5b66caaed3045a7e0186fc5ca4771688b5090f53d941439254af5b34332042dd7e08247b46c5c787634407086da15329ef87c00c62a827416bdf5911511ae40cda0f409a82557bc486749a331a978c511bfda1cba52e8ce7b10d2f07c034d43ca2766b66d7d2eccd756fee01da238e6e545d0e06a6da5014fd9b88c6f393b7e5fd342588ac92", 0x1000}, {&(0x7f0000000140)="092e930cb6a2786155", 0x9}, {&(0x7f0000001380)="7ccd119da4d04b9c9d68bfa12cadd64eae9b18cfef08b8fa3e1ff73c9c1271c1432a11f6b3adba228575d8459af077d9e6b8d4e3ef6888b601de3fe9b5b74a208d4dd94071bb173eb075782966f65ce81170ab1b118ad85fd107f69e42b0a431f0fb5dd717", 0x65}, {&(0x7f0000001400)="1689135177a15aa708ad73de8aeb7a8d7888bd8002bec04d7922d1c0c6de3df3a8b41b6f63deff812bd877fc8538636f3b7ee48f8b6126163aebaf456ac52b9f1c1a", 0x42}, {&(0x7f0000001480)="bbf214d6d94b9cfa3ccdbf05a71788b98aa03527d8a34263e391aa1413ec669f1b58b665c509786db8a4e9b6650945d9ddd3fa0d2c5916a513889e711c5d7c4470356f5982022392cf8c476abc64638808f735eaf2044d270b24c9dda311fd2b4c8cd62c26e87b30c13938b04eb4f2b7bbc0d97df5cec63b390c2c5b6b50939865ba03cdd1e845ccad41f2889578cdf82b8622b476c0768844a2c150e2c1", 0x9e}, {&(0x7f0000001540)="f7450fbd4f81c996874731f9d51a1485b07b1e84e937e01e6a64aaab3429171cbe6f42f74e56542dbb66f1ed1e34cd6f2f80e495d74f51051c23b8ea6955414b6f72df09a6d67244f03f23e2240c1d0ecfbdcb64bda898aa006da4d0d3e2d2f4cb1757a8afb5856d4d8fdd32fb6a2f2be76c5c873a7d185b3d0eb804037e52675da490a5d9293fc08708c19dc8f575f3f499f9f71ab9d3a2ebc42b93e41269552399c1958f9e1ead802af19a0be43d51d2dd969beee27ca320a72b779673a3228a4db1ae7878e85b26bb552fbe0e9ff7f1ba6214d7f5ab38826e0cedf12a5d1e9293c54a", 0xe4}], 0x9, &(0x7f0000001700)=[@ip_ttl={{0x14, 0x0, 0x2, 0x100000000}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x1}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x7fffffff}}], 0x48}, 0x801) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) r8 = gettid() tkill(r8, 0x1000000000013) sched_getattr(r8, &(0x7f0000001780)={0x30}, 0x30, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) [ 1017.305606][ T6282] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1017.313593][ T6282] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1017.321699][ T6282] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1017.333221][ T6282] warn_alloc_show_mem: 1 callbacks suppressed [ 1017.333227][ T6282] Mem-Info: [ 1017.344199][ T6282] active_anon:144197 inactive_anon:661 isolated_anon:0 [ 1017.344199][ T6282] active_file:21599 inactive_file:29224 isolated_file:0 [ 1017.344199][ T6282] unevictable:4096 dirty:324 writeback:0 unstable:0 [ 1017.344199][ T6282] slab_reclaimable:12980 slab_unreclaimable:97423 [ 1017.344199][ T6282] mapped:58958 shmem:253 pagetables:1400 bounce:0 [ 1017.344199][ T6282] free:1221948 free_pcp:504 free_cma:0 [ 1017.382890][ T6282] Node 0 active_anon:576788kB inactive_anon:2644kB active_file:86252kB inactive_file:116896kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235832kB dirty:1288kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 569344kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1017.412786][ T6282] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1017.439581][ T6282] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1017.536758][ T6282] lowmem_reserve[]: 0 2547 2548 2548 [ 1017.543987][ T6276] EXT4-fs (loop3): Can't mount with encoding and encryption [ 1017.576935][ T6282] Node 0 DMA32 free:1083156kB min:36184kB low:45228kB high:54272kB active_anon:585404kB inactive_anon:2644kB active_file:85200kB inactive_file:116812kB unevictable:16384kB writepending:1276kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:8064kB pagetables:5896kB bounce:0kB free_pcp:1052kB local_pcp:384kB free_cma:0kB 05:19:54 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) userfaultfd(0x180800) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1017.693233][ T6282] lowmem_reserve[]: 0 0 1 1 05:19:54 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) mlockall(0x4) 05:19:54 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000040000010", 0x66, 0x400}], 0x0, 0x0) 05:19:54 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, 0x0, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1017.754378][ T6282] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:12kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1017.832767][ T6282] lowmem_reserve[]: 0 0 0 0 [ 1017.850417][ T6282] Node 1 Normal free:3777752kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:8kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1017.935415][ T6282] lowmem_reserve[]: 0 0 0 0 [ 1017.986400][ T6282] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1018.077610][ T6282] Node 0 DMA32: 4975*4kB (UME) 4108*8kB (UME) 2238*16kB (UME) 1113*32kB (UME) 504*64kB (UME) 85*128kB (UM) 31*256kB (UM) 25*512kB (U) 9*1024kB (UE) 8*2048kB (UME) 214*4096kB (UM) = 1090204kB [ 1018.116772][ T6282] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1018.142403][ T6316] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1018.157438][ T6282] Node 1 Normal: 0*4kB 43*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777752kB [ 1018.177956][ T6282] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1018.194108][ T6282] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1018.204246][ T6282] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1018.217623][ T6282] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1018.228001][ T6282] 51082 total pagecache pages [ 1018.236585][ T6282] 0 pages in swap cache [ 1018.245417][ T6282] Swap cache stats: add 0, delete 0, find 0/0 [ 1018.260688][ T6282] Free swap = 0kB [ 1018.265399][ T6282] Total swap = 0kB [ 1018.269279][ T6282] 1965979 pages RAM [ 1018.273607][ T6282] 0 pages HighMem/MovableOnly [ 1018.278486][ T6282] 341179 pages reserved [ 1018.283224][ T6282] 0 pages cma reserved 05:19:54 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x40800) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000000100)={'filter\x00', 0x7, 0x4, 0x480, 0x258, 0x258, 0x140, 0x398, 0x398, 0x398, 0x4, &(0x7f0000000040), {[{{@arp={@initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x80000, 0x0, 0xff000000, @mac=@random="f007d792198a", {[0x1fe, 0xff, 0x80, 0x0, 0x1fe]}, @mac=@random="5e0b0e1d9c74", {[0x1fe, 0xff, 0x0, 0xff, 0xff, 0xff]}, 0x7, 0x100000000, 0x9, 0x2, 0x4, 0x2, 'bridge_slave_0\x00', 'bpq0\x00', {0xff}, {0x1fe}, 0x0, 0x81}, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@dev={[], 0x1f}, @empty, @multicast2, @local, 0x4, 0xf880b570fedfda98}}}, {{@uncond, 0xf0, 0x118}, @unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x662b6371}}}, {{@uncond, 0xf0, 0x140}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @loopback, @multicast2, 0x2, 0x1}}}], {{[], 0xc0, 0xe8}, {0x28}}}}, 0x4d0) mkdir(&(0x7f0000000000)='./file0\x00', 0x2) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:19:54 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x4c000000, 0x500]}) 05:19:54 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, 0x0, 0x0) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:54 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000048000010", 0x66, 0x400}], 0x0, 0x0) 05:19:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000080)="66b9810000400f322ed30cbad104ec660f38df2b0fe21526660ff85e503ede1b0f20c066350000008026660fe1fcb800088ec00fae470b", 0x37}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1018.511213][ T6337] syz-executor.4: vmalloc: allocation failure: 10739908608 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1018.592126][ T6337] CPU: 0 PID: 6337 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1018.601197][ T6337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1018.611266][ T6337] Call Trace: [ 1018.614682][ T6337] dump_stack+0x172/0x1f0 [ 1018.619045][ T6337] warn_alloc.cold+0x87/0x17f [ 1018.619062][ T6337] ? zone_watermark_ok_safe+0x260/0x260 [ 1018.619092][ T6337] ? mark_lock+0xc2/0x1220 [ 1018.633714][ T6337] ? __lock_acquire+0x8a0/0x4a00 [ 1018.633739][ T6337] __vmalloc_node_range+0x483/0x7e0 [ 1018.633753][ T6337] ? is_bpf_text_address+0xac/0x170 [ 1018.633775][ T6337] ? kvm_arch_create_memslot+0xc3/0x570 [ 1018.633789][ T6337] __vmalloc_node_flags_caller+0x71/0x90 [ 1018.633801][ T6337] ? kvm_arch_create_memslot+0xc3/0x570 [ 1018.633820][ T6337] kvmalloc_node+0xdc/0x100 [ 1018.670379][ T6337] kvm_arch_create_memslot+0xc3/0x570 [ 1018.675757][ T6337] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1018.682009][ T6337] __kvm_set_memory_region+0x13b5/0x1d00 [ 1018.687654][ T6337] ? gfn_to_hva+0x470/0x470 [ 1018.692287][ T6337] ? lock_downgrade+0x920/0x920 [ 1018.697160][ T6337] kvm_set_memory_region+0x2f/0x50 [ 1018.702269][ T6337] kvm_vm_ioctl+0x729/0x1860 [ 1018.706861][ T6337] ? debug_check_no_obj_freed+0x20a/0x43f [ 1018.712770][ T6337] ? find_held_lock+0x35/0x130 [ 1018.717573][ T6337] ? kvm_unregister_device_ops+0x70/0x70 [ 1018.724082][ T6337] ? lock_downgrade+0x920/0x920 [ 1018.728958][ T6337] ? rwlock_bug.part.0+0x90/0x90 [ 1018.734067][ T6337] ? tomoyo_path_number_perm+0x214/0x520 [ 1018.739726][ T6337] ? find_held_lock+0x35/0x130 [ 1018.744514][ T6337] ? lock_downgrade+0x920/0x920 [ 1018.749362][ T6337] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1018.754986][ T6337] ? tomoyo_path_number_perm+0x459/0x520 [ 1018.760620][ T6337] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1018.766857][ T6337] ? tomoyo_path_number_perm+0x263/0x520 [ 1018.772723][ T6337] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1018.779072][ T6337] ? kvm_unregister_device_ops+0x70/0x70 [ 1018.784724][ T6337] do_vfs_ioctl+0xdb6/0x13e0 [ 1018.789311][ T6337] ? ioctl_preallocate+0x210/0x210 [ 1018.794415][ T6337] ? __fget+0x384/0x560 [ 1018.798566][ T6337] ? ksys_dup3+0x3e0/0x3e0 [ 1018.802977][ T6337] ? nsecs_to_jiffies+0x30/0x30 [ 1018.807908][ T6337] ? tomoyo_file_ioctl+0x23/0x30 [ 1018.812838][ T6337] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1018.819075][ T6337] ? security_file_ioctl+0x8d/0xc0 [ 1018.824180][ T6337] ksys_ioctl+0xab/0xd0 [ 1018.828361][ T6337] __x64_sys_ioctl+0x73/0xb0 [ 1018.832968][ T6337] do_syscall_64+0xfa/0x760 [ 1018.837800][ T6337] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1018.843853][ T6337] RIP: 0033:0x4598e9 [ 1018.847747][ T6337] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1018.867988][ T6337] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1018.876514][ T6337] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1018.884603][ T6337] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1018.892587][ T6337] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1018.900838][ T6337] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1018.908819][ T6337] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1018.937074][ T6340] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities 05:19:55 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140), 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1019.062318][ T6337] Mem-Info: [ 1019.065703][ T6337] active_anon:146289 inactive_anon:663 isolated_anon:0 [ 1019.065703][ T6337] active_file:21599 inactive_file:29236 isolated_file:0 [ 1019.065703][ T6337] unevictable:4096 dirty:345 writeback:0 unstable:0 [ 1019.065703][ T6337] slab_reclaimable:12977 slab_unreclaimable:97097 [ 1019.065703][ T6337] mapped:58952 shmem:253 pagetables:1468 bounce:0 [ 1019.065703][ T6337] free:1220100 free_pcp:423 free_cma:0 05:19:55 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200004c000010", 0x66, 0x400}], 0x0, 0x0) [ 1019.322427][ T6337] Node 0 active_anon:580996kB inactive_anon:2652kB active_file:86252kB inactive_file:116944kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235808kB dirty:1372kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 571392kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1019.363198][ T6337] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1019.408044][ T6351] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1019.428503][ T6337] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1019.459293][ T6337] lowmem_reserve[]: 0 2547 2548 2548 [ 1019.466508][ T6337] Node 0 DMA32 free:1096236kB min:36184kB low:45228kB high:54272kB active_anon:576820kB inactive_anon:2652kB active_file:85200kB inactive_file:116860kB unevictable:16384kB writepending:1360kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7744kB pagetables:5576kB bounce:0kB free_pcp:1700kB local_pcp:1000kB free_cma:0kB [ 1019.499801][ T6337] lowmem_reserve[]: 0 0 1 1 [ 1019.505216][ T6337] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:12kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1019.555745][ T6337] lowmem_reserve[]: 0 0 0 0 [ 1019.561019][ T6337] Node 1 Normal free:3777752kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:8kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1019.592381][ T6337] lowmem_reserve[]: 0 0 0 0 [ 1019.596962][ T6337] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1019.620349][ T6337] Node 0 DMA32: 4573*4kB (ME) 4729*8kB (UME) 2328*16kB (UME) 1139*32kB (UME) 508*64kB (UME) 59*128kB (UM) 29*256kB (UM) 25*512kB (U) 9*1024kB (UE) 9*2048kB (UME) 215*4096kB (UM) = 1098396kB [ 1019.652751][ T6337] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1019.665701][ T6337] Node 1 Normal: 0*4kB 43*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777752kB [ 1019.683241][ T6337] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1019.693436][ T6337] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1019.703018][ T6337] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1019.712659][ T6337] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1019.722133][ T6337] 51092 total pagecache pages [ 1019.726827][ T6337] 0 pages in swap cache [ 1019.730990][ T6337] Swap cache stats: add 0, delete 0, find 0/0 [ 1019.737997][ T6337] Free swap = 0kB [ 1019.741837][ T6337] Total swap = 0kB [ 1019.747049][ T6337] 1965979 pages RAM [ 1019.751013][ T6337] 0 pages HighMem/MovableOnly [ 1019.756033][ T6337] 341179 pages reserved [ 1019.760232][ T6337] 0 pages cma reserved 05:19:57 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x0, 0x0) ioctl$TIOCNXCL(r1, 0x540d) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:19:57 executing program 2: syz_open_dev$admmidi(&(0x7f00000000c0)='/dev/admmidi#\x00', 0x0, 0x0) r0 = socket(0x200000000000011, 0x4000000000080002, 0x81) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'dummy0\x00', 0x0}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$packet(r0, &(0x7f0000000000)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @random="ecee8b1483f4"}, 0x14) lsetxattr$security_ima(&(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0) sendmmsg(r0, &(0x7f0000000d00), 0x400004e, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) 05:19:57 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140), 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:57 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200c04e000010", 0x66, 0x400}], 0x0, 0x0) 05:19:57 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x60000000, 0x500]}) 05:19:57 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r3, 0x800000c004500a, &(0x7f0000000300)) readv(r3, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x233) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r3, &(0x7f0000000080), 0x8) ioctl$VIDIOC_QUERYCTRL(r3, 0xc0445624, &(0x7f00000000c0)={0x200, 0x3, "8838e15dae173f97a29b49fa267d7d349063589d6c5df657e2550e96b8016e70", 0x5, 0xc00000000, 0x4, 0xe053, 0x84}) r4 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock\x00', 0x1, 0x0) ioctl$TIOCCONS(r4, 0x541d) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r5, 0x800000c004500a, &(0x7f0000000300)) readv(r5, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r5, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r5, &(0x7f0000000080), 0x8) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r5, 0x40042409, 0x1) readv(r2, &(0x7f00000002c0), 0x1a5) [ 1020.602886][ T6368] syz-executor.4: vmalloc: allocation failure: 10740563968 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1020.652345][ T6368] CPU: 0 PID: 6368 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1020.661563][ T6368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1020.671638][ T6368] Call Trace: [ 1020.674972][ T6368] dump_stack+0x172/0x1f0 [ 1020.679370][ T6368] warn_alloc.cold+0x87/0x17f [ 1020.684761][ T6368] ? zone_watermark_ok_safe+0x260/0x260 [ 1020.690778][ T6368] ? mark_lock+0xc2/0x1220 [ 1020.695241][ T6368] ? __lock_acquire+0x8a0/0x4a00 05:19:57 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140), 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1020.700213][ T6368] __vmalloc_node_range+0x483/0x7e0 [ 1020.705440][ T6368] ? is_bpf_text_address+0xac/0x170 [ 1020.710705][ T6368] ? kvm_arch_create_memslot+0xc3/0x570 [ 1020.716289][ T6368] __vmalloc_node_flags_caller+0x71/0x90 [ 1020.721956][ T6368] ? kvm_arch_create_memslot+0xc3/0x570 [ 1020.727630][ T6368] kvmalloc_node+0xdc/0x100 [ 1020.732163][ T6368] kvm_arch_create_memslot+0xc3/0x570 [ 1020.737555][ T6368] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1020.743824][ T6368] __kvm_set_memory_region+0x13b5/0x1d00 [ 1020.749774][ T6368] ? gfn_to_hva+0x470/0x470 [ 1020.754479][ T6368] ? lock_downgrade+0x920/0x920 [ 1020.759363][ T6368] kvm_set_memory_region+0x2f/0x50 [ 1020.764593][ T6368] kvm_vm_ioctl+0x729/0x1860 [ 1020.769216][ T6368] ? debug_check_no_obj_freed+0x20a/0x43f [ 1020.775043][ T6368] ? find_held_lock+0x35/0x130 [ 1020.779929][ T6368] ? kvm_unregister_device_ops+0x70/0x70 [ 1020.785682][ T6368] ? lock_downgrade+0x920/0x920 [ 1020.788224][ T6371] EXT4-fs (loop3): Encoding requested by superblock is unknown [ 1020.790757][ T6368] ? rwlock_bug.part.0+0x90/0x90 [ 1020.790774][ T6368] ? tomoyo_path_number_perm+0x214/0x520 [ 1020.790790][ T6368] ? find_held_lock+0x35/0x130 [ 1020.790822][ T6368] ? lock_downgrade+0x920/0x920 [ 1020.819776][ T6368] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1020.825182][ T6368] ? tomoyo_path_number_perm+0x459/0x520 [ 1020.830850][ T6368] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1020.837273][ T6368] ? tomoyo_path_number_perm+0x263/0x520 [ 1020.842939][ T6368] ? tomoyo_execute_permission+0x4a0/0x4a0 05:19:57 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1020.848880][ T6368] ? kvm_unregister_device_ops+0x70/0x70 [ 1020.854682][ T6368] do_vfs_ioctl+0xdb6/0x13e0 [ 1020.859527][ T6368] ? ioctl_preallocate+0x210/0x210 [ 1020.864676][ T6368] ? __fget+0x384/0x560 [ 1020.868868][ T6368] ? ksys_dup3+0x3e0/0x3e0 [ 1020.873775][ T6368] ? nsecs_to_jiffies+0x30/0x30 [ 1020.878669][ T6368] ? tomoyo_file_ioctl+0x23/0x30 [ 1020.883638][ T6368] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1020.889904][ T6368] ? security_file_ioctl+0x8d/0xc0 [ 1020.895057][ T6368] ksys_ioctl+0xab/0xd0 [ 1020.899241][ T6368] __x64_sys_ioctl+0x73/0xb0 [ 1020.903861][ T6368] do_syscall_64+0xfa/0x760 [ 1020.908389][ T6368] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1020.914296][ T6368] RIP: 0033:0x4598e9 [ 1020.918226][ T6368] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1020.937846][ T6368] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1020.946295][ T6368] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1020.954284][ T6368] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1020.962277][ T6368] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1020.970348][ T6368] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1020.978336][ T6368] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1020.993435][ T6368] Mem-Info: [ 1020.996855][ T6368] active_anon:145011 inactive_anon:661 isolated_anon:0 05:19:57 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x33, 0x0, 0x0, 0x0, 0x32d, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ffffffe, 0x200000000000000, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = gettid() tkill(r1, 0x1000000000013) r2 = getpgid(r1) sched_rr_get_interval(r2, &(0x7f0000000000)) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1020.996855][ T6368] active_file:21600 inactive_file:29251 isolated_file:0 [ 1020.996855][ T6368] unevictable:4096 dirty:357 writeback:0 unstable:0 [ 1020.996855][ T6368] slab_reclaimable:12953 slab_unreclaimable:96641 [ 1020.996855][ T6368] mapped:58952 shmem:253 pagetables:1426 bounce:0 [ 1020.996855][ T6368] free:1221865 free_pcp:470 free_cma:0 05:19:57 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000060000010", 0x66, 0x400}], 0x0, 0x0) 05:19:57 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1021.352843][ T6368] Node 0 active_anon:586456kB inactive_anon:2644kB active_file:86256kB inactive_file:117004kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235808kB dirty:1420kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 561152kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1021.407918][ T6368] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:19:58 executing program 2: r0 = socket(0x10, 0x3, 0xc) write(r0, &(0x7f00000000c0)="1f0000000102ff40003b54c007110000f30501000b000b00007afbdf0264fa", 0x1f) [ 1021.486898][ T6394] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1021.502021][ T6368] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:19:58 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1021.656487][ T6368] lowmem_reserve[]: 0 2547 2548 2548 05:19:58 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000b82000)) [ 1021.688944][ T6368] Node 0 DMA32 free:1093560kB min:36184kB low:45228kB high:54272kB active_anon:577920kB inactive_anon:2644kB active_file:85204kB inactive_file:116920kB unevictable:16384kB writepending:1408kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7744kB pagetables:5704kB bounce:0kB free_pcp:2024kB local_pcp:1244kB free_cma:0kB 05:19:58 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000068000010", 0x66, 0x400}], 0x0, 0x0) 05:19:58 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$dspn(&(0x7f0000000140)='/dev/dsp#\x00', 0xfc49, 0xa00) setsockopt$IP_VS_SO_SET_ZERO(r1, 0x0, 0x48f, &(0x7f00000001c0)={0x3c, @rand_addr=0x101, 0x4e22, 0x1, 'none\x00', 0xd, 0xd1d, 0xc}, 0x2c) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r3 = openat$cgroup_subtree(r2, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x2, 0x2) r6 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r5, 0x84, 0x5, &(0x7f0000000440)={r7, @in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x84) r8 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r8, &(0x7f0000000140), 0x4924b68, 0x0) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r8, 0x84, 0x23, &(0x7f0000000280)={r7, 0x6}, 0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000080)={0x1, 0x6ded341209478105, 0x2f, 0x3ff, r7}, &(0x7f00000000c0)=0x10) close(r3) openat$cgroup_int(r2, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r3, &(0x7f00000002c0), 0x1a5) [ 1021.906145][ T6368] lowmem_reserve[]: 0 0 1 1 [ 1021.933212][ T6368] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:4kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1022.104515][ T6421] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1022.114682][ T6368] lowmem_reserve[]: 0 0 0 0 [ 1022.124937][ T6368] Node 1 Normal free:3777736kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1022.183953][ T6368] lowmem_reserve[]: 0 0 0 0 [ 1022.195416][ T6368] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1022.210356][ T6368] Node 0 DMA32: 4320*4kB (UME) 4184*8kB (UME) 2383*16kB (UME) 1148*32kB (UME) 513*64kB (UME) 64*128kB (UM) 30*256kB (UM) 25*512kB (U) 9*1024kB (UE) 9*2048kB (UME) 214*4096kB (UM) = 1091312kB [ 1022.229631][ T6368] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1022.242024][ T6368] Node 1 Normal: 0*4kB 41*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777736kB [ 1022.259152][ T6368] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1022.268977][ T6368] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1022.278577][ T6368] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1022.289431][ T6368] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1022.309304][ T6368] 51107 total pagecache pages [ 1022.316707][ T6368] 0 pages in swap cache [ 1022.321202][ T6368] Swap cache stats: add 0, delete 0, find 0/0 [ 1022.328494][ T6368] Free swap = 0kB 05:19:58 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x68000000, 0x500]}) 05:19:58 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, 0x0, 0x0) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:19:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000140)="c0dca5055e0bcfec7bf070") bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x0, 0x0, 0x0, &(0x7f0000000180)='EP\xd4\x00\x1f\x91\xeb/W\xb72$C0%\x03\x9c0\x96\xb2\fkC\x93H\xbfh\x9c\b`\x857\xd6\">c\xad\xc0bO\xba\xe2\xe1\t5\x9d\xcei\"2L\xcc\x13\x16\vh\xca\xe6C\x06\x97%\x9d\xd5-\x1fs\xe1j\xdc5\x92\xd0)%\xdf\xfa\xe8^\x9c\xd29\x8clg\xc8\x7f\xb5\xb1&\x02\xf1E\xb4\x84\xbeE\x91)f\xe8\xb7\xe2\xf6`i\xc5m\xd7l\x1d\xc1\x12\x01<:kM\xe9\x99\xcd\xcd\xc8\x85Z\xee47\xdc\xc8u\x80\xcf\xbeTo\xbb\xfb\xc0\xebV\xd8\xbb\xbe\xa2\x90J|s\xc2', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) r1 = socket$kcm(0xa, 0x5, 0x0) sendmsg(r1, &(0x7f00000006c0)={&(0x7f0000000100)=@in={0xa, 0x0, @local={0xac, 0x2c0}}, 0xffd6, &(0x7f0000000640), 0x16, &(0x7f0000000180)=[{0x20}], 0x20}, 0xfc) 05:19:58 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x80) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r2, 0x81785501, &(0x7f0000000340)=""/94) connect$caif(r2, &(0x7f0000000200), 0x18) ioctl$TUNGETDEVNETNS(r2, 0x54e3, 0x0) inotify_rm_watch(r2, 0x0) r3 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r3) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r3, &(0x7f00000002c0), 0x1a5) [ 1022.332497][ T6368] Total swap = 0kB [ 1022.336390][ T6368] 1965979 pages RAM [ 1022.340448][ T6368] 0 pages HighMem/MovableOnly [ 1022.345418][ T6368] 341179 pages reserved [ 1022.361285][ T6368] 0 pages cma reserved [ 1022.491559][ T6439] syz-executor.4: vmalloc: allocation failure: 10740826112 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1022.539289][ T6439] CPU: 0 PID: 6439 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1022.548356][ T6439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1022.558414][ T6439] Call Trace: [ 1022.558445][ T6439] dump_stack+0x172/0x1f0 [ 1022.558464][ T6439] warn_alloc.cold+0x87/0x17f [ 1022.558479][ T6439] ? zone_watermark_ok_safe+0x260/0x260 [ 1022.558509][ T6439] ? mark_lock+0xc2/0x1220 [ 1022.580751][ T6439] ? __lock_acquire+0x8a0/0x4a00 [ 1022.585719][ T6439] __vmalloc_node_range+0x483/0x7e0 [ 1022.590951][ T6439] ? is_bpf_text_address+0xac/0x170 [ 1022.596183][ T6439] ? kvm_arch_create_memslot+0xc3/0x570 [ 1022.601748][ T6439] __vmalloc_node_flags_caller+0x71/0x90 [ 1022.607407][ T6439] ? kvm_arch_create_memslot+0xc3/0x570 [ 1022.607423][ T6439] kvmalloc_node+0xdc/0x100 [ 1022.607439][ T6439] kvm_arch_create_memslot+0xc3/0x570 [ 1022.607458][ T6439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1022.607481][ T6439] __kvm_set_memory_region+0x13b5/0x1d00 [ 1022.635477][ T6439] ? gfn_to_hva+0x470/0x470 [ 1022.640294][ T6439] ? lock_downgrade+0x920/0x920 [ 1022.645185][ T6439] kvm_set_memory_region+0x2f/0x50 [ 1022.650325][ T6439] kvm_vm_ioctl+0x729/0x1860 [ 1022.655297][ T6439] ? debug_check_no_obj_freed+0x20a/0x43f [ 1022.661060][ T6439] ? find_held_lock+0x35/0x130 [ 1022.666029][ T6439] ? kvm_unregister_device_ops+0x70/0x70 [ 1022.671996][ T6439] ? lock_downgrade+0x920/0x920 [ 1022.677000][ T6439] ? rwlock_bug.part.0+0x90/0x90 [ 1022.681992][ T6439] ? tomoyo_path_number_perm+0x214/0x520 [ 1022.687817][ T6439] ? find_held_lock+0x35/0x130 [ 1022.692621][ T6439] ? lock_downgrade+0x920/0x920 [ 1022.697509][ T6439] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1022.702903][ T6439] ? tomoyo_path_number_perm+0x459/0x520 [ 1022.708562][ T6439] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1022.714811][ T6439] ? tomoyo_path_number_perm+0x263/0x520 [ 1022.720449][ T6439] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1022.726572][ T6439] ? kvm_unregister_device_ops+0x70/0x70 [ 1022.732491][ T6439] do_vfs_ioctl+0xdb6/0x13e0 [ 1022.737177][ T6439] ? ioctl_preallocate+0x210/0x210 [ 1022.742299][ T6439] ? __fget+0x384/0x560 [ 1022.746557][ T6439] ? ksys_dup3+0x3e0/0x3e0 [ 1022.750987][ T6439] ? nsecs_to_jiffies+0x30/0x30 [ 1022.756832][ T6439] ? tomoyo_file_ioctl+0x23/0x30 [ 1022.761936][ T6439] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1022.768190][ T6439] ? security_file_ioctl+0x8d/0xc0 [ 1022.773301][ T6439] ksys_ioctl+0xab/0xd0 [ 1022.777452][ T6439] __x64_sys_ioctl+0x73/0xb0 [ 1022.782041][ T6439] do_syscall_64+0xfa/0x760 [ 1022.786638][ T6439] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1022.792553][ T6439] RIP: 0033:0x4598e9 [ 1022.796601][ T6439] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1022.816316][ T6439] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1022.824725][ T6439] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1022.832737][ T6439] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1022.840892][ T6439] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1022.848865][ T6439] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1022.856839][ T6439] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1022.866376][ T6439] Mem-Info: [ 1022.869544][ T6439] active_anon:144798 inactive_anon:662 isolated_anon:0 [ 1022.869544][ T6439] active_file:21599 inactive_file:29257 isolated_file:0 [ 1022.869544][ T6439] unevictable:4096 dirty:300 writeback:0 unstable:0 [ 1022.869544][ T6439] slab_reclaimable:12939 slab_unreclaimable:97072 [ 1022.869544][ T6439] mapped:58932 shmem:252 pagetables:1363 bounce:0 [ 1022.869544][ T6439] free:1221612 free_pcp:667 free_cma:0 [ 1022.908383][ T6439] Node 0 active_anon:579152kB inactive_anon:2640kB active_file:86252kB inactive_file:117052kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235728kB dirty:1256kB writeback:0kB shmem:1004kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 565248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1022.937996][ T6439] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1022.965622][ T6439] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1022.993471][ T6439] lowmem_reserve[]: 0 2547 2548 2548 [ 1022.998825][ T6439] Node 0 DMA32 free:1092904kB min:36184kB low:45228kB high:54272kB active_anon:579132kB inactive_anon:2648kB active_file:85200kB inactive_file:116968kB unevictable:16384kB writepending:1260kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7616kB pagetables:5452kB bounce:0kB free_pcp:2656kB local_pcp:1264kB free_cma:0kB [ 1023.031065][ T6439] lowmem_reserve[]: 0 0 1 1 [ 1023.035697][ T6439] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:4kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1023.062788][ T6439] lowmem_reserve[]: 0 0 0 0 [ 1023.067313][ T6439] Node 1 Normal free:3777736kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1023.095724][ T6439] lowmem_reserve[]: 0 0 0 0 [ 1023.100422][ T6439] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1023.114770][ T6439] Node 0 DMA32: 4636*4kB (UME) 3937*8kB (UME) 2391*16kB (UME) 1152*32kB (UME) 513*64kB (UME) 64*128kB (UM) 30*256kB (UM) 25*512kB (U) 9*1024kB (UE) 10*2048kB (UME) 214*4096kB (UM) = 1092904kB [ 1023.133655][ T6439] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1023.146023][ T6439] Node 1 Normal: 0*4kB 41*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777736kB [ 1023.162682][ T6439] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1023.172676][ T6439] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1023.182576][ T6439] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1023.192499][ T6439] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1023.201788][ T6439] 51116 total pagecache pages [ 1023.206576][ T6439] 0 pages in swap cache [ 1023.210833][ T6439] Swap cache stats: add 0, delete 0, find 0/0 [ 1023.217500][ T6439] Free swap = 0kB [ 1023.221233][ T6439] Total swap = 0kB [ 1023.225100][ T6439] 1965979 pages RAM [ 1023.229022][ T6439] 0 pages HighMem/MovableOnly [ 1023.233776][ T6439] 341179 pages reserved [ 1023.237951][ T6439] 0 pages cma reserved 05:20:00 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x3, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$PIO_CMAP(r0, 0x4b71, &(0x7f0000000000)={0xe89, 0xfffffffffffffff7, 0x2000000006, 0x4, 0x3, 0xc3}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f00000002c0), 0x1a5) openat$mixer(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x80001, 0x0) 05:20:00 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200006c000010", 0x66, 0x400}], 0x0, 0x0) 05:20:00 executing program 2: r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000001980)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0x0, @dev}, 0x1c, 0x0}}, {{&(0x7f00000001c0)={0xa, 0x4e22, 0x0, @loopback}, 0x1c, 0x0, 0x0, &(0x7f00000004c0)=[@rthdr={{0x18}}], 0x18}}], 0x2, 0x0) 05:20:00 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, 0x0, 0x0) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:00 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x6c000000, 0x500]}) [ 1024.181314][ T6453] syz-executor.4: vmalloc: allocation failure: 10740957184 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:20:00 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$hfs(&(0x7f0000000080)='hfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001380)={[{@part={'part'}}]}) 05:20:00 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, 0x0, 0x0) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1024.288143][ T6453] CPU: 0 PID: 6453 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1024.297217][ T6453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1024.297224][ T6453] Call Trace: [ 1024.297250][ T6453] dump_stack+0x172/0x1f0 [ 1024.297267][ T6453] warn_alloc.cold+0x87/0x17f [ 1024.297287][ T6453] ? zone_watermark_ok_safe+0x260/0x260 [ 1024.297316][ T6453] ? mark_lock+0xc2/0x1220 [ 1024.297330][ T6453] ? __lock_acquire+0x8a0/0x4a00 [ 1024.297357][ T6453] __vmalloc_node_range+0x483/0x7e0 [ 1024.340027][ T6453] ? is_bpf_text_address+0xac/0x170 [ 1024.340052][ T6453] ? kvm_arch_create_memslot+0xc3/0x570 [ 1024.340073][ T6453] __vmalloc_node_flags_caller+0x71/0x90 [ 1024.356497][ T6453] ? kvm_arch_create_memslot+0xc3/0x570 [ 1024.362067][ T6453] kvmalloc_node+0xdc/0x100 [ 1024.366584][ T6453] kvm_arch_create_memslot+0xc3/0x570 [ 1024.366605][ T6453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1024.366626][ T6453] __kvm_set_memory_region+0x13b5/0x1d00 [ 1024.383967][ T6453] ? gfn_to_hva+0x470/0x470 05:20:00 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r1 = userfaultfd(0x1000) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) mremap(&(0x7f0000685000/0x1000)=nil, 0x1000, 0x2000, 0x0, &(0x7f0000192000/0x2000)=nil) ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r3 = userfaultfd(0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, &(0x7f0000000100)={0x2c, 0x3, 0x4, 0x0, 0x0, [{r1, 0x0, 0x101}, {r2, 0x0, 0x5}, {r3, 0x0, 0x9}, {r0, 0x0, 0x6}]}) ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f00000001c0)={0x0, @reserved}) 05:20:00 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000), 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1024.388503][ T6453] ? lock_downgrade+0x920/0x920 [ 1024.393397][ T6453] kvm_set_memory_region+0x2f/0x50 [ 1024.398781][ T6453] kvm_vm_ioctl+0x729/0x1860 [ 1024.398804][ T6453] ? debug_check_no_obj_freed+0x20a/0x43f [ 1024.398822][ T6453] ? find_held_lock+0x35/0x130 [ 1024.398835][ T6453] ? kvm_unregister_device_ops+0x70/0x70 [ 1024.398859][ T6453] ? lock_downgrade+0x920/0x920 [ 1024.424421][ T6453] ? rwlock_bug.part.0+0x90/0x90 [ 1024.429377][ T6453] ? tomoyo_path_number_perm+0x214/0x520 [ 1024.435127][ T6453] ? find_held_lock+0x35/0x130 [ 1024.435152][ T6453] ? lock_downgrade+0x920/0x920 [ 1024.435165][ T6453] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1024.435181][ T6453] ? tomoyo_path_number_perm+0x459/0x520 [ 1024.435201][ T6453] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1024.435212][ T6453] ? tomoyo_path_number_perm+0x263/0x520 [ 1024.435227][ T6453] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1024.435259][ T6453] ? kvm_unregister_device_ops+0x70/0x70 [ 1024.435272][ T6453] do_vfs_ioctl+0xdb6/0x13e0 [ 1024.435287][ T6453] ? ioctl_preallocate+0x210/0x210 [ 1024.435299][ T6453] ? __fget+0x384/0x560 [ 1024.435319][ T6453] ? ksys_dup3+0x3e0/0x3e0 [ 1024.435346][ T6453] ? nsecs_to_jiffies+0x30/0x30 [ 1024.462119][ T6453] ? tomoyo_file_ioctl+0x23/0x30 [ 1024.462146][ T6453] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1024.462163][ T6453] ? security_file_ioctl+0x8d/0xc0 [ 1024.462180][ T6453] ksys_ioctl+0xab/0xd0 [ 1024.462195][ T6453] __x64_sys_ioctl+0x73/0xb0 [ 1024.462210][ T6453] do_syscall_64+0xfa/0x760 [ 1024.462230][ T6453] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1024.462240][ T6453] RIP: 0033:0x4598e9 [ 1024.462255][ T6453] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1024.462261][ T6453] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1024.462273][ T6453] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1024.462280][ T6453] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 05:20:01 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket(0x10, 0x3, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x61, &(0x7f0000000080)={'filter\x00', 0x4}, 0x68) r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r3 = openat$cgroup_subtree(r2, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r3) openat$cgroup_int(r2, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r3, &(0x7f00000002c0), 0x1a5) r4 = accept4$nfc_llcp(r1, &(0x7f0000000100), &(0x7f00000001c0)=0x60, 0x800) fcntl$setlease(r4, 0x400, 0x3) [ 1024.462287][ T6453] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1024.462295][ T6453] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1024.462302][ T6453] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1024.628728][ T6469] hfs: can't find a HFS filesystem on dev loop2 [ 1024.636889][ T6457] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1024.650054][ T6453] Mem-Info: [ 1024.653532][ T6453] active_anon:145892 inactive_anon:662 isolated_anon:0 [ 1024.653532][ T6453] active_file:21599 inactive_file:29269 isolated_file:0 [ 1024.653532][ T6453] unevictable:4096 dirty:320 writeback:0 unstable:0 [ 1024.653532][ T6453] slab_reclaimable:12940 slab_unreclaimable:96733 [ 1024.653532][ T6453] mapped:58952 shmem:252 pagetables:1448 bounce:0 [ 1024.653532][ T6453] free:1220628 free_pcp:704 free_cma:0 05:20:01 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) userfaultfd(0x100400) readv(r2, &(0x7f00000002c0), 0x1a5) 05:20:01 executing program 2: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_procfs(0x0, &(0x7f0000dec000)='smaps\x00') madvise(&(0x7f000092d000/0x400000)=nil, 0x400000, 0x10200000008) mlock2(&(0x7f0000cef000/0x3000)=nil, 0x3000, 0x0) sendfile(r0, r1, 0x0, 0x320f) 05:20:01 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000), 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:01 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000074000010", 0x66, 0x400}], 0x0, 0x0) 05:20:01 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8bc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) r1 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x5, 0x741a02) ioctl$GIO_UNISCRNMAP(r1, 0x4b69, &(0x7f0000000100)=""/4096) bind$ax25(r1, &(0x7f0000001100)={{0x3, @bcast}, [@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @null, @null, @bcast, @default, @null]}, 0x48) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1025.039535][ T6453] Node 0 active_anon:575152kB inactive_anon:2636kB active_file:86252kB inactive_file:117104kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235792kB dirty:1420kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 557056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:20:01 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000), 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1025.082060][ T6453] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1025.132201][ T6453] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1025.279234][ T6453] lowmem_reserve[]: 0 2547 2548 2548 [ 1025.286947][ T6453] Node 0 DMA32 free:1094668kB min:36184kB low:45228kB high:54272kB active_anon:577212kB inactive_anon:2636kB active_file:85200kB inactive_file:117020kB unevictable:16384kB writepending:1416kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7648kB pagetables:5604kB bounce:0kB free_pcp:2772kB local_pcp:1352kB free_cma:0kB [ 1025.324979][ T6453] lowmem_reserve[]: 0 0 1 1 [ 1025.329551][ T6453] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:4kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1025.357584][ T6453] lowmem_reserve[]: 0 0 0 0 [ 1025.362210][ T6453] Node 1 Normal free:3777736kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1025.404172][ T6453] lowmem_reserve[]: 0 0 0 0 [ 1025.409591][ T6503] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1025.422222][ T6453] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1025.440265][ T6453] Node 0 DMA32: 5227*4kB (UME) 3964*8kB (UME) 2369*16kB (UME) 1157*32kB (UME) 514*64kB (UME) 65*128kB (UM) 32*256kB (UM) 25*512kB (U) 9*1024kB (UE) 8*2048kB (UME) 215*4096kB (UM) = 1095996kB [ 1025.488997][ T6453] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1025.504705][ T6453] Node 1 Normal: 0*4kB 41*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777736kB [ 1025.539093][ T6453] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1025.557934][ T6453] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1025.567884][ T6453] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1025.578166][ T6453] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1025.588460][ T6453] 51126 total pagecache pages [ 1025.593660][ T6453] 0 pages in swap cache [ 1025.597935][ T6453] Swap cache stats: add 0, delete 0, find 0/0 [ 1025.604567][ T6453] Free swap = 0kB [ 1025.608387][ T6453] Total swap = 0kB [ 1025.612852][ T6453] 1965979 pages RAM [ 1025.616738][ T6453] 0 pages HighMem/MovableOnly [ 1025.621591][ T6453] 341179 pages reserved [ 1025.626285][ T6453] 0 pages cma reserved 05:20:02 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x74000000, 0x500]}) 05:20:02 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) r3 = syz_open_dev$sndpcmc(&(0x7f0000000080)='/dev/snd/pcmC#D#c\x00', 0x9, 0x220100) ioctl$MON_IOCX_GETX(r3, 0x4018920a, &(0x7f00000007c0)={&(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f00000006c0)=""/235, 0xeb}) recvmmsg(0xffffffffffffffff, &(0x7f0000005940)=[{{0x0, 0x0, &(0x7f0000001840)=[{&(0x7f0000000200)=""/3, 0x3}], 0x1}}], 0x1, 0x0, 0x0) readv(r2, &(0x7f0000000600)=[{&(0x7f0000000280)=""/229, 0xe5}, {&(0x7f0000000380)=""/208, 0xd0}, {&(0x7f00000000c0)=""/172, 0xac}, {&(0x7f00000001c0)=""/59, 0x3b}, {&(0x7f0000000480)=""/42, 0x2a}, {&(0x7f00000004c0)=""/23, 0x17}, {&(0x7f0000000500)=""/27, 0x1b}, {&(0x7f0000000540)=""/135, 0x87}], 0x8) 05:20:02 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:02 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(0xffffffffffffffff, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:02 executing program 1: r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) openat$rfkill(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/rfkill\x00', 0x800, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000280)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r2, 0x800000c004500a, &(0x7f0000000300)) readv(r2, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r2, &(0x7f0000000080), 0x8) ioctl$BLKGETSIZE(r2, 0x1260, &(0x7f0000000200)) fcntl$setlease(r1, 0x400, 0x5990626dd2275714) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) userfaultfd(0xc0000) close(r0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) socketpair$unix(0x1, 0x1000000000005, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r6}}, 0x20}}, 0x0) sendmsg$inet(r5, &(0x7f00000003c0)={&(0x7f0000000340)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000480)="ddce8ab0a56f568542b0a6ec8984d6d60187335ff53344aeb3d85f6b9cdb71cb0abc2ca905ccd9f302a4632acd27613fb3b037a0c727f3ac1cfeabcc0a1ae3041401b1d9e670a32b8a2550d7dd8ef41e87ffefdad5bf0f031d4bc0b922050ff25a70dd611104d2731a3cc8156ef9925be4cc09e45966f21c8428a8a6e68392adddb7493284e57563f163696903f5b36231a21143a03207835c9c4874e586d6579ff3c8a8cf5bb90803d99295bd6c0c54b992d244ddd6aa2c0f709e5ebcfe62f54c2a1a0351fa770896fe4d16e380d650cb3c7014bb8984189be2d7054a60842e9375db273f1512bec57d67f918209c76", 0xf0}], 0x1, &(0x7f0000000580)=ANY=[@ANYBLOB="11000000000000000000000001000000080000000000000014000000000000000000000007000000010000000000000011000000000000000000000001000000000000000000000011000000000000000000000001000000ff000000000000001400000000000000000000000200000000000000000000001c000000000000000000000008000000", @ANYRES32=r6, @ANYBLOB="ac1414934a15000100000000"], 0x98}, 0xc060) ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000400)=0x0) ptrace$setregs(0xd, r7, 0xfffffbfffffffffe, &(0x7f0000000640)="68c5242bce38a90685b4b211e1187e7b5fe56714167c3510f08e57a15feb129cfc7f92f0ba5f260600002288ebafe72dbe2e8bd40c93b16873239317287ed604a99fbea71f1c36ba7fbe49da2ddd3c2973d10b977d4d72755a426102ed69d1f5a1792b64a885e4ba427673f0ec68bbb0aee440c0cbc52e385eed4c19bdff0b204f5c242609a26ca1e9a466dc065a521ef423d1439de4907cd8425fbaf5a4a030047acae1d224c0937c476aafc21f4640ccc5643bd2306b25bff5d549f0c565ec227d78131a489f093fb5731c0e72d253db5460c34460a0fda2206893624ce57b3ade8ab5b64a67fc44a7af75915fd2d2b19452372d17b4c73d48dc609f78301d63c8ad14bf1c8828671f9da88656d2a14279fd94ec6726e54256000000000000000000") setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000240)={0x8000, 0x41, 0xfffffffffffffffc, 0x8}, 0x10) r8 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x20c81, 0x0) sendfile(r4, r8, &(0x7f0000000100), 0x9) 05:20:02 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200007a000010", 0x66, 0x400}], 0x0, 0x0) [ 1025.774497][ T6525] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1025.797750][ T6535] syz-executor.4: vmalloc: allocation failure: 10741219328 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1025.822315][ T6535] CPU: 1 PID: 6535 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1025.832831][ T6535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1025.845882][ T6535] Call Trace: [ 1025.850071][ T6535] dump_stack+0x172/0x1f0 [ 1025.855140][ T6535] warn_alloc.cold+0x87/0x17f [ 1025.860023][ T6535] ? zone_watermark_ok_safe+0x260/0x260 [ 1025.865648][ T6535] ? mark_lock+0xc2/0x1220 05:20:02 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_subtree(r1, &(0x7f0000000240)='cgroup.subtree_control\x00', 0x2, 0x0) r3 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x200, 0x200000) ioctl$VIDIOC_DBG_G_REGISTER(0xffffffffffffffff, 0xc0385650, &(0x7f0000000140)={{0x2, @addr=0xb6}, 0x8, 0x2}) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r3, 0xc04c5349, &(0x7f00000000c0)={0x4, 0x7, 0x5}) close(r2) openat$cgroup_int(r1, &(0x7f0000000180)='cgroup.max.depth\x00', 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000005940), 0x400000000000173, 0x2000, 0x0) r4 = add_key$user(0x0, &(0x7f0000000300)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r4, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(r6, 0x0, 0x0) r7 = userfaultfd(0x0) ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r7, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r7, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) fstat(r7, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) keyctl$chown(0x4, r4, r6, r8) readv(r2, &(0x7f00000002c0), 0x1a5) [ 1025.871805][ T6535] ? __lock_acquire+0x8a0/0x4a00 [ 1025.878160][ T6535] __vmalloc_node_range+0x483/0x7e0 [ 1025.884446][ T6535] ? is_bpf_text_address+0xac/0x170 [ 1025.889785][ T6535] ? kvm_arch_create_memslot+0xc3/0x570 [ 1025.889802][ T6535] __vmalloc_node_flags_caller+0x71/0x90 [ 1025.889816][ T6535] ? kvm_arch_create_memslot+0xc3/0x570 [ 1025.889833][ T6535] kvmalloc_node+0xdc/0x100 [ 1025.889850][ T6535] kvm_arch_create_memslot+0xc3/0x570 [ 1025.889874][ T6535] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1025.923435][ T6535] __kvm_set_memory_region+0x13b5/0x1d00 [ 1025.929532][ T6535] ? gfn_to_hva+0x470/0x470 [ 1025.934446][ T6535] ? lock_downgrade+0x920/0x920 [ 1025.940215][ T6535] kvm_set_memory_region+0x2f/0x50 [ 1025.945525][ T6535] kvm_vm_ioctl+0x729/0x1860 [ 1025.950771][ T6535] ? debug_check_no_obj_freed+0x20a/0x43f [ 1025.957324][ T6535] ? find_held_lock+0x35/0x130 [ 1025.962293][ T6535] ? kvm_unregister_device_ops+0x70/0x70 [ 1025.969269][ T6535] ? lock_downgrade+0x920/0x920 05:20:02 executing program 5: clone(0x20100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = gettid() clone(0x24820100, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000000080)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") tkill(r1, 0x1000000000016) wait4(0x0, 0x0, 0x0, 0x0) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x2800) ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000003040), 0x4000000000003c4, 0x0) openat$ashmem(0xffffffffffffff9c, 0x0, 0xc0, 0x0) [ 1025.974309][ T6535] ? rwlock_bug.part.0+0x90/0x90 [ 1025.979646][ T6535] ? tomoyo_path_number_perm+0x214/0x520 [ 1025.985408][ T6535] ? find_held_lock+0x35/0x130 [ 1025.991171][ T6535] ? lock_downgrade+0x920/0x920 [ 1025.998126][ T6535] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1026.004938][ T6535] ? tomoyo_path_number_perm+0x459/0x520 [ 1026.010966][ T6535] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1026.018284][ T6535] ? tomoyo_path_number_perm+0x263/0x520 [ 1026.018302][ T6535] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1026.018335][ T6535] ? kvm_unregister_device_ops+0x70/0x70 [ 1026.038967][ T6535] do_vfs_ioctl+0xdb6/0x13e0 [ 1026.038988][ T6535] ? ioctl_preallocate+0x210/0x210 [ 1026.039001][ T6535] ? __fget+0x384/0x560 [ 1026.039020][ T6535] ? ksys_dup3+0x3e0/0x3e0 [ 1026.039036][ T6535] ? nsecs_to_jiffies+0x30/0x30 [ 1026.039058][ T6535] ? tomoyo_file_ioctl+0x23/0x30 [ 1026.039073][ T6535] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1026.039087][ T6535] ? security_file_ioctl+0x8d/0xc0 [ 1026.039101][ T6535] ksys_ioctl+0xab/0xd0 [ 1026.039123][ T6535] __x64_sys_ioctl+0x73/0xb0 [ 1026.080957][ T6544] ptrace attach of "/root/syz-executor.5"[6543] was attempted by "/root/syz-executor.5"[6544] [ 1026.083576][ T6535] do_syscall_64+0xfa/0x760 [ 1026.083600][ T6535] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1026.083612][ T6535] RIP: 0033:0x4598e9 05:20:02 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(0xffffffffffffffff, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1026.083627][ T6535] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1026.083634][ T6535] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1026.083647][ T6535] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1026.083655][ T6535] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1026.083661][ T6535] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1026.083669][ T6535] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1026.083676][ T6535] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1026.225755][ T6535] Mem-Info: [ 1026.231702][ T6535] active_anon:146603 inactive_anon:661 isolated_anon:0 [ 1026.231702][ T6535] active_file:21601 inactive_file:29287 isolated_file:0 [ 1026.231702][ T6535] unevictable:4096 dirty:379 writeback:0 unstable:0 [ 1026.231702][ T6535] slab_reclaimable:12942 slab_unreclaimable:96804 [ 1026.231702][ T6535] mapped:58977 shmem:253 pagetables:1495 bounce:0 [ 1026.231702][ T6535] free:1219911 free_pcp:496 free_cma:0 05:20:02 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(0xffffffffffffffff, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1026.260501][ T6531] EXT4-fs (loop3): Encoding requested by superblock is unknown 05:20:02 executing program 5: r0 = gettid() shutdown(0xffffffffffffffff, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)) shmget(0x3, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) geteuid() lchown(0x0, 0x0, 0x0) fstat(0xffffffffffffffff, 0x0) semctl$IPC_SET(0x0, 0x0, 0x1, 0x0) getpgrp(r0) shmctl$IPC_SET(0x0, 0x1, 0x0) ptrace(0xffffffffffffffff, 0x0) sched_getscheduler(0x0) r1 = memfd_create(0x0, 0x0) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f00000000c0)={'NETMAP\x00'}, &(0x7f0000000100)=0x1e) r3 = socket$unix(0x1, 0x1, 0x0) read(r3, &(0x7f0000000700)=""/72, 0x48) r4 = socket$unix(0x1, 0x1, 0x0) read(r4, &(0x7f0000000700)=""/72, 0x48) getsockopt$sock_linger(r4, 0x1, 0xd, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x1000000000016) [ 1026.296108][ T6535] Node 0 active_anon:586412kB inactive_anon:2644kB active_file:86260kB inactive_file:117148kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235908kB dirty:1512kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 563200kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1026.365380][ T6535] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:20:02 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) [ 1026.492315][ T6535] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1026.548871][ T6535] lowmem_reserve[]: 0 2547 2548 2548 [ 1026.554624][ T6535] Node 0 DMA32 free:1088756kB min:36184kB low:45228kB high:54272kB active_anon:584208kB inactive_anon:2644kB active_file:85208kB inactive_file:117064kB unevictable:16384kB writepending:1508kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7872kB pagetables:5684kB bounce:0kB free_pcp:2252kB local_pcp:1172kB free_cma:0kB [ 1026.599564][ T6535] lowmem_reserve[]: 0 0 1 1 [ 1026.618798][ T6565] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1026.645497][ T6535] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:4kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1026.719734][ T6535] lowmem_reserve[]: 0 0 0 0 [ 1026.724655][ T6535] Node 1 Normal free:3777484kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 1026.755720][ T6535] lowmem_reserve[]: 0 0 0 0 [ 1026.760393][ T6535] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1026.778360][ T6535] Node 0 DMA32: 4967*4kB (UME) 3868*8kB (UME) 2395*16kB (UME) 1168*32kB (UME) 514*64kB (UME) 65*128kB (UM) 32*256kB (UM) 25*512kB (U) 9*1024kB (UE) 9*2048kB (UME) 214*4096kB (UM) = 1092908kB [ 1026.797705][ T6535] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1026.817356][ T6535] Node 1 Normal: 1*4kB (U) 9*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777484kB [ 1026.842376][ T6535] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1026.857643][ T6535] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1026.879262][ T6535] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1026.889288][ T6535] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1026.900023][ T6535] 51140 total pagecache pages [ 1026.905099][ T6535] 0 pages in swap cache [ 1026.909402][ T6535] Swap cache stats: add 0, delete 0, find 0/0 [ 1026.916173][ T6535] Free swap = 0kB 05:20:03 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x7a000000, 0x500]}) 05:20:03 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202004ec0000010", 0x66, 0x400}], 0x0, 0x0) 05:20:03 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x0) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:03 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") syz_mount_image$hfs(&(0x7f0000000100)='hfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)={[{@gid={'gid'}}]}) 05:20:03 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) readv(r1, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r1, &(0x7f0000000080), 0x8) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/autofs\x00', 0x80000, 0x0) write$RDMA_USER_CM_CMD_MIGRATE_ID(r1, &(0x7f0000000100)={0x12, 0x10, 0xfa00, {&(0x7f0000000000), 0xffffffffffffffff, r2}}, 0x18) utimensat(r2, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={{0x77359400}, {0x77359400}}, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r3 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r3, &(0x7f0000000140), 0x4924b68, 0x0) connect$bt_l2cap(r3, &(0x7f00000001c0)={0x1f, 0xfffffffffffffffa, {0x1, 0xc5, 0x8, 0x0, 0xffffffff, 0xfffffffffffffffb}, 0x100, 0x401}, 0xe) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:03 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) [ 1026.931876][ T6535] Total swap = 0kB [ 1026.937804][ T6535] 1965979 pages RAM [ 1026.941761][ T6535] 0 pages HighMem/MovableOnly [ 1026.960983][ T6535] 341179 pages reserved [ 1026.965468][ T6535] 0 pages cma reserved [ 1027.113593][ T6587] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 05:20:03 executing program 5: [ 1027.193010][ T6598] syz-executor.4: vmalloc: allocation failure: 10741415936 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:20:03 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x0) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1027.234679][ T6589] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1027.251829][ T6598] CPU: 1 PID: 6598 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1027.260935][ T6598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1027.271012][ T6598] Call Trace: [ 1027.274316][ T6598] dump_stack+0x172/0x1f0 [ 1027.278775][ T6598] warn_alloc.cold+0x87/0x17f [ 1027.283818][ T6598] ? zone_watermark_ok_safe+0x260/0x260 [ 1027.289530][ T6598] ? mark_lock+0xc2/0x1220 [ 1027.293954][ T6598] ? __lock_acquire+0x8a0/0x4a00 [ 1027.298904][ T6598] __vmalloc_node_range+0x483/0x7e0 [ 1027.304107][ T6598] ? is_bpf_text_address+0xac/0x170 [ 1027.309440][ T6598] ? kvm_arch_create_memslot+0xc3/0x570 [ 1027.315159][ T6598] __vmalloc_node_flags_caller+0x71/0x90 [ 1027.320981][ T6598] ? kvm_arch_create_memslot+0xc3/0x570 [ 1027.326545][ T6598] kvmalloc_node+0xdc/0x100 [ 1027.331051][ T6598] kvm_arch_create_memslot+0xc3/0x570 [ 1027.336432][ T6598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1027.342690][ T6598] __kvm_set_memory_region+0x13b5/0x1d00 [ 1027.348342][ T6598] ? gfn_to_hva+0x470/0x470 [ 1027.352987][ T6598] ? lock_downgrade+0x920/0x920 [ 1027.358005][ T6598] kvm_set_memory_region+0x2f/0x50 [ 1027.363416][ T6598] kvm_vm_ioctl+0x729/0x1860 [ 1027.368150][ T6598] ? debug_check_no_obj_freed+0x20a/0x43f [ 1027.373885][ T6598] ? find_held_lock+0x35/0x130 [ 1027.378688][ T6598] ? kvm_unregister_device_ops+0x70/0x70 [ 1027.384325][ T6598] ? lock_downgrade+0x920/0x920 [ 1027.389361][ T6598] ? rwlock_bug.part.0+0x90/0x90 [ 1027.394324][ T6598] ? tomoyo_path_number_perm+0x214/0x520 [ 1027.400111][ T6598] ? find_held_lock+0x35/0x130 [ 1027.405071][ T6598] ? lock_downgrade+0x920/0x920 [ 1027.410397][ T6598] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1027.415703][ T6598] ? tomoyo_path_number_perm+0x459/0x520 [ 1027.421477][ T6598] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1027.427833][ T6598] ? tomoyo_path_number_perm+0x263/0x520 [ 1027.434436][ T6598] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1027.440266][ T6598] ? kvm_unregister_device_ops+0x70/0x70 [ 1027.446015][ T6598] do_vfs_ioctl+0xdb6/0x13e0 [ 1027.450613][ T6598] ? ioctl_preallocate+0x210/0x210 [ 1027.455722][ T6598] ? __fget+0x384/0x560 [ 1027.459894][ T6598] ? ksys_dup3+0x3e0/0x3e0 [ 1027.464310][ T6598] ? nsecs_to_jiffies+0x30/0x30 [ 1027.469384][ T6598] ? tomoyo_file_ioctl+0x23/0x30 [ 1027.474333][ T6598] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1027.480712][ T6598] ? security_file_ioctl+0x8d/0xc0 [ 1027.486127][ T6598] ksys_ioctl+0xab/0xd0 [ 1027.490312][ T6598] __x64_sys_ioctl+0x73/0xb0 [ 1027.494933][ T6598] do_syscall_64+0xfa/0x760 [ 1027.499447][ T6598] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1027.505342][ T6598] RIP: 0033:0x4598e9 [ 1027.509252][ T6598] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1027.529158][ T6598] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1027.537628][ T6598] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1027.545711][ T6598] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1027.553777][ T6598] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1027.561917][ T6598] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1027.569890][ T6598] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1027.583900][ T6598] Mem-Info: [ 1027.587363][ T6598] active_anon:147603 inactive_anon:661 isolated_anon:0 [ 1027.587363][ T6598] active_file:21601 inactive_file:29287 isolated_file:0 [ 1027.587363][ T6598] unevictable:4096 dirty:154 writeback:0 unstable:0 [ 1027.587363][ T6598] slab_reclaimable:12917 slab_unreclaimable:96685 [ 1027.587363][ T6598] mapped:58977 shmem:253 pagetables:1421 bounce:0 [ 1027.587363][ T6598] free:1219103 free_pcp:499 free_cma:0 [ 1027.627208][ T6598] Node 0 active_anon:590412kB inactive_anon:2644kB active_file:86260kB inactive_file:117148kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235908kB dirty:612kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 563200kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1027.658852][ T6598] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1027.720019][ T6598] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1027.762460][ T6598] lowmem_reserve[]: 0 2547 2548 2548 05:20:04 executing program 5: [ 1027.793055][ T6598] Node 0 DMA32 free:1077908kB min:36184kB low:45228kB high:54272kB active_anon:594564kB inactive_anon:2644kB active_file:85208kB inactive_file:117064kB unevictable:16384kB writepending:620kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7968kB pagetables:5980kB bounce:0kB free_pcp:1812kB local_pcp:1332kB free_cma:0kB 05:20:04 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe2020019da000010", 0x66, 0x400}], 0x0, 0x0) 05:20:04 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:04 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x0) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1028.034050][ T6598] lowmem_reserve[]: 0 0 1 1 [ 1028.038842][ T6614] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1028.104220][ T6598] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1028.178125][ T6618] EXT4-fs (loop3): Encoding requested by superblock is unknown [ 1028.200042][ T6598] lowmem_reserve[]: 0 0 0 0 [ 1028.209814][ T6598] Node 1 Normal free:3777484kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 1028.242608][ T6598] lowmem_reserve[]: 0 0 0 0 [ 1028.247170][ T6598] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1028.262032][ T6598] Node 0 DMA32: 5112*4kB (UME) 3920*8kB (UME) 2211*16kB (UME) 1169*32kB (UME) 516*64kB (UME) 69*128kB (UM) 33*256kB (UM) 25*512kB (U) 9*1024kB (UE) 8*2048kB (UME) 214*4096kB (UM) = 1089840kB [ 1028.281408][ T6598] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1028.294568][ T6598] Node 1 Normal: 1*4kB (U) 9*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777484kB [ 1028.311902][ T6598] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1028.351500][ T6598] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1028.392178][ T6598] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1028.401781][ T6598] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1028.428054][ T6598] 51151 total pagecache pages [ 1028.434470][ T6598] 0 pages in swap cache [ 1028.438673][ T6598] Swap cache stats: add 0, delete 0, find 0/0 [ 1028.445543][ T6598] Free swap = 0kB [ 1028.449302][ T6598] Total swap = 0kB [ 1028.457824][ T6598] 1965979 pages RAM [ 1028.461742][ T6598] 0 pages HighMem/MovableOnly [ 1028.467005][ T6598] 341179 pages reserved [ 1028.471181][ T6598] 0 pages cma reserved 05:20:04 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0xc00c0000, 0x500]}) 05:20:04 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) getsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:04 executing program 5: 05:20:04 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:04 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:04 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200c0ed000010", 0x66, 0x400}], 0x0, 0x0) 05:20:05 executing program 5: [ 1028.667116][ T6640] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1028.703067][ T6647] syz-executor.4: vmalloc: allocation failure: 10743711232 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:20:05 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:05 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:05 executing program 5: [ 1028.785699][ T6641] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1028.856482][ T6647] CPU: 1 PID: 6647 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1028.865805][ T6647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1028.875868][ T6647] Call Trace: [ 1028.879180][ T6647] dump_stack+0x172/0x1f0 [ 1028.883530][ T6647] warn_alloc.cold+0x87/0x17f [ 1028.888229][ T6647] ? zone_watermark_ok_safe+0x260/0x260 [ 1028.893802][ T6647] ? mark_lock+0xc2/0x1220 [ 1028.898223][ T6647] ? __lock_acquire+0x8a0/0x4a00 [ 1028.903169][ T6647] __vmalloc_node_range+0x483/0x7e0 [ 1028.908361][ T6647] ? is_bpf_text_address+0xac/0x170 [ 1028.913566][ T6647] ? kvm_arch_create_memslot+0xc3/0x570 [ 1028.919124][ T6647] __vmalloc_node_flags_caller+0x71/0x90 [ 1028.924770][ T6647] ? kvm_arch_create_memslot+0xc3/0x570 [ 1028.930885][ T6647] kvmalloc_node+0xdc/0x100 [ 1028.935449][ T6647] kvm_arch_create_memslot+0xc3/0x570 [ 1028.940910][ T6647] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1028.947146][ T6647] __kvm_set_memory_region+0x13b5/0x1d00 [ 1028.952942][ T6647] ? gfn_to_hva+0x470/0x470 [ 1028.957455][ T6647] ? lock_downgrade+0x920/0x920 [ 1028.962310][ T6647] kvm_set_memory_region+0x2f/0x50 [ 1028.967416][ T6647] kvm_vm_ioctl+0x729/0x1860 [ 1028.971999][ T6647] ? debug_check_no_obj_freed+0x20a/0x43f [ 1028.977718][ T6647] ? find_held_lock+0x35/0x130 [ 1028.982510][ T6647] ? kvm_unregister_device_ops+0x70/0x70 [ 1028.988152][ T6647] ? lock_downgrade+0x920/0x920 [ 1028.992991][ T6647] ? rwlock_bug.part.0+0x90/0x90 [ 1028.997934][ T6647] ? tomoyo_path_number_perm+0x214/0x520 [ 1029.003565][ T6647] ? find_held_lock+0x35/0x130 [ 1029.008338][ T6647] ? lock_downgrade+0x920/0x920 [ 1029.013179][ T6647] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1029.018473][ T6647] ? tomoyo_path_number_perm+0x459/0x520 [ 1029.024100][ T6647] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1029.030343][ T6647] ? tomoyo_path_number_perm+0x263/0x520 [ 1029.035967][ T6647] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1029.041800][ T6647] ? kvm_unregister_device_ops+0x70/0x70 [ 1029.047430][ T6647] do_vfs_ioctl+0xdb6/0x13e0 [ 1029.052013][ T6647] ? ioctl_preallocate+0x210/0x210 [ 1029.057202][ T6647] ? __fget+0x384/0x560 [ 1029.061353][ T6647] ? ksys_dup3+0x3e0/0x3e0 [ 1029.065773][ T6647] ? nsecs_to_jiffies+0x30/0x30 [ 1029.070720][ T6647] ? tomoyo_file_ioctl+0x23/0x30 [ 1029.075652][ T6647] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1029.081899][ T6647] ? security_file_ioctl+0x8d/0xc0 [ 1029.087007][ T6647] ksys_ioctl+0xab/0xd0 [ 1029.091157][ T6647] __x64_sys_ioctl+0x73/0xb0 [ 1029.095758][ T6647] do_syscall_64+0xfa/0x760 [ 1029.100263][ T6647] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1029.106148][ T6647] RIP: 0033:0x4598e9 [ 1029.110130][ T6647] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1029.129748][ T6647] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1029.138191][ T6647] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1029.146308][ T6647] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1029.154277][ T6647] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1029.162239][ T6647] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1029.170200][ T6647] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff 05:20:05 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:05 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe2020000ff000010", 0x66, 0x400}], 0x0, 0x0) [ 1029.252282][ T6647] Mem-Info: [ 1029.263553][ T6647] active_anon:144572 inactive_anon:658 isolated_anon:0 [ 1029.263553][ T6647] active_file:21600 inactive_file:29308 isolated_file:0 [ 1029.263553][ T6647] unevictable:4096 dirty:188 writeback:0 unstable:0 [ 1029.263553][ T6647] slab_reclaimable:12923 slab_unreclaimable:97348 [ 1029.263553][ T6647] mapped:58986 shmem:254 pagetables:1458 bounce:0 [ 1029.263553][ T6647] free:1221429 free_pcp:579 free_cma:0 [ 1029.443802][ T6669] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1029.471486][ T6647] Node 0 active_anon:580228kB inactive_anon:2632kB active_file:86256kB inactive_file:117232kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235944kB dirty:748kB writeback:0kB shmem:1016kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 559104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1029.519997][ T6647] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1029.547348][ T6647] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1029.615138][ T6647] lowmem_reserve[]: 0 2547 2548 2548 [ 1029.631822][ T6647] Node 0 DMA32 free:1087564kB min:36184kB low:45228kB high:54272kB active_anon:582196kB inactive_anon:2632kB active_file:85204kB inactive_file:117148kB unevictable:16384kB writepending:740kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7776kB pagetables:5684kB bounce:0kB free_pcp:2648kB local_pcp:1112kB free_cma:0kB [ 1029.664531][ T6647] lowmem_reserve[]: 0 0 1 1 [ 1029.669343][ T6647] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1029.697197][ T6647] lowmem_reserve[]: 0 0 0 0 [ 1029.702908][ T6647] Node 1 Normal free:3777684kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1029.732776][ T6647] lowmem_reserve[]: 0 0 0 0 [ 1029.737550][ T6647] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1029.752485][ T6647] Node 0 DMA32: 6070*4kB (UME) 3785*8kB (UME) 1877*16kB (UME) 1169*32kB (UME) 518*64kB (UME) 68*128kB (UM) 33*256kB (UM) 25*512kB (U) 9*1024kB (UE) 8*2048kB (UME) 214*4096kB (UM) = 1087248kB [ 1029.804473][ T6681] EXT4-fs (loop3): Can't mount with encoding and encryption [ 1029.808092][ T6647] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1029.831149][ T6647] Node 1 Normal: 1*4kB (U) 40*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777732kB [ 1029.856189][ T6647] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1029.867170][ T6647] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1029.878624][ T6647] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1029.889237][ T6647] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1029.899366][ T6647] 51161 total pagecache pages [ 1029.904724][ T6647] 0 pages in swap cache [ 1029.911193][ T6647] Swap cache stats: add 0, delete 0, find 0/0 [ 1029.920894][ T6647] Free swap = 0kB [ 1029.925430][ T6647] Total swap = 0kB [ 1029.931660][ T6647] 1965979 pages RAM [ 1029.936291][ T6647] 0 pages HighMem/MovableOnly [ 1029.941161][ T6647] 341179 pages reserved [ 1029.946014][ T6647] 0 pages cma reserved 05:20:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0xfc010000, 0x500]}) 05:20:06 executing program 5: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x100000, 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f0000000640)='.', 0x0, 0x23080, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x80000, 0x0) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) 05:20:06 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo\x00') getsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000040), &(0x7f0000000100)=0x4) 05:20:06 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x0, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:06 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:06 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000fff000010", 0x66, 0x400}], 0x0, 0x0) [ 1030.122519][ T6693] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1030.218067][ T6707] syz-executor.4: vmalloc: allocation failure: 10745675904 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1030.269099][ T6707] CPU: 0 PID: 6707 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1030.278169][ T6707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1030.289093][ T6707] Call Trace: [ 1030.292410][ T6707] dump_stack+0x172/0x1f0 [ 1030.296770][ T6707] warn_alloc.cold+0x87/0x17f [ 1030.301472][ T6707] ? zone_watermark_ok_safe+0x260/0x260 [ 1030.307059][ T6707] ? mark_lock+0xc2/0x1220 [ 1030.311496][ T6707] ? __lock_acquire+0x8a0/0x4a00 05:20:06 executing program 5: 05:20:06 executing program 1: openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000280)='/proc/capi/capi20ncci\x00', 0x200000, 0x0) r0 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x3a401) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r0, 0xc1105518, &(0x7f0000000140)={{0x7, 0x0, 0x81, 0x200, 'syz0\x00', 0x43}, 0x1, 0x400, 0x3, 0x0, 0x5, 0x5a, 'syz1\x00', &(0x7f0000000100)=['/dev/input/event#\x00', '/dev/input/event#\x00', '@+-+*\x00', 'lo\x00', '/dev/input/event#\x00'], 0x3f, [], [0x3f, 0x1, 0x0, 0x8001]}) syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x8, 0x40000) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r2 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r2, &(0x7f0000000140), 0x4924b68, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r2, 0x84, 0x6b, &(0x7f00000002c0)=[@in={0x2, 0x4e23, @broadcast}, @in6={0xa, 0x4e24, 0xed3, @rand_addr="7a5d5072e677d688d66be9543d041c75", 0x6}, @in6={0xa, 0x4e21, 0x1f, @remote, 0x2151}, @in={0x2, 0x4e22, @empty}, @in6={0xa, 0x4e23, 0x9, @rand_addr="2a7e0d654e240721517b7bc1e61cd511", 0x81}, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x84) 05:20:06 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r1, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1030.316808][ T6707] __vmalloc_node_range+0x483/0x7e0 [ 1030.322027][ T6707] ? is_bpf_text_address+0xac/0x170 [ 1030.327258][ T6707] ? kvm_arch_create_memslot+0xc3/0x570 [ 1030.332832][ T6707] __vmalloc_node_flags_caller+0x71/0x90 [ 1030.338494][ T6707] ? kvm_arch_create_memslot+0xc3/0x570 [ 1030.344069][ T6707] kvmalloc_node+0xdc/0x100 [ 1030.348606][ T6707] kvm_arch_create_memslot+0xc3/0x570 [ 1030.354012][ T6707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1030.360719][ T6707] __kvm_set_memory_region+0x13b5/0x1d00 [ 1030.366444][ T6707] ? gfn_to_hva+0x470/0x470 [ 1030.370952][ T6707] ? lock_downgrade+0x920/0x920 [ 1030.375900][ T6707] kvm_set_memory_region+0x2f/0x50 [ 1030.381007][ T6707] kvm_vm_ioctl+0x729/0x1860 [ 1030.385613][ T6707] ? debug_check_no_obj_freed+0x20a/0x43f [ 1030.391537][ T6707] ? find_held_lock+0x35/0x130 [ 1030.396437][ T6707] ? kvm_unregister_device_ops+0x70/0x70 [ 1030.402092][ T6707] ? lock_downgrade+0x920/0x920 [ 1030.406946][ T6707] ? rwlock_bug.part.0+0x90/0x90 [ 1030.411874][ T6707] ? tomoyo_path_number_perm+0x214/0x520 [ 1030.417615][ T6707] ? find_held_lock+0x35/0x130 [ 1030.422494][ T6707] ? lock_downgrade+0x920/0x920 [ 1030.427436][ T6707] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1030.432854][ T6707] ? tomoyo_path_number_perm+0x459/0x520 [ 1030.438776][ T6707] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1030.445021][ T6707] ? tomoyo_path_number_perm+0x263/0x520 [ 1030.450659][ T6707] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1030.456779][ T6707] ? kvm_unregister_device_ops+0x70/0x70 [ 1030.462428][ T6707] do_vfs_ioctl+0xdb6/0x13e0 [ 1030.467116][ T6707] ? ioctl_preallocate+0x210/0x210 [ 1030.472227][ T6707] ? __fget+0x384/0x560 [ 1030.476475][ T6707] ? ksys_dup3+0x3e0/0x3e0 [ 1030.480878][ T6707] ? nsecs_to_jiffies+0x30/0x30 [ 1030.486152][ T6707] ? tomoyo_file_ioctl+0x23/0x30 [ 1030.491303][ T6707] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1030.498016][ T6707] ? security_file_ioctl+0x8d/0xc0 [ 1030.503143][ T6707] ksys_ioctl+0xab/0xd0 [ 1030.507298][ T6707] __x64_sys_ioctl+0x73/0xb0 [ 1030.511873][ T6707] do_syscall_64+0xfa/0x760 [ 1030.517451][ T6707] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1030.523354][ T6707] RIP: 0033:0x4598e9 [ 1030.527256][ T6707] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1030.546868][ T6707] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1030.555286][ T6707] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1030.563346][ T6707] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1030.571499][ T6707] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1030.579467][ T6707] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1030.587439][ T6707] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1030.597635][ T6707] Mem-Info: [ 1030.601018][ T6707] active_anon:145521 inactive_anon:658 isolated_anon:0 [ 1030.601018][ T6707] active_file:21600 inactive_file:29308 isolated_file:0 [ 1030.601018][ T6707] unevictable:4096 dirty:188 writeback:0 unstable:0 [ 1030.601018][ T6707] slab_reclaimable:12923 slab_unreclaimable:97785 [ 1030.601018][ T6707] mapped:58961 shmem:254 pagetables:1421 bounce:0 [ 1030.601018][ T6707] free:1219974 free_pcp:702 free_cma:0 [ 1030.640450][ T6707] Node 0 active_anon:582084kB inactive_anon:2632kB active_file:86256kB inactive_file:117232kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235844kB dirty:748kB writeback:0kB shmem:1016kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 559104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1030.671134][ T6707] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1030.698605][ T6707] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1030.727922][ T6707] lowmem_reserve[]: 0 2547 2548 2548 [ 1030.733897][ T6707] Node 0 DMA32 free:1087016kB min:36184kB low:45228kB high:54272kB active_anon:582064kB inactive_anon:2632kB active_file:85204kB inactive_file:117148kB unevictable:16384kB writepending:740kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7744kB pagetables:5684kB bounce:0kB free_pcp:2800kB local_pcp:1332kB free_cma:0kB [ 1030.768664][ T6707] lowmem_reserve[]: 0 0 1 1 [ 1030.773901][ T6707] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1030.802866][ T6707] lowmem_reserve[]: 0 0 0 0 [ 1030.807753][ T6707] Node 1 Normal free:3777684kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:20:07 executing program 2: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:07 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r1, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1030.897293][ T6708] EXT4-fs (loop3): Can't mount with encoding and encryption [ 1030.944130][ T6707] lowmem_reserve[]: 0 0 0 0 05:20:07 executing program 5: [ 1030.990260][ T6707] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1031.018937][ T6707] Node 0 DMA32: 6942*4kB (UME) 3786*8kB (UME) 1642*16kB (UME) 1136*32kB (UME) 518*64kB (UME) 68*128kB (UM) 33*256kB (UM) 25*512kB (U) 9*1024kB (UE) 11*2048kB (UME) 213*4096kB (UM) = 1087976kB [ 1031.140045][ T6736] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1031.201450][ T6707] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1031.237130][ T6707] Node 1 Normal: 1*4kB (U) 40*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777732kB [ 1031.268908][ T6707] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1031.293357][ T6707] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1031.312332][ T6707] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1031.322010][ T6707] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1031.331982][ T6707] 51178 total pagecache pages [ 1031.337150][ T6707] 0 pages in swap cache [ 1031.341461][ T6707] Swap cache stats: add 0, delete 0, find 0/0 [ 1031.347679][ T6707] Free swap = 0kB [ 1031.351731][ T6707] Total swap = 0kB [ 1031.355726][ T6707] 1965979 pages RAM [ 1031.359649][ T6707] 0 pages HighMem/MovableOnly [ 1031.359660][ T6707] 341179 pages reserved [ 1031.369163][ T6707] 0 pages cma reserved 05:20:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0xffff8000, 0x500]}) 05:20:07 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x40000, 0x0) ioctl$TIOCGLCKTRMIOS(r1, 0x5456, &(0x7f0000001180)={0x3, 0x1, 0x7fff, 0x20, 0x1a, 0x3, 0xfffffffffffff0fd, 0x5, 0x9, 0x81, 0x2f96775e, 0x7}) r2 = userfaultfd(0x0) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) readv(r2, &(0x7f0000001140)=[{&(0x7f0000000140)=""/4096, 0x1000}], 0x1) ioctl$RTC_ALM_SET(r1, 0x40247007, &(0x7f0000000100)={0xd, 0x12, 0x10, 0xa, 0xa, 0x9, 0x6, 0x14d, 0x1}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(0xffffffffffffffff, 0x84, 0x1e, &(0x7f0000000000)=0x2, 0x4) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:07 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) socket$inet6(0xa, 0x6, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r1, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:07 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000040010", 0x66, 0x400}], 0x0, 0x0) 05:20:07 executing program 5: 05:20:07 executing program 2: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:08 executing program 5: 05:20:08 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, 0x0, 0x0) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1031.562909][ T6755] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1031.639876][ T6760] syz-executor.4: vmalloc: allocation failure: 10745806784 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1031.712656][ T6760] CPU: 0 PID: 6760 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1031.722028][ T6760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1031.732595][ T6760] Call Trace: [ 1031.735920][ T6760] dump_stack+0x172/0x1f0 [ 1031.740286][ T6760] warn_alloc.cold+0x87/0x17f [ 1031.744993][ T6760] ? zone_watermark_ok_safe+0x260/0x260 [ 1031.750845][ T6760] ? mark_lock+0xc2/0x1220 [ 1031.755481][ T6760] ? __lock_acquire+0x8a0/0x4a00 [ 1031.761198][ T6760] __vmalloc_node_range+0x483/0x7e0 [ 1031.766502][ T6760] ? is_bpf_text_address+0xac/0x170 [ 1031.771717][ T6760] ? kvm_arch_create_memslot+0xc3/0x570 [ 1031.777366][ T6760] __vmalloc_node_flags_caller+0x71/0x90 [ 1031.783040][ T6760] ? kvm_arch_create_memslot+0xc3/0x570 [ 1031.788619][ T6760] kvmalloc_node+0xdc/0x100 [ 1031.793155][ T6760] kvm_arch_create_memslot+0xc3/0x570 [ 1031.798538][ T6760] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1031.804802][ T6760] __kvm_set_memory_region+0x13b5/0x1d00 05:20:08 executing program 5: [ 1031.810469][ T6760] ? gfn_to_hva+0x470/0x470 [ 1031.815000][ T6760] ? lock_downgrade+0x920/0x920 [ 1031.819885][ T6760] kvm_set_memory_region+0x2f/0x50 [ 1031.825018][ T6760] kvm_vm_ioctl+0x729/0x1860 [ 1031.829717][ T6760] ? debug_check_no_obj_freed+0x20a/0x43f [ 1031.835458][ T6760] ? find_held_lock+0x35/0x130 [ 1031.840246][ T6760] ? kvm_unregister_device_ops+0x70/0x70 [ 1031.846060][ T6760] ? lock_downgrade+0x920/0x920 [ 1031.851196][ T6760] ? rwlock_bug.part.0+0x90/0x90 [ 1031.856281][ T6760] ? tomoyo_path_number_perm+0x214/0x520 05:20:08 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, 0x0, 0x0) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1031.861941][ T6760] ? find_held_lock+0x35/0x130 [ 1031.866812][ T6760] ? lock_downgrade+0x920/0x920 [ 1031.872470][ T6760] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1031.878391][ T6760] ? tomoyo_path_number_perm+0x459/0x520 [ 1031.884131][ T6760] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1031.890655][ T6760] ? tomoyo_path_number_perm+0x263/0x520 [ 1031.896303][ T6760] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1031.902151][ T6760] ? kvm_unregister_device_ops+0x70/0x70 [ 1031.907806][ T6760] do_vfs_ioctl+0xdb6/0x13e0 [ 1031.912482][ T6760] ? ioctl_preallocate+0x210/0x210 [ 1031.917878][ T6760] ? __fget+0x384/0x560 [ 1031.922035][ T6760] ? ksys_dup3+0x3e0/0x3e0 [ 1031.926469][ T6760] ? nsecs_to_jiffies+0x30/0x30 [ 1031.931364][ T6760] ? tomoyo_file_ioctl+0x23/0x30 [ 1031.936475][ T6760] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1031.942996][ T6760] ? security_file_ioctl+0x8d/0xc0 [ 1031.948219][ T6760] ksys_ioctl+0xab/0xd0 [ 1031.952493][ T6760] __x64_sys_ioctl+0x73/0xb0 [ 1031.957092][ T6760] do_syscall_64+0xfa/0x760 [ 1031.961702][ T6760] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1031.967613][ T6760] RIP: 0033:0x4598e9 [ 1031.973333][ T6760] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1031.993202][ T6760] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1032.002147][ T6760] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1032.010658][ T6760] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1032.018823][ T6760] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1032.026883][ T6760] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1032.035394][ T6760] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1032.046249][ T6760] Mem-Info: [ 1032.049638][ T6760] active_anon:146674 inactive_anon:658 isolated_anon:0 [ 1032.049638][ T6760] active_file:21601 inactive_file:29332 isolated_file:0 [ 1032.049638][ T6760] unevictable:4096 dirty:188 writeback:0 unstable:0 [ 1032.049638][ T6760] slab_reclaimable:12924 slab_unreclaimable:97916 [ 1032.049638][ T6760] mapped:58997 shmem:253 pagetables:1482 bounce:0 [ 1032.049638][ T6760] free:1218603 free_pcp:630 free_cma:0 [ 1032.090313][ T6760] Node 0 active_anon:586696kB inactive_anon:2632kB active_file:86260kB inactive_file:117328kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235988kB dirty:748kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 563200kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1032.121330][ T6760] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1032.148562][ T6760] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1032.177190][ T6760] lowmem_reserve[]: 0 2547 2548 2548 05:20:08 executing program 5: [ 1032.177217][ T6760] Node 0 DMA32 free:1080756kB min:36184kB low:45228kB high:54272kB active_anon:586676kB inactive_anon:2632kB active_file:85208kB inactive_file:117244kB unevictable:16384kB writepending:840kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:8000kB pagetables:5928kB bounce:0kB free_pcp:2532kB local_pcp:1104kB free_cma:0kB [ 1032.177257][ T6760] lowmem_reserve[]: 0 0 1 1 [ 1032.226110][ T6753] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1032.247157][ T6760] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:20:08 executing program 2: ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) [ 1032.502242][ T6760] lowmem_reserve[]: 0 0 0 0 [ 1032.522708][ T6760] Node 1 Normal free:3777732kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1032.599725][ T6788] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1032.611431][ T6760] lowmem_reserve[]: 0 0 0 0 [ 1032.623933][ T6760] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1032.645445][ T6760] Node 0 DMA32: 7806*4kB (UME) 3894*8kB (UME) 1644*16kB (UME) 1026*32kB (UME) 522*64kB (UME) 68*128kB (UM) 33*256kB (UM) 25*512kB (U) 9*1024kB (UE) 9*2048kB (UME) 214*4096kB (UM) = 1089064kB [ 1032.665688][ T6760] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1032.678668][ T6760] Node 1 Normal: 1*4kB (U) 40*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777732kB [ 1032.696087][ T6760] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1032.719139][ T6760] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1032.729810][ T6760] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1032.739686][ T6760] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1032.749153][ T6760] 51185 total pagecache pages [ 1032.754740][ T6760] 0 pages in swap cache [ 1032.767286][ T6760] Swap cache stats: add 0, delete 0, find 0/0 [ 1032.773891][ T6760] Free swap = 0kB [ 1032.777611][ T6760] Total swap = 0kB [ 1032.777621][ T6760] 1965979 pages RAM [ 1032.777626][ T6760] 0 pages HighMem/MovableOnly [ 1032.777631][ T6760] 341179 pages reserved [ 1032.777636][ T6760] 0 pages cma reserved 05:20:09 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x10000000000, 0x500]}) 05:20:09 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, 0x0, 0x0) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:09 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) r2 = getpid() perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x4, 0x9, 0x9, 0x1f, 0x0, 0x8, 0x8000, 0x2, 0x20, 0x9, 0x1, 0xffff, 0x7, 0x9, 0x0, 0x5, 0x9, 0x1, 0x21a, 0xffffffffffffffe0, 0x81, 0x6fb, 0x9, 0x8, 0x4, 0x4, 0xe84, 0x4, 0x4, 0x401, 0x7, 0x16, 0xffffffffffff0001, 0x100000000, 0x2, 0x6, 0x0, 0x6, 0x1, @perf_bp={&(0x7f0000000000), 0x1}, 0x14000, 0x1, 0x10000, 0x1, 0x5, 0x6, 0xfffffffffffff7c4}, r2, 0xa, r0, 0x9) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:09 executing program 5: 05:20:09 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe2020000000a0010", 0x66, 0x400}], 0x0, 0x0) 05:20:09 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:09 executing program 5: 05:20:09 executing program 1: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3fa0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, @perf_config_ext={0x1, 0x5}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1033.001186][ T6808] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1033.023222][ T6804] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1033.054041][ T6808] CPU: 0 PID: 6808 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1033.063121][ T6808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1033.073311][ T6808] Call Trace: [ 1033.076637][ T6808] dump_stack+0x172/0x1f0 [ 1033.080998][ T6808] warn_alloc.cold+0x87/0x17f [ 1033.085865][ T6808] ? zone_watermark_ok_safe+0x260/0x260 [ 1033.091459][ T6808] ? mark_lock+0xc2/0x1220 [ 1033.095899][ T6808] ? __lock_acquire+0x8a0/0x4a00 [ 1033.100956][ T6808] __vmalloc_node_range+0x483/0x7e0 [ 1033.106185][ T6808] ? is_bpf_text_address+0xac/0x170 [ 1033.111406][ T6808] ? kvm_arch_create_memslot+0xc3/0x570 [ 1033.111426][ T6808] __vmalloc_node_flags_caller+0x71/0x90 [ 1033.111445][ T6808] ? kvm_arch_create_memslot+0xc3/0x570 [ 1033.128343][ T6808] kvmalloc_node+0xdc/0x100 [ 1033.132893][ T6808] kvm_arch_create_memslot+0xc3/0x570 [ 1033.138283][ T6808] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1033.145269][ T6808] __kvm_set_memory_region+0x13b5/0x1d00 [ 1033.150943][ T6808] ? gfn_to_hva+0x470/0x470 [ 1033.155492][ T6808] ? lock_downgrade+0x920/0x920 [ 1033.160394][ T6808] kvm_set_memory_region+0x2f/0x50 [ 1033.161540][ T6800] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1033.165522][ T6808] kvm_vm_ioctl+0x729/0x1860 [ 1033.165540][ T6808] ? debug_check_no_obj_freed+0x20a/0x43f [ 1033.165556][ T6808] ? find_held_lock+0x35/0x130 [ 1033.165572][ T6808] ? kvm_unregister_device_ops+0x70/0x70 [ 1033.165593][ T6808] ? lock_downgrade+0x920/0x920 [ 1033.165608][ T6808] ? rwlock_bug.part.0+0x90/0x90 05:20:09 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:09 executing program 5: [ 1033.165623][ T6808] ? tomoyo_path_number_perm+0x214/0x520 [ 1033.165635][ T6808] ? find_held_lock+0x35/0x130 [ 1033.165659][ T6808] ? lock_downgrade+0x920/0x920 [ 1033.165678][ T6808] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1033.189357][ T6808] ? tomoyo_path_number_perm+0x459/0x520 [ 1033.231116][ T6808] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1033.237402][ T6808] ? tomoyo_path_number_perm+0x263/0x520 [ 1033.237422][ T6808] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1033.237462][ T6808] ? kvm_unregister_device_ops+0x70/0x70 [ 1033.237480][ T6808] do_vfs_ioctl+0xdb6/0x13e0 [ 1033.237502][ T6808] ? ioctl_preallocate+0x210/0x210 [ 1033.264365][ T6808] ? __fget+0x384/0x560 [ 1033.268552][ T6808] ? ksys_dup3+0x3e0/0x3e0 [ 1033.273089][ T6808] ? nsecs_to_jiffies+0x30/0x30 [ 1033.277956][ T6808] ? tomoyo_file_ioctl+0x23/0x30 [ 1033.277977][ T6808] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1033.277994][ T6808] ? security_file_ioctl+0x8d/0xc0 [ 1033.278012][ T6808] ksys_ioctl+0xab/0xd0 [ 1033.278030][ T6808] __x64_sys_ioctl+0x73/0xb0 [ 1033.278049][ T6808] do_syscall_64+0xfa/0x760 [ 1033.278071][ T6808] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1033.307754][ T6808] RIP: 0033:0x4598e9 [ 1033.307770][ T6808] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1033.307779][ T6808] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1033.307799][ T6808] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 05:20:09 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1033.307808][ T6808] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1033.307817][ T6808] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1033.307826][ T6808] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1033.307835][ T6808] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1033.365726][ T6808] Mem-Info: [ 1033.390417][ T6808] active_anon:146622 inactive_anon:660 isolated_anon:0 [ 1033.390417][ T6808] active_file:21599 inactive_file:29343 isolated_file:0 [ 1033.390417][ T6808] unevictable:4096 dirty:211 writeback:0 unstable:0 [ 1033.390417][ T6808] slab_reclaimable:12917 slab_unreclaimable:98015 [ 1033.390417][ T6808] mapped:59017 shmem:252 pagetables:1472 bounce:0 [ 1033.390417][ T6808] free:1218769 free_pcp:442 free_cma:0 05:20:09 executing program 1: r0 = socket(0x10, 0x3, 0x0) r1 = syz_open_dev$usb(&(0x7f0000000100)='/dev/bus/usb/00#/00#\x00', 0x2, 0x12602) ioctl$SIOCRSGL2CALL(r1, 0x89e5, &(0x7f0000000140)=@bcast) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x0, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) connect$rds(r0, &(0x7f0000000000)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x28}}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x1261, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x400000000000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, @perf_config_ext={0x101, 0x4275}, 0x8300}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x0) inotify_init1(0x40000) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1033.602234][ T6808] Node 0 active_anon:578160kB inactive_anon:2640kB active_file:86252kB inactive_file:117372kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235868kB dirty:840kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 561152kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1033.780862][ T6808] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1033.817393][ T6836] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1033.819340][ T6808] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1033.853089][ T6836] CPU: 1 PID: 6836 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1033.862467][ T6808] lowmem_reserve[]: 0 2547 2548 2548 [ 1033.869883][ T6836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1033.869890][ T6836] Call Trace: [ 1033.869915][ T6836] dump_stack+0x172/0x1f0 [ 1033.869936][ T6836] warn_alloc.cold+0x87/0x17f [ 1033.869953][ T6836] ? zone_watermark_ok_safe+0x260/0x260 [ 1033.869982][ T6836] ? mark_lock+0xc2/0x1220 [ 1033.875874][ T6808] Node 0 DMA32 free:1082656kB min:36184kB low:45228kB high:54272kB active_anon:582088kB inactive_anon:2640kB active_file:85200kB inactive_file:117288kB unevictable:16384kB writepending:832kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7744kB pagetables:5592kB bounce:0kB free_pcp:2680kB local_pcp:1460kB free_cma:0kB [ 1033.885427][ T6836] ? __lock_acquire+0x8a0/0x4a00 [ 1033.885450][ T6836] __vmalloc_node_range+0x483/0x7e0 [ 1033.885466][ T6836] ? is_bpf_text_address+0xac/0x170 [ 1033.885488][ T6836] ? kvm_arch_create_memslot+0xc3/0x570 [ 1033.885501][ T6836] __vmalloc_node_flags_caller+0x71/0x90 [ 1033.885518][ T6836] ? kvm_arch_create_memslot+0xc3/0x570 [ 1033.885535][ T6836] kvmalloc_node+0xdc/0x100 [ 1033.885556][ T6836] kvm_arch_create_memslot+0xc3/0x570 [ 1033.889594][ T6808] lowmem_reserve[]: 0 0 1 1 [ 1033.893303][ T6836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1033.893324][ T6836] __kvm_set_memory_region+0x13b5/0x1d00 [ 1033.893345][ T6836] ? gfn_to_hva+0x470/0x470 [ 1033.893370][ T6836] ? lock_downgrade+0x920/0x920 [ 1033.893398][ T6836] kvm_set_memory_region+0x2f/0x50 [ 1033.893417][ T6836] kvm_vm_ioctl+0x729/0x1860 [ 1033.898542][ T6808] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1033.903626][ T6836] ? debug_check_no_obj_freed+0x20a/0x43f [ 1033.903644][ T6836] ? find_held_lock+0x35/0x130 [ 1033.903662][ T6836] ? kvm_unregister_device_ops+0x70/0x70 [ 1033.903687][ T6836] ? lock_downgrade+0x920/0x920 [ 1033.903707][ T6836] ? rwlock_bug.part.0+0x90/0x90 [ 1033.908666][ T6808] lowmem_reserve[]: 0 0 0 0 [ 1033.939529][ T6836] ? tomoyo_path_number_perm+0x214/0x520 [ 1033.939545][ T6836] ? find_held_lock+0x35/0x130 [ 1033.939569][ T6836] ? lock_downgrade+0x920/0x920 [ 1033.939582][ T6836] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1033.939599][ T6836] ? tomoyo_path_number_perm+0x459/0x520 [ 1033.939618][ T6836] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1033.939636][ T6836] ? tomoyo_path_number_perm+0x263/0x520 [ 1033.945076][ T6808] Node 1 Normal free:3777732kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1033.949770][ T6836] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1033.949805][ T6836] ? kvm_unregister_device_ops+0x70/0x70 [ 1033.949823][ T6836] do_vfs_ioctl+0xdb6/0x13e0 [ 1033.955466][ T6808] lowmem_reserve[]: 0 0 0 0 [ 1033.960603][ T6836] ? ioctl_preallocate+0x210/0x210 [ 1033.960616][ T6836] ? __fget+0x384/0x560 [ 1033.960638][ T6836] ? ksys_dup3+0x3e0/0x3e0 [ 1033.966853][ T6808] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1033.971913][ T6836] ? nsecs_to_jiffies+0x30/0x30 [ 1033.971938][ T6836] ? tomoyo_file_ioctl+0x23/0x30 [ 1033.971955][ T6836] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1033.971971][ T6836] ? security_file_ioctl+0x8d/0xc0 [ 1033.971992][ T6836] ksys_ioctl+0xab/0xd0 [ 1033.977050][ T6808] Node 0 DMA32: 8050*4kB (UME) 3897*8kB (UME) 1639*16kB (UME) 835*32kB (ME) 521*64kB (UME) 75*128kB (UM) 33*256kB (UM) 25*512kB (U) 9*1024kB (UE) 8*2048kB (UME) 214*4096kB (UM) = 1082656kB [ 1033.981858][ T6836] __x64_sys_ioctl+0x73/0xb0 [ 1033.981877][ T6836] do_syscall_64+0xfa/0x760 [ 1033.981898][ T6836] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1033.981916][ T6836] RIP: 0033:0x4598e9 [ 1033.986923][ T6808] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1033.992666][ T6836] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1033.992674][ T6836] RSP: 002b:00007f92b6d82c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1033.992687][ T6836] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1033.992695][ T6836] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1033.992703][ T6836] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1033.992710][ T6836] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6d836d4 [ 1033.992718][ T6836] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1034.025503][ T6808] Node 1 Normal: 1*4kB (U) 40*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777732kB [ 1034.107075][ T6808] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1034.246274][ T6808] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1034.257529][ T6808] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1034.257541][ T6808] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1034.257547][ T6808] 51206 total pagecache pages [ 1034.257554][ T6808] 0 pages in swap cache [ 1034.257570][ T6808] Swap cache stats: add 0, delete 0, find 0/0 [ 1034.411097][ T6808] Free swap = 0kB [ 1034.416063][ T6808] Total swap = 0kB [ 1034.419803][ T6808] 1965979 pages RAM [ 1034.423809][ T6808] 0 pages HighMem/MovableOnly [ 1034.428639][ T6808] 341179 pages reserved 05:20:10 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x40000000000, 0x500]}) 05:20:10 executing program 5: 05:20:10 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000000110", 0x66, 0x400}], 0x0, 0x0) 05:20:10 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:10 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:10 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe7, 0x0, 0x0, 0x0, 0x7, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x401}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) r1 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x3, 0x0) pipe2(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4000) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000300)={0xaa, 0x12}) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f0000000180)={0x5, 0x7ff, 0x7fffffff, 'queue0\x00', 0x80000000}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r3 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x80000000, 0x1) r4 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x80) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r4, 0x81785501, &(0x7f0000000340)=""/94) connect$caif(r4, &(0x7f0000000200), 0x18) ioctl$TUNGETDEVNETNS(r4, 0x54e3, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r4, 0xc04c5349, &(0x7f0000000240)={0x101, 0x401}) ioctl$sock_inet_SIOCGARP(r3, 0x8954, &(0x7f0000000100)={{0x2, 0x4e22, @rand_addr=0x8}, {0x6, @local}, 0x48, {0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 'teql0\x00'}) [ 1034.432891][ T6808] 0 pages cma reserved 05:20:11 executing program 5: [ 1034.547144][ T6844] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1034.609068][ T6852] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1034.679120][ T6852] CPU: 1 PID: 6852 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1034.688298][ T6852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1034.698388][ T6852] Call Trace: [ 1034.701717][ T6852] dump_stack+0x172/0x1f0 [ 1034.706450][ T6852] warn_alloc.cold+0x87/0x17f [ 1034.711238][ T6852] ? zone_watermark_ok_safe+0x260/0x260 [ 1034.716826][ T6852] ? mark_lock+0xc2/0x1220 [ 1034.721343][ T6852] ? __lock_acquire+0x8a0/0x4a00 05:20:11 executing program 5: [ 1034.726487][ T6852] __vmalloc_node_range+0x483/0x7e0 [ 1034.732873][ T6852] ? is_bpf_text_address+0xac/0x170 [ 1034.738194][ T6852] ? kvm_arch_create_memslot+0xc3/0x570 [ 1034.743892][ T6852] __vmalloc_node_flags_caller+0x71/0x90 [ 1034.750071][ T6852] ? kvm_arch_create_memslot+0xc3/0x570 [ 1034.755876][ T6852] kvmalloc_node+0xdc/0x100 [ 1034.760519][ T6852] kvm_arch_create_memslot+0xc3/0x570 [ 1034.765907][ T6852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1034.772261][ T6852] __kvm_set_memory_region+0x13b5/0x1d00 [ 1034.778009][ T6852] ? gfn_to_hva+0x470/0x470 [ 1034.782552][ T6852] ? lock_downgrade+0x920/0x920 [ 1034.787518][ T6852] kvm_set_memory_region+0x2f/0x50 [ 1034.792631][ T6852] kvm_vm_ioctl+0x729/0x1860 [ 1034.797454][ T6852] ? debug_check_no_obj_freed+0x20a/0x43f [ 1034.803605][ T6852] ? find_held_lock+0x35/0x130 [ 1034.809240][ T6852] ? kvm_unregister_device_ops+0x70/0x70 [ 1034.814883][ T6852] ? lock_downgrade+0x920/0x920 [ 1034.819830][ T6852] ? rwlock_bug.part.0+0x90/0x90 [ 1034.825135][ T6852] ? tomoyo_path_number_perm+0x214/0x520 [ 1034.831126][ T6852] ? find_held_lock+0x35/0x130 [ 1034.835909][ T6852] ? lock_downgrade+0x920/0x920 [ 1034.841395][ T6852] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1034.847079][ T6852] ? tomoyo_path_number_perm+0x459/0x520 [ 1034.853016][ T6852] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1034.859779][ T6852] ? tomoyo_path_number_perm+0x263/0x520 [ 1034.865800][ T6852] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1034.872233][ T6852] ? kvm_unregister_device_ops+0x70/0x70 [ 1034.877871][ T6852] do_vfs_ioctl+0xdb6/0x13e0 [ 1034.882561][ T6852] ? ioctl_preallocate+0x210/0x210 [ 1034.887662][ T6852] ? __fget+0x384/0x560 [ 1034.891850][ T6852] ? ksys_dup3+0x3e0/0x3e0 [ 1034.896280][ T6852] ? nsecs_to_jiffies+0x30/0x30 [ 1034.901488][ T6852] ? tomoyo_file_ioctl+0x23/0x30 [ 1034.906521][ T6852] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1034.912908][ T6852] ? security_file_ioctl+0x8d/0xc0 [ 1034.918033][ T6852] ksys_ioctl+0xab/0xd0 [ 1034.922194][ T6852] __x64_sys_ioctl+0x73/0xb0 [ 1034.926814][ T6852] do_syscall_64+0xfa/0x760 [ 1034.931517][ T6852] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1034.937399][ T6852] RIP: 0033:0x4598e9 [ 1034.941384][ T6852] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1034.962003][ T6852] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1034.970413][ T6852] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 05:20:11 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:11 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1034.978471][ T6852] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1034.986732][ T6852] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1034.994867][ T6852] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1035.002925][ T6852] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1035.019553][ T6852] warn_alloc_show_mem: 1 callbacks suppressed [ 1035.019559][ T6852] Mem-Info: [ 1035.029241][ T6852] active_anon:145530 inactive_anon:661 isolated_anon:0 [ 1035.029241][ T6852] active_file:21601 inactive_file:29361 isolated_file:0 [ 1035.029241][ T6852] unevictable:4096 dirty:232 writeback:0 unstable:0 [ 1035.029241][ T6852] slab_reclaimable:12934 slab_unreclaimable:98509 [ 1035.029241][ T6852] mapped:58959 shmem:253 pagetables:1419 bounce:0 [ 1035.029241][ T6852] free:1219214 free_pcp:698 free_cma:0 [ 1035.068310][ T6852] Node 0 active_anon:582120kB inactive_anon:2644kB active_file:86260kB inactive_file:117444kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235836kB dirty:924kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 561152kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1035.099075][ T6852] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1035.126462][ T6852] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1035.153615][ T6852] lowmem_reserve[]: 0 2547 2548 2548 05:20:11 executing program 2: socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) [ 1035.159187][ T6852] Node 0 DMA32 free:1083512kB min:36184kB low:45228kB high:54272kB active_anon:582100kB inactive_anon:2644kB active_file:85208kB inactive_file:117360kB unevictable:16384kB writepending:916kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7776kB pagetables:5676kB bounce:0kB free_pcp:2700kB local_pcp:1272kB free_cma:0kB [ 1035.191299][ T6852] lowmem_reserve[]: 0 0 1 1 [ 1035.196049][ T6852] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1035.223388][ T6852] lowmem_reserve[]: 0 0 0 0 [ 1035.228077][ T6852] Node 1 Normal free:3777732kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1035.302621][ T6849] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities 05:20:11 executing program 5: [ 1035.385804][ T6852] lowmem_reserve[]: 0 0 0 0 [ 1035.400074][ T6852] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1035.423729][ T6871] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1035.500470][ T6852] Node 0 DMA32: 8174*4kB (UME) 3785*8kB (UME) 1640*16kB (UME) 838*32kB (UME) 507*64kB (UME) 76*128kB (UM) 33*256kB (UM) 25*512kB (U) 9*1024kB (UE) 9*2048kB (UME) 214*4096kB (UM) = 1083648kB [ 1035.531426][ T6852] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1035.558564][ T6852] Node 1 Normal: 1*4kB (U) 40*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777732kB [ 1035.562171][ T6871] CPU: 0 PID: 6871 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1035.582447][ T6852] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1035.584835][ T6871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1035.584841][ T6871] Call Trace: [ 1035.584866][ T6871] dump_stack+0x172/0x1f0 [ 1035.584887][ T6871] warn_alloc.cold+0x87/0x17f [ 1035.595239][ T6852] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1035.605253][ T6871] ? zone_watermark_ok_safe+0x260/0x260 [ 1035.605282][ T6871] ? mark_lock+0xc2/0x1220 [ 1035.605295][ T6871] ? __lock_acquire+0x8a0/0x4a00 [ 1035.605314][ T6871] __vmalloc_node_range+0x483/0x7e0 [ 1035.605333][ T6871] ? is_bpf_text_address+0xac/0x170 [ 1035.608749][ T6852] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1035.613004][ T6871] ? kvm_arch_create_memslot+0xc3/0x570 [ 1035.613019][ T6871] __vmalloc_node_flags_caller+0x71/0x90 [ 1035.613035][ T6871] ? kvm_arch_create_memslot+0xc3/0x570 [ 1035.613051][ T6871] kvmalloc_node+0xdc/0x100 [ 1035.613066][ T6871] kvm_arch_create_memslot+0xc3/0x570 [ 1035.613087][ T6871] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1035.617801][ T6852] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1035.627025][ T6871] __kvm_set_memory_region+0x13b5/0x1d00 [ 1035.627047][ T6871] ? gfn_to_hva+0x470/0x470 [ 1035.627071][ T6871] ? lock_downgrade+0x920/0x920 [ 1035.627101][ T6871] kvm_set_memory_region+0x2f/0x50 [ 1035.632735][ T6852] 51214 total pagecache pages [ 1035.637994][ T6871] kvm_vm_ioctl+0x729/0x1860 [ 1035.638014][ T6871] ? debug_check_no_obj_freed+0x20a/0x43f [ 1035.638032][ T6871] ? find_held_lock+0x35/0x130 [ 1035.643052][ T6852] 0 pages in swap cache [ 1035.648142][ T6871] ? kvm_unregister_device_ops+0x70/0x70 [ 1035.648162][ T6871] ? lock_downgrade+0x920/0x920 [ 1035.648179][ T6871] ? rwlock_bug.part.0+0x90/0x90 [ 1035.653462][ T6852] Swap cache stats: add 0, delete 0, find 0/0 [ 1035.662878][ T6871] ? tomoyo_path_number_perm+0x214/0x520 [ 1035.662894][ T6871] ? find_held_lock+0x35/0x130 [ 1035.662917][ T6871] ? lock_downgrade+0x920/0x920 [ 1035.662934][ T6871] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1035.662951][ T6871] ? tomoyo_path_number_perm+0x459/0x520 [ 1035.668699][ T6852] Free swap = 0kB [ 1035.674270][ T6871] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1035.674283][ T6871] ? tomoyo_path_number_perm+0x263/0x520 [ 1035.674298][ T6871] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1035.674331][ T6871] ? kvm_unregister_device_ops+0x70/0x70 [ 1035.674349][ T6871] do_vfs_ioctl+0xdb6/0x13e0 [ 1035.679921][ T6852] Total swap = 0kB [ 1035.684371][ T6871] ? ioctl_preallocate+0x210/0x210 [ 1035.684383][ T6871] ? __fget+0x384/0x560 [ 1035.684401][ T6871] ? ksys_dup3+0x3e0/0x3e0 [ 1035.684417][ T6871] ? nsecs_to_jiffies+0x30/0x30 [ 1035.684442][ T6871] ? tomoyo_file_ioctl+0x23/0x30 [ 1035.690528][ T6852] 1965979 pages RAM [ 1035.697756][ T6871] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1035.697771][ T6871] ? security_file_ioctl+0x8d/0xc0 [ 1035.697787][ T6871] ksys_ioctl+0xab/0xd0 [ 1035.697807][ T6871] __x64_sys_ioctl+0x73/0xb0 [ 1035.697824][ T6871] do_syscall_64+0xfa/0x760 [ 1035.697848][ T6871] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1035.707306][ T6852] 0 pages HighMem/MovableOnly [ 1035.712723][ T6871] RIP: 0033:0x4598e9 05:20:12 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x50000000000, 0x500]}) 05:20:12 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x100) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000040)={&(0x7f000058d000/0x1000)=nil, 0x1000}, &(0x7f0000000100)=0x10) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:12 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000000210", 0x66, 0x400}], 0x0, 0x0) 05:20:12 executing program 5: 05:20:12 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1035.712739][ T6871] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1035.712746][ T6871] RSP: 002b:00007f92b6d82c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1035.712759][ T6871] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1035.712767][ T6871] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1035.712775][ T6871] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1035.712781][ T6871] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6d836d4 [ 1035.712794][ T6871] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1035.727769][ T6852] 341179 pages reserved [ 1035.743320][ T6852] 0 pages cma reserved 05:20:12 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1036.059939][ T6874] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 05:20:12 executing program 5: [ 1036.115332][ T6889] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:20:12 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1036.225731][ T6889] CPU: 0 PID: 6889 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1036.234800][ T6889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1036.244870][ T6889] Call Trace: [ 1036.248185][ T6889] dump_stack+0x172/0x1f0 [ 1036.252538][ T6889] warn_alloc.cold+0x87/0x17f [ 1036.257240][ T6889] ? zone_watermark_ok_safe+0x260/0x260 [ 1036.262837][ T6889] ? mark_lock+0xc2/0x1220 [ 1036.267352][ T6889] ? __lock_acquire+0x8a0/0x4a00 05:20:12 executing program 5: [ 1036.272659][ T6889] __vmalloc_node_range+0x483/0x7e0 [ 1036.277966][ T6889] ? is_bpf_text_address+0xac/0x170 [ 1036.283182][ T6889] ? kvm_arch_create_memslot+0xc3/0x570 [ 1036.288827][ T6889] __vmalloc_node_flags_caller+0x71/0x90 [ 1036.294492][ T6889] ? kvm_arch_create_memslot+0xc3/0x570 [ 1036.300240][ T6889] kvmalloc_node+0xdc/0x100 [ 1036.304763][ T6889] kvm_arch_create_memslot+0xc3/0x570 [ 1036.310242][ T6889] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1036.316504][ T6889] __kvm_set_memory_region+0x13b5/0x1d00 05:20:12 executing program 1: r0 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0xff, 0x101000) perf_event_open(&(0x7f000001d000)={0x1, 0xffffff78, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffffffffc01, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, r0, 0x0) r1 = userfaultfd(0x0) r2 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x9, 0x800100) r3 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r3, 0x800000c004500a, &(0x7f0000000300)) readv(r3, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r3, &(0x7f0000000080), 0x8) ioctl$UDMABUF_CREATE(r2, 0x40187542, &(0x7f0000000100)={r3, 0x1, 0xfffffffffffff000}) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1036.322162][ T6889] ? gfn_to_hva+0x470/0x470 [ 1036.326690][ T6889] ? lock_downgrade+0x920/0x920 [ 1036.331573][ T6889] kvm_set_memory_region+0x2f/0x50 [ 1036.336707][ T6889] kvm_vm_ioctl+0x729/0x1860 [ 1036.341324][ T6889] ? debug_check_no_obj_freed+0x20a/0x43f [ 1036.347058][ T6889] ? find_held_lock+0x35/0x130 [ 1036.351845][ T6889] ? kvm_unregister_device_ops+0x70/0x70 [ 1036.358483][ T6889] ? lock_downgrade+0x920/0x920 [ 1036.363536][ T6889] ? rwlock_bug.part.0+0x90/0x90 [ 1036.368484][ T6889] ? tomoyo_path_number_perm+0x214/0x520 [ 1036.374127][ T6889] ? find_held_lock+0x35/0x130 [ 1036.378929][ T6889] ? lock_downgrade+0x920/0x920 [ 1036.383799][ T6889] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1036.389188][ T6889] ? tomoyo_path_number_perm+0x459/0x520 [ 1036.394818][ T6889] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1036.401056][ T6889] ? tomoyo_path_number_perm+0x263/0x520 [ 1036.406699][ T6889] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1036.412544][ T6889] ? kvm_unregister_device_ops+0x70/0x70 [ 1036.418194][ T6889] do_vfs_ioctl+0xdb6/0x13e0 [ 1036.422882][ T6889] ? ioctl_preallocate+0x210/0x210 [ 1036.428078][ T6889] ? __fget+0x384/0x560 [ 1036.432241][ T6889] ? ksys_dup3+0x3e0/0x3e0 [ 1036.436699][ T6889] ? nsecs_to_jiffies+0x30/0x30 [ 1036.441649][ T6889] ? tomoyo_file_ioctl+0x23/0x30 [ 1036.446634][ T6889] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1036.452989][ T6889] ? security_file_ioctl+0x8d/0xc0 [ 1036.458452][ T6889] ksys_ioctl+0xab/0xd0 [ 1036.462740][ T6889] __x64_sys_ioctl+0x73/0xb0 [ 1036.467454][ T6889] do_syscall_64+0xfa/0x760 [ 1036.471959][ T6889] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1036.478444][ T6889] RIP: 0033:0x4598e9 [ 1036.482428][ T6889] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1036.502235][ T6889] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1036.510739][ T6889] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1036.518722][ T6889] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 05:20:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) [ 1036.526701][ T6889] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1036.534698][ T6889] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1036.542670][ T6889] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1036.554397][ T6889] warn_alloc_show_mem: 1 callbacks suppressed [ 1036.554404][ T6889] Mem-Info: [ 1036.564384][ T6889] active_anon:145068 inactive_anon:658 isolated_anon:0 [ 1036.564384][ T6889] active_file:21599 inactive_file:29374 isolated_file:0 [ 1036.564384][ T6889] unevictable:4096 dirty:245 writeback:0 unstable:0 [ 1036.564384][ T6889] slab_reclaimable:12950 slab_unreclaimable:98625 [ 1036.564384][ T6889] mapped:59013 shmem:253 pagetables:1419 bounce:0 [ 1036.564384][ T6889] free:1219455 free_pcp:776 free_cma:0 [ 1036.632205][ T6889] Node 0 active_anon:582160kB inactive_anon:2632kB active_file:86252kB inactive_file:117496kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235852kB dirty:976kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 559104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1036.689490][ T6900] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1036.711048][ T6889] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:20:13 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1036.739610][ T6889] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1036.832846][ T6894] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1036.872276][ T6889] lowmem_reserve[]: 0 2547 2548 2548 [ 1036.887383][ T6889] Node 0 DMA32 free:1074556kB min:36184kB low:45228kB high:54272kB active_anon:588504kB inactive_anon:2632kB active_file:85196kB inactive_file:117424kB unevictable:16384kB writepending:980kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:8032kB pagetables:6196kB bounce:0kB free_pcp:1240kB local_pcp:860kB free_cma:0kB [ 1037.003469][ T6889] lowmem_reserve[]: 0 0 1 1 [ 1037.011969][ T6889] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1037.051809][ T6889] lowmem_reserve[]: 0 0 0 0 [ 1037.070249][ T6889] Node 1 Normal free:3777732kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1037.104097][ T6889] lowmem_reserve[]: 0 0 0 0 [ 1037.118205][ T6889] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1037.158580][ T6889] Node 0 DMA32: 8565*4kB (UME) 3995*8kB (UME) 1648*16kB (UME) 845*32kB (UME) 470*64kB (ME) 75*128kB (UM) 33*256kB (UM) 25*512kB (U) 9*1024kB (UE) 6*2048kB (UME) 214*4096kB (UM) = 1078604kB [ 1037.217198][ T6889] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1037.232368][ T6889] Node 1 Normal: 1*4kB (U) 40*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777732kB [ 1037.255092][ T6889] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1037.271230][ T6889] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1037.281790][ T6889] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1037.292022][ T6889] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1037.301856][ T6889] 51235 total pagecache pages [ 1037.306857][ T6889] 0 pages in swap cache [ 1037.311169][ T6889] Swap cache stats: add 0, delete 0, find 0/0 [ 1037.317381][ T6889] Free swap = 0kB 05:20:13 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x2000000000000, 0x500]}) 05:20:13 executing program 5: 05:20:13 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:13 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000000310", 0x66, 0x400}], 0x0, 0x0) 05:20:13 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1037.321180][ T6889] Total swap = 0kB [ 1037.325015][ T6889] 1965979 pages RAM [ 1037.328907][ T6889] 0 pages HighMem/MovableOnly [ 1037.333876][ T6889] 341179 pages reserved [ 1037.338097][ T6889] 0 pages cma reserved 05:20:13 executing program 5: [ 1037.469566][ T6933] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1037.549369][ T6942] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:20:14 executing program 5: [ 1037.626849][ T6942] CPU: 1 PID: 6942 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1037.636644][ T6942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1037.646811][ T6942] Call Trace: [ 1037.650129][ T6942] dump_stack+0x172/0x1f0 [ 1037.654503][ T6942] warn_alloc.cold+0x87/0x17f [ 1037.659197][ T6942] ? zone_watermark_ok_safe+0x260/0x260 [ 1037.664789][ T6942] ? mark_lock+0xc2/0x1220 [ 1037.669226][ T6942] ? __lock_acquire+0x8a0/0x4a00 05:20:14 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x0, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:14 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1037.674290][ T6942] __vmalloc_node_range+0x483/0x7e0 [ 1037.679714][ T6942] ? is_bpf_text_address+0xac/0x170 [ 1037.685388][ T6942] ? kvm_arch_create_memslot+0xc3/0x570 [ 1037.690966][ T6942] __vmalloc_node_flags_caller+0x71/0x90 [ 1037.696634][ T6942] ? kvm_arch_create_memslot+0xc3/0x570 [ 1037.702204][ T6942] kvmalloc_node+0xdc/0x100 [ 1037.706730][ T6942] kvm_arch_create_memslot+0xc3/0x570 [ 1037.712109][ T6942] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1037.712130][ T6942] __kvm_set_memory_region+0x13b5/0x1d00 [ 1037.712152][ T6942] ? gfn_to_hva+0x470/0x470 [ 1037.712176][ T6942] ? lock_downgrade+0x920/0x920 [ 1037.712206][ T6942] kvm_set_memory_region+0x2f/0x50 [ 1037.712226][ T6942] kvm_vm_ioctl+0x729/0x1860 [ 1037.724529][ T6942] ? debug_check_no_obj_freed+0x20a/0x43f [ 1037.724546][ T6942] ? find_held_lock+0x35/0x130 [ 1037.724564][ T6942] ? kvm_unregister_device_ops+0x70/0x70 [ 1037.724584][ T6942] ? lock_downgrade+0x920/0x920 [ 1037.724597][ T6942] ? rwlock_bug.part.0+0x90/0x90 [ 1037.724612][ T6942] ? tomoyo_path_number_perm+0x214/0x520 [ 1037.724631][ T6942] ? find_held_lock+0x35/0x130 [ 1037.777144][ T6942] ? lock_downgrade+0x920/0x920 [ 1037.786727][ T6942] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1037.786745][ T6942] ? tomoyo_path_number_perm+0x459/0x520 [ 1037.786763][ T6942] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1037.786780][ T6942] ? tomoyo_path_number_perm+0x263/0x520 [ 1037.802641][ T6936] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1037.804148][ T6942] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1037.804188][ T6942] ? kvm_unregister_device_ops+0x70/0x70 [ 1037.804203][ T6942] do_vfs_ioctl+0xdb6/0x13e0 [ 1037.804222][ T6942] ? ioctl_preallocate+0x210/0x210 [ 1037.830965][ T6942] ? __fget+0x384/0x560 [ 1037.830987][ T6942] ? ksys_dup3+0x3e0/0x3e0 [ 1037.831005][ T6942] ? nsecs_to_jiffies+0x30/0x30 [ 1037.831028][ T6942] ? tomoyo_file_ioctl+0x23/0x30 [ 1037.831043][ T6942] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1037.831063][ T6942] ? security_file_ioctl+0x8d/0xc0 [ 1037.840988][ T6942] ksys_ioctl+0xab/0xd0 [ 1037.841005][ T6942] __x64_sys_ioctl+0x73/0xb0 [ 1037.841025][ T6942] do_syscall_64+0xfa/0x760 [ 1037.841048][ T6942] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1037.841060][ T6942] RIP: 0033:0x4598e9 [ 1037.841075][ T6942] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1037.841082][ T6942] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 05:20:14 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x18000, 0x0) r2 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r2, 0x800000c004500a, &(0x7f0000000300)) readv(r2, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r2, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r2, &(0x7f0000000080), 0x8) ioctl$PPPIOCGDEBUG(r2, 0x80047441, &(0x7f0000000100)) openat$cgroup_type(r1, &(0x7f0000000040)='cgroup.type\x00', 0x2, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1037.923257][ T6942] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1037.931244][ T6942] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1037.939319][ T6942] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1037.947592][ T6942] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1037.956322][ T6942] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1037.973453][ T6942] Mem-Info: 05:20:14 executing program 5: 05:20:14 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x0, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1037.976735][ T6942] active_anon:146659 inactive_anon:659 isolated_anon:0 [ 1037.976735][ T6942] active_file:21600 inactive_file:29388 isolated_file:0 [ 1037.976735][ T6942] unevictable:4096 dirty:213 writeback:0 unstable:0 [ 1037.976735][ T6942] slab_reclaimable:12946 slab_unreclaimable:98843 [ 1037.976735][ T6942] mapped:58998 shmem:253 pagetables:1469 bounce:0 [ 1037.976735][ T6942] free:1217934 free_pcp:398 free_cma:0 [ 1038.016167][ T6942] Node 0 active_anon:582472kB inactive_anon:2636kB active_file:86256kB inactive_file:117552kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235992kB dirty:848kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 565248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1038.046702][ T6942] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1038.074659][ T6942] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1038.106273][ T6942] lowmem_reserve[]: 0 2547 2548 2548 [ 1038.118781][ T6942] Node 0 DMA32 free:1083152kB min:36184kB low:45228kB high:54272kB active_anon:582352kB inactive_anon:2636kB active_file:85204kB inactive_file:117468kB unevictable:16384kB writepending:840kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7808kB pagetables:5728kB bounce:0kB free_pcp:1940kB local_pcp:864kB free_cma:0kB [ 1038.158417][ T6942] lowmem_reserve[]: 0 0 1 1 [ 1038.163213][ T6942] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1038.231713][ T6942] lowmem_reserve[]: 0 0 0 0 [ 1038.236934][ T6942] Node 1 Normal free:3777732kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1038.266700][ T6942] lowmem_reserve[]: 0 0 0 0 [ 1038.271695][ T6942] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1038.319392][ T6952] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1038.409802][ T6942] Node 0 DMA32: 8040*4kB (UME) 4185*8kB (UME) 1676*16kB (UME) 838*32kB (UME) 471*64kB (UME) 78*128kB (UM) 33*256kB (UM) 25*512kB (U) 9*1024kB (UE) 7*2048kB (UME) 213*4096kB (UM) = 1076648kB [ 1038.467470][ T6942] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1038.488135][ T6942] Node 1 Normal: 1*4kB (U) 40*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777732kB [ 1038.522243][ T6942] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1038.536548][ T6942] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1038.546798][ T6942] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1038.558093][ T6942] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1038.603448][ T6942] 51244 total pagecache pages [ 1038.608161][ T6942] 0 pages in swap cache [ 1038.616999][ T6942] Swap cache stats: add 0, delete 0, find 0/0 [ 1038.625507][ T6942] Free swap = 0kB [ 1038.629613][ T6942] Total swap = 0kB [ 1038.633639][ T6942] 1965979 pages RAM [ 1038.637460][ T6942] 0 pages HighMem/MovableOnly [ 1038.643330][ T6942] 341179 pages reserved [ 1038.647494][ T6942] 0 pages cma reserved 05:20:15 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x8000000000000, 0x500]}) 05:20:15 executing program 5: 05:20:15 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000000410", 0x66, 0x400}], 0x0, 0x0) 05:20:15 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x0, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:15 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:15 executing program 5: [ 1038.837156][ T6981] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1038.864692][ T6984] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1038.907179][ T6984] CPU: 1 PID: 6984 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1038.917511][ T6984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1038.930088][ T6984] Call Trace: [ 1038.930112][ T6984] dump_stack+0x172/0x1f0 [ 1038.930136][ T6984] warn_alloc.cold+0x87/0x17f [ 1038.930156][ T6984] ? zone_watermark_ok_safe+0x260/0x260 [ 1038.942819][ T6984] ? mark_lock+0xc2/0x1220 05:20:15 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x0, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1038.942835][ T6984] ? __lock_acquire+0x8a0/0x4a00 [ 1038.942865][ T6984] __vmalloc_node_range+0x483/0x7e0 [ 1038.942881][ T6984] ? is_bpf_text_address+0xac/0x170 [ 1038.942904][ T6984] ? kvm_arch_create_memslot+0xc3/0x570 [ 1038.975143][ T6984] __vmalloc_node_flags_caller+0x71/0x90 [ 1038.981337][ T6984] ? kvm_arch_create_memslot+0xc3/0x570 [ 1038.986595][ T6976] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1038.986912][ T6984] kvmalloc_node+0xdc/0x100 [ 1038.986941][ T6984] kvm_arch_create_memslot+0xc3/0x570 05:20:15 executing program 5: [ 1038.986961][ T6984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1038.986982][ T6984] __kvm_set_memory_region+0x13b5/0x1d00 [ 1039.018566][ T6984] ? gfn_to_hva+0x470/0x470 [ 1039.023106][ T6984] ? lock_downgrade+0x920/0x920 [ 1039.028082][ T6984] kvm_set_memory_region+0x2f/0x50 [ 1039.033559][ T6984] kvm_vm_ioctl+0x729/0x1860 [ 1039.039045][ T6984] ? debug_check_no_obj_freed+0x20a/0x43f [ 1039.045087][ T6984] ? find_held_lock+0x35/0x130 [ 1039.049959][ T6984] ? kvm_unregister_device_ops+0x70/0x70 [ 1039.056070][ T6984] ? lock_downgrade+0x920/0x920 [ 1039.061084][ T6984] ? rwlock_bug.part.0+0x90/0x90 [ 1039.066333][ T6984] ? tomoyo_path_number_perm+0x214/0x520 [ 1039.073064][ T6984] ? find_held_lock+0x35/0x130 [ 1039.078751][ T6984] ? lock_downgrade+0x920/0x920 [ 1039.083715][ T6984] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1039.089108][ T6984] ? tomoyo_path_number_perm+0x459/0x520 [ 1039.094786][ T6984] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1039.101191][ T6984] ? tomoyo_path_number_perm+0x263/0x520 [ 1039.106998][ T6984] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1039.112813][ T6984] ? kvm_unregister_device_ops+0x70/0x70 [ 1039.118633][ T6984] do_vfs_ioctl+0xdb6/0x13e0 [ 1039.123242][ T6984] ? ioctl_preallocate+0x210/0x210 [ 1039.128705][ T6984] ? __fget+0x384/0x560 [ 1039.132893][ T6984] ? ksys_dup3+0x3e0/0x3e0 [ 1039.137558][ T6984] ? nsecs_to_jiffies+0x30/0x30 [ 1039.142567][ T6984] ? tomoyo_file_ioctl+0x23/0x30 [ 1039.149881][ T6984] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1039.156732][ T6984] ? security_file_ioctl+0x8d/0xc0 [ 1039.162005][ T6984] ksys_ioctl+0xab/0xd0 [ 1039.166174][ T6984] __x64_sys_ioctl+0x73/0xb0 [ 1039.170760][ T6984] do_syscall_64+0xfa/0x760 [ 1039.175356][ T6984] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1039.181252][ T6984] RIP: 0033:0x4598e9 [ 1039.185184][ T6984] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1039.204903][ T6984] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1039.213369][ T6984] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1039.221510][ T6984] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1039.229667][ T6984] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1039.238745][ T6984] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1039.246833][ T6984] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1039.265755][ T6984] Mem-Info: [ 1039.269189][ T6984] active_anon:146588 inactive_anon:660 isolated_anon:0 [ 1039.269189][ T6984] active_file:21602 inactive_file:29401 isolated_file:0 [ 1039.269189][ T6984] unevictable:4096 dirty:228 writeback:0 unstable:0 [ 1039.269189][ T6984] slab_reclaimable:12951 slab_unreclaimable:98459 [ 1039.269189][ T6984] mapped:58977 shmem:254 pagetables:1455 bounce:0 [ 1039.269189][ T6984] free:1218335 free_pcp:407 free_cma:0 [ 1039.310037][ T6984] Node 0 active_anon:586352kB inactive_anon:2640kB active_file:86264kB inactive_file:117604kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235908kB dirty:908kB writeback:0kB shmem:1016kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 563200kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1039.341286][ T6984] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1039.368634][ T6984] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1039.368674][ T6984] lowmem_reserve[]: 0 2547 2548 2548 [ 1039.411458][ T6984] Node 0 DMA32 free:1079372kB min:36184kB low:45228kB high:54272kB active_anon:586332kB inactive_anon:2640kB active_file:85212kB inactive_file:117520kB unevictable:16384kB writepending:900kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7872kB pagetables:5820kB bounce:0kB free_pcp:1596kB local_pcp:516kB free_cma:0kB [ 1039.456661][ T6984] lowmem_reserve[]: 0 0 1 1 [ 1039.483761][ T6984] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1039.519231][ T6984] lowmem_reserve[]: 0 0 0 0 05:20:16 executing program 5: [ 1039.537355][ T6984] Node 1 Normal free:3777732kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1039.712179][ T6984] lowmem_reserve[]: 0 0 0 0 [ 1039.746240][ T6984] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1039.804377][ T6984] Node 0 DMA32: 7599*4kB (UME) 4366*8kB (UME) 1791*16kB (UME) 845*32kB (UME) 470*64kB (ME) 75*128kB (UM) 33*256kB (UM) 25*512kB (U) 9*1024kB (UE) 8*2048kB (UME) 214*4096kB (UM) = 1084092kB [ 1039.852844][ T6984] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1039.869259][ T6984] Node 1 Normal: 1*4kB (U) 40*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777732kB [ 1039.890595][ T6984] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1039.900426][ T6984] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1039.914244][ T6984] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1039.926601][ T6984] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1039.937938][ T6984] 51257 total pagecache pages [ 1039.944871][ T6984] 0 pages in swap cache [ 1039.949163][ T6984] Swap cache stats: add 0, delete 0, find 0/0 [ 1039.957291][ T6984] Free swap = 0kB [ 1039.961026][ T6984] Total swap = 0kB [ 1039.966739][ T6984] 1965979 pages RAM [ 1039.970545][ T6984] 0 pages HighMem/MovableOnly [ 1039.977142][ T6984] 341179 pages reserved [ 1039.981311][ T6984] 0 pages cma reserved 05:20:17 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0xc080, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = semget$private(0x0, 0x3, 0x400) semctl$GETZCNT(r0, 0x0, 0xf, &(0x7f0000000000)=""/35) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:17 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, 0x0) sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:17 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:17 executing program 5: 05:20:17 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000000510", 0x66, 0x400}], 0x0, 0x0) 05:20:17 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0xc000000000000, 0x500]}) 05:20:18 executing program 5: [ 1041.552266][ T7015] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1041.596323][ T7011] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1041.633309][ T7015] CPU: 0 PID: 7015 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1041.642471][ T7015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1041.653368][ T7015] Call Trace: [ 1041.656691][ T7015] dump_stack+0x172/0x1f0 [ 1041.661053][ T7015] warn_alloc.cold+0x87/0x17f [ 1041.665764][ T7015] ? zone_watermark_ok_safe+0x260/0x260 [ 1041.671562][ T7015] ? mark_lock+0xc2/0x1220 [ 1041.676004][ T7015] ? __lock_acquire+0x8a0/0x4a00 [ 1041.680977][ T7015] __vmalloc_node_range+0x483/0x7e0 [ 1041.686287][ T7015] ? is_bpf_text_address+0xac/0x170 [ 1041.691523][ T7015] ? kvm_arch_create_memslot+0xc3/0x570 [ 1041.697092][ T7015] __vmalloc_node_flags_caller+0x71/0x90 [ 1041.702759][ T7015] ? kvm_arch_create_memslot+0xc3/0x570 [ 1041.708438][ T7015] kvmalloc_node+0xdc/0x100 [ 1041.712970][ T7015] kvm_arch_create_memslot+0xc3/0x570 [ 1041.718386][ T7015] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1041.724658][ T7015] __kvm_set_memory_region+0x13b5/0x1d00 [ 1041.730345][ T7015] ? gfn_to_hva+0x470/0x470 [ 1041.734852][ T7015] ? lock_downgrade+0x920/0x920 [ 1041.739720][ T7015] kvm_set_memory_region+0x2f/0x50 [ 1041.744999][ T7015] kvm_vm_ioctl+0x729/0x1860 [ 1041.749578][ T7015] ? debug_check_no_obj_freed+0x20a/0x43f [ 1041.755315][ T7015] ? find_held_lock+0x35/0x130 [ 1041.760072][ T7015] ? kvm_unregister_device_ops+0x70/0x70 [ 1041.765716][ T7015] ? lock_downgrade+0x920/0x920 [ 1041.770568][ T7015] ? rwlock_bug.part.0+0x90/0x90 [ 1041.775514][ T7015] ? tomoyo_path_number_perm+0x214/0x520 [ 1041.781138][ T7015] ? find_held_lock+0x35/0x130 [ 1041.785987][ T7015] ? lock_downgrade+0x920/0x920 [ 1041.790828][ T7015] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1041.796110][ T7015] ? tomoyo_path_number_perm+0x459/0x520 [ 1041.801738][ T7015] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1041.807967][ T7015] ? tomoyo_path_number_perm+0x263/0x520 [ 1041.813595][ T7015] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1041.819433][ T7015] ? kvm_unregister_device_ops+0x70/0x70 [ 1041.825071][ T7015] do_vfs_ioctl+0xdb6/0x13e0 [ 1041.829664][ T7015] ? ioctl_preallocate+0x210/0x210 [ 1041.834776][ T7015] ? __fget+0x384/0x560 [ 1041.838941][ T7015] ? ksys_dup3+0x3e0/0x3e0 [ 1041.843361][ T7015] ? nsecs_to_jiffies+0x30/0x30 [ 1041.848206][ T7015] ? tomoyo_file_ioctl+0x23/0x30 [ 1041.853152][ T7015] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1041.859384][ T7015] ? security_file_ioctl+0x8d/0xc0 [ 1041.864500][ T7015] ksys_ioctl+0xab/0xd0 [ 1041.868651][ T7015] __x64_sys_ioctl+0x73/0xb0 [ 1041.873418][ T7015] do_syscall_64+0xfa/0x760 [ 1041.877932][ T7015] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1041.883816][ T7015] RIP: 0033:0x4598e9 [ 1041.887705][ T7015] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1041.907300][ T7015] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1041.915708][ T7015] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1041.923687][ T7015] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1041.931655][ T7015] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1041.939639][ T7015] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 05:20:18 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(r2, 0x0, 0x0) syz_mount_image$reiserfs(&(0x7f0000000000)='reiserfs\x00', &(0x7f0000000040)='./file0\x00', 0x400, 0x1, &(0x7f0000000180)=[{&(0x7f0000000100)="1e813d42d1c4cbcbf678213fb1828e219350b5d06d4f15e15bef1f64af7c89f63ce58cb2cb5029b0c8b4036cbda0f5293d1577efd07231b88ab314be8975f139067ccf67e0cbbcf395031b81913d94b12d012b5734f78484bf87433500ce62902c30681bd226c24afa85b1ceaa9f2a24dd4c5c0e0d", 0x75, 0xffffffffffff8001}], 0x40, &(0x7f00000001c0)={[{@acl='acl'}, {@commit={'commit', 0x3d, 0x4}}, {@hash_r5='hash=r5'}, {@data_writeback='data=writeback'}, {@balloc_border='block-allocator=border'}], [{@mask={'mask', 0x3d, '^MAY_READ'}}, {@dont_hash='dont_hash'}, {@context={'context', 0x3d, 'user_u'}}, {@uid_lt={'uid<', r2}}, {@permit_directio='permit_directio'}, {@subj_user={'subj_user', 0x3d, 'mime_type('}}, {@obj_type={'obj_type', 0x3d, 'eth1md5sum'}}, {@func={'func', 0x3d, 'KEXEC_KERNEL_CHECK'}}, {@obj_user={'obj_user', 0x3d, 'vmnet1)'}}]}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:18 executing program 5: [ 1041.947605][ T7015] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff 05:20:18 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, 0x0) sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1042.025124][ T7015] Mem-Info: [ 1042.033385][ T7015] active_anon:145571 inactive_anon:660 isolated_anon:0 [ 1042.033385][ T7015] active_file:21601 inactive_file:29411 isolated_file:0 [ 1042.033385][ T7015] unevictable:4096 dirty:240 writeback:0 unstable:0 [ 1042.033385][ T7015] slab_reclaimable:12928 slab_unreclaimable:98131 [ 1042.033385][ T7015] mapped:58987 shmem:253 pagetables:1427 bounce:0 [ 1042.033385][ T7015] free:1219826 free_pcp:413 free_cma:0 [ 1042.079364][ T7015] Node 0 active_anon:582284kB inactive_anon:2640kB active_file:86260kB inactive_file:117644kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235948kB dirty:956kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 565248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:20:18 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, 0x0) syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) [ 1042.136002][ T7013] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1042.149458][ T7015] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1042.176559][ T7015] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:20:18 executing program 5: [ 1042.321446][ T7015] lowmem_reserve[]: 0 2547 2548 2548 [ 1042.372394][ T7015] Node 0 DMA32 free:1081000kB min:36184kB low:45228kB high:54272kB active_anon:586444kB inactive_anon:2640kB active_file:85208kB inactive_file:117560kB unevictable:16384kB writepending:948kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7968kB pagetables:6004kB bounce:0kB free_pcp:1332kB local_pcp:744kB free_cma:0kB 05:20:18 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000000610", 0x66, 0x400}], 0x0, 0x0) [ 1042.437281][ T7045] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1042.476763][ T7028] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "hash=r5" 05:20:18 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, 0x0) sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:19 executing program 5: [ 1042.529232][ T7015] lowmem_reserve[]: 0 0 1 1 [ 1042.536081][ T7015] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1042.594110][ T7015] lowmem_reserve[]: 0 0 0 0 [ 1042.603449][ T7015] Node 1 Normal free:3777732kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1042.646803][ T7015] lowmem_reserve[]: 0 0 0 0 [ 1042.651731][ T7015] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB 05:20:19 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)) syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) [ 1042.714652][ T7015] Node 0 DMA32: 7032*4kB (UME) 4277*8kB (UME) 2017*16kB (UME) 843*32kB (UME) 470*64kB (ME) 78*128kB (UM) 33*256kB (UM) 25*512kB (U) 9*1024kB (UE) 5*2048kB (UME) 214*4096kB (UM) = 1078904kB 05:20:19 executing program 5: [ 1042.772347][ T7051] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1042.805547][ T7031] REISERFS warning (device loop1): super-6502 reiserfs_getopt: unknown mount option "hash=r5" [ 1042.830629][ T7015] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1042.922412][ T7015] Node 1 Normal: 1*4kB (U) 40*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777732kB [ 1043.021330][ T7015] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1043.042165][ T7015] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1043.069363][ T7015] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1043.090609][ T7071] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1043.098771][ T7015] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1043.115380][ T7015] 51312 total pagecache pages [ 1043.120513][ T7015] 0 pages in swap cache [ 1043.138906][ T7015] Swap cache stats: add 0, delete 0, find 0/0 [ 1043.149219][ T7015] Free swap = 0kB [ 1043.156411][ T7015] Total swap = 0kB [ 1043.160528][ T7015] 1965979 pages RAM 05:20:19 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x20000000000000, 0x500]}) 05:20:19 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)) sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:19 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000000710", 0x66, 0x400}], 0x0, 0x0) 05:20:19 executing program 5: 05:20:19 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r2 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r2, &(0x7f0000000140), 0x4924b68, 0x0) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_SET_DEST(r2, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r3, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x6ed8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x5b0648f1417b5df0}, 0x2200c004) r4 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r4, &(0x7f0000000140), 0x4924b68, 0x0) setsockopt$inet_mreqn(r4, 0x0, 0x23, &(0x7f00000001c0)={@remote, @loopback}, 0xc) fchmod(r1, 0xcc) [ 1043.169043][ T7015] 0 pages HighMem/MovableOnly [ 1043.177723][ T7015] 341179 pages reserved [ 1043.183246][ T7015] 0 pages cma reserved 05:20:19 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)) syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:19 executing program 5: [ 1043.412378][ T7089] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1043.452307][ T7089] CPU: 0 PID: 7089 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1043.461392][ T7089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1043.471466][ T7089] Call Trace: [ 1043.474786][ T7089] dump_stack+0x172/0x1f0 [ 1043.479232][ T7089] warn_alloc.cold+0x87/0x17f [ 1043.484030][ T7089] ? zone_watermark_ok_safe+0x260/0x260 [ 1043.489624][ T7089] ? mark_lock+0xc2/0x1220 [ 1043.494072][ T7089] ? __lock_acquire+0x8a0/0x4a00 [ 1043.499050][ T7089] __vmalloc_node_range+0x483/0x7e0 [ 1043.504272][ T7089] ? is_bpf_text_address+0xac/0x170 [ 1043.509508][ T7089] ? kvm_arch_create_memslot+0xc3/0x570 [ 1043.515097][ T7089] __vmalloc_node_flags_caller+0x71/0x90 [ 1043.520760][ T7089] ? kvm_arch_create_memslot+0xc3/0x570 [ 1043.526333][ T7089] kvmalloc_node+0xdc/0x100 [ 1043.530864][ T7089] kvm_arch_create_memslot+0xc3/0x570 [ 1043.536264][ T7089] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1043.542532][ T7089] __kvm_set_memory_region+0x13b5/0x1d00 [ 1043.548199][ T7089] ? gfn_to_hva+0x470/0x470 [ 1043.552742][ T7089] ? lock_downgrade+0x920/0x920 [ 1043.557750][ T7089] kvm_set_memory_region+0x2f/0x50 [ 1043.562901][ T7089] kvm_vm_ioctl+0x729/0x1860 [ 1043.567520][ T7089] ? debug_check_no_obj_freed+0x20a/0x43f [ 1043.573264][ T7089] ? find_held_lock+0x35/0x130 [ 1043.578056][ T7089] ? kvm_unregister_device_ops+0x70/0x70 [ 1043.583722][ T7089] ? lock_downgrade+0x920/0x920 [ 1043.588585][ T7089] ? rwlock_bug.part.0+0x90/0x90 [ 1043.593536][ T7089] ? tomoyo_path_number_perm+0x214/0x520 [ 1043.599186][ T7089] ? find_held_lock+0x35/0x130 [ 1043.603972][ T7089] ? lock_downgrade+0x920/0x920 [ 1043.608833][ T7089] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1043.614148][ T7089] ? tomoyo_path_number_perm+0x459/0x520 [ 1043.619807][ T7089] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1043.626098][ T7089] ? tomoyo_path_number_perm+0x263/0x520 [ 1043.631749][ T7089] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1043.637594][ T7089] ? kvm_unregister_device_ops+0x70/0x70 [ 1043.643259][ T7089] do_vfs_ioctl+0xdb6/0x13e0 [ 1043.647875][ T7089] ? ioctl_preallocate+0x210/0x210 [ 1043.653002][ T7089] ? __fget+0x384/0x560 [ 1043.657185][ T7089] ? ksys_dup3+0x3e0/0x3e0 [ 1043.661618][ T7089] ? nsecs_to_jiffies+0x30/0x30 [ 1043.666486][ T7089] ? tomoyo_file_ioctl+0x23/0x30 [ 1043.671453][ T7089] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1043.677719][ T7089] ? security_file_ioctl+0x8d/0xc0 [ 1043.682864][ T7089] ksys_ioctl+0xab/0xd0 [ 1043.687040][ T7089] __x64_sys_ioctl+0x73/0xb0 [ 1043.691655][ T7089] do_syscall_64+0xfa/0x760 [ 1043.696196][ T7089] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1043.702199][ T7089] RIP: 0033:0x4598e9 [ 1043.706211][ T7089] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1043.725834][ T7089] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1043.735571][ T7089] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1043.743551][ T7089] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1043.751540][ T7089] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 05:20:20 executing program 5: [ 1043.759610][ T7089] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1043.767598][ T7089] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff 05:20:20 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)) sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1043.823623][ T7086] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1043.861152][ T7089] Mem-Info: [ 1043.866824][ T7089] active_anon:146080 inactive_anon:679 isolated_anon:0 05:20:20 executing program 5: [ 1043.866824][ T7089] active_file:21608 inactive_file:29432 isolated_file:0 [ 1043.866824][ T7089] unevictable:4096 dirty:247 writeback:0 unstable:0 [ 1043.866824][ T7089] slab_reclaimable:12935 slab_unreclaimable:98064 [ 1043.866824][ T7089] mapped:59002 shmem:273 pagetables:1468 bounce:0 [ 1043.866824][ T7089] free:1219185 free_pcp:499 free_cma:0 [ 1043.913511][ T7089] Node 0 active_anon:586352kB inactive_anon:2644kB active_file:86260kB inactive_file:117720kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235936kB dirty:1020kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 563200kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1043.960585][ T7089] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1043.990087][ T7089] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:20:20 executing program 5: [ 1044.025211][ T7089] lowmem_reserve[]: 0 2547 2548 2548 [ 1044.030880][ T7089] Node 0 DMA32 free:1082888kB min:36184kB low:45228kB high:54272kB active_anon:586432kB inactive_anon:2644kB active_file:85208kB inactive_file:117636kB unevictable:16384kB writepending:1012kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7968kB pagetables:5976kB bounce:0kB free_pcp:1956kB local_pcp:952kB free_cma:0kB [ 1044.120213][ T7098] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1044.147671][ T7089] lowmem_reserve[]: 0 0 1 1 05:20:20 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000000810", 0x66, 0x400}], 0x0, 0x0) [ 1044.191104][ T7089] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1044.303394][ T7089] lowmem_reserve[]: 0 0 0 0 [ 1044.322207][ T7089] Node 1 Normal free:3777732kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1044.415945][ T7089] lowmem_reserve[]: 0 0 0 0 [ 1044.466413][ T7117] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1044.482418][ T7117] CPU: 0 PID: 7117 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1044.491462][ T7117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1044.497504][ T7089] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1044.501529][ T7117] Call Trace: [ 1044.501556][ T7117] dump_stack+0x172/0x1f0 [ 1044.501586][ T7117] warn_alloc.cold+0x87/0x17f [ 1044.528382][ T7117] ? zone_watermark_ok_safe+0x260/0x260 [ 1044.534055][ T7117] ? mark_lock+0xc2/0x1220 [ 1044.538488][ T7117] ? __lock_acquire+0x8a0/0x4a00 [ 1044.543443][ T7117] __vmalloc_node_range+0x483/0x7e0 [ 1044.545530][ T7089] Node 0 DMA32: 6339*4kB (UME) 4182*8kB (UME) 2342*16kB (UME) 875*32kB (UME) 472*64kB (UME) 79*128kB (UM) 33*256kB (UM) 25*512kB (U) 9*1024kB (UE) 9*2048kB (UME) 214*4096kB (UM) = 1090044kB [ 1044.548736][ T7117] ? is_bpf_text_address+0xac/0x170 [ 1044.548758][ T7117] ? kvm_arch_create_memslot+0xc3/0x570 [ 1044.548779][ T7117] __vmalloc_node_flags_caller+0x71/0x90 [ 1044.567943][ T7089] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1044.572535][ T7117] ? kvm_arch_create_memslot+0xc3/0x570 [ 1044.572554][ T7117] kvmalloc_node+0xdc/0x100 [ 1044.572571][ T7117] kvm_arch_create_memslot+0xc3/0x570 [ 1044.572589][ T7117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1044.572608][ T7117] __kvm_set_memory_region+0x13b5/0x1d00 [ 1044.579324][ T7089] Node 1 Normal: 1*4kB (U) 40*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777732kB [ 1044.584131][ T7117] ? gfn_to_hva+0x470/0x470 [ 1044.584156][ T7117] ? lock_downgrade+0x920/0x920 [ 1044.584185][ T7117] kvm_set_memory_region+0x2f/0x50 [ 1044.584204][ T7117] kvm_vm_ioctl+0x729/0x1860 [ 1044.597176][ T7089] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1044.602218][ T7117] ? debug_check_no_obj_freed+0x20a/0x43f [ 1044.602235][ T7117] ? find_held_lock+0x35/0x130 [ 1044.602253][ T7117] ? kvm_unregister_device_ops+0x70/0x70 [ 1044.602271][ T7117] ? lock_downgrade+0x920/0x920 [ 1044.602287][ T7117] ? rwlock_bug.part.0+0x90/0x90 [ 1044.607906][ T7089] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1044.612144][ T7117] ? tomoyo_path_number_perm+0x214/0x520 [ 1044.612161][ T7117] ? find_held_lock+0x35/0x130 [ 1044.612186][ T7117] ? lock_downgrade+0x920/0x920 [ 1044.612198][ T7117] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1044.612216][ T7117] ? tomoyo_path_number_perm+0x459/0x520 [ 1044.618665][ T7089] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1044.624072][ T7117] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1044.624086][ T7117] ? tomoyo_path_number_perm+0x263/0x520 [ 1044.624102][ T7117] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1044.624136][ T7117] ? kvm_unregister_device_ops+0x70/0x70 [ 1044.642848][ T7089] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1044.645447][ T7117] do_vfs_ioctl+0xdb6/0x13e0 [ 1044.645465][ T7117] ? ioctl_preallocate+0x210/0x210 [ 1044.645482][ T7117] ? __fget+0x384/0x560 [ 1044.650374][ T7089] 51283 total pagecache pages [ 1044.655420][ T7117] ? ksys_dup3+0x3e0/0x3e0 [ 1044.655437][ T7117] ? nsecs_to_jiffies+0x30/0x30 [ 1044.655458][ T7117] ? tomoyo_file_ioctl+0x23/0x30 [ 1044.655475][ T7117] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1044.655490][ T7117] ? security_file_ioctl+0x8d/0xc0 [ 1044.655506][ T7117] ksys_ioctl+0xab/0xd0 [ 1044.662217][ T7089] 0 pages in swap cache [ 1044.669641][ T7117] __x64_sys_ioctl+0x73/0xb0 [ 1044.669659][ T7117] do_syscall_64+0xfa/0x760 [ 1044.669682][ T7117] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1044.675805][ T7089] Swap cache stats: add 0, delete 0, find 0/0 [ 1044.680132][ T7117] RIP: 0033:0x4598e9 [ 1044.680147][ T7117] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1044.680154][ T7117] RSP: 002b:00007f92b6d82c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1044.686263][ T7089] Free swap = 0kB [ 1044.690640][ T7117] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1044.690649][ T7117] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1044.690656][ T7117] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1044.690663][ T7117] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6d836d4 [ 1044.690670][ T7117] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1044.742418][ T7089] Total swap = 0kB [ 1044.759273][ T7089] 1965979 pages RAM [ 1044.834653][ T7089] 0 pages HighMem/MovableOnly [ 1044.836837][ T7114] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1044.843023][ T7089] 341179 pages reserved [ 1044.951333][ T7089] 0 pages cma reserved 05:20:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x40000000000000, 0x500]}) 05:20:21 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x111100, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x4, 0x783440beab2da48, 0xe000, 0x2000, &(0x7f000039a000/0x2000)=nil}) 05:20:21 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)) sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:21 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)) syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:21 executing program 5: 05:20:21 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000000910", 0x66, 0x400}], 0x0, 0x0) 05:20:21 executing program 5: [ 1045.169991][ T7128] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1045.190546][ T7133] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:20:21 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) pread64(r0, &(0x7f0000000000)=""/111, 0x6f, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1045.271327][ T7133] CPU: 0 PID: 7133 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1045.280491][ T7133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1045.291187][ T7133] Call Trace: [ 1045.294526][ T7133] dump_stack+0x172/0x1f0 [ 1045.298927][ T7133] warn_alloc.cold+0x87/0x17f [ 1045.303626][ T7133] ? zone_watermark_ok_safe+0x260/0x260 [ 1045.309216][ T7133] ? mark_lock+0xc2/0x1220 [ 1045.313654][ T7133] ? __lock_acquire+0x8a0/0x4a00 [ 1045.318622][ T7133] __vmalloc_node_range+0x483/0x7e0 [ 1045.323846][ T7133] ? is_bpf_text_address+0xac/0x170 [ 1045.329087][ T7133] ? kvm_arch_create_memslot+0xc3/0x570 [ 1045.334653][ T7133] __vmalloc_node_flags_caller+0x71/0x90 [ 1045.340300][ T7133] ? kvm_arch_create_memslot+0xc3/0x570 [ 1045.345877][ T7133] kvmalloc_node+0xdc/0x100 [ 1045.350408][ T7133] kvm_arch_create_memslot+0xc3/0x570 [ 1045.355818][ T7133] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1045.362084][ T7133] __kvm_set_memory_region+0x13b5/0x1d00 [ 1045.367756][ T7133] ? gfn_to_hva+0x470/0x470 [ 1045.372305][ T7133] ? lock_downgrade+0x920/0x920 [ 1045.377196][ T7133] kvm_set_memory_region+0x2f/0x50 [ 1045.382327][ T7133] kvm_vm_ioctl+0x729/0x1860 [ 1045.386938][ T7133] ? debug_check_no_obj_freed+0x20a/0x43f [ 1045.386957][ T7133] ? find_held_lock+0x35/0x130 [ 1045.386972][ T7133] ? kvm_unregister_device_ops+0x70/0x70 [ 1045.386991][ T7133] ? lock_downgrade+0x920/0x920 [ 1045.397488][ T7133] ? rwlock_bug.part.0+0x90/0x90 [ 1045.412969][ T7133] ? tomoyo_path_number_perm+0x214/0x520 05:20:21 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000000)='/dev/usbmon#\x00', 0x8, 0x8000) ioctl$sock_inet6_udp_SIOCINQ(r1, 0x541b, &(0x7f0000000040)) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1045.418626][ T7133] ? find_held_lock+0x35/0x130 [ 1045.423427][ T7133] ? lock_downgrade+0x920/0x920 [ 1045.428734][ T7133] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1045.434046][ T7133] ? tomoyo_path_number_perm+0x459/0x520 [ 1045.435155][ T7142] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1045.439701][ T7133] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1045.439717][ T7133] ? tomoyo_path_number_perm+0x263/0x520 [ 1045.439734][ T7133] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1045.439766][ T7133] ? kvm_unregister_device_ops+0x70/0x70 [ 1045.460256][ T7133] do_vfs_ioctl+0xdb6/0x13e0 [ 1045.471705][ T7133] ? ioctl_preallocate+0x210/0x210 [ 1045.471728][ T7133] ? __fget+0x384/0x560 [ 1045.485610][ T7133] ? ksys_dup3+0x3e0/0x3e0 [ 1045.490179][ T7133] ? nsecs_to_jiffies+0x30/0x30 [ 1045.495056][ T7133] ? tomoyo_file_ioctl+0x23/0x30 [ 1045.500024][ T7133] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1045.506300][ T7133] ? security_file_ioctl+0x8d/0xc0 [ 1045.511444][ T7133] ksys_ioctl+0xab/0xd0 [ 1045.515632][ T7133] __x64_sys_ioctl+0x73/0xb0 05:20:22 executing program 5: 05:20:22 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0b") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1045.520349][ T7133] do_syscall_64+0xfa/0x760 [ 1045.525398][ T7133] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1045.531300][ T7133] RIP: 0033:0x4598e9 [ 1045.535824][ T7133] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1045.555450][ T7133] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1045.563878][ T7133] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1045.571863][ T7133] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1045.579831][ T7133] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1045.587821][ T7133] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1045.595816][ T7133] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1045.619705][ T7133] warn_alloc_show_mem: 1 callbacks suppressed [ 1045.619711][ T7133] Mem-Info: 05:20:22 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1045.725343][ T7133] active_anon:145583 inactive_anon:660 isolated_anon:0 [ 1045.725343][ T7133] active_file:21601 inactive_file:29440 isolated_file:0 [ 1045.725343][ T7133] unevictable:4096 dirty:266 writeback:0 unstable:0 [ 1045.725343][ T7133] slab_reclaimable:12909 slab_unreclaimable:97515 [ 1045.725343][ T7133] mapped:58992 shmem:253 pagetables:1499 bounce:0 [ 1045.725343][ T7133] free:1220214 free_pcp:449 free_cma:0 [ 1045.966613][ T7133] Node 0 active_anon:582036kB inactive_anon:2636kB active_file:86256kB inactive_file:117792kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235728kB dirty:1100kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 557056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1045.998303][ T7133] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1046.028514][ T7169] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1046.032454][ T7133] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1046.056023][ T7169] CPU: 1 PID: 7169 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1046.082680][ T7169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1046.092928][ T7169] Call Trace: [ 1046.096233][ T7169] dump_stack+0x172/0x1f0 [ 1046.100923][ T7169] warn_alloc.cold+0x87/0x17f [ 1046.101453][ T7133] lowmem_reserve[]: 0 2547 2548 2548 [ 1046.105615][ T7169] ? zone_watermark_ok_safe+0x260/0x260 [ 1046.105644][ T7169] ? mark_lock+0xc2/0x1220 [ 1046.105657][ T7169] ? __lock_acquire+0x8a0/0x4a00 [ 1046.105678][ T7169] __vmalloc_node_range+0x483/0x7e0 [ 1046.105693][ T7169] ? is_bpf_text_address+0xac/0x170 [ 1046.105721][ T7169] ? kvm_arch_create_memslot+0xc3/0x570 [ 1046.119654][ T7133] Node 0 DMA32 free:1092972kB min:36184kB low:45228kB high:54272kB active_anon:577968kB inactive_anon:2636kB active_file:85204kB inactive_file:117708kB unevictable:16384kB writepending:1092kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7616kB pagetables:5404kB bounce:0kB free_pcp:1752kB local_pcp:1140kB free_cma:0kB [ 1046.120978][ T7169] __vmalloc_node_flags_caller+0x71/0x90 [ 1046.121000][ T7169] ? kvm_arch_create_memslot+0xc3/0x570 [ 1046.126355][ T7133] lowmem_reserve[]: 0 0 1 1 [ 1046.131897][ T7169] kvmalloc_node+0xdc/0x100 [ 1046.131916][ T7169] kvm_arch_create_memslot+0xc3/0x570 [ 1046.131939][ T7169] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1046.143354][ T7133] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1046.174327][ T7169] __kvm_set_memory_region+0x13b5/0x1d00 [ 1046.174350][ T7169] ? gfn_to_hva+0x470/0x470 [ 1046.174378][ T7169] ? lock_downgrade+0x920/0x920 [ 1046.174407][ T7169] kvm_set_memory_region+0x2f/0x50 [ 1046.174421][ T7169] kvm_vm_ioctl+0x729/0x1860 [ 1046.174437][ T7169] ? debug_check_no_obj_freed+0x20a/0x43f [ 1046.174452][ T7169] ? find_held_lock+0x35/0x130 [ 1046.174469][ T7169] ? kvm_unregister_device_ops+0x70/0x70 [ 1046.174488][ T7169] ? lock_downgrade+0x920/0x920 [ 1046.174501][ T7169] ? rwlock_bug.part.0+0x90/0x90 [ 1046.174514][ T7169] ? tomoyo_path_number_perm+0x214/0x520 [ 1046.174526][ T7169] ? find_held_lock+0x35/0x130 [ 1046.174548][ T7169] ? lock_downgrade+0x920/0x920 [ 1046.187871][ T7133] lowmem_reserve[]: 0 0 0 0 [ 1046.190209][ T7169] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1046.190227][ T7169] ? tomoyo_path_number_perm+0x459/0x520 [ 1046.190249][ T7169] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1046.197604][ T7133] Node 1 Normal free:3777732kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1046.200286][ T7169] ? tomoyo_path_number_perm+0x263/0x520 [ 1046.200302][ T7169] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1046.200335][ T7169] ? kvm_unregister_device_ops+0x70/0x70 [ 1046.211563][ T7133] lowmem_reserve[]: 0 0 0 0 [ 1046.233645][ T7169] do_vfs_ioctl+0xdb6/0x13e0 [ 1046.233663][ T7169] ? ioctl_preallocate+0x210/0x210 [ 1046.233673][ T7169] ? __fget+0x384/0x560 [ 1046.233690][ T7169] ? ksys_dup3+0x3e0/0x3e0 [ 1046.233706][ T7169] ? nsecs_to_jiffies+0x30/0x30 [ 1046.233726][ T7169] ? tomoyo_file_ioctl+0x23/0x30 [ 1046.233742][ T7169] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1046.233758][ T7169] ? security_file_ioctl+0x8d/0xc0 [ 1046.233774][ T7169] ksys_ioctl+0xab/0xd0 [ 1046.233790][ T7169] __x64_sys_ioctl+0x73/0xb0 [ 1046.233806][ T7169] do_syscall_64+0xfa/0x760 [ 1046.233829][ T7169] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1046.246713][ T7133] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1046.248766][ T7169] RIP: 0033:0x4598e9 [ 1046.248781][ T7169] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1046.248788][ T7169] RSP: 002b:00007f92b6d82c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1046.257167][ T7133] Node 0 DMA32: 6087*4kB (UME) 4090*8kB (UME) 2442*16kB (UME) 914*32kB (UME) 471*64kB (UME) 78*128kB (UM) 33*256kB (UM) 25*512kB (U) 9*1024kB (UE) 10*2048kB (UME) 214*4096kB (UM) = 1093004kB [ 1046.258472][ T7169] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1046.258481][ T7169] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1046.258489][ T7169] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1046.258497][ T7169] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6d836d4 [ 1046.258509][ T7169] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1046.268281][ T7133] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1046.286407][ T7133] Node 1 Normal: 1*4kB (U) 40*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777732kB [ 1046.298014][ T7133] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1046.337250][ T7133] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1046.369136][ T7133] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1046.601075][ T7133] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1046.611958][ T7133] 51299 total pagecache pages 05:20:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x80000000000000, 0x500]}) 05:20:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0b") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:23 executing program 5: 05:20:23 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000000a10", 0x66, 0x400}], 0x0, 0x0) 05:20:23 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0b") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:23 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x240, 0x0) ioctl$DRM_IOCTL_RM_MAP(r1, 0x4028641b, &(0x7f0000000040)={&(0x7f00005b1000/0x4000)=nil, 0x8001, 0x5, 0x1, &(0x7f0000462000/0x3000)=nil, 0x401}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1046.616996][ T7133] 0 pages in swap cache [ 1046.621304][ T7133] Swap cache stats: add 0, delete 0, find 0/0 [ 1046.627664][ T7133] Free swap = 0kB [ 1046.631397][ T7133] Total swap = 0kB [ 1046.635241][ T7133] 1965979 pages RAM [ 1046.640019][ T7133] 0 pages HighMem/MovableOnly [ 1046.645103][ T7133] 341179 pages reserved [ 1046.649269][ T7133] 0 pages cma reserved 05:20:23 executing program 5: [ 1046.845407][ T7178] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1046.884545][ T7179] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities 05:20:23 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0b") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x80ffff00000000, 0x500]}) 05:20:23 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0b") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:23 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) r3 = userfaultfd(0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r4 = userfaultfd(0x0) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r4, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) ioctl$FICLONE(r3, 0x40049409, r4) setresuid(r2, 0x0, 0x0) syz_mount_image$msdos(&(0x7f0000000000)='msdos\x00', &(0x7f0000000040)='./file0\x00', 0x9, 0x2, &(0x7f00000004c0)=[{&(0x7f0000000480)="3451d2c65b875d797ac9fd26c237c03cf0a79c872be54922409dab7c14f8e6def9f953ab763b", 0x26, 0x800}, {&(0x7f0000000a00)="27dcd63721bcdaabe682bc126f430161ba58bca5d673c4df4fe9c2632c9b5c24a504bd15d70add5df02ec313b075edfec72723649a035b5112370f02727464c5da1b30fc88ae6979e33d5973ad72c8afbad523ef575d4aca26878fa025586f872192215d11877339db97", 0x6a, 0x1000}], 0x800, &(0x7f0000000580)=ANY=[@ANYBLOB='nndots,nodots,dots,nodots,nodots,tz=UTC,smackfstransmute=systemvmnet0.,audit,font_hash,euid>', @ANYRESDEC=r2, @ANYBLOB="2c0058226adae403dc8aedab7151d95fc685dd716155ff09ce27fe663b2a4cbcc12952fbc05c5e8fa154e1d6844c91b7ee52029e54d96de26819a34bb98f4ff71164ea726e8b70"]) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r5, 0x800000c004500a, &(0x7f0000000300)) readv(r5, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r5, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x6}, &(0x7f0000000440)=0x8) read$rfkill(r5, &(0x7f0000000080), 0x8) ioctl$KVM_GET_FPU(r5, 0x81a0ae8c, &(0x7f0000000100)) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000500)={0xffffffffffffffff, r5, 0x11, 0x1}, 0x10) r6 = userfaultfd(0x0) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r6, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r6, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) ioctl$UFFDIO_API(r6, 0xc018aa3f, &(0x7f00000008c0)={0xaa, 0x15}) syz_mount_image$msdos(&(0x7f0000000540)='msdos\x00', &(0x7f0000000900)='./file0/file0\x00', 0x3, 0x4, &(0x7f0000000800)=[{&(0x7f0000000940)="c84bcdf089fd97f55e2a2405195fd60144387221b2a63903c1384884297bf7ba4b7ec6e38a9d1b40356f8b0278126fb8e3c5668ff968f205b2bb1879359e5ec8914f1e846a338002b42bbc9a8cfea99e9597fe185c54820f977dbba9a3ca6d9dfbd8363b880beb829547b3a02036dfaae1f90f64bf15a891c85c86bd632ed27ff37b0c87e67fe8fa1697b601b4c5dae6e2c70895caf027282bcbf7b4fd1ad079f7c72eca45c4a70326d338e109b6eea5", 0xb0, 0x7}, {&(0x7f0000000640)="068d03484df8b0cbc246b46e9291e831a5967effac8a2ba080b5e7419a1d9992eb857dc4a7e066a4a337b6ac4f8fe26e1e0d935ec7677a3b0bae20ce4e57fef877fc8b68e9372809e4b6609fa4dc563837", 0x51, 0x5}, {&(0x7f00000006c0)="55ef0a98b321bf6e1fd3da179dd7fd16", 0x10, 0x2}, {&(0x7f0000000700)="084111b4e6f526af71f65aaa1ad7431baf6af6e94ec40aa5034c31109dac4f963ec9aa2dc1fad0f4d4ff9e827f757c74c0b6f5e8da3e1dd4b5e834221943a5a969279e9a2430277c1716d2a57a910d9239a9947d0bc272525159e200c8c3bc1f1e1f574db38c3c0cc8ef9169dc4b3cd9e9c8cc40fc7c0680d5073b9c3b01a934d7de044d60a8b3c3d6345e7e9d09cdb5419f8ced0eea33632994f14ef6f20287f235d00f460bfbcb9ff5cb6754f0d1ce2f05e30e4eb748bc19fe9a70a714ec76d39e32b3bb605f60d63cf852992a481db11d05b56e311104761b1329cd8cfc76809c61a6153217f9bac882079f98ee84d3", 0xf1, 0x2ab5}], 0x100000, &(0x7f0000000880)={[{@nodots='nodots'}, {@fat=@nfs='nfs'}], [{@appraise_type='appraise_type=imasig'}, {@appraise='appraise'}]}) 05:20:23 executing program 5: 05:20:23 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000001010", 0x66, 0x400}], 0x0, 0x0) [ 1047.330711][ T7209] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:20:23 executing program 5: [ 1047.410617][ T7210] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1047.467180][ T7209] CPU: 1 PID: 7209 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1047.476861][ T7209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1047.486931][ T7209] Call Trace: [ 1047.490244][ T7209] dump_stack+0x172/0x1f0 [ 1047.494605][ T7209] warn_alloc.cold+0x87/0x17f [ 1047.499341][ T7209] ? zone_watermark_ok_safe+0x260/0x260 [ 1047.504935][ T7209] ? mark_lock+0xc2/0x1220 [ 1047.509540][ T7209] ? __lock_acquire+0x8a0/0x4a00 [ 1047.514525][ T7209] __vmalloc_node_range+0x483/0x7e0 [ 1047.519833][ T7209] ? is_bpf_text_address+0xac/0x170 [ 1047.525067][ T7209] ? kvm_arch_create_memslot+0xc3/0x570 [ 1047.530635][ T7209] __vmalloc_node_flags_caller+0x71/0x90 [ 1047.536385][ T7209] ? kvm_arch_create_memslot+0xc3/0x570 [ 1047.541954][ T7209] kvmalloc_node+0xdc/0x100 [ 1047.546484][ T7209] kvm_arch_create_memslot+0xc3/0x570 [ 1047.552156][ T7209] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1047.552175][ T7209] __kvm_set_memory_region+0x13b5/0x1d00 05:20:23 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47b") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:24 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f0000000080)=""/170, 0xaa) [ 1047.552203][ T7209] ? gfn_to_hva+0x470/0x470 [ 1047.568762][ T7209] ? lock_downgrade+0x920/0x920 [ 1047.573786][ T7209] kvm_set_memory_region+0x2f/0x50 [ 1047.573808][ T7209] kvm_vm_ioctl+0x729/0x1860 [ 1047.583607][ T7209] ? debug_check_no_obj_freed+0x20a/0x43f [ 1047.589614][ T7209] ? find_held_lock+0x35/0x130 [ 1047.594406][ T7209] ? kvm_unregister_device_ops+0x70/0x70 [ 1047.600074][ T7209] ? lock_downgrade+0x920/0x920 [ 1047.605039][ T7209] ? rwlock_bug.part.0+0x90/0x90 [ 1047.610054][ T7209] ? tomoyo_path_number_perm+0x214/0x520 [ 1047.615888][ T7209] ? find_held_lock+0x35/0x130 [ 1047.620773][ T7209] ? lock_downgrade+0x920/0x920 [ 1047.625654][ T7209] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1047.631866][ T7209] ? tomoyo_path_number_perm+0x459/0x520 [ 1047.637983][ T7209] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1047.645322][ T7209] ? tomoyo_path_number_perm+0x263/0x520 [ 1047.651096][ T7209] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1047.656958][ T7209] ? kvm_unregister_device_ops+0x70/0x70 [ 1047.662611][ T7209] do_vfs_ioctl+0xdb6/0x13e0 [ 1047.667418][ T7209] ? ioctl_preallocate+0x210/0x210 [ 1047.672657][ T7209] ? __fget+0x384/0x560 [ 1047.677008][ T7209] ? ksys_dup3+0x3e0/0x3e0 [ 1047.677026][ T7209] ? nsecs_to_jiffies+0x30/0x30 [ 1047.677047][ T7209] ? tomoyo_file_ioctl+0x23/0x30 [ 1047.677065][ T7209] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1047.677081][ T7209] ? security_file_ioctl+0x8d/0xc0 [ 1047.677096][ T7209] ksys_ioctl+0xab/0xd0 [ 1047.677113][ T7209] __x64_sys_ioctl+0x73/0xb0 [ 1047.677129][ T7209] do_syscall_64+0xfa/0x760 [ 1047.677152][ T7209] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1047.687554][ T7209] RIP: 0033:0x4598e9 [ 1047.687571][ T7209] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1047.687577][ T7209] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1047.687590][ T7209] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1047.687598][ T7209] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1047.687606][ T7209] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1047.687614][ T7209] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1047.687622][ T7209] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1047.699733][ T7209] warn_alloc_show_mem: 1 callbacks suppressed [ 1047.699739][ T7209] Mem-Info: [ 1047.811865][ T7201] FAT-fs (loop1): Unrecognized mount option "nndots" or missing value 05:20:24 executing program 5: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x2000000002800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)="a4ab12f728db4b2b4d2f2f3ff7ad273b1e89e46f905080af4c90ccb170e60b3a8bf56db763bbce74b47888318b04aeb1747555ba16ea10e6ddb915ceb6397e514faf19e3f74a1d3b9b3c08eaba138725c4fe54204eaa3d026ef9d3f3ec56b0f16103a9073b96abe27eecccbfee02622f3a0ad7eb5b57f828631505476e1ec45b44df66b111a6ca5818bb168a65d5a9d26a8aa48cb704f3f257c814aa541e17aaf78b4648e9742a20d8689863f3f99c4afd672a7ff8133161ff4885410ef233666be8062ec1187c9667bb112d24a93a88a07fdd536e291d752a6a850c5bbb1f8c07f61e039966e10ff457", 0xea}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x13) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) 05:20:24 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47b") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1047.850073][ T7209] active_anon:146649 inactive_anon:660 isolated_anon:0 [ 1047.850073][ T7209] active_file:21603 inactive_file:29457 isolated_file:0 [ 1047.850073][ T7209] unevictable:4096 dirty:286 writeback:0 unstable:0 [ 1047.850073][ T7209] slab_reclaimable:12921 slab_unreclaimable:97343 [ 1047.850073][ T7209] mapped:59002 shmem:253 pagetables:1475 bounce:0 [ 1047.850073][ T7209] free:1219335 free_pcp:394 free_cma:0 [ 1047.889562][ T7209] Node 0 active_anon:586596kB inactive_anon:2640kB active_file:86268kB inactive_file:117828kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:236008kB dirty:1140kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 561152kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1047.919586][ T7209] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1047.947053][ T7209] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1047.975265][ T7209] lowmem_reserve[]: 0 2547 2548 2548 [ 1047.980583][ T7209] Node 0 DMA32 free:1083836kB min:36184kB low:45228kB high:54272kB active_anon:586544kB inactive_anon:2640kB active_file:85220kB inactive_file:117784kB unevictable:16384kB writepending:1172kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:8000kB pagetables:5856kB bounce:0kB free_pcp:1836kB local_pcp:776kB free_cma:0kB [ 1048.016879][ T7216] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1048.026188][ T7209] lowmem_reserve[]: 0 0 1 1 [ 1048.030866][ T7209] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1048.058603][ T7209] lowmem_reserve[]: 0 0 0 0 [ 1048.063922][ T7209] Node 1 Normal free:3777732kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:20:24 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0b") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) [ 1048.155438][ T7243] ptrace attach of "/root/syz-executor.5"[7240] was attempted by "/root/syz-executor.5"[7243] [ 1048.173188][ T7221] FAT-fs (loop1): Unrecognized mount option "nndots" or missing value [ 1048.191121][ T7209] lowmem_reserve[]: 0 0 0 0 05:20:24 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000041010", 0x66, 0x400}], 0x0, 0x0) [ 1048.245000][ T7209] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1048.269471][ T7209] Node 0 DMA32: 5140*4kB (UME) 4131*8kB (UME) 2463*16kB (UME) 963*32kB (UME) 470*64kB (ME) 80*128kB (UM) 33*256kB (UM) 25*512kB (U) 9*1024kB (UE) 5*2048kB (UME) 214*4096kB (UM) = 1081400kB [ 1048.288933][ T7209] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1048.341412][ T7209] Node 1 Normal: 1*4kB (U) 40*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777732kB [ 1048.453244][ T7209] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1048.474745][ T7209] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1048.484886][ T7255] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1048.542490][ T7209] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1048.576166][ T7209] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1048.597774][ T7209] 51325 total pagecache pages [ 1048.602972][ T7209] 0 pages in swap cache [ 1048.607378][ T7209] Swap cache stats: add 0, delete 0, find 0/0 [ 1048.616674][ T7209] Free swap = 0kB [ 1048.620661][ T7209] Total swap = 0kB [ 1048.627646][ T7209] 1965979 pages RAM [ 1048.631636][ T7209] 0 pages HighMem/MovableOnly [ 1048.636609][ T7209] 341179 pages reserved [ 1048.640889][ T7209] 0 pages cma reserved [ 1048.663519][ T7257] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities 05:20:25 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x100000000000000, 0x500]}) 05:20:25 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47b") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:25 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r1 = socket(0x10, 0x3, 0x0) r2 = syz_open_dev$video4linux(&(0x7f0000000100)='/dev/v4l-subdev#\x00', 0x5, 0xe9e6afd9f4773cd3) ioctl$VIDIOC_SUBDEV_S_CROP(r2, 0xc038563c, &(0x7f0000000140)={0x1, 0x0, {0x7, 0x7, 0x10001, 0x8000}}) sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0) accept4$bt_l2cap(r1, &(0x7f0000000000), &(0x7f0000000040)=0xe, 0xc0000) 05:20:25 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47b") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:25 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000da1910", 0x66, 0x400}], 0x0, 0x0) [ 1048.907382][ T7281] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1048.965550][ T7282] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1049.006819][ T7281] CPU: 0 PID: 7281 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1049.015887][ T7281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1049.025972][ T7281] Call Trace: [ 1049.029297][ T7281] dump_stack+0x172/0x1f0 [ 1049.033654][ T7281] warn_alloc.cold+0x87/0x17f [ 1049.038551][ T7281] ? zone_watermark_ok_safe+0x260/0x260 [ 1049.044164][ T7281] ? mark_lock+0xc2/0x1220 [ 1049.048629][ T7281] ? __lock_acquire+0x8a0/0x4a00 [ 1049.053590][ T7281] __vmalloc_node_range+0x483/0x7e0 [ 1049.058800][ T7281] ? is_bpf_text_address+0xac/0x170 [ 1049.064022][ T7281] ? kvm_arch_create_memslot+0xc3/0x570 [ 1049.069598][ T7281] __vmalloc_node_flags_caller+0x71/0x90 [ 1049.075251][ T7281] ? kvm_arch_create_memslot+0xc3/0x570 [ 1049.080941][ T7281] kvmalloc_node+0xdc/0x100 [ 1049.085463][ T7281] kvm_arch_create_memslot+0xc3/0x570 [ 1049.090926][ T7281] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1049.097302][ T7281] __kvm_set_memory_region+0x13b5/0x1d00 [ 1049.103038][ T7281] ? gfn_to_hva+0x470/0x470 [ 1049.103063][ T7281] ? lock_downgrade+0x920/0x920 [ 1049.103091][ T7281] kvm_set_memory_region+0x2f/0x50 [ 1049.103109][ T7281] kvm_vm_ioctl+0x729/0x1860 [ 1049.122272][ T7281] ? debug_check_no_obj_freed+0x20a/0x43f [ 1049.128154][ T7281] ? find_held_lock+0x35/0x130 [ 1049.132923][ T7281] ? kvm_unregister_device_ops+0x70/0x70 [ 1049.138955][ T7281] ? lock_downgrade+0x920/0x920 [ 1049.143827][ T7281] ? rwlock_bug.part.0+0x90/0x90 [ 1049.148802][ T7281] ? tomoyo_path_number_perm+0x214/0x520 [ 1049.154451][ T7281] ? find_held_lock+0x35/0x130 [ 1049.154478][ T7281] ? lock_downgrade+0x920/0x920 [ 1049.154493][ T7281] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1049.154514][ T7281] ? tomoyo_path_number_perm+0x459/0x520 [ 1049.154537][ T7281] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1049.164149][ T7281] ? tomoyo_path_number_perm+0x263/0x520 [ 1049.164165][ T7281] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1049.164203][ T7281] ? kvm_unregister_device_ops+0x70/0x70 [ 1049.164219][ T7281] do_vfs_ioctl+0xdb6/0x13e0 [ 1049.164236][ T7281] ? ioctl_preallocate+0x210/0x210 [ 1049.164248][ T7281] ? __fget+0x384/0x560 [ 1049.164271][ T7281] ? ksys_dup3+0x3e0/0x3e0 [ 1049.181433][ T7281] ? nsecs_to_jiffies+0x30/0x30 [ 1049.222317][ T7281] ? tomoyo_file_ioctl+0x23/0x30 [ 1049.227252][ T7281] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1049.233497][ T7281] ? security_file_ioctl+0x8d/0xc0 [ 1049.238599][ T7281] ksys_ioctl+0xab/0xd0 [ 1049.242747][ T7281] __x64_sys_ioctl+0x73/0xb0 [ 1049.247328][ T7281] do_syscall_64+0xfa/0x760 [ 1049.251824][ T7281] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1049.257815][ T7281] RIP: 0033:0x4598e9 [ 1049.261708][ T7281] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1049.281824][ T7281] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1049.290228][ T7281] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1049.298199][ T7281] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 05:20:25 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf0") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:25 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) splice(0xffffffffffffffff, &(0x7f0000000000), r0, &(0x7f0000000040), 0x7, 0x2) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x80) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r2, 0x81785501, &(0x7f0000000340)=""/94) connect$caif(r2, &(0x7f0000000200), 0x18) ioctl$TUNGETDEVNETNS(r2, 0x54e3, 0x0) openat$cgroup_int(r2, &(0x7f0000000100)='hugetlb.2MB.failcnt\x00', 0x2, 0x0) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1049.306159][ T7281] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1049.314465][ T7281] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1049.322423][ T7281] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1049.400875][ T7288] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1049.416685][ T7281] Mem-Info: [ 1049.420192][ T7281] active_anon:148231 inactive_anon:658 isolated_anon:0 [ 1049.420192][ T7281] active_file:21601 inactive_file:29475 isolated_file:0 [ 1049.420192][ T7281] unevictable:4096 dirty:308 writeback:0 unstable:0 [ 1049.420192][ T7281] slab_reclaimable:12917 slab_unreclaimable:98260 [ 1049.420192][ T7281] mapped:58992 shmem:252 pagetables:1479 bounce:0 [ 1049.420192][ T7281] free:1216964 free_pcp:218 free_cma:0 [ 1049.488720][ T7281] Node 0 active_anon:590868kB inactive_anon:2632kB active_file:86260kB inactive_file:117900kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235968kB dirty:1228kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 563200kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:20:26 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf0") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1049.534582][ T7281] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1049.572374][ T7281] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1049.600539][ T7281] lowmem_reserve[]: 0 2547 2548 2548 [ 1049.624032][ T7281] Node 0 DMA32 free:1083148kB min:36184kB low:45228kB high:54272kB active_anon:584316kB inactive_anon:2632kB active_file:85208kB inactive_file:117816kB unevictable:16384kB writepending:1220kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7808kB pagetables:5916kB bounce:0kB free_pcp:2048kB local_pcp:1396kB free_cma:0kB [ 1049.662481][ T7281] lowmem_reserve[]: 0 0 1 1 [ 1049.667343][ T7281] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1049.756245][ T7281] lowmem_reserve[]: 0 0 0 0 [ 1049.801744][ T7281] Node 1 Normal free:3777732kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1049.849815][ T7281] lowmem_reserve[]: 0 0 0 0 [ 1049.862283][ T7281] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1049.884976][ T7281] Node 0 DMA32: 4754*4kB (UME) 3948*8kB (UME) 2333*16kB (UME) 1041*32kB (UME) 478*64kB (UME) 80*128kB (UM) 33*256kB (UM) 25*512kB (U) 9*1024kB (UE) 9*2048kB (UME) 214*4096kB (UM) = 1087512kB [ 1049.910718][ T7281] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1049.929435][ T7281] Node 1 Normal: 1*4kB (U) 40*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777732kB [ 1049.958250][ T7281] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1049.968247][ T7281] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1049.978457][ T7281] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1049.988984][ T7281] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1049.998452][ T7281] 51336 total pagecache pages [ 1050.003366][ T7281] 0 pages in swap cache [ 1050.007517][ T7281] Swap cache stats: add 0, delete 0, find 0/0 [ 1050.014204][ T7281] Free swap = 0kB [ 1050.018010][ T7281] Total swap = 0kB [ 1050.021733][ T7281] 1965979 pages RAM [ 1050.025648][ T7281] 0 pages HighMem/MovableOnly [ 1050.030322][ T7281] 341179 pages reserved [ 1050.034541][ T7281] 0 pages cma reserved 05:20:27 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) r0 = open(&(0x7f0000000040)='.\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) getdents(r0, &(0x7f0000000080)=""/170, 0x40b) 05:20:27 executing program 1: perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:27 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47b") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:27 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000002010", 0x66, 0x400}], 0x0, 0x0) 05:20:27 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf0") sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) 05:20:27 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x200000000000000, 0x500]}) [ 1051.207216][ T7320] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1051.231072][ T7323] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1051.268440][ T7320] CPU: 0 PID: 7320 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1051.277513][ T7320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1051.287761][ T7320] Call Trace: [ 1051.291086][ T7320] dump_stack+0x172/0x1f0 [ 1051.295452][ T7320] warn_alloc.cold+0x87/0x17f [ 1051.300156][ T7320] ? zone_watermark_ok_safe+0x260/0x260 [ 1051.305742][ T7320] ? mark_lock+0xc2/0x1220 [ 1051.310185][ T7320] ? __lock_acquire+0x8a0/0x4a00 05:20:27 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) r1 = shmget(0x1, 0x1000, 0x11, &(0x7f0000371000/0x1000)=nil) shmctl$IPC_RMID(r1, 0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1051.310211][ T7320] __vmalloc_node_range+0x483/0x7e0 [ 1051.310228][ T7320] ? is_bpf_text_address+0xac/0x170 [ 1051.310251][ T7320] ? kvm_arch_create_memslot+0xc3/0x570 [ 1051.310270][ T7320] __vmalloc_node_flags_caller+0x71/0x90 [ 1051.331180][ T7320] ? kvm_arch_create_memslot+0xc3/0x570 [ 1051.342447][ T7320] kvmalloc_node+0xdc/0x100 [ 1051.347933][ T7320] kvm_arch_create_memslot+0xc3/0x570 [ 1051.353500][ T7320] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1051.359771][ T7320] __kvm_set_memory_region+0x13b5/0x1d00 05:20:27 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) accept4(r0, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(0xffffffffffffffff, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1051.365438][ T7320] ? gfn_to_hva+0x470/0x470 [ 1051.369982][ T7320] ? lock_downgrade+0x920/0x920 [ 1051.374882][ T7320] kvm_set_memory_region+0x2f/0x50 [ 1051.380020][ T7320] kvm_vm_ioctl+0x729/0x1860 [ 1051.384628][ T7320] ? debug_check_no_obj_freed+0x20a/0x43f [ 1051.390370][ T7320] ? find_held_lock+0x35/0x130 [ 1051.394043][ T7319] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1051.395149][ T7320] ? kvm_unregister_device_ops+0x70/0x70 [ 1051.395174][ T7320] ? lock_downgrade+0x920/0x920 [ 1051.395187][ T7320] ? rwlock_bug.part.0+0x90/0x90 [ 1051.395208][ T7320] ? tomoyo_path_number_perm+0x214/0x520 [ 1051.424853][ T7320] ? find_held_lock+0x35/0x130 [ 1051.429651][ T7320] ? lock_downgrade+0x920/0x920 [ 1051.434698][ T7320] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1051.440008][ T7320] ? tomoyo_path_number_perm+0x459/0x520 [ 1051.445670][ T7320] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1051.451929][ T7320] ? tomoyo_path_number_perm+0x263/0x520 [ 1051.457591][ T7320] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1051.463465][ T7320] ? kvm_unregister_device_ops+0x70/0x70 05:20:27 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) accept4(r0, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(0xffffffffffffffff, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1051.469119][ T7320] do_vfs_ioctl+0xdb6/0x13e0 [ 1051.473772][ T7320] ? ioctl_preallocate+0x210/0x210 [ 1051.479072][ T7320] ? __fget+0x384/0x560 [ 1051.483249][ T7320] ? ksys_dup3+0x3e0/0x3e0 [ 1051.487700][ T7320] ? nsecs_to_jiffies+0x30/0x30 [ 1051.492665][ T7320] ? tomoyo_file_ioctl+0x23/0x30 [ 1051.492683][ T7320] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1051.492697][ T7320] ? security_file_ioctl+0x8d/0xc0 [ 1051.492713][ T7320] ksys_ioctl+0xab/0xd0 [ 1051.492728][ T7320] __x64_sys_ioctl+0x73/0xb0 05:20:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000080)="66b9810000400f322ed30cbad104ec660f38df2b0fe21526660ff85e503ede1b0f20c066350000008026660fe1fcb800088ec00fae470b", 0x37}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1051.492744][ T7320] do_syscall_64+0xfa/0x760 [ 1051.492763][ T7320] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1051.492778][ T7320] RIP: 0033:0x4598e9 [ 1051.532050][ T7320] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1051.551668][ T7320] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1051.551684][ T7320] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1051.551690][ T7320] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1051.551697][ T7320] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1051.551704][ T7320] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1051.551712][ T7320] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1051.588704][ T7320] Mem-Info: [ 1051.603994][ T7320] active_anon:145562 inactive_anon:662 isolated_anon:0 [ 1051.603994][ T7320] active_file:21601 inactive_file:29484 isolated_file:0 [ 1051.603994][ T7320] unevictable:4096 dirty:318 writeback:0 unstable:0 [ 1051.603994][ T7320] slab_reclaimable:12915 slab_unreclaimable:97866 [ 1051.603994][ T7320] mapped:58982 shmem:252 pagetables:1473 bounce:0 [ 1051.603994][ T7320] free:1220026 free_pcp:393 free_cma:0 05:20:28 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x100000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x10000, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r1, 0xab07, 0x5) r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x80) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r2, 0x81785501, &(0x7f0000000340)=""/94) connect$caif(r2, &(0x7f0000000200), 0x18) ioctl$TUNGETDEVNETNS(r2, 0x54e3, 0x0) mlock(&(0x7f00000f6000/0x2000)=nil, 0x2000) r3 = userfaultfd(0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, &(0x7f00000001c0)) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r2, 0xc0845658, &(0x7f0000000100)={0x0, @reserved}) r4 = msgget(0x0, 0x1) msgctl$IPC_RMID(r4, 0x0) msgsnd(r4, &(0x7f0000000240)={0x0, "32bd31decb1ce79628680657482b6edf45d2cea38bcaf350bf376a244d1b986bdca3384cd018b2294d77bcb393dafd4c9df019d1eceb4ada40a497a10d68f0e3b22ebce5161cbb8f7537c107a3ef1420fdc9dae404bbff5948f75b48e36c62f2b1659360a1fe2d5794ca224ef0b35838290a88a768d457c6fdc848cac6154ff6f534911b113d9a2528a05b1c73ddf58b3959e381d811d17403417a78d676d9b4b60443f2881e12799e8367e54fca9564db1dcf961ec4c27b2ad32e1b0923"}, 0xc6, 0x1000) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1051.642591][ T7320] Node 0 active_anon:582248kB inactive_anon:2648kB active_file:86260kB inactive_file:117936kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235928kB dirty:1268kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 557056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1051.681033][ T7320] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1051.721469][ T7320] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1051.845108][ T7320] lowmem_reserve[]: 0 2547 2548 2548 05:20:28 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000102010", 0x66, 0x400}], 0x0, 0x0) [ 1051.869692][ T7320] Node 0 DMA32 free:1084588kB min:36184kB low:45228kB high:54272kB active_anon:580132kB inactive_anon:2648kB active_file:85208kB inactive_file:117852kB unevictable:16384kB writepending:1260kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7840kB pagetables:5892kB bounce:0kB free_pcp:1516kB local_pcp:836kB free_cma:0kB 05:20:28 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47b") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) [ 1052.026923][ T7320] lowmem_reserve[]: 0 0 1 1 [ 1052.034334][ T7352] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:20:28 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) accept4(r0, 0x0, 0x0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(0xffffffffffffffff, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1052.076127][ T7320] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1052.177345][ T7352] CPU: 1 PID: 7352 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1052.186424][ T7352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1052.196492][ T7352] Call Trace: [ 1052.199812][ T7352] dump_stack+0x172/0x1f0 [ 1052.204168][ T7352] warn_alloc.cold+0x87/0x17f [ 1052.208922][ T7352] ? zone_watermark_ok_safe+0x260/0x260 [ 1052.214508][ T7352] ? mark_lock+0xc2/0x1220 [ 1052.219032][ T7352] ? __lock_acquire+0x8a0/0x4a00 [ 1052.224028][ T7352] __vmalloc_node_range+0x483/0x7e0 [ 1052.229248][ T7352] ? is_bpf_text_address+0xac/0x170 [ 1052.234479][ T7352] ? kvm_arch_create_memslot+0xc3/0x570 [ 1052.240128][ T7352] __vmalloc_node_flags_caller+0x71/0x90 [ 1052.245778][ T7352] ? kvm_arch_create_memslot+0xc3/0x570 [ 1052.251344][ T7352] kvmalloc_node+0xdc/0x100 [ 1052.255891][ T7352] kvm_arch_create_memslot+0xc3/0x570 [ 1052.261375][ T7352] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1052.267723][ T7352] __kvm_set_memory_region+0x13b5/0x1d00 [ 1052.273387][ T7352] ? gfn_to_hva+0x470/0x470 [ 1052.277928][ T7352] ? lock_downgrade+0x920/0x920 [ 1052.282817][ T7352] kvm_set_memory_region+0x2f/0x50 [ 1052.287951][ T7352] kvm_vm_ioctl+0x729/0x1860 [ 1052.288549][ T7320] lowmem_reserve[]: 0 0 0 0 [ 1052.292548][ T7352] ? debug_check_no_obj_freed+0x20a/0x43f [ 1052.292567][ T7352] ? find_held_lock+0x35/0x130 [ 1052.292585][ T7352] ? kvm_unregister_device_ops+0x70/0x70 [ 1052.292604][ T7352] ? lock_downgrade+0x920/0x920 [ 1052.292618][ T7352] ? rwlock_bug.part.0+0x90/0x90 [ 1052.292632][ T7352] ? tomoyo_path_number_perm+0x214/0x520 [ 1052.292649][ T7352] ? find_held_lock+0x35/0x130 [ 1052.307788][ T7320] Node 1 Normal free:3777732kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1052.313263][ T7352] ? lock_downgrade+0x920/0x920 [ 1052.313279][ T7352] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1052.313298][ T7352] ? tomoyo_path_number_perm+0x459/0x520 [ 1052.313318][ T7352] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1052.313330][ T7352] ? tomoyo_path_number_perm+0x263/0x520 [ 1052.313348][ T7352] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1052.322301][ T7320] lowmem_reserve[]: 0 0 0 0 [ 1052.323633][ T7352] ? kvm_unregister_device_ops+0x70/0x70 [ 1052.323650][ T7352] do_vfs_ioctl+0xdb6/0x13e0 [ 1052.323670][ T7352] ? ioctl_preallocate+0x210/0x210 [ 1052.329478][ T7320] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1052.334063][ T7352] ? __fget+0x384/0x560 [ 1052.334083][ T7352] ? ksys_dup3+0x3e0/0x3e0 [ 1052.334101][ T7352] ? nsecs_to_jiffies+0x30/0x30 [ 1052.334123][ T7352] ? tomoyo_file_ioctl+0x23/0x30 [ 1052.334139][ T7352] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1052.334154][ T7352] ? security_file_ioctl+0x8d/0xc0 [ 1052.334168][ T7352] ksys_ioctl+0xab/0xd0 [ 1052.334185][ T7352] __x64_sys_ioctl+0x73/0xb0 05:20:28 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0) msync(&(0x7f000039d000/0xb000)=nil, 0xb000, 0x2) 05:20:28 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, 0x0, 0x0, 0x0) [ 1052.363321][ T7320] Node 0 DMA32: 4439*4kB (UME) 4156*8kB (UME) 2360*16kB (UME) 1044*32kB (UME) 479*64kB (UME) 60*128kB (M) 33*256kB (UM) 25*512kB (U) 9*1024kB (UE) 6*2048kB (UME) 214*4096kB (UM) = 1079804kB [ 1052.367506][ T7352] do_syscall_64+0xfa/0x760 [ 1052.367529][ T7352] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1052.367541][ T7352] RIP: 0033:0x4598e9 [ 1052.367556][ T7352] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1052.367564][ T7352] RSP: 002b:00007f92b6d82c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1052.367578][ T7352] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1052.367592][ T7352] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1052.373700][ T7320] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1052.378570][ T7352] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1052.378578][ T7352] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6d836d4 [ 1052.378585][ T7352] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1052.562377][ T7320] Node 1 Normal: 1*4kB (U) 39*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777724kB [ 1052.608709][ T7320] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1052.619205][ T7320] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1052.637208][ T7320] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 05:20:29 executing program 5: msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000000000)=""/11) [ 1052.678568][ T7358] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1052.692436][ T7320] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1052.733818][ T7359] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1052.737490][ T7320] 51345 total pagecache pages [ 1052.777219][ T7320] 0 pages in swap cache [ 1052.821484][ T7320] Swap cache stats: add 0, delete 0, find 0/0 [ 1052.832538][ T7320] Free swap = 0kB [ 1052.838802][ T7320] Total swap = 0kB [ 1052.861482][ T7320] 1965979 pages RAM [ 1052.871081][ T7320] 0 pages HighMem/MovableOnly [ 1052.910656][ T7320] 341179 pages reserved [ 1052.919979][ T7320] 0 pages cma reserved 05:20:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x300000000000000, 0x500]}) 05:20:29 executing program 5: openat$vnet(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vhost-net\x00', 0x2, 0x0) syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x0) pipe(&(0x7f0000000680)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000080)={0xff}, &(0x7f0000000200)={0x0, r0+30000000}, 0x0) add_key(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffa) 05:20:29 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000002310", 0x66, 0x400}], 0x0, 0x0) 05:20:29 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, 0x0, 0x0, 0x0) 05:20:29 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x6, 0xa02900) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x2d}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$sock_SIOCSIFBR(r1, 0x8941, &(0x7f0000000000)=@generic={0x2, 0xffffffff}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:29 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf0") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) [ 1053.173175][ T7394] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:20:29 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, 0x0, 0x0, 0x0) 05:20:29 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f000060a000/0x1000)=nil, 0x1000}}) r1 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0) r2 = syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x2, 0x2) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f0000000440)={r4, @in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000100)={r4, @in6={{0xa, 0x4e21, 0x1ef, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x1f}}, 0x1f, 0x100, 0x0, 0x4, 0x90}, 0x98) [ 1053.242498][ T7394] CPU: 0 PID: 7394 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1053.251667][ T7394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1053.261742][ T7394] Call Trace: [ 1053.265056][ T7394] dump_stack+0x172/0x1f0 [ 1053.269432][ T7394] warn_alloc.cold+0x87/0x17f [ 1053.274151][ T7394] ? zone_watermark_ok_safe+0x260/0x260 [ 1053.279747][ T7394] ? mark_lock+0xc2/0x1220 [ 1053.284211][ T7394] ? __lock_acquire+0x8a0/0x4a00 [ 1053.289180][ T7394] __vmalloc_node_range+0x483/0x7e0 [ 1053.294397][ T7394] ? is_bpf_text_address+0xac/0x170 [ 1053.294425][ T7394] ? kvm_arch_create_memslot+0xc3/0x570 [ 1053.294441][ T7394] __vmalloc_node_flags_caller+0x71/0x90 [ 1053.294454][ T7394] ? kvm_arch_create_memslot+0xc3/0x570 [ 1053.294470][ T7394] kvmalloc_node+0xdc/0x100 [ 1053.294486][ T7394] kvm_arch_create_memslot+0xc3/0x570 [ 1053.294503][ T7394] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1053.294522][ T7394] __kvm_set_memory_region+0x13b5/0x1d00 [ 1053.305355][ T7394] ? gfn_to_hva+0x470/0x470 [ 1053.305460][ T7394] ? lock_downgrade+0x920/0x920 [ 1053.305489][ T7394] kvm_set_memory_region+0x2f/0x50 [ 1053.305504][ T7394] kvm_vm_ioctl+0x729/0x1860 [ 1053.305524][ T7394] ? debug_check_no_obj_freed+0x20a/0x43f [ 1053.354355][ T7394] ? find_held_lock+0x35/0x130 [ 1053.354375][ T7394] ? kvm_unregister_device_ops+0x70/0x70 [ 1053.354397][ T7394] ? lock_downgrade+0x920/0x920 [ 1053.354410][ T7394] ? rwlock_bug.part.0+0x90/0x90 [ 1053.354425][ T7394] ? tomoyo_path_number_perm+0x214/0x520 [ 1053.354438][ T7394] ? find_held_lock+0x35/0x130 [ 1053.354460][ T7394] ? lock_downgrade+0x920/0x920 [ 1053.373863][ T7391] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1053.375282][ T7394] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1053.375305][ T7394] ? tomoyo_path_number_perm+0x459/0x520 [ 1053.375327][ T7394] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1053.375341][ T7394] ? tomoyo_path_number_perm+0x263/0x520 [ 1053.375364][ T7394] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1053.385173][ T7394] ? kvm_unregister_device_ops+0x70/0x70 [ 1053.385192][ T7394] do_vfs_ioctl+0xdb6/0x13e0 [ 1053.385209][ T7394] ? ioctl_preallocate+0x210/0x210 [ 1053.385220][ T7394] ? __fget+0x384/0x560 [ 1053.385237][ T7394] ? ksys_dup3+0x3e0/0x3e0 [ 1053.385254][ T7394] ? nsecs_to_jiffies+0x30/0x30 [ 1053.385272][ T7394] ? tomoyo_file_ioctl+0x23/0x30 [ 1053.385288][ T7394] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1053.385303][ T7394] ? security_file_ioctl+0x8d/0xc0 [ 1053.385321][ T7394] ksys_ioctl+0xab/0xd0 [ 1053.400566][ T7394] __x64_sys_ioctl+0x73/0xb0 [ 1053.400587][ T7394] do_syscall_64+0xfa/0x760 [ 1053.400611][ T7394] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1053.400624][ T7394] RIP: 0033:0x4598e9 [ 1053.400637][ T7394] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1053.400651][ T7394] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1053.420319][ T7394] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 05:20:30 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40), 0x0, 0x0) [ 1053.502783][ T7399] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1053.506430][ T7394] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1053.506439][ T7394] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1053.506447][ T7394] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1053.506456][ T7394] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1053.590090][ T7394] warn_alloc_show_mem: 1 callbacks suppressed [ 1053.590095][ T7394] Mem-Info: [ 1053.599612][ T7394] active_anon:147213 inactive_anon:660 isolated_anon:0 [ 1053.599612][ T7394] active_file:21603 inactive_file:29501 isolated_file:0 [ 1053.599612][ T7394] unevictable:4096 dirty:284 writeback:0 unstable:0 [ 1053.599612][ T7394] slab_reclaimable:12928 slab_unreclaimable:98097 [ 1053.599612][ T7394] mapped:59013 shmem:252 pagetables:1514 bounce:0 [ 1053.599612][ T7394] free:1217760 free_pcp:587 free_cma:0 [ 1053.638195][ T7394] Node 0 active_anon:588852kB inactive_anon:2640kB active_file:86268kB inactive_file:118004kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:236052kB dirty:1132kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 561152kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1053.668996][ T7394] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1053.696633][ T7394] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1053.764558][ T7394] lowmem_reserve[]: 0 2547 2548 2548 05:20:30 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000002d10", 0x66, 0x400}], 0x0, 0x0) 05:20:30 executing program 1: r0 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) setsockopt$inet6_MRT6_DEL_MFC(r0, 0x29, 0xcd, &(0x7f0000000000)={{0xa, 0x4e22, 0x2, @mcast2, 0xf1}, {0xa, 0x4e23, 0x6, @mcast1, 0x4}, 0x5, [0x4, 0x200, 0x101, 0x777, 0x543, 0xeb, 0x8000, 0x7ff]}, 0x5c) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$rxrpc(r0, &(0x7f0000000100)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x24) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:30 executing program 5: perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x800000000000013, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = inotify_init() r1 = inotify_init() inotify_add_watch(r1, &(0x7f0000000080)='.\x00', 0x2000400) dup3(r0, r1, 0x0) [ 1053.790766][ T7394] Node 0 DMA32 free:1078032kB min:36184kB low:45228kB high:54272kB active_anon:588468kB inactive_anon:2640kB active_file:85216kB inactive_file:117920kB unevictable:16384kB writepending:1128kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7872kB pagetables:5908kB bounce:0kB free_pcp:2528kB local_pcp:1276kB free_cma:0kB [ 1054.017790][ T7394] lowmem_reserve[]: 0 0 1 1 [ 1054.061486][ T7394] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:4kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1054.080754][ T7422] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1054.108504][ T7394] lowmem_reserve[]: 0 0 0 0 [ 1054.121591][ T7394] Node 1 Normal free:3777472kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 1054.153868][ T7433] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1054.186868][ T7394] lowmem_reserve[]: 0 0 0 0 [ 1054.193137][ T7433] CPU: 0 PID: 7433 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1054.202190][ T7433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1054.212259][ T7433] Call Trace: [ 1054.212267][ T7394] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1054.215562][ T7433] dump_stack+0x172/0x1f0 [ 1054.215589][ T7433] warn_alloc.cold+0x87/0x17f [ 1054.239100][ T7433] ? zone_watermark_ok_safe+0x260/0x260 [ 1054.245026][ T7433] ? mark_lock+0xc2/0x1220 [ 1054.249460][ T7433] ? __lock_acquire+0x8a0/0x4a00 [ 1054.254603][ T7433] __vmalloc_node_range+0x483/0x7e0 [ 1054.259998][ T7433] ? is_bpf_text_address+0xac/0x170 [ 1054.265219][ T7433] ? kvm_arch_create_memslot+0xc3/0x570 [ 1054.270787][ T7433] __vmalloc_node_flags_caller+0x71/0x90 [ 1054.276437][ T7433] ? kvm_arch_create_memslot+0xc3/0x570 [ 1054.282002][ T7433] kvmalloc_node+0xdc/0x100 [ 1054.282125][ T7394] Node 0 DMA32: 5101*4kB (UME) 4246*8kB (UME) 2423*16kB (UME) 1066*32kB (UME) 480*64kB (UME) 67*128kB (UM) 28*256kB (UM) 25*512kB (U) 9*1024kB (UE) 6*2048kB (UME) 214*4096kB (UM) = 1084564kB [ 1054.286509][ T7433] kvm_arch_create_memslot+0xc3/0x570 [ 1054.306244][ T7394] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1054.311147][ T7433] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.311166][ T7433] __kvm_set_memory_region+0x13b5/0x1d00 [ 1054.311187][ T7433] ? gfn_to_hva+0x470/0x470 [ 1054.323452][ T7394] Node 1 Normal: 0*4kB 7*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777464kB [ 1054.329556][ T7433] ? lock_downgrade+0x920/0x920 [ 1054.329590][ T7433] kvm_set_memory_region+0x2f/0x50 [ 1054.366503][ T7433] kvm_vm_ioctl+0x729/0x1860 [ 1054.371119][ T7433] ? debug_check_no_obj_freed+0x20a/0x43f [ 1054.376882][ T7433] ? find_held_lock+0x35/0x130 [ 1054.381909][ T7433] ? kvm_unregister_device_ops+0x70/0x70 [ 1054.388365][ T7433] ? lock_downgrade+0x920/0x920 [ 1054.393240][ T7433] ? rwlock_bug.part.0+0x90/0x90 [ 1054.394129][ T7394] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1054.398448][ T7433] ? tomoyo_path_number_perm+0x214/0x520 [ 1054.410765][ T7394] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1054.413632][ T7433] ? find_held_lock+0x35/0x130 [ 1054.413655][ T7433] ? lock_downgrade+0x920/0x920 [ 1054.413668][ T7433] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1054.413685][ T7433] ? tomoyo_path_number_perm+0x459/0x520 [ 1054.413704][ T7433] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1054.413716][ T7433] ? tomoyo_path_number_perm+0x263/0x520 [ 1054.413753][ T7433] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1054.413788][ T7433] ? kvm_unregister_device_ops+0x70/0x70 [ 1054.413805][ T7433] do_vfs_ioctl+0xdb6/0x13e0 [ 1054.413824][ T7433] ? ioctl_preallocate+0x210/0x210 [ 1054.413837][ T7433] ? __fget+0x384/0x560 [ 1054.413856][ T7433] ? ksys_dup3+0x3e0/0x3e0 [ 1054.413873][ T7433] ? nsecs_to_jiffies+0x30/0x30 [ 1054.413892][ T7433] ? tomoyo_file_ioctl+0x23/0x30 [ 1054.413905][ T7433] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1054.413926][ T7433] ? security_file_ioctl+0x8d/0xc0 [ 1054.440540][ T7394] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1054.443811][ T7433] ksys_ioctl+0xab/0xd0 [ 1054.443826][ T7433] __x64_sys_ioctl+0x73/0xb0 [ 1054.443847][ T7433] do_syscall_64+0xfa/0x760 [ 1054.443867][ T7433] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1054.443878][ T7433] RIP: 0033:0x4598e9 [ 1054.443894][ T7433] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1054.443901][ T7433] RSP: 002b:00007f92b6d82c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1054.443913][ T7433] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1054.443920][ T7433] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1054.443928][ T7433] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1054.443935][ T7433] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6d836d4 [ 1054.443944][ T7433] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1054.456442][ T7394] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1054.508196][ T7394] 51361 total pagecache pages [ 1054.533754][ T7394] 0 pages in swap cache [ 1054.579721][ T7394] Swap cache stats: add 0, delete 0, find 0/0 [ 1054.610599][ T7394] Free swap = 0kB [ 1054.633145][ T7394] Total swap = 0kB [ 1054.644436][ T7394] 1965979 pages RAM [ 1054.648361][ T7394] 0 pages HighMem/MovableOnly 05:20:31 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40), 0x0, 0x0) 05:20:31 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf0") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:31 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000003f10", 0x66, 0x400}], 0x0, 0x0) 05:20:31 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) llistxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=""/14, 0xe) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:31 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x400000000000000, 0x500]}) 05:20:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) writev(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000340)="3008db3a75b7000f1dd0bcdf0d66ed", 0xf}], 0x1) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1054.662372][ T7394] 341179 pages reserved [ 1054.666768][ T7394] 0 pages cma reserved [ 1054.774615][ T7446] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 05:20:31 executing program 0: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000000)="11dca5055e0bcfe47bf070") sendmmsg(r2, &(0x7f0000003d40), 0x0, 0x0) [ 1054.868919][ T7441] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1054.927989][ T7459] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1054.962122][ T7459] CPU: 0 PID: 7459 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1054.971283][ T7459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1054.981347][ T7459] Call Trace: [ 1054.984665][ T7459] dump_stack+0x172/0x1f0 [ 1054.989120][ T7459] warn_alloc.cold+0x87/0x17f [ 1054.993832][ T7459] ? zone_watermark_ok_safe+0x260/0x260 [ 1054.999626][ T7459] ? mark_lock+0xc2/0x1220 [ 1055.004256][ T7459] ? __lock_acquire+0x8a0/0x4a00 [ 1055.009226][ T7459] __vmalloc_node_range+0x483/0x7e0 [ 1055.014662][ T7459] ? is_bpf_text_address+0xac/0x170 [ 1055.019999][ T7459] ? kvm_arch_create_memslot+0xc3/0x570 [ 1055.026595][ T7459] __vmalloc_node_flags_caller+0x71/0x90 [ 1055.032698][ T7459] ? kvm_arch_create_memslot+0xc3/0x570 [ 1055.038257][ T7459] kvmalloc_node+0xdc/0x100 [ 1055.042761][ T7459] kvm_arch_create_memslot+0xc3/0x570 [ 1055.048483][ T7459] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1055.054980][ T7459] __kvm_set_memory_region+0x13b5/0x1d00 [ 1055.060810][ T7459] ? gfn_to_hva+0x470/0x470 [ 1055.065310][ T7459] ? lock_downgrade+0x920/0x920 [ 1055.070440][ T7459] kvm_set_memory_region+0x2f/0x50 [ 1055.076683][ T7459] kvm_vm_ioctl+0x729/0x1860 [ 1055.081351][ T7459] ? debug_check_no_obj_freed+0x20a/0x43f [ 1055.087617][ T7459] ? find_held_lock+0x35/0x130 [ 1055.092552][ T7459] ? kvm_unregister_device_ops+0x70/0x70 [ 1055.098177][ T7459] ? lock_downgrade+0x920/0x920 [ 1055.103038][ T7459] ? rwlock_bug.part.0+0x90/0x90 [ 1055.107965][ T7459] ? tomoyo_path_number_perm+0x214/0x520 [ 1055.114042][ T7459] ? find_held_lock+0x35/0x130 [ 1055.119204][ T7459] ? lock_downgrade+0x920/0x920 [ 1055.124055][ T7459] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1055.130135][ T7459] ? tomoyo_path_number_perm+0x459/0x520 [ 1055.136307][ T7459] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1055.147090][ T7459] ? tomoyo_path_number_perm+0x263/0x520 [ 1055.153808][ T7459] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1055.159742][ T7459] ? kvm_unregister_device_ops+0x70/0x70 [ 1055.165474][ T7459] do_vfs_ioctl+0xdb6/0x13e0 [ 1055.170321][ T7459] ? ioctl_preallocate+0x210/0x210 [ 1055.175437][ T7459] ? __fget+0x384/0x560 [ 1055.179769][ T7459] ? ksys_dup3+0x3e0/0x3e0 [ 1055.185135][ T7459] ? nsecs_to_jiffies+0x30/0x30 [ 1055.190254][ T7459] ? tomoyo_file_ioctl+0x23/0x30 [ 1055.195377][ T7459] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1055.201613][ T7459] ? security_file_ioctl+0x8d/0xc0 [ 1055.207043][ T7459] ksys_ioctl+0xab/0xd0 [ 1055.211192][ T7459] __x64_sys_ioctl+0x73/0xb0 [ 1055.215959][ T7459] do_syscall_64+0xfa/0x760 [ 1055.220460][ T7459] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1055.226350][ T7459] RIP: 0033:0x4598e9 [ 1055.230235][ T7459] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1055.250003][ T7459] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1055.258413][ T7459] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1055.266483][ T7459] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 05:20:31 executing program 1: perf_event_open(&(0x7f000001d000)={0x3, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) pivot_root(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') userfaultfd(0x800) socket$caif_seqpacket(0x25, 0x5, 0x1) [ 1055.275065][ T7459] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1055.283322][ T7459] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1055.291654][ T7459] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff 05:20:31 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000004010", 0x66, 0x400}], 0x0, 0x0) 05:20:31 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x11000008912, &(0x7f0000000000)="11dca50d6c0bcfe47bf070") r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040)='/dev/audio\x00', 0x0, 0x0) read$eventfd(r1, &(0x7f0000000080), 0x8) [ 1055.329772][ T7459] warn_alloc_show_mem: 1 callbacks suppressed [ 1055.329778][ T7459] Mem-Info: [ 1055.339557][ T7459] active_anon:145591 inactive_anon:659 isolated_anon:0 [ 1055.339557][ T7459] active_file:21603 inactive_file:29520 isolated_file:0 [ 1055.339557][ T7459] unevictable:4096 dirty:336 writeback:0 unstable:0 [ 1055.339557][ T7459] slab_reclaimable:12931 slab_unreclaimable:96725 [ 1055.339557][ T7459] mapped:58994 shmem:253 pagetables:1428 bounce:0 [ 1055.339557][ T7459] free:1220769 free_pcp:735 free_cma:0 [ 1055.441735][ T7459] Node 0 active_anon:582364kB inactive_anon:2636kB active_file:86268kB inactive_file:118080kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235976kB dirty:1340kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 563200kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:20:32 executing program 5: ioctl(0xffffffffffffffff, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000080)="66b9810000400f322ed30cbad104ec660f38df2b0fe21526660ff85e503ede1b0f20c066350000008026660fe1fcb800088ec00fae470b", 0x37}], 0x1, 0x51, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 05:20:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf0") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:32 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) r1 = socket$inet6(0xa, 0x807, 0x101) setsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r1, 0x84, 0x1e, &(0x7f0000000040)=0x8, 0x4) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1055.636257][ T7459] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1055.713602][ T7468] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1055.742283][ T7459] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:20:32 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000004810", 0x66, 0x400}], 0x0, 0x0) [ 1055.869247][ T7482] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1055.925397][ T7459] lowmem_reserve[]: 0 2547 2548 2548 05:20:32 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c1, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000000040)=0x200, 0x4) write$FUSE_NOTIFY_POLL(r0, &(0x7f0000000000)={0x18, 0x1, 0x0, {0x7}}, 0x18) [ 1055.966235][ T7459] Node 0 DMA32 free:1084624kB min:36184kB low:45228kB high:54272kB active_anon:586536kB inactive_anon:2636kB active_file:85216kB inactive_file:118028kB unevictable:16384kB writepending:1388kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7872kB pagetables:5912kB bounce:0kB free_pcp:2532kB local_pcp:1236kB free_cma:0kB [ 1056.028530][ T7459] lowmem_reserve[]: 0 0 1 1 [ 1056.040789][ T7459] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:4kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:20:32 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(0x0, &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) [ 1056.188293][ T7494] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1056.251190][ T7459] lowmem_reserve[]: 0 0 0 0 [ 1056.277355][ T7459] Node 1 Normal free:3777464kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 1056.316437][ T7459] lowmem_reserve[]: 0 0 0 0 [ 1056.321435][ T7459] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1056.402264][ T7459] Node 0 DMA32: 5437*4kB (UME) 4186*8kB (UME) 2567*16kB (UME) 1092*32kB (UME) 480*64kB (UME) 60*128kB (M) 13*256kB (UM) 25*512kB (U) 9*1024kB (UE) 6*2048kB (UME) 214*4096kB (UM) = 1083828kB [ 1056.448330][ T7459] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1056.487292][ T7459] Node 1 Normal: 0*4kB 7*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777464kB [ 1056.507452][ T7459] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1056.517762][ T7459] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1056.530969][ T7459] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1056.582226][ T7459] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1056.628194][ T7459] 51382 total pagecache pages [ 1056.642887][ T7459] 0 pages in swap cache [ 1056.648365][ T7459] Swap cache stats: add 0, delete 0, find 0/0 [ 1056.655087][ T7459] Free swap = 0kB [ 1056.659423][ T7459] Total swap = 0kB [ 1056.663781][ T7459] 1965979 pages RAM [ 1056.667611][ T7459] 0 pages HighMem/MovableOnly [ 1056.674148][ T7459] 341179 pages reserved [ 1056.678343][ T7459] 0 pages cma reserved 05:20:33 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x500000000000000, 0x500]}) 05:20:33 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) unlink(&(0x7f0000000080)='./file0\x00') perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3fffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x440, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, &(0x7f00000002c0)=""/231, &(0x7f0000000140)=0xe7) bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') sendfile(r1, r2, 0x0, 0x50000000000443) sendmmsg(r1, &(0x7f0000006f00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) open$dir(&(0x7f0000000180)='./file0\x00', 0x101000, 0x4) 05:20:33 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) r1 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f0000000100)={0x1, {{0x2, 0x4e24, @empty}}, 0x1, 0x4, [{{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x20}}}, {{0x2, 0x4e21, @remote}}, {{0x2, 0x4e23, @multicast2}}, {{0x2, 0x4e24, @broadcast}}]}, 0x290) r2 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x1, 0x2) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000274000/0x3000)=nil, 0x3000}, 0x3}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:33 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000004c10", 0x66, 0x400}], 0x0, 0x0) 05:20:33 executing program 5: socket$inet_tcp(0x2, 0x1, 0x0) r0 = syz_open_dev$loop(&(0x7f0000000040)='/dev/loop#\x00', 0x0, 0x1100082) memfd_create(&(0x7f00000003c0)='/\xd2\a\xaa(\t0\xedj\\\xe6W\x14E\x80VfM\'\x80\xb1\xce\x86Wp#\x00\xc2\x11\x04\xb5\a\x9e\x83X\x8e?yE\xec\xeb2-\xbb\vO\xf9P\xd7\xd7\xf5\xa8\xaeW\x8e\xe5Q\xd9\x9ew\x8e}\x868\x9f2\xf9\x17\xf5\xf8;\xd5g\bS\x91Q\xf1a\x0e$9[k@\x0fj\x83\x9d\xb1\xd5\xd7\xa5\xc1\x05ox\xe4\xdc6\x04\xc1n\xf6\xf8\x1c\xf2\xa9\xbb\xbc\x12u\xfd\xeb0bK\xb8A\x93\xb3\x8co\a\xe1}R\xa6x\xde\xb5;\xea\xa0', 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, 0xffffffffffffffff) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300, 0x0, "7001e0f57c8cf6270b24e415e96042aae51d871554c11cd59cc8fb47081025bad6b39d77f70a7c0f30f66157a96aae15813f0dceb29700", "a8a4cd01e527e6fd3de45387daf7b1ac786d0e8a75e8904655361fe06f308fe6033a61edb75c8d51c055faf7f4fdb16e0cdaa4276939a341033400", "2f18ffe4532a434e624ac93616105829576904e70bfeb59800f97c97644ab8a7"}) 05:20:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(0x0, &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) 05:20:33 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000001c0)={&(0x7f0000000040)={0x28, 0x23, 0x1, 0x0, 0x0, {0x20000000004, 0xe00000000000000}, [@typed={0x14, 0x0, @ipv6=@ipv4={[], [], @empty}}]}, 0x28}}, 0x0) 05:20:33 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(0x0, &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) [ 1056.978658][ T7524] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities 05:20:33 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x600000000000000, 0x500]}) 05:20:33 executing program 0: r0 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x2000000002800100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000280)="a4ab12f728db4b2b4d2f2f3ff7ad273b1e89e46f905080af4c90ccb170e60b3a8bf56db763bbce74b47888318b04aeb1747555ba16ea10e6ddb915ceb6397e514faf19e3f74a1d3b9b3c08eaba138725c4fe54204eaa3d026ef9d3f3ec56b0f16103a9073b96abe27eecccbfee02622f3a0ad7eb5b57f828631505476e1ec45b44df66b111a6ca5818bb168a65d5a9d26a8aa48cb704f3f257c814aa541e17aaf78b4648e9742a20d8689863f3f99c4afd672a7ff8133161ff4885410ef233666be8062ec1187c9667bb112d24a93a88a07fdd536e291d752a6a850c5bbb1f8c07f61e039966e10ff45709248e7264cce72a", 0xf2}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x13) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r1, 0x0, 0x0) [ 1057.284395][ T7552] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1057.362323][ T7552] CPU: 0 PID: 7552 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1057.371745][ T7552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1057.381940][ T7552] Call Trace: [ 1057.385265][ T7552] dump_stack+0x172/0x1f0 [ 1057.389628][ T7552] warn_alloc.cold+0x87/0x17f [ 1057.394330][ T7552] ? zone_watermark_ok_safe+0x260/0x260 [ 1057.399921][ T7552] ? mark_lock+0xc2/0x1220 [ 1057.404355][ T7552] ? __lock_acquire+0x8a0/0x4a00 [ 1057.409331][ T7552] __vmalloc_node_range+0x483/0x7e0 [ 1057.409898][ T7557] ptrace attach of "/root/syz-executor.0"[7556] was attempted by "/root/syz-executor.0"[7557] [ 1057.414576][ T7552] ? is_bpf_text_address+0xac/0x170 [ 1057.414598][ T7552] ? kvm_arch_create_memslot+0xc3/0x570 [ 1057.414614][ T7552] __vmalloc_node_flags_caller+0x71/0x90 [ 1057.414627][ T7552] ? kvm_arch_create_memslot+0xc3/0x570 [ 1057.414643][ T7552] kvmalloc_node+0xdc/0x100 [ 1057.414662][ T7552] kvm_arch_create_memslot+0xc3/0x570 [ 1057.456900][ T7552] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1057.463177][ T7552] __kvm_set_memory_region+0x13b5/0x1d00 [ 1057.468941][ T7552] ? gfn_to_hva+0x470/0x470 [ 1057.473471][ T7552] ? lock_downgrade+0x920/0x920 [ 1057.478398][ T7552] kvm_set_memory_region+0x2f/0x50 [ 1057.483632][ T7552] kvm_vm_ioctl+0x729/0x1860 [ 1057.488248][ T7552] ? debug_check_no_obj_freed+0x20a/0x43f [ 1057.494005][ T7552] ? find_held_lock+0x35/0x130 [ 1057.498796][ T7552] ? kvm_unregister_device_ops+0x70/0x70 [ 1057.504710][ T7552] ? lock_downgrade+0x920/0x920 [ 1057.504725][ T7552] ? rwlock_bug.part.0+0x90/0x90 [ 1057.504741][ T7552] ? tomoyo_path_number_perm+0x214/0x520 [ 1057.504762][ T7552] ? find_held_lock+0x35/0x130 [ 1057.504787][ T7552] ? lock_downgrade+0x920/0x920 [ 1057.525271][ T7552] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1057.525291][ T7552] ? tomoyo_path_number_perm+0x459/0x520 [ 1057.525313][ T7552] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1057.525325][ T7552] ? tomoyo_path_number_perm+0x263/0x520 [ 1057.525340][ T7552] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1057.525372][ T7552] ? kvm_unregister_device_ops+0x70/0x70 [ 1057.525386][ T7552] do_vfs_ioctl+0xdb6/0x13e0 [ 1057.525401][ T7552] ? ioctl_preallocate+0x210/0x210 [ 1057.525418][ T7552] ? __fget+0x384/0x560 [ 1057.547788][ T7552] ? ksys_dup3+0x3e0/0x3e0 [ 1057.583504][ T7552] ? nsecs_to_jiffies+0x30/0x30 [ 1057.588385][ T7552] ? tomoyo_file_ioctl+0x23/0x30 [ 1057.593438][ T7552] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1057.599713][ T7552] ? security_file_ioctl+0x8d/0xc0 [ 1057.599733][ T7552] ksys_ioctl+0xab/0xd0 [ 1057.599751][ T7552] __x64_sys_ioctl+0x73/0xb0 05:20:33 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000006010", 0x66, 0x400}], 0x0, 0x0) [ 1057.599770][ T7552] do_syscall_64+0xfa/0x760 [ 1057.599795][ T7552] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1057.624132][ T7552] RIP: 0033:0x4598e9 [ 1057.628050][ T7552] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1057.647670][ T7552] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1057.647685][ T7552] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1057.647692][ T7552] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1057.647698][ T7552] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1057.647705][ T7552] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1057.647712][ T7552] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff 05:20:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) [ 1057.838826][ T7552] Mem-Info: [ 1057.842289][ T7552] active_anon:147130 inactive_anon:661 isolated_anon:0 [ 1057.842289][ T7552] active_file:21601 inactive_file:29535 isolated_file:0 [ 1057.842289][ T7552] unevictable:4096 dirty:140 writeback:0 unstable:0 [ 1057.842289][ T7552] slab_reclaimable:12999 slab_unreclaimable:96984 [ 1057.842289][ T7552] mapped:58947 shmem:253 pagetables:1509 bounce:0 [ 1057.842289][ T7552] free:1219152 free_pcp:304 free_cma:0 05:20:34 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000001c0)={&(0x7f0000000040)={0x28, 0x23, 0x1, 0x0, 0x0, {0x20000000004, 0xe00000000000000}, [@typed={0x14, 0x0, @ipv6=@ipv4={[], [], @empty}}]}, 0x28}}, 0x0) 05:20:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) [ 1057.880887][ T7552] Node 0 active_anon:588620kB inactive_anon:2644kB active_file:86260kB inactive_file:118140kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235888kB dirty:556kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 565248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1057.926903][ T7564] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities 05:20:34 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) prctl$PR_SET_SPECULATION_CTRL(0x35, 0x0) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/pfkey\x00', 0x5c5c05e7fea4c7b0, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000100)={&(0x7f0000000000)='./file0\x00', r1}, 0x10) 05:20:34 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000006810", 0x66, 0x400}], 0x0, 0x0) [ 1058.041356][ T7552] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1058.103080][ T7552] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:20:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsold']) [ 1058.233465][ T7552] lowmem_reserve[]: 0 2547 2548 2548 [ 1058.256026][ T7552] Node 0 DMA32 free:1083824kB min:36184kB low:45228kB high:54272kB active_anon:588436kB inactive_anon:2644kB active_file:85208kB inactive_file:118100kB unevictable:16384kB writepending:636kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7968kB pagetables:5924kB bounce:0kB free_pcp:1852kB local_pcp:1368kB free_cma:0kB 05:20:34 executing program 5: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f0000000100)={0x0, 0x1200, &(0x7f0000000480)=[{&(0x7f0000000180)="24000000250007031dfffd946fa2830020200a0009000000001d85680c1ba3a20400ff7e280000002600ffffba16a0aa1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) 05:20:34 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r2 = dup(r1) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x12, &(0x7f0000000140)=0x80, 0x4) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1058.373454][ T7552] lowmem_reserve[]: 0 0 1 1 [ 1058.397201][ T7552] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:4kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1058.427206][ T7596] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.5'. 05:20:34 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 1058.446804][ T7552] lowmem_reserve[]: 0 0 0 0 [ 1058.451811][ T7552] Node 1 Normal free:3777712kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1058.495614][ T7587] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1058.513753][ T7552] lowmem_reserve[]: 0 0 0 0 [ 1058.518402][ T7552] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1058.580928][ T7552] Node 0 DMA32: 5856*4kB (UME) 3824*8kB (UME) 2574*16kB (UME) 1112*32kB (UME) 483*64kB (UME) 64*128kB (UM) 14*256kB (UM) 25*512kB (U) 9*1024kB (UE) 6*2048kB (UME) 214*4096kB (UM) = 1084320kB [ 1058.683374][ T7552] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1058.697037][ T7606] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1058.736195][ T7552] Node 1 Normal: 0*4kB 38*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777712kB [ 1058.774020][ T7552] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1058.784267][ T7552] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1058.796357][ T7552] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1058.816225][ T7552] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1058.835638][ T7552] 51400 total pagecache pages [ 1058.841382][ T7552] 0 pages in swap cache [ 1058.847028][ T7552] Swap cache stats: add 0, delete 0, find 0/0 [ 1058.853738][ T7552] Free swap = 0kB [ 1058.857646][ T7552] Total swap = 0kB [ 1058.861633][ T7552] 1965979 pages RAM [ 1058.865898][ T7552] 0 pages HighMem/MovableOnly [ 1058.872864][ T7552] 341179 pages reserved [ 1058.896710][ T7552] 0 pages cma reserved 05:20:35 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000006c10", 0x66, 0x400}], 0x0, 0x0) [ 1059.017431][ T7618] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1059.108216][ T7618] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities 05:20:36 executing program 0: r0 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x1005, 0x0) ioctl$int_in(r0, 0x8000600000500e, 0x0) 05:20:36 executing program 5: mkdir(&(0x7f0000000500)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='overlay\x00', 0x200000, &(0x7f0000000580)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) chdir(&(0x7f0000000000)='./file0\x00') lchown(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) getdents64(r0, &(0x7f0000002800)=""/4096, 0x1041) 05:20:36 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xdea, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) socketpair$unix(0x1, 0x1000000000005, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) syz_open_procfs$namespace(r2, &(0x7f0000000100)='ns/net\x00') userfaultfd(0x800) r3 = socket$inet6_sctp(0xa, 0x2, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000140)={0x0, 0xb93, 0x5, 0x7fffffff, 0xfffffffffffffa77, 0x5, 0x4, 0x101, 0x800, 0x3ff, 0xfffffffffffffffc}, 0xb) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:36 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x700000000000000, 0x500]}) 05:20:36 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 05:20:36 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000007410", 0x66, 0x400}], 0x0, 0x0) [ 1060.405649][ T7635] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1060.410133][ T7633] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1060.471469][ T7634] overlayfs: failed to resolve 'file0': -2 [ 1060.502211][ T7635] CPU: 1 PID: 7635 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1060.511296][ T7635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1060.521402][ T7635] Call Trace: [ 1060.525321][ T7635] dump_stack+0x172/0x1f0 [ 1060.529677][ T7635] warn_alloc.cold+0x87/0x17f [ 1060.534380][ T7635] ? zone_watermark_ok_safe+0x260/0x260 [ 1060.539964][ T7635] ? mark_lock+0xc2/0x1220 [ 1060.544389][ T7635] ? __lock_acquire+0x8a0/0x4a00 [ 1060.544414][ T7635] __vmalloc_node_range+0x483/0x7e0 [ 1060.544430][ T7635] ? is_bpf_text_address+0xac/0x170 [ 1060.544453][ T7635] ? kvm_arch_create_memslot+0xc3/0x570 [ 1060.544474][ T7635] __vmalloc_node_flags_caller+0x71/0x90 [ 1060.554603][ T7635] ? kvm_arch_create_memslot+0xc3/0x570 [ 1060.554623][ T7635] kvmalloc_node+0xdc/0x100 [ 1060.554639][ T7635] kvm_arch_create_memslot+0xc3/0x570 [ 1060.554660][ T7635] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1060.554684][ T7635] __kvm_set_memory_region+0x13b5/0x1d00 [ 1060.577226][ T7635] ? gfn_to_hva+0x470/0x470 [ 1060.577252][ T7635] ? lock_downgrade+0x920/0x920 [ 1060.587296][ T7635] kvm_set_memory_region+0x2f/0x50 [ 1060.587316][ T7635] kvm_vm_ioctl+0x729/0x1860 05:20:37 executing program 0: r0 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) recvmmsg(r0, &(0x7f0000007b00), 0x0, 0x0, 0x0) [ 1060.599210][ T7631] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1060.603710][ T7635] ? debug_check_no_obj_freed+0x20a/0x43f [ 1060.603730][ T7635] ? find_held_lock+0x35/0x130 [ 1060.603747][ T7635] ? kvm_unregister_device_ops+0x70/0x70 [ 1060.603765][ T7635] ? lock_downgrade+0x920/0x920 [ 1060.603778][ T7635] ? rwlock_bug.part.0+0x90/0x90 [ 1060.603799][ T7635] ? tomoyo_path_number_perm+0x214/0x520 [ 1060.658966][ T7635] ? find_held_lock+0x35/0x130 [ 1060.663853][ T7635] ? lock_downgrade+0x920/0x920 [ 1060.668727][ T7635] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1060.674039][ T7635] ? tomoyo_path_number_perm+0x459/0x520 [ 1060.679902][ T7635] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1060.686178][ T7635] ? tomoyo_path_number_perm+0x263/0x520 [ 1060.691846][ T7635] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1060.697706][ T7635] ? kvm_unregister_device_ops+0x70/0x70 [ 1060.703404][ T7635] do_vfs_ioctl+0xdb6/0x13e0 [ 1060.708149][ T7635] ? ioctl_preallocate+0x210/0x210 [ 1060.713286][ T7635] ? __fget+0x384/0x560 [ 1060.717614][ T7635] ? ksys_dup3+0x3e0/0x3e0 05:20:37 executing program 0: r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000140)={0x0, 0x0}) ptrace$setopts(0x4206, r1, 0x0, 0x0) [ 1060.722112][ T7635] ? nsecs_to_jiffies+0x30/0x30 [ 1060.727185][ T7635] ? tomoyo_file_ioctl+0x23/0x30 [ 1060.732241][ T7635] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1060.738517][ T7635] ? security_file_ioctl+0x8d/0xc0 [ 1060.743655][ T7635] ksys_ioctl+0xab/0xd0 [ 1060.747845][ T7635] __x64_sys_ioctl+0x73/0xb0 [ 1060.752470][ T7635] do_syscall_64+0xfa/0x760 [ 1060.757012][ T7635] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1060.762940][ T7635] RIP: 0033:0x4598e9 [ 1060.766863][ T7635] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1060.787127][ T7635] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1060.795982][ T7635] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1060.803959][ T7635] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1060.812026][ T7635] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 05:20:37 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lseek(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x1001000004e23, 0x0, @loopback}, 0x1c) listen(r0, 0x4) ioctl$SIOCRSGCAUSE(0xffffffffffffffff, 0x89e0, &(0x7f0000000080)) open(0x0, 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) r2 = accept(r0, 0x0, 0x0) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000180)='vcan0\x00', 0x10) sendto$packet(r2, &(0x7f0000000040)='u', 0x1, 0x0, 0x0, 0x0) [ 1060.819997][ T7635] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1060.827963][ T7635] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1060.838727][ T7635] Mem-Info: [ 1060.842138][ T7635] active_anon:146651 inactive_anon:662 isolated_anon:0 [ 1060.842138][ T7635] active_file:21601 inactive_file:29559 isolated_file:0 [ 1060.842138][ T7635] unevictable:4096 dirty:197 writeback:0 unstable:0 [ 1060.842138][ T7635] slab_reclaimable:12998 slab_unreclaimable:97041 [ 1060.842138][ T7635] mapped:58982 shmem:252 pagetables:1474 bounce:0 [ 1060.842138][ T7635] free:1219300 free_pcp:642 free_cma:0 [ 1060.885974][ T7635] Node 0 active_anon:586604kB inactive_anon:2648kB active_file:86260kB inactive_file:118236kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:236028kB dirty:784kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 557056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1060.919051][ T7635] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1060.945951][ T7635] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:20:37 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x81, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000, 0x0, 0x1080000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x404}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = syz_open_dev$dspn(&(0x7f0000000000)='/dev/dsp#\x00', 0x40, 0x8000) ioctl$EVIOCGABS2F(r1, 0x8018456f, &(0x7f0000000100)=""/116) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1061.000570][ T7635] lowmem_reserve[]: 0 2547 2548 2548 [ 1061.006292][ T7635] Node 0 DMA32 free:1088516kB min:36184kB low:45228kB high:54272kB active_anon:582168kB inactive_anon:2640kB active_file:85228kB inactive_file:118176kB unevictable:16384kB writepending:840kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7808kB pagetables:5704kB bounce:0kB free_pcp:2632kB local_pcp:1260kB free_cma:0kB [ 1061.039680][ T7635] lowmem_reserve[]: 0 0 1 1 [ 1061.055763][ T7635] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1061.085043][ T7635] lowmem_reserve[]: 0 0 0 0 [ 1061.100212][ T7635] Node 1 Normal free:3777712kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1061.129574][ T7658] ptrace attach of "/root/syz-executor.0"[9008] was attempted by "/root/syz-executor.0"[7658] 05:20:37 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 05:20:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_INTERRUPT(r2, 0x4004ae86, &(0x7f0000000040)) [ 1061.322583][ T7635] lowmem_reserve[]: 0 0 0 0 05:20:37 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000007a10", 0x66, 0x400}], 0x0, 0x0) 05:20:37 executing program 5: clock_adjtime(0x0, &(0x7f0000000040)={0x0, 0x0, 0x400, 0x6, 0x0, 0x4, 0x0, 0x5, 0x80000000, 0x0, 0xffffffff00000000, 0x0, 0x0, 0x0, 0x841, 0x1, 0x0, 0xfffffffffffffff7, 0x0, 0x0, 0x2, 0x0, 0x6}) open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x0, 0x0, 0x0) setxattr$security_evm(&(0x7f0000000200)='./file0\x00', 0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, &(0x7f0000000280), 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x89b0, &(0x7f0000000080)={'sit0\x00', @ifru_flags}) [ 1061.375140][ T7635] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1061.433304][ T7676] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1061.457130][ T7635] Node 0 DMA32: 6279*4kB (UME) 3984*8kB (UME) 2410*16kB (UME) 1141*32kB (UME) 485*64kB (UME) 64*128kB (UM) 14*256kB (UM) 25*512kB (U) 9*1024kB (UE) 9*2048kB (UME) 214*4096kB (UM) = 1091868kB [ 1061.567195][ T7635] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1061.602331][ T7635] Node 1 Normal: 1*4kB (U) 6*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777460kB 05:20:38 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) r2 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x80) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000040)='/proc/capi/capi20ncci\x00', 0x4000, 0x0) getsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f0000000100)=0x716f, &(0x7f0000000140)=0x2) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r2, 0x81785501, &(0x7f0000000340)=""/94) connect$caif(r2, &(0x7f0000000200), 0x18) ioctl$TUNGETDEVNETNS(r2, 0x54e3, 0x0) ioctl$VIDIOC_G_CTRL(r2, 0xc008561b, &(0x7f0000000000)={0x7, 0xffffffff}) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) readv(r0, &(0x7f00000004c0)=[{&(0x7f0000000240)}, {&(0x7f0000000280)=""/16, 0x10}, {&(0x7f00000002c0)=""/128, 0x80}, {&(0x7f00000003c0)=""/193, 0xc1}], 0x4) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r4 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x0, 0x80) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r4, 0x81785501, &(0x7f0000000340)=""/94) connect$caif(r4, &(0x7f0000000200), 0x18) ioctl$TUNGETDEVNETNS(r4, 0x54e3, 0x0) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) dup3(0xffffffffffffffff, r5, 0x80000) write$UHID_INPUT2(r4, &(0x7f0000000180)={0xc, 0x75, "a7fa1778b3a18a2c8f21d351a3525cbcd603d72870ebdcd92b3f2717926ebf530f46b9989b681b98f840e04479f1445c8bdea6cfa8e02e31bfd0da28eb496f932fd4d49b7ecd77f8893b0200b05cb60cbc1285df803885928581186f9d28e469bf8a4b7ef902e01ee1f94aaf4396ec6a004ce92cae"}, 0x7b) [ 1061.646056][ T7635] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1061.684654][ T7635] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1061.765375][ T7635] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1061.799692][ T7689] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1061.822579][ T7635] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1061.860114][ T7635] 51423 total pagecache pages [ 1061.932704][ T7635] 0 pages in swap cache [ 1061.936967][ T7635] Swap cache stats: add 0, delete 0, find 0/0 [ 1062.003653][ T7635] Free swap = 0kB [ 1062.007582][ T7635] Total swap = 0kB [ 1062.034046][ T7635] 1965979 pages RAM [ 1062.037911][ T7635] 0 pages HighMem/MovableOnly [ 1062.052752][ T7635] 341179 pages reserved [ 1062.056954][ T7635] 0 pages cma reserved 05:20:38 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x900000000000000, 0x500]}) 05:20:38 executing program 5: r0 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f00000001c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) r1 = add_key$keyring(&(0x7f0000001000)='keyring\x00', &(0x7f0000000000)={'syz'}, 0x0, 0x0, r0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000280)='asymmetric\x00\xf3\xad\xe75\xf9\x03\x00AU\xa0\xe1\x94N\xd8\xdfLA\x1e0\x89dm\x10\xb4e\xa6\x91\v\x13', &(0x7f0000000240)=@keyring={'key_or_keyring:', r0}) r2 = add_key$keyring(&(0x7f0000000100)='keyring\x00', &(0x7f00000001c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000340)='asymmetric\x00', &(0x7f0000000300)=@chain={'key_or_keyring:', r1, ':chain\x00'}) 05:20:38 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[]) 05:20:38 executing program 0: r0 = perf_event_open(&(0x7f0000014f88)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) readv(r0, &(0x7f0000734000)=[{&(0x7f0000d42000)=""/146, 0x92}], 0x1) 05:20:38 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200ffffff8c10", 0x66, 0x400}], 0x0, 0x0) 05:20:38 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:38 executing program 5: openat$vnet(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vhost-net\x00', 0x2, 0x0) syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x0) pipe(&(0x7f0000000680)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000080)={0xff}, &(0x7f0000000200), 0x0) [ 1062.217205][ T7715] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 05:20:38 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f0000ef8cfd)={0xa, 0x1001000004e23, 0x0, @loopback}, 0x1c) listen(r0, 0x4) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r1, 0x84, 0x6b, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) r2 = accept(r0, 0x0, 0x0) sendto$packet(r2, &(0x7f0000000040)='u', 0x1, 0x0, 0x0, 0x0) 05:20:38 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) readv(r1, &(0x7f0000003740)=[{&(0x7f00000001c0)=""/237, 0x17c}, {&(0x7f0000000340)=""/195}, {&(0x7f0000002480)=""/160}, {&(0x7f0000002540)=""/75}, {&(0x7f00000025c0)=""/4096}, {&(0x7f00000035c0)=""/216}], 0x291) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r1, &(0x7f0000000080), 0x8) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r1, 0xc0305710, &(0x7f0000000000)={0x1, 0x641, 0x9, 0x7}) [ 1062.347684][ T7727] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1062.366239][ T7727] CPU: 1 PID: 7727 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1062.375318][ T7727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1062.385595][ T7727] Call Trace: [ 1062.388920][ T7727] dump_stack+0x172/0x1f0 [ 1062.393336][ T7727] warn_alloc.cold+0x87/0x17f [ 1062.398014][ T7727] ? zone_watermark_ok_safe+0x260/0x260 [ 1062.403570][ T7727] ? mark_lock+0xc2/0x1220 [ 1062.407985][ T7727] ? __lock_acquire+0x8a0/0x4a00 [ 1062.412942][ T7727] __vmalloc_node_range+0x483/0x7e0 [ 1062.418137][ T7727] ? is_bpf_text_address+0xac/0x170 [ 1062.423528][ T7727] ? kvm_arch_create_memslot+0xc3/0x570 [ 1062.429085][ T7727] __vmalloc_node_flags_caller+0x71/0x90 [ 1062.434726][ T7727] ? kvm_arch_create_memslot+0xc3/0x570 [ 1062.444184][ T7727] kvmalloc_node+0xdc/0x100 [ 1062.448712][ T7727] kvm_arch_create_memslot+0xc3/0x570 [ 1062.454187][ T7727] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1062.460485][ T7727] __kvm_set_memory_region+0x13b5/0x1d00 [ 1062.466246][ T7727] ? gfn_to_hva+0x470/0x470 [ 1062.470842][ T7727] ? lock_downgrade+0x920/0x920 [ 1062.475784][ T7727] kvm_set_memory_region+0x2f/0x50 [ 1062.480920][ T7727] kvm_vm_ioctl+0x729/0x1860 [ 1062.485515][ T7727] ? debug_check_no_obj_freed+0x20a/0x43f [ 1062.491260][ T7727] ? find_held_lock+0x35/0x130 [ 1062.496054][ T7727] ? kvm_unregister_device_ops+0x70/0x70 [ 1062.501785][ T7727] ? lock_downgrade+0x920/0x920 [ 1062.506645][ T7727] ? rwlock_bug.part.0+0x90/0x90 [ 1062.511586][ T7727] ? tomoyo_path_number_perm+0x214/0x520 [ 1062.517242][ T7727] ? find_held_lock+0x35/0x130 [ 1062.522018][ T7727] ? lock_downgrade+0x920/0x920 [ 1062.526865][ T7727] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1062.532159][ T7727] ? tomoyo_path_number_perm+0x459/0x520 [ 1062.537810][ T7727] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1062.544048][ T7727] ? tomoyo_path_number_perm+0x263/0x520 [ 1062.549693][ T7727] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1062.555514][ T7727] ? kvm_unregister_device_ops+0x70/0x70 [ 1062.561145][ T7727] do_vfs_ioctl+0xdb6/0x13e0 [ 1062.565744][ T7727] ? ioctl_preallocate+0x210/0x210 [ 1062.570850][ T7727] ? __fget+0x384/0x560 [ 1062.575187][ T7727] ? ksys_dup3+0x3e0/0x3e0 [ 1062.579601][ T7727] ? nsecs_to_jiffies+0x30/0x30 [ 1062.584615][ T7727] ? tomoyo_file_ioctl+0x23/0x30 [ 1062.589579][ T7727] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1062.595838][ T7727] ? security_file_ioctl+0x8d/0xc0 [ 1062.600972][ T7727] ksys_ioctl+0xab/0xd0 [ 1062.605215][ T7727] __x64_sys_ioctl+0x73/0xb0 [ 1062.609884][ T7727] do_syscall_64+0xfa/0x760 [ 1062.614571][ T7727] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1062.620618][ T7727] RIP: 0033:0x4598e9 [ 1062.624509][ T7727] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1062.644121][ T7727] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1062.652529][ T7727] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1062.661020][ T7727] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1062.668996][ T7727] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1062.677314][ T7727] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1062.685473][ T7727] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1062.694083][ T7727] Mem-Info: [ 1062.697437][ T7727] active_anon:146082 inactive_anon:657 isolated_anon:0 [ 1062.697437][ T7727] active_file:21605 inactive_file:29571 isolated_file:0 [ 1062.697437][ T7727] unevictable:4096 dirty:222 writeback:0 unstable:0 [ 1062.697437][ T7727] slab_reclaimable:13001 slab_unreclaimable:96755 [ 1062.697437][ T7727] mapped:58987 shmem:252 pagetables:1437 bounce:0 [ 1062.697437][ T7727] free:1220248 free_pcp:590 free_cma:0 [ 1062.736835][ T7727] Node 0 active_anon:584328kB inactive_anon:2628kB active_file:86276kB inactive_file:118284kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235948kB dirty:884kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 563200kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1062.766889][ T7727] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1062.815776][ T7727] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1062.849791][ T7727] lowmem_reserve[]: 0 2547 2548 2548 [ 1062.855567][ T7727] Node 0 DMA32 free:1087792kB min:36184kB low:45228kB high:54272kB active_anon:584408kB inactive_anon:2628kB active_file:85224kB inactive_file:118200kB unevictable:16384kB writepending:876kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7904kB pagetables:5748kB bounce:0kB free_pcp:2148kB local_pcp:1268kB free_cma:0kB [ 1062.855609][ T7727] lowmem_reserve[]: 0 0 1 1 [ 1062.855628][ T7727] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1062.855660][ T7727] lowmem_reserve[]: 0 0 0 0 [ 1062.960215][ T7712] EXT4-fs (loop3): Can't mount with encoding and encryption 05:20:39 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[]) 05:20:39 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5413, &(0x7f0000000040)) [ 1063.012467][ T7727] Node 1 Normal free:3777460kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 1063.080785][ T7727] lowmem_reserve[]: 0 0 0 0 05:20:39 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe2020000004ec010", 0x66, 0x400}], 0x0, 0x0) [ 1063.131378][ T7727] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1063.158360][ T7744] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1063.249619][ T7727] Node 0 DMA32: 6584*4kB (UME) 3852*8kB (UME) 2319*16kB (UME) 1159*32kB (UME) 492*64kB (UME) 62*128kB (UM) 10*256kB (UM) 25*512kB (U) 9*1024kB (UE) 6*2048kB (UME) 214*4096kB (UM) = 1084176kB [ 1063.280183][ T7744] CPU: 1 PID: 7744 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1063.289261][ T7744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1063.299567][ T7744] Call Trace: [ 1063.301984][ T7727] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1063.303031][ T7744] dump_stack+0x172/0x1f0 [ 1063.303055][ T7744] warn_alloc.cold+0x87/0x17f [ 1063.303069][ T7744] ? zone_watermark_ok_safe+0x260/0x260 [ 1063.303101][ T7744] ? mark_lock+0xc2/0x1220 [ 1063.315906][ T7727] Node 1 Normal: 1*4kB (U) 6*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777460kB [ 1063.319659][ T7744] ? __lock_acquire+0x8a0/0x4a00 [ 1063.319688][ T7744] __vmalloc_node_range+0x483/0x7e0 [ 1063.319705][ T7744] ? is_bpf_text_address+0xac/0x170 [ 1063.319727][ T7744] ? kvm_arch_create_memslot+0xc3/0x570 [ 1063.324962][ T7727] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1063.329928][ T7744] __vmalloc_node_flags_caller+0x71/0x90 [ 1063.329947][ T7744] ? kvm_arch_create_memslot+0xc3/0x570 [ 1063.329966][ T7744] kvmalloc_node+0xdc/0x100 [ 1063.329988][ T7744] kvm_arch_create_memslot+0xc3/0x570 [ 1063.334870][ T7727] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1063.351167][ T7744] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1063.351188][ T7744] __kvm_set_memory_region+0x13b5/0x1d00 [ 1063.351216][ T7744] ? gfn_to_hva+0x470/0x470 [ 1063.351242][ T7744] ? lock_downgrade+0x920/0x920 [ 1063.351271][ T7744] kvm_set_memory_region+0x2f/0x50 [ 1063.356790][ T7727] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1063.361401][ T7744] kvm_vm_ioctl+0x729/0x1860 [ 1063.361421][ T7744] ? debug_check_no_obj_freed+0x20a/0x43f [ 1063.361437][ T7744] ? find_held_lock+0x35/0x130 [ 1063.361450][ T7744] ? kvm_unregister_device_ops+0x70/0x70 [ 1063.361469][ T7744] ? lock_downgrade+0x920/0x920 [ 1063.367257][ T7727] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1063.372206][ T7744] ? rwlock_bug.part.0+0x90/0x90 [ 1063.372224][ T7744] ? tomoyo_path_number_perm+0x214/0x520 [ 1063.372239][ T7744] ? find_held_lock+0x35/0x130 [ 1063.372263][ T7744] ? lock_downgrade+0x920/0x920 [ 1063.372276][ T7744] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1063.372293][ T7744] ? tomoyo_path_number_perm+0x459/0x520 [ 1063.382438][ T7727] 51437 total pagecache pages [ 1063.387559][ T7744] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1063.387574][ T7744] ? tomoyo_path_number_perm+0x263/0x520 [ 1063.387591][ T7744] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1063.387624][ T7744] ? kvm_unregister_device_ops+0x70/0x70 [ 1063.393609][ T7727] 0 pages in swap cache [ 1063.397668][ T7744] do_vfs_ioctl+0xdb6/0x13e0 [ 1063.397688][ T7744] ? ioctl_preallocate+0x210/0x210 [ 1063.397702][ T7744] ? __fget+0x384/0x560 [ 1063.397719][ T7744] ? ksys_dup3+0x3e0/0x3e0 [ 1063.397739][ T7744] ? nsecs_to_jiffies+0x30/0x30 [ 1063.403583][ T7727] Swap cache stats: add 0, delete 0, find 0/0 [ 1063.412836][ T7744] ? tomoyo_file_ioctl+0x23/0x30 [ 1063.412856][ T7744] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1063.412871][ T7744] ? security_file_ioctl+0x8d/0xc0 [ 1063.412888][ T7744] ksys_ioctl+0xab/0xd0 [ 1063.412904][ T7744] __x64_sys_ioctl+0x73/0xb0 [ 1063.412926][ T7744] do_syscall_64+0xfa/0x760 [ 1063.420759][ T7727] Free swap = 0kB [ 1063.424807][ T7744] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1063.424820][ T7744] RIP: 0033:0x4598e9 [ 1063.424835][ T7744] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1063.424842][ T7744] RSP: 002b:00007f92b6d82c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1063.424855][ T7744] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1063.424863][ T7744] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1063.424875][ T7744] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1063.429927][ T7727] Total swap = 0kB [ 1063.434293][ T7744] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6d836d4 [ 1063.434301][ T7744] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1063.481959][ T7727] 1965979 pages RAM 05:20:40 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0xa00000000000000, 0x500]}) 05:20:40 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000000100)={0x0, 0x6, 0x2, 0x5, 0x4, [{0xcbb6, 0x7, 0x7fffffff, 0x0, 0x0, 0x800}, {0x1f, 0x0, 0x4, 0x0, 0x0, 0xc08}, {0x9, 0xae2f, 0x2, 0x0, 0x0, 0x1804}, {0x4, 0x6, 0x400, 0x0, 0x0, 0x100}]}) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0xffffffffffffffff]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1063.533498][ T7727] 0 pages HighMem/MovableOnly [ 1063.545040][ T7727] 341179 pages reserved [ 1063.545046][ T7727] 0 pages cma reserved [ 1063.723309][ T7752] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1063.741087][ T7757] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1063.872316][ T7773] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:20:40 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$reiserfs(&(0x7f0000000080)='reiserfs\x00', &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={[{@commit={'commit', 0x3d, 0x10000000}, 0x37}]}) 05:20:40 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000000edc010", 0x66, 0x400}], 0x0, 0x0) 05:20:40 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1064.072859][ T7773] CPU: 0 PID: 7773 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1064.082104][ T7773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1064.092173][ T7773] Call Trace: [ 1064.095485][ T7773] dump_stack+0x172/0x1f0 [ 1064.099846][ T7773] warn_alloc.cold+0x87/0x17f [ 1064.104556][ T7773] ? zone_watermark_ok_safe+0x260/0x260 [ 1064.110223][ T7773] ? mark_lock+0xc2/0x1220 [ 1064.114665][ T7773] ? __lock_acquire+0x8a0/0x4a00 [ 1064.119638][ T7773] __vmalloc_node_range+0x483/0x7e0 [ 1064.124861][ T7773] ? is_bpf_text_address+0xac/0x170 [ 1064.130093][ T7773] ? kvm_arch_create_memslot+0xc3/0x570 [ 1064.135666][ T7773] __vmalloc_node_flags_caller+0x71/0x90 [ 1064.141492][ T7773] ? kvm_arch_create_memslot+0xc3/0x570 [ 1064.141519][ T7773] kvmalloc_node+0xdc/0x100 [ 1064.151570][ T7773] kvm_arch_create_memslot+0xc3/0x570 [ 1064.156964][ T7773] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1064.163227][ T7773] __kvm_set_memory_region+0x13b5/0x1d00 [ 1064.169001][ T7773] ? gfn_to_hva+0x470/0x470 [ 1064.173540][ T7773] ? lock_downgrade+0x920/0x920 [ 1064.178454][ T7773] kvm_set_memory_region+0x2f/0x50 [ 1064.183612][ T7773] kvm_vm_ioctl+0x729/0x1860 [ 1064.188235][ T7773] ? debug_check_no_obj_freed+0x20a/0x43f [ 1064.194001][ T7773] ? find_held_lock+0x35/0x130 [ 1064.194020][ T7773] ? kvm_unregister_device_ops+0x70/0x70 [ 1064.194039][ T7773] ? lock_downgrade+0x920/0x920 [ 1064.194051][ T7773] ? rwlock_bug.part.0+0x90/0x90 [ 1064.194066][ T7773] ? tomoyo_path_number_perm+0x214/0x520 [ 1064.194079][ T7773] ? find_held_lock+0x35/0x130 [ 1064.194100][ T7773] ? lock_downgrade+0x920/0x920 [ 1064.194113][ T7773] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1064.194130][ T7773] ? tomoyo_path_number_perm+0x459/0x520 [ 1064.194150][ T7773] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1064.194168][ T7773] ? tomoyo_path_number_perm+0x263/0x520 [ 1064.252459][ T7773] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1064.258307][ T7773] ? kvm_unregister_device_ops+0x70/0x70 [ 1064.263967][ T7773] do_vfs_ioctl+0xdb6/0x13e0 [ 1064.268575][ T7773] ? ioctl_preallocate+0x210/0x210 [ 1064.273690][ T7773] ? __fget+0x384/0x560 [ 1064.277855][ T7773] ? ksys_dup3+0x3e0/0x3e0 [ 1064.282290][ T7773] ? nsecs_to_jiffies+0x30/0x30 [ 1064.287155][ T7773] ? tomoyo_file_ioctl+0x23/0x30 [ 1064.292102][ T7773] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1064.292118][ T7773] ? security_file_ioctl+0x8d/0xc0 [ 1064.292132][ T7773] ksys_ioctl+0xab/0xd0 [ 1064.292147][ T7773] __x64_sys_ioctl+0x73/0xb0 [ 1064.292163][ T7773] do_syscall_64+0xfa/0x760 [ 1064.292182][ T7773] entry_SYSCALL_64_after_hwframe+0x49/0xbe 05:20:40 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[]) [ 1064.292197][ T7773] RIP: 0033:0x4598e9 [ 1064.292212][ T7773] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1064.292220][ T7773] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1064.292233][ T7773] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1064.292240][ T7773] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1064.292247][ T7773] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1064.292253][ T7773] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1064.292260][ T7773] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1064.351492][ T7773] warn_alloc_show_mem: 1 callbacks suppressed [ 1064.351498][ T7773] Mem-Info: [ 1064.390456][ T7784] REISERFS warning (device loop0): super-6508 reiserfs_parse_options: bad value 0x00000000100000007 for -ocommit [ 1064.390456][ T7784] [ 1064.430706][ T7788] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities 05:20:40 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x81000) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:40 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) close(r0) socket$l2tp(0x18, 0x1, 0x1) io_setup(0x200, &(0x7f0000000140)=0x0) io_submit(r1, 0x343, &(0x7f0000000040)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, r0, 0x0, 0xef}]) [ 1064.481216][ T7773] active_anon:146106 inactive_anon:657 isolated_anon:0 [ 1064.481216][ T7773] active_file:21607 inactive_file:29589 isolated_file:0 [ 1064.481216][ T7773] unevictable:4096 dirty:240 writeback:0 unstable:0 [ 1064.481216][ T7773] slab_reclaimable:13024 slab_unreclaimable:97100 [ 1064.481216][ T7773] mapped:59007 shmem:252 pagetables:1421 bounce:0 [ 1064.481216][ T7773] free:1219720 free_pcp:653 free_cma:0 [ 1064.527710][ T7773] Node 0 active_anon:584424kB inactive_anon:2628kB active_file:86284kB inactive_file:118356kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:236028kB dirty:956kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 561152kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1064.591810][ T7773] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:20:41 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200fffffff510", 0x66, 0x400}], 0x0, 0x0) [ 1064.673229][ T7795] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 05:20:41 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) unlink(&(0x7f0000000080)='./file0\x00') mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000100)='tmpfs\x00\x9bZ\x12\xc1\x0e<\xed\x8a\x9e\x86x\xb2 \x1e\v\x98n\x03\xd6\x97\xa9\xe4n', 0x0, 0x0) perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3fffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x440, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r0 = socket$alg(0x26, 0x5, 0x0) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(0xffffffffffffffff, 0x12, 0x2, 0x0, &(0x7f0000000140)) bind$alg(r0, &(0x7f0000000240)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='pagemap\x00') sendfile(r1, r2, 0x0, 0x50000000000443) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) open$dir(&(0x7f0000000180)='./file0\x00', 0x101000, 0x4) 05:20:41 executing program 5: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$sock_int(r0, 0x1, 0x2, &(0x7f0000000300)=0x4, 0x4) listen(r0, 0x0) [ 1064.797514][ T7773] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1065.031514][ T7814] EXT4-fs (loop3): Can't mount with encoding and encryption [ 1065.063112][ T7773] lowmem_reserve[]: 0 2547 2548 2548 [ 1065.069297][ T7773] Node 0 DMA32 free:1084028kB min:36184kB low:45228kB high:54272kB active_anon:582232kB inactive_anon:2636kB active_file:85224kB inactive_file:118308kB unevictable:16384kB writepending:992kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7808kB pagetables:5692kB bounce:0kB free_pcp:2184kB local_pcp:1272kB free_cma:0kB [ 1065.102902][ T7773] lowmem_reserve[]: 0 0 1 1 [ 1065.107600][ T7773] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1065.135591][ T7773] lowmem_reserve[]: 0 0 0 0 [ 1065.140399][ T7773] Node 1 Normal free:3777708kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1065.258646][ T7773] lowmem_reserve[]: 0 0 0 0 [ 1065.268202][ T7773] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1065.289793][ T7773] Node 0 DMA32: 7135*4kB (UME) 3967*8kB (UME) 1876*16kB (UME) 1171*32kB (UME) 503*64kB (UME) 65*128kB (UM) 8*256kB (UM) 25*512kB (U) 9*1024kB (UE) 10*2048kB (UME) 214*4096kB (UM) = 1089364kB [ 1065.309276][ T7773] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1065.322001][ T7773] Node 1 Normal: 1*4kB (U) 37*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777708kB [ 1065.339272][ T7773] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1065.349267][ T7773] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1065.358708][ T7773] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1065.368574][ T7773] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1065.378629][ T7773] 51455 total pagecache pages [ 1065.383382][ T7773] 0 pages in swap cache [ 1065.387627][ T7773] Swap cache stats: add 0, delete 0, find 0/0 [ 1065.393772][ T7773] Free swap = 0kB [ 1065.398543][ T7773] Total swap = 0kB [ 1065.402582][ T7773] 1965979 pages RAM [ 1065.406476][ T7773] 0 pages HighMem/MovableOnly [ 1065.411579][ T7773] 341179 pages reserved [ 1065.415785][ T7773] 0 pages cma reserved 05:20:41 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x2000000000000000, 0x500]}) 05:20:41 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) readv(r0, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r0, &(0x7f0000000080), 0x8) ioctl$IMDELTIMER(r0, 0x80044941, &(0x7f0000000140)=0x1) r1 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0) r2 = syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x2, 0x2) r3 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f0000000440)={r4, @in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, 0x84) getsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000000)={r4, 0x8}, &(0x7f0000000040)=0x8) r5 = userfaultfd(0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r5, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:41 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB]) 05:20:41 executing program 5: socket$inet(0x2b, 0x1, 0x0) r0 = socket$inet6(0xa, 0x100000000000001, 0x84) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$inet6(0xa, 0x100000000000001, 0x0) pipe(&(0x7f0000000440)={0xffffffffffffffff}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) pselect6(0x7, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r2+30000000}, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 05:20:41 executing program 0: gettid() timer_create(0xb, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000400)) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x77359400}, {0x0, 0x1c9c380}}, 0x0) r0 = signalfd4(0xffffffffffffffff, &(0x7f0000000ff8)={0xfffffffffffffdb1}, 0x8, 0x0) read(r0, &(0x7f0000000080)=""/128, 0x88308aa) 05:20:41 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200fffffff610", 0x66, 0x400}], 0x0, 0x0) 05:20:42 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) ptrace$setsig(0x4203, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x1}) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) getsockopt$inet6_opts(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000580)=""/143, &(0x7f0000000340)=0xfee5) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) accept4(0xffffffffffffffff, &(0x7f00000006c0)=@tipc=@name, &(0x7f0000000440)=0x80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getpeername$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x0, 0x0, @remote}, &(0x7f0000000480)=0x1c) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) getcwd(&(0x7f00000004c0)=""/98, 0x62) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=ANY=[@ANYBLOB], 0x1}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x0, 0x0) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1065.596864][ T7848] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1065.619865][ T7845] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1065.702821][ T7848] CPU: 0 PID: 7848 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1065.712089][ T7848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1065.722452][ T7848] Call Trace: [ 1065.722480][ T7848] dump_stack+0x172/0x1f0 [ 1065.722503][ T7848] warn_alloc.cold+0x87/0x17f [ 1065.722520][ T7848] ? zone_watermark_ok_safe+0x260/0x260 [ 1065.722549][ T7848] ? mark_lock+0xc2/0x1220 [ 1065.722562][ T7848] ? __lock_acquire+0x8a0/0x4a00 [ 1065.722589][ T7848] __vmalloc_node_range+0x483/0x7e0 [ 1065.722606][ T7848] ? is_bpf_text_address+0xac/0x170 [ 1065.722628][ T7848] ? kvm_arch_create_memslot+0xc3/0x570 [ 1065.730253][ T7848] __vmalloc_node_flags_caller+0x71/0x90 [ 1065.730292][ T7848] ? kvm_arch_create_memslot+0xc3/0x570 [ 1065.730308][ T7848] kvmalloc_node+0xdc/0x100 [ 1065.730328][ T7848] kvm_arch_create_memslot+0xc3/0x570 [ 1065.787977][ T7848] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1065.795304][ T7848] __kvm_set_memory_region+0x13b5/0x1d00 [ 1065.801228][ T7848] ? gfn_to_hva+0x470/0x470 [ 1065.807062][ T7848] ? lock_downgrade+0x920/0x920 [ 1065.811959][ T7848] kvm_set_memory_region+0x2f/0x50 [ 1065.817067][ T7848] kvm_vm_ioctl+0x729/0x1860 [ 1065.821661][ T7848] ? debug_check_no_obj_freed+0x20a/0x43f [ 1065.827397][ T7848] ? find_held_lock+0x35/0x130 [ 1065.833835][ T7848] ? kvm_unregister_device_ops+0x70/0x70 [ 1065.839469][ T7848] ? lock_downgrade+0x920/0x920 [ 1065.844313][ T7848] ? rwlock_bug.part.0+0x90/0x90 [ 1065.849623][ T7848] ? tomoyo_path_number_perm+0x214/0x520 [ 1065.855268][ T7848] ? find_held_lock+0x35/0x130 [ 1065.860122][ T7848] ? lock_downgrade+0x920/0x920 [ 1065.865311][ T7848] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1065.870647][ T7848] ? tomoyo_path_number_perm+0x459/0x520 [ 1065.876282][ T7848] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1065.882778][ T7848] ? tomoyo_path_number_perm+0x263/0x520 [ 1065.888761][ T7848] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1065.894596][ T7848] ? kvm_unregister_device_ops+0x70/0x70 [ 1065.900396][ T7848] do_vfs_ioctl+0xdb6/0x13e0 [ 1065.904991][ T7848] ? ioctl_preallocate+0x210/0x210 [ 1065.910147][ T7848] ? __fget+0x384/0x560 [ 1065.914299][ T7848] ? ksys_dup3+0x3e0/0x3e0 [ 1065.918880][ T7848] ? nsecs_to_jiffies+0x30/0x30 [ 1065.923820][ T7848] ? tomoyo_file_ioctl+0x23/0x30 [ 1065.928798][ T7848] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1065.935031][ T7848] ? security_file_ioctl+0x8d/0xc0 [ 1065.940150][ T7848] ksys_ioctl+0xab/0xd0 [ 1065.944302][ T7848] __x64_sys_ioctl+0x73/0xb0 [ 1065.948984][ T7848] do_syscall_64+0xfa/0x760 [ 1065.953483][ T7848] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1065.959450][ T7848] RIP: 0033:0x4598e9 [ 1065.963422][ T7848] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1065.983220][ T7848] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1065.991814][ T7848] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1065.999860][ T7848] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1066.007825][ T7848] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1066.015787][ T7848] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1066.023748][ T7848] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1066.071914][ T7841] EXT4-fs (loop3): Can't mount with encoding and encryption [ 1066.092979][ T7848] Mem-Info: [ 1066.096996][ T7848] active_anon:149214 inactive_anon:662 isolated_anon:0 [ 1066.096996][ T7848] active_file:21607 inactive_file:29606 isolated_file:0 [ 1066.096996][ T7848] unevictable:4096 dirty:261 writeback:0 unstable:0 [ 1066.096996][ T7848] slab_reclaimable:13060 slab_unreclaimable:97929 [ 1066.096996][ T7848] mapped:58977 shmem:253 pagetables:1496 bounce:0 [ 1066.096996][ T7848] free:1215873 free_pcp:375 free_cma:0 [ 1066.137323][ T7848] Node 0 active_anon:596856kB inactive_anon:2648kB active_file:86284kB inactive_file:118424kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235908kB dirty:1040kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 571392kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1066.170720][ T7848] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:20:42 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB]) [ 1066.220978][ T7848] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:20:42 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200fffffdf910", 0x66, 0x400}], 0x0, 0x0) [ 1066.374687][ T7848] lowmem_reserve[]: 0 2547 2548 2548 05:20:42 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007ff, &(0x7f0000deaff0)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x40000106) 05:20:42 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x477dac84ef26418c}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000100)={0x15, 0x110, 0xfa00, {r2, 0x3, 0x0, 0x0, 0x0, @in={0x2, 0x4e24, @loopback}, @in6={0xa, 0x4e24, 0x1, @loopback, 0x14364000}}}, 0x118) [ 1066.421525][ T7848] Node 0 DMA32 free:1086380kB min:36184kB low:45228kB high:54272kB active_anon:580284kB inactive_anon:2648kB active_file:85232kB inactive_file:118340kB unevictable:16384kB writepending:1032kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7872kB pagetables:5984kB bounce:0kB free_pcp:1704kB local_pcp:1192kB free_cma:0kB 05:20:42 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x200004) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, 0x0, 0x0) sendfile(r0, r2, 0x0, 0x80001d00c0d0) getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)=""/115, 0x0) [ 1066.499488][ T7870] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1066.558927][ T7848] lowmem_reserve[]: 0 0 1 1 [ 1066.577610][ T7848] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1066.652468][ T7848] lowmem_reserve[]: 0 0 0 0 [ 1066.665384][ T7848] Node 1 Normal free:3777708kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1066.750645][ T7875] EXT4-fs (loop3): Can't mount with encoding and encryption [ 1066.752323][ T7848] lowmem_reserve[]: 0 0 0 0 [ 1066.804509][ T7848] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1066.922952][ T7848] Node 0 DMA32: 7005*4kB (UME) 3840*8kB (UME) 1794*16kB (UME) 1164*32kB (UME) 510*64kB (UME) 61*128kB (UM) 8*256kB (UM) 25*512kB (U) 9*1024kB (UE) 10*2048kB (UME) 214*4096kB (UM) = 1086228kB [ 1066.993559][ T7848] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1067.012335][ T7848] Node 1 Normal: 1*4kB (U) 37*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777708kB [ 1067.029480][ T7848] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1067.039443][ T7848] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1067.049019][ T7848] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1067.058750][ T7848] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1067.068507][ T7848] 51471 total pagecache pages [ 1067.073423][ T7848] 0 pages in swap cache [ 1067.077610][ T7848] Swap cache stats: add 0, delete 0, find 0/0 [ 1067.084133][ T7848] Free swap = 0kB [ 1067.087870][ T7848] Total swap = 0kB [ 1067.091594][ T7848] 1965979 pages RAM [ 1067.095452][ T7848] 0 pages HighMem/MovableOnly [ 1067.100146][ T7848] 341179 pages reserved [ 1067.104447][ T7848] 0 pages cma reserved 05:20:43 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x200a000000000000, 0x500]}) 05:20:43 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, r0, 0x0, 0x420000a77, 0x0) write$binfmt_elf64(r3, &(0x7f0000000000)=ANY=[], 0xfffffd88) close(r1) 05:20:43 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB]) 05:20:43 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x40, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x7ff, 0xffffffffffff8da7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc7bf, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x75, 0x0, 0x40000000000040, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:43 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x100000, 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f0000000640)='.', 0x0, 0x23080, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x80000, 0x0) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) mount(&(0x7f0000000080), &(0x7f0000000140)='.', 0x0, 0x5110, 0x0) mount(&(0x7f0000000000), &(0x7f0000000140)='.', 0x0, 0x2003002480, 0x0) 05:20:43 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200000000ff10", 0x66, 0x400}], 0x0, 0x0) [ 1067.261028][ T7905] REISERFS warning (device loop2): sh-2021 reiserfs_fill_super: can not find reiserfs on loop2 [ 1067.291395][ T7916] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1067.351914][ T7916] CPU: 1 PID: 7916 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1067.360983][ T7916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1067.371048][ T7916] Call Trace: [ 1067.371078][ T7916] dump_stack+0x172/0x1f0 [ 1067.371099][ T7916] warn_alloc.cold+0x87/0x17f [ 1067.371114][ T7916] ? zone_watermark_ok_safe+0x260/0x260 [ 1067.371142][ T7916] ? mark_lock+0xc2/0x1220 [ 1067.371152][ T7916] ? __lock_acquire+0x8a0/0x4a00 [ 1067.371173][ T7916] __vmalloc_node_range+0x483/0x7e0 [ 1067.403598][ T7916] ? is_bpf_text_address+0xac/0x170 [ 1067.408829][ T7916] ? kvm_arch_create_memslot+0xc3/0x570 [ 1067.414399][ T7916] __vmalloc_node_flags_caller+0x71/0x90 [ 1067.420173][ T7916] ? kvm_arch_create_memslot+0xc3/0x570 [ 1067.425765][ T7916] kvmalloc_node+0xdc/0x100 [ 1067.430300][ T7916] kvm_arch_create_memslot+0xc3/0x570 [ 1067.435700][ T7916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1067.441964][ T7916] __kvm_set_memory_region+0x13b5/0x1d00 [ 1067.447632][ T7916] ? gfn_to_hva+0x470/0x470 [ 1067.452172][ T7916] ? lock_downgrade+0x920/0x920 [ 1067.457073][ T7916] kvm_set_memory_region+0x2f/0x50 [ 1067.462218][ T7916] kvm_vm_ioctl+0x729/0x1860 [ 1067.466832][ T7916] ? debug_check_no_obj_freed+0x20a/0x43f [ 1067.472578][ T7916] ? find_held_lock+0x35/0x130 [ 1067.477373][ T7916] ? kvm_unregister_device_ops+0x70/0x70 [ 1067.483163][ T7916] ? lock_downgrade+0x920/0x920 [ 1067.488041][ T7916] ? rwlock_bug.part.0+0x90/0x90 [ 1067.493011][ T7916] ? tomoyo_path_number_perm+0x214/0x520 [ 1067.498667][ T7916] ? find_held_lock+0x35/0x130 [ 1067.503466][ T7916] ? lock_downgrade+0x920/0x920 [ 1067.508343][ T7916] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1067.513666][ T7916] ? tomoyo_path_number_perm+0x459/0x520 [ 1067.519378][ T7916] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1067.525648][ T7916] ? tomoyo_path_number_perm+0x263/0x520 [ 1067.531306][ T7916] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1067.537156][ T7916] ? kvm_unregister_device_ops+0x70/0x70 [ 1067.542820][ T7916] do_vfs_ioctl+0xdb6/0x13e0 [ 1067.547649][ T7916] ? ioctl_preallocate+0x210/0x210 [ 1067.552785][ T7916] ? __fget+0x384/0x560 [ 1067.556964][ T7916] ? ksys_dup3+0x3e0/0x3e0 [ 1067.561396][ T7916] ? nsecs_to_jiffies+0x30/0x30 [ 1067.566268][ T7916] ? tomoyo_file_ioctl+0x23/0x30 [ 1067.571220][ T7916] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1067.577488][ T7916] ? security_file_ioctl+0x8d/0xc0 [ 1067.582627][ T7916] ksys_ioctl+0xab/0xd0 [ 1067.587771][ T7916] __x64_sys_ioctl+0x73/0xb0 [ 1067.592393][ T7916] do_syscall_64+0xfa/0x760 [ 1067.596926][ T7916] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1067.602868][ T7916] RIP: 0033:0x4598e9 [ 1067.606780][ T7916] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1067.626402][ T7916] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1067.634835][ T7916] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1067.642853][ T7916] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 05:20:43 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x40000, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r0, 0x89e1, &(0x7f0000000040)={r1}) r2 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/mixer\x00', 0x20000, 0x0) ioctl$KVM_X86_SETUP_MCE(r2, 0x4008ae9c, &(0x7f0000000140)={0x12, 0x0, 0x8}) r3 = userfaultfd(0x0) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r3, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1067.651010][ T7916] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1067.659005][ T7916] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1067.667004][ T7916] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1067.689896][ T7916] Mem-Info: [ 1067.693663][ T7916] active_anon:147169 inactive_anon:659 isolated_anon:0 [ 1067.693663][ T7916] active_file:21605 inactive_file:29615 isolated_file:0 [ 1067.693663][ T7916] unevictable:4096 dirty:277 writeback:0 unstable:0 [ 1067.693663][ T7916] slab_reclaimable:13065 slab_unreclaimable:98810 [ 1067.693663][ T7916] mapped:59003 shmem:252 pagetables:1508 bounce:0 [ 1067.693663][ T7916] free:1216905 free_pcp:543 free_cma:0 [ 1067.732784][ T7916] Node 0 active_anon:588676kB inactive_anon:2636kB active_file:86276kB inactive_file:118460kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:236012kB dirty:1104kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 557056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1067.764106][ T7916] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:20:44 executing program 0: openat$vnet(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vhost-net\x00', 0x2, 0x0) poll(&(0x7f00000002c0), 0x0, 0x0) syz_open_dev$binder(&(0x7f0000000280)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) pipe(&(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000340), 0x41395527) syz_open_dev$sg(&(0x7f0000659000)='/dev/sg#\x00', 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, &(0x7f0000000080)={0xff, 0x0, 0x0, 0x0, 0x0, 0x72de4923}, &(0x7f0000000200)={0x0, r1+30000000}, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) dup(0xffffffffffffffff) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x8000, 0x0) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x3, @empty}, 0x10) keyctl$get_security(0x11, 0x0, &(0x7f0000000380)=""/89, 0x59) bind$inet(r2, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) recvfrom$unix(0xffffffffffffffff, &(0x7f0000000180)=""/46, 0x2e, 0x40, &(0x7f00000001c0)=@abs={0x1, 0x0, 0x4e24}, 0x6e) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={0x0, r3, 0x4, 0x3}, 0xfffffffffffffe40) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r3, 0xc008551c, &(0x7f0000000240)={0x10000, 0x18, [0x1, 0x4, 0x3ff, 0x1f, 0x0, 0x8]}) [ 1067.791600][ T7916] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1067.855948][ T7916] lowmem_reserve[]: 0 2547 2548 2548 [ 1067.869241][ T7916] Node 0 DMA32 free:1075108kB min:36184kB low:45228kB high:54272kB active_anon:588556kB inactive_anon:2636kB active_file:85224kB inactive_file:118376kB unevictable:16384kB writepending:1096kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:8032kB pagetables:6032kB bounce:0kB free_pcp:2372kB local_pcp:1156kB free_cma:0kB [ 1067.932401][ T7909] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1067.939754][ T7916] lowmem_reserve[]: 0 0 1 1 05:20:44 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=']) [ 1067.985847][ T7916] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1068.016553][ T7916] lowmem_reserve[]: 0 0 0 0 [ 1068.021273][ T7916] Node 1 Normal free:3777708kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:20:44 executing program 5: chdir(0x0) r0 = memfd_create(&(0x7f00000002c0)='system.sockprotoname\x00', 0x0) mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0) write$binfmt_misc(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="34c775ccefbbc44b0a03a9e45afc4ef1be01fa8dff6aa640797ea9ed66a4f8fdeaef0ad9dfbe93fc6bbbc58165ebea25878b8a8da2560890b8f323579e28943ebc6c05f442ec8ab4712545e6e3d021fdf6b8ff2137a52dc71c80e2c56001709c67a1ec8cb09597ca220c3fc348fea27771af7a8c4b51a16e96c86a85e981c45a"], 0x80) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') readlink(&(0x7f0000000200)='./file0\x00', &(0x7f0000000180)=""/60, 0x3c) 05:20:44 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe2020000000fff10", 0x66, 0x400}], 0x0, 0x0) [ 1068.229510][ T7941] REISERFS warning (device loop2): super-6506 reiserfs_getopt: empty argument for "jqfmt" [ 1068.229510][ T7941] [ 1068.281789][ T7916] lowmem_reserve[]: 0 0 0 0 [ 1068.286677][ T7916] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1068.362203][ T7916] Node 0 DMA32: 7243*4kB (UME) 3789*8kB (ME) 1639*16kB (ME) 1146*32kB (UME) 514*64kB (UME) 68*128kB (UM) 8*256kB (UM) 25*512kB (U) 9*1024kB (UE) 5*2048kB (UME) 213*4096kB (UM) = 1070532kB 05:20:44 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040)='/dev/fuse\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r1, &(0x7f0000002540), 0x1000) open$dir(&(0x7f0000000180)='./file0/file1\x00', 0x323800, 0x0) write$FUSE_INIT(r1, &(0x7f0000000080)={0x50, 0x0, 0x1}, 0x50) read$FUSE(r1, &(0x7f0000000480), 0x93f) lstat(&(0x7f0000000100)='./file0/file0\x00', 0x0) write$FUSE_ENTRY(r1, &(0x7f0000000280)={0x90, 0x0, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000ac0f}}}, 0x90) r2 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) read(0xffffffffffffffff, &(0x7f0000000100)=""/116, 0x74) ioctl$BLKROSET(r2, 0x125d, &(0x7f0000000040)) [ 1068.410993][ T7916] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1068.437392][ T7957] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1068.473449][ T7916] Node 1 Normal: 1*4kB (U) 36*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777700kB [ 1068.510396][ T7916] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1068.520219][ T7916] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1068.572579][ T7916] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1068.628130][ T7916] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1068.647926][ T7916] 51480 total pagecache pages [ 1068.659730][ T7916] 0 pages in swap cache [ 1068.665320][ T7916] Swap cache stats: add 0, delete 0, find 0/0 [ 1068.671891][ T7916] Free swap = 0kB 05:20:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x3f00000000000000, 0x500]}) 05:20:45 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=']) 05:20:45 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:45 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200fffffbff10", 0x66, 0x400}], 0x0, 0x0) [ 1068.682233][ T7916] Total swap = 0kB [ 1068.686231][ T7916] 1965979 pages RAM [ 1068.690632][ T7916] 0 pages HighMem/MovableOnly [ 1068.697498][ T7916] 341179 pages reserved [ 1068.701758][ T7916] 0 pages cma reserved [ 1068.845959][ T7973] REISERFS warning (device loop2): super-6506 reiserfs_getopt: empty argument for "jqfmt" [ 1068.845959][ T7973] [ 1068.864189][ T7979] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:20:45 executing program 1: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) dup2(r0, r0) [ 1068.911920][ T7972] EXT4-fs (loop3): Can't mount with encoding and encryption [ 1068.934002][ T7979] CPU: 0 PID: 7979 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1068.943159][ T7979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1068.953334][ T7979] Call Trace: [ 1068.956649][ T7979] dump_stack+0x172/0x1f0 [ 1068.961039][ T7979] warn_alloc.cold+0x87/0x17f [ 1068.965740][ T7979] ? zone_watermark_ok_safe+0x260/0x260 [ 1068.971333][ T7979] ? mark_lock+0xc2/0x1220 [ 1068.975788][ T7979] ? __lock_acquire+0x8a0/0x4a00 [ 1068.980756][ T7979] __vmalloc_node_range+0x483/0x7e0 [ 1068.985985][ T7979] ? is_bpf_text_address+0xac/0x170 [ 1068.991192][ T7979] ? kvm_arch_create_memslot+0xc3/0x570 [ 1068.996759][ T7979] __vmalloc_node_flags_caller+0x71/0x90 [ 1069.002435][ T7979] ? kvm_arch_create_memslot+0xc3/0x570 [ 1069.008005][ T7979] kvmalloc_node+0xdc/0x100 [ 1069.012590][ T7979] kvm_arch_create_memslot+0xc3/0x570 [ 1069.017979][ T7979] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1069.025020][ T7979] __kvm_set_memory_region+0x13b5/0x1d00 [ 1069.030685][ T7979] ? gfn_to_hva+0x470/0x470 [ 1069.035210][ T7979] ? lock_downgrade+0x920/0x920 [ 1069.040086][ T7979] kvm_set_memory_region+0x2f/0x50 [ 1069.045209][ T7979] kvm_vm_ioctl+0x729/0x1860 [ 1069.050002][ T7979] ? debug_check_no_obj_freed+0x20a/0x43f [ 1069.055748][ T7979] ? find_held_lock+0x35/0x130 [ 1069.060539][ T7979] ? kvm_unregister_device_ops+0x70/0x70 [ 1069.066394][ T7979] ? lock_downgrade+0x920/0x920 [ 1069.071311][ T7979] ? rwlock_bug.part.0+0x90/0x90 [ 1069.076367][ T7979] ? tomoyo_path_number_perm+0x214/0x520 [ 1069.082132][ T7979] ? find_held_lock+0x35/0x130 [ 1069.086929][ T7979] ? lock_downgrade+0x920/0x920 [ 1069.091790][ T7979] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1069.097079][ T7979] ? tomoyo_path_number_perm+0x459/0x520 [ 1069.102752][ T7979] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1069.108998][ T7979] ? tomoyo_path_number_perm+0x263/0x520 [ 1069.114721][ T7979] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1069.120535][ T7979] ? kvm_unregister_device_ops+0x70/0x70 [ 1069.126176][ T7979] do_vfs_ioctl+0xdb6/0x13e0 [ 1069.130778][ T7979] ? ioctl_preallocate+0x210/0x210 [ 1069.136057][ T7979] ? __fget+0x384/0x560 [ 1069.140222][ T7979] ? ksys_dup3+0x3e0/0x3e0 [ 1069.144656][ T7979] ? nsecs_to_jiffies+0x30/0x30 [ 1069.149521][ T7979] ? tomoyo_file_ioctl+0x23/0x30 [ 1069.154879][ T7979] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1069.161132][ T7979] ? security_file_ioctl+0x8d/0xc0 [ 1069.166262][ T7979] ksys_ioctl+0xab/0xd0 [ 1069.170439][ T7979] __x64_sys_ioctl+0x73/0xb0 [ 1069.177354][ T7979] do_syscall_64+0xfa/0x760 [ 1069.181950][ T7979] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1069.187931][ T7979] RIP: 0033:0x4598e9 [ 1069.191844][ T7979] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1069.211752][ T7979] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1069.220492][ T7979] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1069.228471][ T7979] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1069.236463][ T7979] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1069.244552][ T7979] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1069.252709][ T7979] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1069.264239][ T7979] Mem-Info: [ 1069.267617][ T7979] active_anon:147651 inactive_anon:661 isolated_anon:0 [ 1069.267617][ T7979] active_file:21605 inactive_file:29630 isolated_file:0 [ 1069.267617][ T7979] unevictable:4096 dirty:245 writeback:0 unstable:0 [ 1069.267617][ T7979] slab_reclaimable:13076 slab_unreclaimable:98308 [ 1069.267617][ T7979] mapped:58992 shmem:253 pagetables:1482 bounce:0 [ 1069.267617][ T7979] free:1216974 free_pcp:508 free_cma:0 [ 1069.306597][ T7979] Node 0 active_anon:590604kB inactive_anon:2644kB active_file:86276kB inactive_file:118520kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235968kB dirty:976kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 569344kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1069.336641][ T7979] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1069.372406][ T7979] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:20:45 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfb]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x0) sendmsg$IPVS_CMD_DEL_DEST(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0xfffffffffffffdd6, &(0x7f00000008c0)={&(0x7f0000000a40)=ANY=[@ANYRESDEC, @ANYPTR64=&(0x7f0000000a00)=ANY=[@ANYRESDEC=0x0, @ANYPTR=&(0x7f0000000900)=ANY=[@ANYBLOB="790c34deb1a1ff63e14d9f75f3d468d4c3558e8f3c23fcd38436cc80996239cb7afa52952bf24bafc45c1b2572050c19c8687eba3c48365d70ee15b96f5c2f6989d62c76c389d6139613f52e5342f01b8c3e42bbae0ac4393fd44d79969722a8444513e5a5143c1e2661f3ee7484539e1f335c78cb31492936261e8be8436c1e32f726d349200c3b220ad6a7d2d7c56db06860715fb1ed5e2280a4087cce04f3e7441364a7b4907197e488f4b5075819840652f39baca07c22231f2ddbfbb749f714769b31733d9d0a5087b859d5b951c2cb0d0d", @ANYRESOCT, @ANYRES16, @ANYRES16, @ANYPTR, @ANYRES32], @ANYRES32=0x0], @ANYRESOCT], 0x1}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1069.421392][ T7979] lowmem_reserve[]: 0 2547 2548 2548 [ 1069.426995][ T7979] Node 0 DMA32 free:1081344kB min:36184kB low:45228kB high:54272kB active_anon:584384kB inactive_anon:2644kB active_file:85224kB inactive_file:118436kB unevictable:16384kB writepending:968kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7968kB pagetables:5928kB bounce:0kB free_pcp:2096kB local_pcp:1204kB free_cma:0kB [ 1069.459232][ T7979] lowmem_reserve[]: 0 0 1 1 [ 1069.464016][ T7979] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:20:46 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) readv(r1, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r1, &(0x7f0000000080), 0x8) mmap$binder(&(0x7f0000133000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x0) [ 1069.562145][ T7979] lowmem_reserve[]: 0 0 0 0 [ 1069.579195][ T7979] Node 1 Normal free:3777700kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:20:46 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=']) 05:20:46 executing program 5: mkdir(&(0x7f0000000140)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) link(&(0x7f0000000180)='./file0\x00', &(0x7f0000000240)='./file1\x00') 05:20:46 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200fffbffff10", 0x66, 0x400}], 0x0, 0x0) [ 1069.844876][ T7979] lowmem_reserve[]: 0 0 0 0 [ 1069.854315][ T8002] REISERFS warning (device loop2): super-6506 reiserfs_getopt: empty argument for "jqfmt" [ 1069.854315][ T8002] 05:20:46 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000040)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3, &(0x7f0000001300)=[{&(0x7f0000000200)="67e7547a84e90b1ad80cc638caa3780ddc34e7250f04a636b2762e16f223c8aafde79fbcd9501abe9f4dcd1a5890920ff6f06f1ebd985c31010b7a267b93af46c19bb9c5fde47a4bee43eff75dbf392012e8b52f697251dbc3f4e144eec0a3a770c5408043715e94295b18339dbf69bd186487012344a175bfc97fa2511a50446ad3631f9563bb3c35bd58ca9479699d0b57c9b21fa425e5271f5869f71a2bb9ddadb6e9c37526159f6f776aee25d51b82fb4bd0ccc4321bdd8183b99467f5d24c17bd3182b1c9d74d0982fb073f95d24296cfd0f4f085e080cda31f46faf73f347b098b2e34f442ef984e6b1164cacd9307c426da1e41951e9d3bb445b3a9c59dcbe8a04bf68d05b424781e91ae036f37a6629a9b03dc48e005e718152a7ff2f4b12c54fb992cfa5f5b87af0ef94567cd08dc0e9fefef5415289dd6e77f8effa073317a6fc0c5b230dd3a63c090473ed7ab867dc179e66b6eb6b4760526acea819c567c673112406f32d85ede2e578e61bc5dd86194abb5a9ce9e72edf4ae91cb7bcc244d43bc79485e9e9c59428751efcee4f6b1a248602ca2e745e8625ef4cef68fee28423f6cd1027740fcdaa167dde327a16d640d298de2c44ba150aa80cbc3f737c5e18617ea9a3cdeb3ba24fcdb7cb9140e8715595b7af615ab0fd19fc94ce924bc6c039c5ffde68d72189a0cb2c4fd366cd064445e2c63525b3eb8b5164a9595d588d96f5f6c4e4e1b9fd070d5b938f13b7eb96626cc5560495b1c02c5c2dd5594fca8c4f7835a222c6b28574335b0f02254d4b1f1c80cd47b03d531e57ba9fdad1e8691a4627fb60146ddb62f94e308ecbde64c1d13f883eeee77af252c260b66cc93be7835ef7e1a7d33891f69c166800d67c5b79e49ca81a7d85476007837297c524b0376e8f6027f03a5813b9a8abcaa75be84c2851930098849eca894e2da2ced37a31b9a4504228271dd8326f8617a1d0361b34665009f82112d1e636b13cbf93685a616620b0b0dc2e452c51b7c665646e06a3c8ef803ff8fcf3e9c4f78c9c34b17b3458a8e15acdcf792fe09c8e2522abbb867dea89ed277b969adc0ac92e504b4d697527830593ab0611b615a07a3b7f0e326e3b510721c8893eabaa30455066fa9c75da0de2e5f999493d14619dc28919aa2a01d23aa5dd24cc1df241696c34a40341e3846d16839a9a1841ceeb3a52fe017c46aaa0b7b8117342eff7ac29a7095328a31f25daf5587c6c10f421574c35f4d04a99970283b4bbebdffad08c6203e4d57c4c70fa65c520f172718d16873a04ccf75907fa418b3b5094a825ca59bbe2645aa774760f47325555bc1975ced58929f6cb10d030d34008e2a74bb8c3639112593572de3cd8bf7c5ffbf81a20523180457b99dd93eb077125e39df9fa57f0695d08054ee5eb4344df1c12af0eefff82deded097ad38681274b084f232c32f863b94906b05be10b1a25b9bc73e6792139a223b024fea899e042e11e8d522dc1da9dda0c4d9941a7f841b95eb08165be736c717ef7ab83b9503e49b53c26782815b9b72f5d21d0832daf895bf5f0ae938f5df1fbe7b3ce3f760cf55e13127d2e32643a1be134ba096facb8e0e867c6f67be54ef4237132dd5bbeb7070cf71e82796fd2f0b35eeb3be011d45ffa8f2d12c95b99f9f5210650bc35aeaa75cbf3574d165347ae38fbbba2c631cf79b99441143422276d8c1a7e8c22ee7f0f92dcd6ac1d9f3b2c6dcf9a809b9139722a7f0493cd6caba3e446c22042510a8418ed191a845b5f1e14d83a34bcd3f763612a98369f59c94197f2960f79dff8ce0c8844fd506f5ee7fefa7fe2a1680bb1d67398f9033b5b34cebf4c1ee61ef04119fddb2c44b0e59577c3c416469927fff78ebbbade9d69dc8b359020c205047563c6f04d88194e758aa98c8133907471f48d56d0b48c2fe9c6cf912fc0958d10cb87000bc0b62cac48ce2f997dafad4ff63961e443d657a3741e74ac7401bf50912f23965a14ad8eb8050424749be099a799bfa09d1a30c3001fca60f7a897a93ac34c4b0f2c02329ec38a6cabe953d955e2b7c1f822cec9c66d2abb1c89cc400eeb1f730691d17cf553dc8dce3863426fe0e080458ec876782b8c992ea35859b178d7c85adc1208f6f45de93813ba7e2565bd8fab03ff78d2c9e285b619799321877042aee7b9bdb4bd48f1d0113ce5269e28b0ae5d736c1bfe88aa565cf542eae8992b50311f29c0c5854cde67c1f565310133e6e1892446eed6224f2638cc7efe248c3a338bc890c08382e1ecf6f3755cf4dd3a929422fc0bd0d88a82b4a1a4edf00f1aba3c8bcbd2eab6e97c087489edc0a32f71db2a55e2af727b9c3d007cb813ffbe4f24f1e51c17b666d3b240b650a39008d80b58117155436e2ad80611cfae7958cd775193834d79e9539d8857cd52a93d0b13b500de3996620afc665784151cfc13040383cfddd673fc723306046705c1fbb443afd3ae9b44d6445a61f15a505236412761b40b9e6d8d9ee787c441326153d1340f47b09397e38985717cb3d3e2f2b238738e6ba9b686923228639ca564d55446d833496be04f21cec2fc4a4650ea89e03cb57f243b8fcf20c2ef7b6698fcd5046f83e5c79de8ebdae27e4c858e46009dfd812293f6478999f71735c4e5037422ba26cffc62d9ba027cb959444d9979921d7cee724196338b143ce6f44b75ef0a4a17f0d0d5d9be217164190553140752ee19f8f60ba29c358e3872f19c282bb027763cd9bc6a491606a69e2baa564e95029ef389d4e29ccc9367a0620587b63e2124b30d0e7763691058d9135f69b85c843078b7461059f29fb86858f354b67922f87c52d8324d04632a9bc1196f8a6d48b4f72336246fecf32091f76a82fa41462c1403460537d8aad310515f648570f799b35c7debbcdf67283eabf6b1bb79a69e49873283c6a11d47d6a33636524a99b5c018a3439290aea27d90d41960010bc84fadc894e9809999b7d542ab05cbf8cd6c1edb5866103f9f0ef7898ebed267df07d9ac6fdaab21685ae4ab9fc129e00318a00e9ebfe0a1a56a08a1c0069491a52644cf36d81e74ae6836256b9fafd0cf63ce3796ce2352729700e6dc394e40c43c481c436f1a33b3c5ac2427f0bc70aaf81ec6b35ebe72fa84d8be3e794ba1d3767d0c898440ba8477ba1d421282100bda9c8a17ebec56d0fc08843b930e3f33a2f3538310d6abb2b727a717459c963aafe2258a73035406bba39a24c79cde9ef8664d0f2b80bca29ae9c4e1d48dc593a5fe57e48e8ea6fd7c4d5c7319864f31301566795114637c453bbffab43f498374bd84a4b6cca6844c989feb79021e485105eee89df38208f2d0c71640c2b51767bd3b667b7045dbcc192914df1412a961040264ddd78df373f0ea3cc73260d388be5f3ea1020ebe0dbeba00e59a5c296ff8f02f6d81ddebebbbf22aa0424a10ca62d49e579a0def140033fa6f0e32b59701b72370b1a29ff82646e77a36cf6357328fa6dd66316977aab0994aabe340a75af880b6da78cc3ed17237d096c88f45b7134015987ca078c3300d4c5d9901dcb07648385c516fd64f1d8c8d82273829ad96f0b89e0f1da4544fd3c86c12d2136c4d6ea079a9f33265fae9baca3ad127cc49e9dbbee85c05a0717b20f6b178a1b476ba4d9ee78011dcb615d09db6c7e87625bf6cf0cdccd5388f7674d737c5d64cf0d1a81af7414665072a58c2b7156b882a5dd5911414005d53c15787eeca1badc3723e2644552c2b7dae84d7aec606def0be444400cc9f69a2a6b56dd0aa5bba4125dfbe4ae46244f50d4a7f4f1d41123c82c01c245a7cc0d4522cac0b99be92f6be1ff034c5c557ab38c668dc9fd472591e33b051b09682b405bae215d73c03a16951ffcf8b4d224a71c32aaefbe1b5f9b761577fe2d4df9278cc613ceed414eeec5e8947e5d79e2ecfbc1c2cfdd01347456c8bcfe970bd2c56dace46648045f1050aec52d4cac97c409039170af0da1fab2d12742eccf0a373345c9db14f3356cd2a9643601723e284fe30028c152bcb61a7a36fe38995174a230fd059bb3cf9359617a384f37c50d5120a11e6a8fbd663d4fd20b2e4e08acfc63760af7cb99755de9133affec53f284e1c1b93c972925101e524c1a2899e9634d308dedc6c5842d3a7c146075e6457e5fef14467df5ff8f28643967c012f6e0f68c7a02230fbd9764325172a44d61414e1c37256f9f8722f64cb00deee6b8b4dd9123da4d6d737f6c1a3c4a181be7b371ab59e959c42436c5fbddc4a07232f0b1f541df3d1e567393e436b9ec70a33bb17720651a9b245876c785be50a989edeefd2c4ff8736b8f60e2ac80fb7a4a78caa319d970febce6c3c55c97f7a62c6ec7379be65e85ad585a5dfb2003e287409fcece26863736b66a736bc2348302ee19731de3d8b7304bef8134533a621a5cc4b47fa07512cb1d4a53547d94350184124dd2553f66a76dc7ef05318dec945990108887cc5a37313c6ee384f6f415f1e0095bc483f2cdfefe865359d599e6f34eb9bf054012cc432a073967f96d4d82e1dc4c79157b10812e9c789fc842b8830c77e33294c8dd16a8b5725747e052e9b03acdf20196c379974baf72c5c9cf062fb9f181c94951b7cf78d432e442774e907c41059d7c22102b6441f2040146eae5b3c96302f53a6835d99c02b721a36dfc6b031984768d235bb323db391435f07ba8ea73659a56a6847bfc14ac3bc5e89a2816da138793dcd3bc8a2ecc9ec25f19a6e5a745fa0bb2d0588b49292b7f4d645ebc1f7574fd2f4ad8c0d5a5217ed4b0e9502f184d0df8f8ee1840260fdfb7313afc840f856379d277900105583e051592fcdff72a1978950adbd43bb52fea236b258bcd292ce095726065c31f43f90208dabe714a1d3835fcceecbb5a3c27e0445562d4d37c2dcd6256713cf6be7e33f046dc367ba8606339cac6a8653f2bf9176faedc0a16b639e3a56ebb4a6544ab6977551b26b6d1dbd355c81cbf3d1c46ad97b8574d668c33d3d94a1939b0d72da4c2bf0b8cfb4a7454dc12150ae24d676fb5fc62c09caeaa974c40402872f18a338072b91ba973701bc112c1e1c903819f7337d0d919b2b0c0c6143083ff3793e40170ae37ce69d8b1713aa0ff8f74545b8622c5ac6d9fa7070267b9cc5720c494b3c6aaa9cd63f6c087217f3f1f5dc1ed29589283cc7eeba56f03ba7078aa5a4b146d72cc7c273f3f0f87b731b6f53cb1894b65948273d6903adfb6b305cfb8e191bbb303df8753f144a4e8c60d6d7c2feca365b185fcc96a4ff95ec5a700dc6ff4ca859ff0c68121dfeaa64e8ad0bc06457632dde9705f786b48b34ccecf3c819f3c09133b53251d78ac52c13c455e073dfb57e925a5682f2d2b5203a27bd605b2d7db138090836d4bc2b766cc92a37a2dd83a2c1e29e6fcf49454cd9dfeb55aa25ab54fd745541cfe9420a302332c582582197c8530cf1f9e96dc80f7e8cd83214c812290d92b94f3aa56a7c28fb3e4f99eecc057e9de1aa3853bf7da75281dbe9927f014a3793319b9996d3a539bc7ae484d37cd29271aabb035b52f8b06bc509ef2f92a50ead7ba1b4f706912c2712527f516994fe3c96ddc167980d0ac2268df35715752cc51d9540b36007a1e64f10720b0331a5024c6e9c6579abe56dc4f04e073aa8eeae1aa75f92e8cd83bc8e3f45ff909c33e1122e532e443a063a8e63ca04c568e7b3b4ca70dd336e23a620d6c5525f3d0d595733bbba6ca3e5e38b5af3565215ba2271be8859e2b92c02", 0xffffffffffffff92, 0x9}, {&(0x7f0000001200)="2d9ee88b965d4f082ea465453d29c7153b1b3ad0983f9870625098e54cc061129097ba9de85f7bdac93ad40a8c04e510414d7ab4609ad4e96553b7889f7bec4bd04ef1cd4078ef02476a4052bd80adc3eaa2cb8901e3541e4ee0a2169b4aebf3ab57359e20c5ec4971c4a5753e6bb3d34e82d6da1fec8b12a89e421780cbbeb11b0fbfaaf3eb80d06d3e1c36fb370620164f40edba5edd53c32452e8ba310fe69deb983206266c50ed22baba0fe2429eae7464628d5b55c9b8024d198bcf2962459e564f671d8e723403666b0cc2049024da8da16f9e98051fcf45bd122c02", 0xdf, 0x4}, {&(0x7f0000000100)="2efd3cc1dc06034ad47c21a3a6bf1b904365e3adc2b50cb61eac5e2206abe2c9ef802b4f5fe27ac2dd27fd2c484c7444690f6c86079324d42e", 0x39, 0x1}], 0x5000004, &(0x7f0000000140)=ANY=[@ANYBLOB="73706163655f63616368653d76312c66726101000000000000006c2c7375626a5f757365723d2b73656c66657468316c6f2c00"]) [ 1069.885739][ T7979] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1069.965275][ T7979] Node 0 DMA32: 7300*4kB (UME) 3901*8kB (UME) 1642*16kB (UME) 1077*32kB (UME) 514*64kB (UME) 80*128kB (UM) 16*256kB (UM) 25*512kB (U) 9*1024kB (UE) 5*2048kB (UME) 214*4096kB (UM) = 1077176kB 05:20:46 executing program 5: syz_open_pts(0xffffffffffffffff, 0x0) getresgid(0x0, 0x0, &(0x7f0000000280)) mount$fuseblk(0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={{'fd'}, 0x2c, {'rootmode'}, 0x2c, {'user_id'}, 0x2c, {'group_id'}, 0x2c, {[{@blksize={'blksize'}}, {@blksize={'blksize'}}], [{@obj_role={'obj_role', 0x3d, '@'}}]}}) open(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) accept(0xffffffffffffffff, 0x0, 0x0) r1 = syz_open_dev$ndb(&(0x7f0000000080)='/dev/nbd#\x00', 0x0, 0x0) syz_open_dev$ndb(0x0, 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x3, 0x70, 0x0, 0xfff, 0x1f, 0x0, 0x0, 0x5, 0x0, 0x0, 0x5, 0xfffffffffffffff9, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0xbde, 0x0, 0x5b4e, 0x4, 0x3, 0x0, 0x0, 0x0, 0x81, 0x8b, 0x80, 0x1, 0x0, 0x5, 0x0, 0x0, 0x81, 0x0, 0x836, 0x6, 0x3, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000000), 0x8}, 0x8, 0x0, 0x1, 0x3, 0x7, 0x2}, 0x0, 0x8, r0, 0x12) ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, 0xffffffffffffffff) ioctl$NBD_DO_IT(r1, 0x401870cb) [ 1070.038741][ T7979] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1070.100014][ T8012] EXT4-fs (loop3): Can't mount with encoding and encryption [ 1070.122137][ T7979] Node 1 Normal: 1*4kB (U) 36*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777700kB [ 1070.232930][ T7979] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1070.300492][ T7979] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1070.324946][ T7979] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1070.346870][ T7979] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1070.373557][ T7979] 54047 total pagecache pages [ 1070.384200][ T7979] 0 pages in swap cache [ 1070.399865][ T7979] Swap cache stats: add 0, delete 0, find 0/0 [ 1070.410822][ T7979] Free swap = 0kB [ 1070.418151][ T7979] Total swap = 0kB [ 1070.425419][ T7979] 1965979 pages RAM [ 1070.442867][ T7979] 0 pages HighMem/MovableOnly [ 1070.458342][ T7979] 341179 pages reserved [ 1070.468546][ T7979] 0 pages cma reserved 05:20:47 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x4000000000000000, 0x500]}) 05:20:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfs']) 05:20:47 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200f9fdffff10", 0x66, 0x400}], 0x0, 0x0) 05:20:47 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000000)={0x0, 0x4, &(0x7f00000000c0)={&(0x7f0000000240)={0x14, 0x0, 0x1, 0xffffffffffffffff}, 0x14}}, 0x0) 05:20:47 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = semget$private(0x0, 0xd, 0x400) semctl$IPC_STAT(r1, 0x0, 0x2, &(0x7f0000000000)=""/94) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:47 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000001c0)={&(0x7f0000000040)={0x28, 0x23, 0x1, 0x0, 0x0, {0x20000000004, 0xe00000000000000}, [@typed={0x14, 0xc, @ipv6=@ipv4={[], [], @empty}}]}, 0x28}}, 0x0) [ 1070.687254][ T8035] REISERFS warning (device loop2): super-6514 reiserfs_parse_options: unknown quota format specified. [ 1070.739484][ T8047] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1070.782569][ T8047] CPU: 1 PID: 8047 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1070.791637][ T8047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1070.801840][ T8047] Call Trace: [ 1070.805139][ T8047] dump_stack+0x172/0x1f0 [ 1070.805161][ T8047] warn_alloc.cold+0x87/0x17f [ 1070.805179][ T8047] ? zone_watermark_ok_safe+0x260/0x260 [ 1070.805210][ T8047] ? mark_lock+0xc2/0x1220 [ 1070.824365][ T8047] ? __lock_acquire+0x8a0/0x4a00 [ 1070.829338][ T8047] __vmalloc_node_range+0x483/0x7e0 [ 1070.834562][ T8047] ? is_bpf_text_address+0xac/0x170 [ 1070.839799][ T8047] ? kvm_arch_create_memslot+0xc3/0x570 [ 1070.845351][ T8047] __vmalloc_node_flags_caller+0x71/0x90 [ 1070.851195][ T8047] ? kvm_arch_create_memslot+0xc3/0x570 [ 1070.856768][ T8047] kvmalloc_node+0xdc/0x100 [ 1070.861309][ T8047] kvm_arch_create_memslot+0xc3/0x570 [ 1070.866709][ T8047] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1070.873097][ T8047] __kvm_set_memory_region+0x13b5/0x1d00 [ 1070.878291][ T8053] netlink: 'syz-executor.5': attribute type 12 has an invalid length. [ 1070.878760][ T8047] ? gfn_to_hva+0x470/0x470 [ 1070.878796][ T8047] ? lock_downgrade+0x920/0x920 [ 1070.878829][ T8047] kvm_set_memory_region+0x2f/0x50 [ 1070.878849][ T8047] kvm_vm_ioctl+0x729/0x1860 [ 1070.906720][ T8047] ? debug_check_no_obj_freed+0x20a/0x43f [ 1070.912618][ T8047] ? find_held_lock+0x35/0x130 [ 1070.917401][ T8047] ? kvm_unregister_device_ops+0x70/0x70 [ 1070.917422][ T8047] ? lock_downgrade+0x920/0x920 [ 1070.917436][ T8047] ? rwlock_bug.part.0+0x90/0x90 [ 1070.917451][ T8047] ? tomoyo_path_number_perm+0x214/0x520 [ 1070.917467][ T8047] ? find_held_lock+0x35/0x130 [ 1070.917491][ T8047] ? lock_downgrade+0x920/0x920 [ 1070.917505][ T8047] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1070.917527][ T8047] ? tomoyo_path_number_perm+0x459/0x520 [ 1070.917553][ T8047] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1070.933013][ T8047] ? tomoyo_path_number_perm+0x263/0x520 [ 1070.933029][ T8047] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1070.933061][ T8047] ? kvm_unregister_device_ops+0x70/0x70 [ 1070.933078][ T8047] do_vfs_ioctl+0xdb6/0x13e0 [ 1070.933096][ T8047] ? ioctl_preallocate+0x210/0x210 [ 1070.933108][ T8047] ? __fget+0x384/0x560 [ 1070.933128][ T8047] ? ksys_dup3+0x3e0/0x3e0 [ 1070.933143][ T8047] ? nsecs_to_jiffies+0x30/0x30 [ 1070.933162][ T8047] ? tomoyo_file_ioctl+0x23/0x30 [ 1070.933179][ T8047] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1070.933195][ T8047] ? security_file_ioctl+0x8d/0xc0 [ 1070.933213][ T8047] ksys_ioctl+0xab/0xd0 [ 1070.933230][ T8047] __x64_sys_ioctl+0x73/0xb0 [ 1070.933255][ T8047] do_syscall_64+0xfa/0x760 [ 1070.943645][ T8047] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1070.943659][ T8047] RIP: 0033:0x4598e9 [ 1070.943675][ T8047] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1070.943687][ T8047] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1070.943701][ T8047] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1070.943709][ T8047] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1070.943717][ T8047] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1070.943725][ T8047] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1070.943733][ T8047] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1070.989208][ T8047] Mem-Info: [ 1071.010558][ T8044] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities 05:20:47 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0x1) setresuid(r3, 0x0, 0x0) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000100)={{{@in=@empty, @in=@multicast2, 0x4e23, 0x0, 0x4e24, 0x0, 0xa, 0x80, 0x60, 0x84, 0x0, r3}, {0x4, 0xfffffffffffffffe, 0x3, 0x6, 0x0, 0x778, 0x101, 0xc59}, {0x6, 0xb98, 0xb1}, 0x0, 0x6e6bb3, 0x4, 0x1}, {{@in=@remote, 0x4d2, 0x3c}, 0x2, @in=@loopback, 0x3502, 0x0, 0x2, 0x9, 0x401, 0x7, 0x80000001}}, 0xe8) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:47 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000040)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3, &(0x7f0000001300)=[{&(0x7f0000000200)="67e7547a84e90b1ad80cc638caa3780ddc34e7250f04a636b2762e16f223c8aafde79fbcd9501abe9f4dcd1a5890920ff6f06f1ebd985c31010b7a267b93af46c19bb9c5fde47a4bee43eff75dbf392012e8b52f697251dbc3f4e144eec0a3a770c5408043715e94295b18339dbf69bd186487012344a175bfc97fa2511a50446ad3631f9563bb3c35bd58ca9479699d0b57c9b21fa425e5271f5869f71a2bb9ddadb6e9c37526159f6f776aee25d51b82fb4bd0ccc4321bdd8183b99467f5d24c17bd3182b1c9d74d0982fb073f95d24296cfd0f4f085e080cda31f46faf73f347b098b2e34f442ef984e6b1164cacd9307c426da1e41951e9d3bb445b3a9c59dcbe8a04bf68d05b424781e91ae036f37a6629a9b03dc48e005e718152a7ff2f4b12c54fb992cfa5f5b87af0ef94567cd08dc0e9fefef5415289dd6e77f8effa073317a6fc0c5b230dd3a63c090473ed7ab867dc179e66b6eb6b4760526acea819c567c673112406f32d85ede2e578e61bc5dd86194abb5a9ce9e72edf4ae91cb7bcc244d43bc79485e9e9c59428751efcee4f6b1a248602ca2e745e8625ef4cef68fee28423f6cd1027740fcdaa167dde327a16d640d298de2c44ba150aa80cbc3f737c5e18617ea9a3cdeb3ba24fcdb7cb9140e8715595b7af615ab0fd19fc94ce924bc6c039c5ffde68d72189a0cb2c4fd366cd064445e2c63525b3eb8b5164a9595d588d96f5f6c4e4e1b9fd070d5b938f13b7eb96626cc5560495b1c02c5c2dd5594fca8c4f7835a222c6b28574335b0f02254d4b1f1c80cd47b03d531e57ba9fdad1e8691a4627fb60146ddb62f94e308ecbde64c1d13f883eeee77af252c260b66cc93be7835ef7e1a7d33891f69c166800d67c5b79e49ca81a7d85476007837297c524b0376e8f6027f03a5813b9a8abcaa75be84c2851930098849eca894e2da2ced37a31b9a4504228271dd8326f8617a1d0361b34665009f82112d1e636b13cbf93685a616620b0b0dc2e452c51b7c665646e06a3c8ef803ff8fcf3e9c4f78c9c34b17b3458a8e15acdcf792fe09c8e2522abbb867dea89ed277b969adc0ac92e504b4d697527830593ab0611b615a07a3b7f0e326e3b510721c8893eabaa30455066fa9c75da0de2e5f999493d14619dc28919aa2a01d23aa5dd24cc1df241696c34a40341e3846d16839a9a1841ceeb3a52fe017c46aaa0b7b8117342eff7ac29a7095328a31f25daf5587c6c10f421574c35f4d04a99970283b4bbebdffad08c6203e4d57c4c70fa65c520f172718d16873a04ccf75907fa418b3b5094a825ca59bbe2645aa774760f47325555bc1975ced58929f6cb10d030d34008e2a74bb8c3639112593572de3cd8bf7c5ffbf81a20523180457b99dd93eb077125e39df9fa57f0695d08054ee5eb4344df1c12af0eefff82deded097ad38681274b084f232c32f863b94906b05be10b1a25b9bc73e6792139a223b024fea899e042e11e8d522dc1da9dda0c4d9941a7f841b95eb08165be736c717ef7ab83b9503e49b53c26782815b9b72f5d21d0832daf895bf5f0ae938f5df1fbe7b3ce3f760cf55e13127d2e32643a1be134ba096facb8e0e867c6f67be54ef4237132dd5bbeb7070cf71e82796fd2f0b35eeb3be011d45ffa8f2d12c95b99f9f5210650bc35aeaa75cbf3574d165347ae38fbbba2c631cf79b99441143422276d8c1a7e8c22ee7f0f92dcd6ac1d9f3b2c6dcf9a809b9139722a7f0493cd6caba3e446c22042510a8418ed191a845b5f1e14d83a34bcd3f763612a98369f59c94197f2960f79dff8ce0c8844fd506f5ee7fefa7fe2a1680bb1d67398f9033b5b34cebf4c1ee61ef04119fddb2c44b0e59577c3c416469927fff78ebbbade9d69dc8b359020c205047563c6f04d88194e758aa98c8133907471f48d56d0b48c2fe9c6cf912fc0958d10cb87000bc0b62cac48ce2f997dafad4ff63961e443d657a3741e74ac7401bf50912f23965a14ad8eb8050424749be099a799bfa09d1a30c3001fca60f7a897a93ac34c4b0f2c02329ec38a6cabe953d955e2b7c1f822cec9c66d2abb1c89cc400eeb1f730691d17cf553dc8dce3863426fe0e080458ec876782b8c992ea35859b178d7c85adc1208f6f45de93813ba7e2565bd8fab03ff78d2c9e285b619799321877042aee7b9bdb4bd48f1d0113ce5269e28b0ae5d736c1bfe88aa565cf542eae8992b50311f29c0c5854cde67c1f565310133e6e1892446eed6224f2638cc7efe248c3a338bc890c08382e1ecf6f3755cf4dd3a929422fc0bd0d88a82b4a1a4edf00f1aba3c8bcbd2eab6e97c087489edc0a32f71db2a55e2af727b9c3d007cb813ffbe4f24f1e51c17b666d3b240b650a39008d80b58117155436e2ad80611cfae7958cd775193834d79e9539d8857cd52a93d0b13b500de3996620afc665784151cfc13040383cfddd673fc723306046705c1fbb443afd3ae9b44d6445a61f15a505236412761b40b9e6d8d9ee787c441326153d1340f47b09397e38985717cb3d3e2f2b238738e6ba9b686923228639ca564d55446d833496be04f21cec2fc4a4650ea89e03cb57f243b8fcf20c2ef7b6698fcd5046f83e5c79de8ebdae27e4c858e46009dfd812293f6478999f71735c4e5037422ba26cffc62d9ba027cb959444d9979921d7cee724196338b143ce6f44b75ef0a4a17f0d0d5d9be217164190553140752ee19f8f60ba29c358e3872f19c282bb027763cd9bc6a491606a69e2baa564e95029ef389d4e29ccc9367a0620587b63e2124b30d0e7763691058d9135f69b85c843078b7461059f29fb86858f354b67922f87c52d8324d04632a9bc1196f8a6d48b4f72336246fecf32091f76a82fa41462c1403460537d8aad310515f648570f799b35c7debbcdf67283eabf6b1bb79a69e49873283c6a11d47d6a33636524a99b5c018a3439290aea27d90d41960010bc84fadc894e9809999b7d542ab05cbf8cd6c1edb5866103f9f0ef7898ebed267df07d9ac6fdaab21685ae4ab9fc129e00318a00e9ebfe0a1a56a08a1c0069491a52644cf36d81e74ae6836256b9fafd0cf63ce3796ce2352729700e6dc394e40c43c481c436f1a33b3c5ac2427f0bc70aaf81ec6b35ebe72fa84d8be3e794ba1d3767d0c898440ba8477ba1d421282100bda9c8a17ebec56d0fc08843b930e3f33a2f3538310d6abb2b727a717459c963aafe2258a73035406bba39a24c79cde9ef8664d0f2b80bca29ae9c4e1d48dc593a5fe57e48e8ea6fd7c4d5c7319864f31301566795114637c453bbffab43f498374bd84a4b6cca6844c989feb79021e485105eee89df38208f2d0c71640c2b51767bd3b667b7045dbcc192914df1412a961040264ddd78df373f0ea3cc73260d388be5f3ea1020ebe0dbeba00e59a5c296ff8f02f6d81ddebebbbf22aa0424a10ca62d49e579a0def140033fa6f0e32b59701b72370b1a29ff82646e77a36cf6357328fa6dd66316977aab0994aabe340a75af880b6da78cc3ed17237d096c88f45b7134015987ca078c3300d4c5d9901dcb07648385c516fd64f1d8c8d82273829ad96f0b89e0f1da4544fd3c86c12d2136c4d6ea079a9f33265fae9baca3ad127cc49e9dbbee85c05a0717b20f6b178a1b476ba4d9ee78011dcb615d09db6c7e87625bf6cf0cdccd5388f7674d737c5d64cf0d1a81af7414665072a58c2b7156b882a5dd5911414005d53c15787eeca1badc3723e2644552c2b7dae84d7aec606def0be444400cc9f69a2a6b56dd0aa5bba4125dfbe4ae46244f50d4a7f4f1d41123c82c01c245a7cc0d4522cac0b99be92f6be1ff034c5c557ab38c668dc9fd472591e33b051b09682b405bae215d73c03a16951ffcf8b4d224a71c32aaefbe1b5f9b761577fe2d4df9278cc613ceed414eeec5e8947e5d79e2ecfbc1c2cfdd01347456c8bcfe970bd2c56dace46648045f1050aec52d4cac97c409039170af0da1fab2d12742eccf0a373345c9db14f3356cd2a9643601723e284fe30028c152bcb61a7a36fe38995174a230fd059bb3cf9359617a384f37c50d5120a11e6a8fbd663d4fd20b2e4e08acfc63760af7cb99755de9133affec53f284e1c1b93c972925101e524c1a2899e9634d308dedc6c5842d3a7c146075e6457e5fef14467df5ff8f28643967c012f6e0f68c7a02230fbd9764325172a44d61414e1c37256f9f8722f64cb00deee6b8b4dd9123da4d6d737f6c1a3c4a181be7b371ab59e959c42436c5fbddc4a07232f0b1f541df3d1e567393e436b9ec70a33bb17720651a9b245876c785be50a989edeefd2c4ff8736b8f60e2ac80fb7a4a78caa319d970febce6c3c55c97f7a62c6ec7379be65e85ad585a5dfb2003e287409fcece26863736b66a736bc2348302ee19731de3d8b7304bef8134533a621a5cc4b47fa07512cb1d4a53547d94350184124dd2553f66a76dc7ef05318dec945990108887cc5a37313c6ee384f6f415f1e0095bc483f2cdfefe865359d599e6f34eb9bf054012cc432a073967f96d4d82e1dc4c79157b10812e9c789fc842b8830c77e33294c8dd16a8b5725747e052e9b03acdf20196c379974baf72c5c9cf062fb9f181c94951b7cf78d432e442774e907c41059d7c22102b6441f2040146eae5b3c96302f53a6835d99c02b721a36dfc6b031984768d235bb323db391435f07ba8ea73659a56a6847bfc14ac3bc5e89a2816da138793dcd3bc8a2ecc9ec25f19a6e5a745fa0bb2d0588b49292b7f4d645ebc1f7574fd2f4ad8c0d5a5217ed4b0e9502f184d0df8f8ee1840260fdfb7313afc840f856379d277900105583e051592fcdff72a1978950adbd43bb52fea236b258bcd292ce095726065c31f43f90208dabe714a1d3835fcceecbb5a3c27e0445562d4d37c2dcd6256713cf6be7e33f046dc367ba8606339cac6a8653f2bf9176faedc0a16b639e3a56ebb4a6544ab6977551b26b6d1dbd355c81cbf3d1c46ad97b8574d668c33d3d94a1939b0d72da4c2bf0b8cfb4a7454dc12150ae24d676fb5fc62c09caeaa974c40402872f18a338072b91ba973701bc112c1e1c903819f7337d0d919b2b0c0c6143083ff3793e40170ae37ce69d8b1713aa0ff8f74545b8622c5ac6d9fa7070267b9cc5720c494b3c6aaa9cd63f6c087217f3f1f5dc1ed29589283cc7eeba56f03ba7078aa5a4b146d72cc7c273f3f0f87b731b6f53cb1894b65948273d6903adfb6b305cfb8e191bbb303df8753f144a4e8c60d6d7c2feca365b185fcc96a4ff95ec5a700dc6ff4ca859ff0c68121dfeaa64e8ad0bc06457632dde9705f786b48b34ccecf3c819f3c09133b53251d78ac52c13c455e073dfb57e925a5682f2d2b5203a27bd605b2d7db138090836d4bc2b766cc92a37a2dd83a2c1e29e6fcf49454cd9dfeb55aa25ab54fd745541cfe9420a302332c582582197c8530cf1f9e96dc80f7e8cd83214c812290d92b94f3aa56a7c28fb3e4f99eecc057e9de1aa3853bf7da75281dbe9927f014a3793319b9996d3a539bc7ae484d37cd29271aabb035b52f8b06bc509ef2f92a50ead7ba1b4f706912c2712527f516994fe3c96ddc167980d0ac2268df35715752cc51d9540b36007a1e64f10720b0331a5024c6e9c6579abe56dc4f04e073aa8eeae1aa75f92e8cd83bc8e3f45ff909c33e1122e532e443a063a8e63ca04c568e7b3b4ca70dd336e23a620d6c5525f3d0d595733bbba6ca3e5e38b5af3565215ba2271be8859e2b92c02", 0xffffffffffffff92, 0x9}, {&(0x7f0000001200)="2d9ee88b965d4f082ea465453d29c7153b1b3ad0983f9870625098e54cc061129097ba9de85f7bdac93ad40a8c04e510414d7ab4609ad4e96553b7889f7bec4bd04ef1cd4078ef02476a4052bd80adc3eaa2cb8901e3541e4ee0a2169b4aebf3ab57359e20c5ec4971c4a5753e6bb3d34e82d6da1fec8b12a89e421780cbbeb11b0fbfaaf3eb80d06d3e1c36fb370620164f40edba5edd53c32452e8ba310fe69deb983206266c50ed22baba0fe2429eae7464628d5b55c9b8024d198bcf2962459e564f671d8e723403666b0cc2049024da8da16f9e98051fcf45bd122c02", 0xdf, 0x4}, {&(0x7f0000000100)="2efd3cc1dc06034ad47c21a3a6bf1b904365e3adc2b50cb61eac5e2206abe2c9ef802b4f5fe27ac2dd27fd2c484c7444690f6c86079324d42e", 0x39, 0x1}], 0x5000004, &(0x7f0000000140)=ANY=[@ANYBLOB="73706163655f63616368653d76312c66726101000000000000006c2c7375626a5f757365723d2b73656c66657468316c6f2c00"]) [ 1071.067752][ T8047] active_anon:146644 inactive_anon:861 isolated_anon:0 [ 1071.067752][ T8047] active_file:21605 inactive_file:29645 isolated_file:0 [ 1071.067752][ T8047] unevictable:4096 dirty:262 writeback:0 unstable:0 [ 1071.067752][ T8047] slab_reclaimable:13105 slab_unreclaimable:98222 [ 1071.067752][ T8047] mapped:58973 shmem:453 pagetables:1473 bounce:0 [ 1071.067752][ T8047] free:1217558 free_pcp:836 free_cma:0 [ 1071.169081][ T8047] Node 0 active_anon:584456kB inactive_anon:2644kB active_file:86276kB inactive_file:118580kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235892kB dirty:1044kB writeback:0kB shmem:1112kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 569344kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1071.199475][ T8047] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1071.226601][ T8047] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1071.259230][ T8047] lowmem_reserve[]: 0 2547 2548 2548 [ 1071.267624][ T8047] Node 0 DMA32 free:1079544kB min:36184kB low:45228kB high:54272kB active_anon:584436kB inactive_anon:2644kB active_file:85224kB inactive_file:118496kB unevictable:16384kB writepending:1036kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7872kB pagetables:5744kB bounce:0kB free_pcp:2880kB local_pcp:1448kB free_cma:0kB [ 1071.299614][ T8047] lowmem_reserve[]: 0 0 1 1 [ 1071.304656][ T8047] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1071.344442][ T8047] lowmem_reserve[]: 0 0 0 0 [ 1071.358693][ T8059] netlink: 'syz-executor.5': attribute type 12 has an invalid length. [ 1071.367238][ T8047] Node 1 Normal free:3777448kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB 05:20:47 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfs']) 05:20:48 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa0003, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x820000, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000000000, 0x0, 0x0, 0xa0008000]}, 0x2c) 05:20:48 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202007fffffff10", 0x66, 0x400}], 0x0, 0x0) [ 1071.510675][ T8047] lowmem_reserve[]: 0 0 0 0 [ 1071.598084][ T8047] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1071.713659][ T8047] Node 0 DMA32: 6130*4kB (UME) 3803*8kB (UME) 1643*16kB (UME) 990*32kB (UME) 514*64kB (UME) 80*128kB (UM) 16*256kB (UM) 25*512kB (U) 9*1024kB (UE) 6*2048kB (UME) 214*4096kB (UM) = 1070992kB [ 1071.748040][ T8047] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1071.839399][ T8074] REISERFS warning (device loop2): super-6514 reiserfs_parse_options: unknown quota format specified. [ 1071.840478][ T8047] Node 1 Normal: 0*4kB 5*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777448kB 05:20:48 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1a}) [ 1071.932312][ T8047] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1071.948560][ T8047] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1072.008763][ T8047] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1072.028183][ T8047] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1072.042558][ T8077] EXT4-fs (loop3): Can't mount with encoding and encryption [ 1072.083820][ T8047] 55605 total pagecache pages [ 1072.130633][ T8047] 0 pages in swap cache [ 1072.177034][ T8047] Swap cache stats: add 0, delete 0, find 0/0 [ 1072.245692][ T8047] Free swap = 0kB [ 1072.249489][ T8047] Total swap = 0kB [ 1072.286939][ T8047] 1965979 pages RAM [ 1072.290803][ T8047] 0 pages HighMem/MovableOnly [ 1072.325585][ T8047] 341179 pages reserved [ 1072.329826][ T8047] 0 pages cma reserved 05:20:48 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x400c000000000000, 0x500]}) 05:20:48 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfs']) 05:20:48 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202008cffffff10", 0x66, 0x400}], 0x0, 0x0) 05:20:48 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x1ca45c7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r1, 0x800000c004500a, &(0x7f0000000300)) readv(r1, &(0x7f0000395000)=[{&(0x7f00004d2000)=""/4096, 0x1000}], 0x1) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r1, 0x84, 0x18, &(0x7f0000000140)={0x0, 0x8}, &(0x7f0000000440)=0x8) read$rfkill(r1, &(0x7f0000000080), 0x8) ioctl$DRM_IOCTL_RES_CTX(r0, 0xc0106426, &(0x7f0000000100)={0x2, &(0x7f0000000040)=[{0x0}, {}]}) ioctl$DRM_IOCTL_LOCK(r1, 0x4008642a, &(0x7f0000000140)={r2, 0x18}) r3 = userfaultfd(0x80000) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000313000/0x200000)=nil, 0x200000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:48 executing program 0: mkdir(&(0x7f00000001c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000300)='ramfs\x00', 0x0, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', 0x0, 0x100000, 0x0) mount(0x0, &(0x7f0000000080)='.', 0x0, 0x0, 0x0) mount(&(0x7f0000000000), &(0x7f0000000640)='.', 0x0, 0x23080, 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x80000, 0x0) mount(&(0x7f0000000080), &(0x7f0000187ff8)='.', 0x0, 0x5010, 0x0) mount(&(0x7f0000000080), &(0x7f0000000140)='.', 0x0, 0x5110, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") mount(&(0x7f0000000000), &(0x7f0000000140)='.', 0x0, 0x2003002480, 0x0) 05:20:49 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000240)="11dca50d5e0bcfe47bf070") fcntl$getownex(r0, 0x10, &(0x7f0000000200)) perf_event_open(&(0x7f0000000680)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='clear_refs\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000180)='stat\x00') sendfile(r1, r2, 0x0, 0x1) [ 1072.533689][ T8097] REISERFS warning (device loop2): super-6514 reiserfs_parse_options: unknown quota format specified. [ 1072.670580][ T8109] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1072.702256][ T8109] CPU: 0 PID: 8109 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1072.711327][ T8109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1072.711334][ T8109] Call Trace: [ 1072.711360][ T8109] dump_stack+0x172/0x1f0 [ 1072.711384][ T8109] warn_alloc.cold+0x87/0x17f [ 1072.711405][ T8109] ? zone_watermark_ok_safe+0x260/0x260 [ 1072.711435][ T8109] ? mark_lock+0xc2/0x1220 [ 1072.744802][ T8109] ? __lock_acquire+0x8a0/0x4a00 [ 1072.749768][ T8109] __vmalloc_node_range+0x483/0x7e0 [ 1072.754986][ T8109] ? is_bpf_text_address+0xac/0x170 [ 1072.760220][ T8109] ? kvm_arch_create_memslot+0xc3/0x570 [ 1072.765800][ T8109] __vmalloc_node_flags_caller+0x71/0x90 [ 1072.771466][ T8109] ? kvm_arch_create_memslot+0xc3/0x570 [ 1072.777141][ T8109] kvmalloc_node+0xdc/0x100 [ 1072.781675][ T8109] kvm_arch_create_memslot+0xc3/0x570 [ 1072.787074][ T8109] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1072.793345][ T8109] __kvm_set_memory_region+0x13b5/0x1d00 [ 1072.799018][ T8109] ? gfn_to_hva+0x470/0x470 [ 1072.803559][ T8109] ? lock_downgrade+0x920/0x920 [ 1072.808450][ T8109] kvm_set_memory_region+0x2f/0x50 [ 1072.813688][ T8109] kvm_vm_ioctl+0x729/0x1860 [ 1072.818293][ T8109] ? debug_check_no_obj_freed+0x20a/0x43f [ 1072.824036][ T8109] ? find_held_lock+0x35/0x130 [ 1072.828866][ T8109] ? kvm_unregister_device_ops+0x70/0x70 [ 1072.834526][ T8109] ? lock_downgrade+0x920/0x920 [ 1072.839405][ T8109] ? rwlock_bug.part.0+0x90/0x90 [ 1072.844464][ T8109] ? tomoyo_path_number_perm+0x214/0x520 [ 1072.850125][ T8109] ? find_held_lock+0x35/0x130 [ 1072.855867][ T8109] ? lock_downgrade+0x920/0x920 [ 1072.860844][ T8109] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1072.866270][ T8109] ? tomoyo_path_number_perm+0x459/0x520 [ 1072.871933][ T8109] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1072.878203][ T8109] ? tomoyo_path_number_perm+0x263/0x520 [ 1072.883972][ T8109] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1072.890078][ T8109] ? kvm_unregister_device_ops+0x70/0x70 [ 1072.897144][ T8109] do_vfs_ioctl+0xdb6/0x13e0 [ 1072.901914][ T8109] ? ioctl_preallocate+0x210/0x210 [ 1072.901929][ T8109] ? __fget+0x384/0x560 [ 1072.901949][ T8109] ? ksys_dup3+0x3e0/0x3e0 [ 1072.901967][ T8109] ? nsecs_to_jiffies+0x30/0x30 [ 1072.901987][ T8109] ? tomoyo_file_ioctl+0x23/0x30 [ 1072.902010][ T8109] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1072.915669][ T8109] ? security_file_ioctl+0x8d/0xc0 [ 1072.915690][ T8109] ksys_ioctl+0xab/0xd0 [ 1072.915708][ T8109] __x64_sys_ioctl+0x73/0xb0 [ 1072.915725][ T8109] do_syscall_64+0xfa/0x760 [ 1072.915752][ T8109] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1072.958180][ T8109] RIP: 0033:0x4598e9 05:20:49 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000600)='\x00\x00U\x00\xa3\x9f&0?\x8f\\\x01\x00\x00\x00\x00\xbf\x06\x8a\xa9\xcb3\xe1uf\xdc\x1a\x0e\b\x7f\xc7\x05$\xfdm\xd3y\xa0\xef\xe1\xb6\xe8\xb7 \xc2\x1bnY1\xb3\x8b9\xfb*y\xbe\x0f2\x13 U\xdc\x12\xbf\v/T\xfb%\t\xc9c\x9e\x9e\xe4?\xb1\xab\"\xc8\x15:&h\tZ[\x87\xd7\xaf\xaf6\xdf\xbd#\\\x14i\x1a\xfc\xbbA~\xf1\xe7\xb5\x87y\x1a\xda\xe5f\xd0\f\xd5x;\x00\x90\xcb\x8a\xe6\xdeJ\r\t\x9b\a\xae\xac+\xbc\xd6\xe5\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00j,`\x8a\xf3\x85\n\x1d\xecVJ\\t\xe5;\x84\xd2\x036\f\x84]V\x9ew[\xbfb\xbe,\xa0\xb6\x82\x9b_=\x00\x00\x00\x00\x00\x00\x7f\xff\xc7J\xde\xbe\n\b9\xb2\x9b\t0\x17_7Q\xf6\xa9\xf3\xcd\x14\xab\'\x1e.\'>\x05\xcd,\x01w\xda\x94O\xe1\xe0t\xe0;\x9e\xe3\x9f\xe7\xc8\x81d\x19/5\x9b\x80\x9ei\xa3\x83\x85\xb6|\xe6S\xc1\'t\xb3\xdd\x1b\xa3m\xa3=\x1a:\xb6\xdf\xbd\x00X\xbf\xf7[,\xdd\x1dxa\x04\xcaD0\x00}|p\f\xc2kL\x18\xc9\xf5%\xe6\xc46\x1c\xb0>\xb5\x98\x01+N\xb4\x99b\x10\xa2\x12\xea\xf6[F3\xf5\xda\xcf\x8e\x84~\xe4E\xec\x84I\x85`!~\xa1\x0e\x8d\xbd\xcc\xd7\x9f\xe2\xb8s\xd8\xfa\x01_)\xc6\x7f\f\xc7L3\xd8\x03\xe1\\\x87\x05\x00\x00;!]\xff\xc1\x1f\xb4\xde\xfb=\xdf\x1b%\xd8\xd7\f\xa4\xed<\xeb\x1a\xa3\xd7\x89\x88BE\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf4\x18\nSZ\x1f\x06\x88\x9fHGo\xfe\x8c\x93\n\x9f\x9e/\x86\xe5zS\xbe\xea\xf3\x00C\x910To\xeegtEW\xab26\x11s,\x01\x10\xc7\xf65K\'\xf1b7\xffz\x17iA\x14\x97\xa5\xdb\x9c\xaeL*\x94n\v%\xcc\xb1v\x90\xc0\xb6\'\x91q9\x1c?$|\x8bch\xed\x87\xc3\xd57\a{\xb4\x00\x00\x00') ioctl$int_out(r0, 0x5460, &(0x7f0000001900)) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000100)={0x0, 0x6, 0x81, 0x8, 0x9, 0x6}, &(0x7f0000000140)=0x14) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r0, 0x84, 0x1b, &(0x7f0000000380)={0x0, 0x7e, "76d00d25c389ed5cf5cd4ba38ce4dd9ee202b980dd8158a1ba3cb9b0e670861c9ed20a90e976ada897b6e2df4d286aa29e4c12a6f692e0b5358c6a77f2db3c6719c0de45bb13236343bbf928bc04035c7174f7f2151c55dcb6249ad90b93fab8aaa7aa3e11d4bd420de3c816814d07d96b48dfbf0110dfec41f9a0cf42a7"}, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000240)='/dev/loop#\x00', 0x0, 0x100082) r2 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) socket$inet_udp(0x2, 0x2, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000500)='/gro<#\xfbW\xe6\xc6\x0f\x1fKE\xb7M\x99\x9a\x9a\x8c,\xe1[&\xe5\x18\xa4\xcb:\x9c\xd1-\xce\xa4@\xd8\x99\xc2,e+:G\x1bJ}\xb7\xf3\xfe\xf6\xe0.+\xe3\x89\xde\x139E\xa3\x85\xbd\x81\xe9\xbd\xee\xee\x03\x00\x00\x00\x00\x00\x00\x00[T\aE\xdfK\x1d\xeeH;\x15v$\xc5\xbcq\x9a\t\x9ej5\t\x00\x00\x009\x8c4', 0x2761, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) fsetxattr$system_posix_acl(r3, &(0x7f0000000240)='system.posix_acl_access\x00', &(0x7f0000000680)={{}, {}, [{}], {}, [{}, {}]}, 0x3c, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) sendmsg(r0, &(0x7f00000008c0)={&(0x7f0000000440)=@pppol2tpv3in6={0x18, 0x1, {0x0, r4, 0x1, 0x4, 0x0, 0x2, {0xa, 0x4e21, 0x101, @mcast2, 0x2b9}}}, 0x80, &(0x7f00000004c0)=[{0x0}], 0x1, &(0x7f0000001a00)=[{0x1010, 0x101, 0x3f05, "f6fc2319f2f9e44d5b260756015dadeee5023c5fc1eb0d69765fa619d654bf300129d1d7a90873a7a8dae162ee60662f52fd244d59f8c02f776cf2f16fb1cc8ab88c582eb598eb5c55a3085f108566a66daf310b00d390a055e2c5a2f943b1feb34151a20da90f2195dc1f64d7266ff2d00ee87b8e36558ce542278abe2cd2631aee14e49e8da5d05fd1be7c4b62914b1b9bbad7c6d675119a2a0ae895312e18d304804f8dd486b163ef90d9553ed65b36f0731b22f663288e69964eea3769b417a9532d58696a2a8812cfdff6e8089ce2281b75a2dc540739f733d39f6bfe18d8e57981174577c77fa3c86718af74c4ff7ac0b897c5a7db12f5c83d5d9041f41dea97a3731c4b43885f1de4dd672e0bf05406dc849b28d2d998a38cab38ab1637c2040db81043849debd43db19aa8ba77a20af074882e6dc6b55f796a79ca119000bbac43af59499999db5f98145bf223370e1c59843d9c5978a9fe63d84787858db29feb22a3b5ef9accd7012dcd19c18c725bbc9799b34f870c7c2efc7fbf0106079c9fd6e58d7f2fd336ca512cbd00f60385ca08bbd3b3872f6d2d43f261033f9c5c6ec4fe6231a6d9a8a132ccd5a1f74541fe1687707afb37d8455b5790846f8510e16bb50f273772a9371ec9e9e37b77619e6c19762f2af85cb55d1b67cd615655265cc86d3084b74bafeaff1880b9407d50392de652dab7d296845085f35da44eb05d8c6c219f73a498727c47c5b74e83281a92763d429640ba1183ebe155240058109d8620cf10fe9920edf01578019fe80b2101bfa02700e87d5fdbfff4b83e0183a5d3a40821c69760b6ebd7489d41c295de5f00975f6c55dc2352ef475001163dd198c260cfab5c10c62c89c2ec738bf98c191496b3a32bc05ecf4392641c632f3e418d31eafbdc952cd1bd2654619460055cf9712043e896dbe54a5824b91db6641176bce740f294e96010344a9d2ffe645345f748d2eb52318016f29953eb0e381c4c995f0efeb44e289f6ceb144637f89a524ec130d50a82e4d7f85f15ee443c7947eda743be47a8360288381c2b9c6d63973b6d4c7cde03d21d0109cd52d7ea90d6e3b40d116ddf86766779c64514851ad5b7ed5edb012794f019e4a6ed92441a890c218c28c2ad6613fccac7dcad17d77d53a2b0699739c6d68ef919e560d2a1a587073faf5c415f56bfac5004a85fb7c96d467f57d954d3d56fec105e0dd867bf1d7c3dd383e713a6f524d59c3f0fab3166ed7ae30727fdef8ed0a583ce7e2a04e9d3653ed37ad6714e82d8a5919c04f7edaa5475a7a6bcd179d29710eda99ff6d5d0b8574389ff1c58757e3d5a53be8a20ba4a18391c6fedc3d436bfd2b353ee12ce4a00b96cf20c894e55ea84c188a459158e0b7d74502fa6088aea2cc477c926858c8202c882dadb7d2a1daa18f000775ad587b1a9ac759fe4a6e02afe9f0970e30e7e49b3a4c9624207e4d947658b0dbcf96868fd63f6fb775a32fa23ad514861257da5ea0b0f687a8312060873458169d7e943297bc76952f123a51a485b349f529b69afb97f160b49521247257b5d599ec3ffe235bcfb0e5dad911580573d11def1d320198a23f2142af08415a9555d364e566ec869cbf67ce539c5307b4264869bd1f83c75f12eb8b0a4d03dca2be9bbe29eaf7aca2a8c835c4a65410d19b342b52b927d046eba942cee4caa37554126957b9679476c598cbb0ef3161f59cb175bde66a631d9365f2f4cecc7e9a1b6fa0a5f88af8470a6b18528c64fb98f55f223374f327683079ceaf088bee8e9696d235ee712dbff949ae182bb8eace7b74c6a7111bae0c03c14a4447e44965243cf61afcaca9763b52e161df694feeb1cbaadb7919dd0e110bd912a9476fb1379362fff8ac2036f7d68c84f7f4f61ecc5281e927a2c03ff867e8d9108b183c8811c309e3ccdbb88e45e203da21d092f6a6a0ba286589c35c2547133abeb38449ceddf186810336fcadfa76f0a0d22cae286f9fcbc81c53492d32afc1043831df2ce1ed598cecb6f0a1318834676c5d16a991824fd063a777b902cbb022eaf53990a1b09fe68ecf17f19a105550cc7b39314aa7c8e3d6f6c41f5cbcbba247c0cd4af1f82dc5634017eb92ead76f1b0bd07f4ce8535fafd06494b43212dbe3c64e4ca99caf321ab481a188a948f7f93b9a2c0b1ad5e036b517dd1f4344045af6632d08686e1fe7db5f7fce758986c56649c4488cda2d653e5b9a0b2d7a69aed147a27382207c043d86cfae956a15e9c80a0fb39f782659d81999b13e03f80c6bbc24cd9c73ef0cbe8a666a88c30122266d70065e442062ffe90c93768a22e2bc529d3d309057c54148ff44e94e0fd3399691a92c9237778adf3dce6b0e3508e8ba2cbca237784eb1826b67944446c7823708d37ce8e18e5d7b85c2560a9c1d41f702e99fb5ab90149d42822413c596bc0318ade3b22898bdf05aa09251bfe6125eae26b1845f80965e8262f91fb3566e0936f8017bf514762ba2f5effeb401c9a79ea927dff00258a8aa595a8633ad8efa699f52b47f89066dd4706d73fc7d5d4df373b4726a670c4de39e0e84a609f7a7e8dafed2d13d8b3142748d31f820e0c5fa7a3117d2647fa973ec878275f2a42069e5e88547d444b7557ea72148a4806eec45a200a5e64321b7b1dcf6feb677e082cbeeb821fb007fc4bab26d0c665663639b02faeda69e52ca6e62dfca11a4880d68a64a6d55d65d2211ee30bdc11acd0991a1d8b27e7f616bb2c65ff443d54b3c15e444f7a847196b34782f6c835f93fa12c739b49a0c935d999c87db3f13e8a7cd01f53f7efc39d455ccd2c749d08ad11a3464c55f856bead1a14333dc944ace3de289a0b2c9c38132340d47f5359aeb14518e68ac05176d3b3a475b0128733910f90843a78a01bb76197d7128e71fac1a2f49434e90f7f7e4d5ce3067a68e989b3ca859512b1baaa049a0cc66c732a9d108b436215566c43d4bfc5d04016012d2dd90b7a2d9045da60f63763c30e0d9f6852a9ffc65f64ffec7af2a843eac69f71b82475b0e20310b05e151e52994e8eb39fe9ffd4a803e4a34493272b01aabf06520602bf2286de7e8cc8e9b5946fb9f89125eaaeca5fbc77bf41a85cb2a809909c8229a88191299c6be5c600ffa08c899d341a622ad83e407794192f0dfaa5856f79cb4831926d423bf7a9791a125d85d69ba80b7fb7ebda3ccb600d072240dac7bec503eb33a45dfd64c2c96c0f760656ac86235252b25868ac4da2c3e7e580d330cb6179ad9b335c6649d083b6cc8c694a85834cc93df89ef043d3c0fcd8fcc57d2014efba89a4685b452c644a55a2f9c28efbfbd8e93b00cf73a700e3aab4cfdc8bc4cf86cb42c0ffe16ab90094ab2dd93005b836da83c4310f536aa702cbb04a3966a3a76ad62b41c77d232102e6985e943a8e1be4f9fabeb499d027fe7ce0b2c2b2e9cf4cb8c2c6a2348aa94ed084784dfc56614e57a5ecf32cbb32ce414d0f6a3624214a2f8b498aae4a7602299bfbe65bc4fcaff80b564d45082b5f770bbce5225f758365113df97f6546aad53449e3b174d8799b3edc11f1faf19cc22cacf90ddea0d5cfe618dd0ddda03c5d66efa5bb19a75f0a5d41a1167c2d6ebb55d130f7b90699344e30e246e26413591b1dd19597534764b10f58885aff86ece06139492092250b25138e4b80d1a01e481b7576d29cd49dd8a62589d847297d3d04ef2a340efc29108022cd55b228c39b5a9ddd3ba33970b87112699e4a0f242f6751d1206f98725ad6bf804d2b4af75fe53449e622f4c7ba31bc2f67add5cd6b2e7046f438207e05c12b28c36d3789bf42c7191f2da40b7d9306b835b7d627dcffa6de4231c1458f08b001395b9b20eb4dd5c99a240dc521348d7475e9e8bb4e10acc85fd5ac0e0d2aa8e79497dffe610a918e264318c7f93868fb2a254dfcdb37080637525605632892a661b3ea2ee8175bc36d9a1795118e758fb6e731d9df9098264d4344caf02342a0b709b60bf070345bd0f84610c86860ef4087ea82d2e66503270495835b5a88739ab7855d87896cb8000c6d62d68620966dc1ac67dc0d1e61a977f9d1029a6f91994f4e802ac427417ce66664d65d23e6b43b32fcf467bc168ad7d696d60141951f6ad7796eb4ea9e9a5d6836639eaa7f7d26270f747ff923036fc75c22ff5e207abc50cf90fa296b1ede74204e79682b0c6e2206664b07979fea6f640b5ffec0b8c96303010c045e151db485769e5c1aa93c274c6b25b3797005fb3806e8b1b09677d0801ae24a3ae443cea7cdc2c3790e9213c0b124bc7b5d72fbdb8e9c6cf3a478f5d17529345f6786aafbf256544ed92ff5373d524d7fe5b7c9a3df9b3cc006b810ccd4c6eb5d23fd3b50213e694bcc1681c1c8d69294d0535e574ec2e7c535eb5c1fcbb597dadba19fd35f6c4c8264377ab20a81974a59d6db537ab393fe37aa1e125782c9380909825613a4b1ebbe070ba4515bbbe148161ab595b9a4054bc8944d1ac6fc536ad23b88a52f899b95a656b8daa7fd0a31c0688d49f2ea2b511d44702be9f6ccc0d70d9f0248883768a43a8dd37f245e7a1a0884a07146bedd3531be610328423ad85a27d61ec89c0bc8ed926a53dd24cead8f0f5c351fa945f33387319f6e9a9b64ccb56ac217195d6c453caf8a283f7304c1d468f8eb86e6451bd303793ddca8017e796f9554a2ab7ba0d1d01b08769029cb3904a2588ea97450e184131be7a4f37dead86c0fb1aaee745fdd808f4a33cf0b497aca25fde2ac15e3cc5964b8d8e81b5790b7bd12eb83e73856d4bbcf2d32a703fcf212ad364f6562c9654504e5706cece1f04349e56983fea2efa8167b4dd4737a554568f57513fc1486b68bd98e27e31df5a8e58d364a673480ca2357ff5597e22ea224531b04de414760fe179e223f136a8957ecfd85217d494ba044baa80f3a71d92286b7246552fbc1a144e07fdfe2c457fbfa103126251d1ab319116e312917b4e807e2415c4755f2788136e4f3ae06b59ccf6d03a8072ac3710962c1efb4c8e392d5ae3bd536d9f6471ee725104ed124f7f5094c811f0a10dcc7176689d86d550d6c0e7fa1ded47a1d9344ae41d860bd02cbd1c0bb06388c8ced9f2b83d28a1ca6297a6f8e4127bb738d0176d90c3e43348ff66cc60789d4c22bd3c4aaf3fdaa628ae1545c628a332255d72d995a5140ebdc2c86a3b516e52abcae144b881db04902f63558c48e4ccb14b79df5b1e3a0117f7637dbd2a71a86df37e675a505bbded0ea55161ccc5aa5c5f7d3b5032eb1065bcdcd0e5fd992b9d5f3f19df3a769c0010a10dca3478154a9c611bbb3eb5d9829925b76c00ddc09b75f95159886c9a2c38f5d4ced2170848555991460b3b3498f5d9b1b0445602339eac32ee5983206b914dd2e92fdf784481702c3373d004b360f3b0e545a377062276bc6819590022c26c7ad85474d4bb5223f3da8a10960d55aa1e9f4bcf949cb23540b77f70a02f5ff58f25b74d228f1b9549646eaa37a126eb71e196a672e784fd6dfd2f7c5297aaaca6f4044657cc4aa4d333f489f55de2ab325786a00c34b2011323cb2e0ea602d0d0bb7d0fe891d3998ecb798cf5a38765613d954d97f9b200118bfd6e183be945a03353760f26ffb8f762c6317a661b722abead89b87d76cfacfa716dbe856c1309674a5de772a41dfd28e36f14f298509b2cb4b5efda17d398c11f853520e3d8e6ffc7799b597de42b20a416b57d90ef692cdb745c884daec7c4302d70764933cdd626444"}, {0x1010, 0x101, 0x5, "3e355b78dd9d3b3ef1273c35115f86025a758e0915fc7c51e1064d8ad8908b125e4deccaa0fa675c245368555c89104317b6e93fe6347a7fb01702122d93da70f9a75f1d1ee5dc8bb2a9095f297d78284d44edf70fb285169d5f24b1f7efba33c62cea7a51212c942a3425a095560b635dcc91faf3889408fa62e992f9b4abbb21e81344445deb2949bd6b76d43ef8d5a704983b94c7668112f90d56020a707a2a5b618d09f98cc634a58373d6c6a187b61485351efbf15f05055421e702b814dd65e5ad5ad09b253f8c68f03f80f3465fddcd41181772b43f72eb70b10ad2c94518611717fd79ed7d54e8b7c61f3c412e24135f285d0abf578ff0abf50933d532a29cb6f41e196ab3fa1c7f022ff128131ad9a2fa31470250adda2792a989195ed0359ce51fb3dbe6f79ed4537b541a70aa3b0d3b2480bdf639b41c08a6196ede32ba2e9f096e6443defd9a44344def4d28395c14a22ef38d75e1475f75b388645c99482f8014ac8163e0ba42f91be1fa74b131c79cd64ed468dcc6aaf62b650547c04df33c53b85d06d9e19dfcaaaa13134488166d4ea57ee00356194e50678dc61d02a2c340b658f2cb051b2c841b459a9ba6f286bd361367e4cb132ca4cc3adb8cef36e147117037420701d263e522e81db6abe3edd4be2b4300c09ab86a9c73b6221a98b292b55732c15135c96724494d9877096d747cf4814cce6d81f464d90fecfbaf3576b927370786dd60f505c81641946c495a4a8688537052597731c6e62400f7d3c43cdcbed37ae5b7c6a7cecdac359bb6921e9902df40aa5462110378f25303a95aa9727cb7f4100bacaabc951f7316cbca8e1a786c8a62378c25a9a016fa4fe11f1ac9aaf2a6e6780efdf266ae44abd2f6b3cfedb94acd0c7a2ee73f512c2ff9faa23dbd3950bb39431cee86a7826dbb03cf5f180775786ca4527230626ef3f8004f873f2dd392779eac7abd2db528d9dd167da3c3f4d65f4b472f14ecc71f1be86a39087a211e900198ccd58077caea41735aca3bbbac8d84ce362c6113970d37922aa2173eb96f606e34ae4be9811ac48cc3ae34ccc1aff3c285d6579103d0a119ff67571370f53708e90f2de7ec0f3a7c0e491f0a3ff23d5beb7570112f9188e7b276c7d36398b954ff08ff3c73ab1337274c70de4daffddf08e5e4aaaf8834e70751c8ff7cec83862562a0505dc301ea9a1d71c127e53d4e46728a3d8c817ec4aa997b9b7c8b4ba7fe4c9b48415131ccf5f03d9c30ffd6df338e4bcdf887b8ed52a341359ee87d256af57b76acecf0335659c6df6a2a1875d61c25b1f0d2fee2ccfa5c3bc267bacc8bcf45059ce7857630ce9ea2861bdcfa45c3ecaecad55b41f737e6bc10b75ac0f960db899d6eef504600b3704d849548591ac8bccb8247484d3b68386657a09812be43ce613d8b179680bc668e20fc268c37500e2a3872b657c8ca6151dcf48d5e2bc9de4e3ae409fecb7a84b73d301395d9450f2efd8072be154af16d25152578a12154ff0450b42ab237618ccd342c0b212297ee05616a69e89ea5a7b5d3462ca15dee1823042868531f368070505c96115d5085d47d2821a1a44f211deb05658807f687e7cb044cfd09cdf5f3bd128e234c921c058e0e8bc96b2353f6a7a4ace0c4e7848ba652ef32e4ec8901fa809d5c487e1f079662b00e4dd6eb16d5d50bf68f3c7cba60195a3885bf734f8c636da2c995e7bc024f212275851b9518ce60f4089880c0882a2eb082b4c98ae642004b8d0b8398102c0d7f516eaa90a083cf009d3677cf51a76054b0e0a40aaa13c9752c37c7628c1356c3534ede2dcd77e4baec79e7074eef5a1bbda0c19d2423a14bf3e8f936a41d1178ec9914b9d6fde815500ff97071da3dfad1f77ef2f44b52d9b5b86136977a5742f1f0d1ed3c69da560ba4b2b39124199eb560549b78591d843261bfb93d0490c067902bb778396cc3f9495fc0508b7240abe4425e78d67bd59937880fce7e7b14d16d65ae48bd1b8d5fc03e2f3db55bfba8b9d251d6af8a918a736fb972ada3b83160d80d881fe23dada54220f1308022cf75bb28651c4795341cbdfb7f0bb2d6d4014bbff68baf09eb0ae71988f83f5ebea584f1744c5dacc1001f39aedace6fe6219d46af50377bc23af773cc6786d35fbb99c306779ff4b28d0976b21ea1bd9073475fd735e20e7bc91e4cd8bce1f566da6aba27123bd168b74e4248452740d7cd571b5d1e847dd49157e987ea1ec4e83a1ea9022f17b1d11c9241b8bf16a532374f1f8a060a95a817f5ed4e2dfb13a98011ce13c9a02b6436dc2469e9ede3ff073c4928d685e662819ba3c23bcf0b441ece5cca0d12b1d22847df320fa1bc3219095783f0789c2a983cd8c4f931b2755d3b9adb53df3d254ec5a09aa69ef9a14f6ea6980251e780a39774e2da01c3eeb2d128691e31408d3279bf4913d12471f092a72ecba44f8bbb048900cb08bca3c9f508d184aefc9b0710752814c1ab82129c2b96212c2293468cc58b9e0db25b6f2297c64cad7ffae2418ed57c76d3a94ad26e98126d2f302f48698f0d56267d03c2d4c244d8aca36385219cf9df577a816f838987064369e878d66d77f6a9f5a0583e5d5e69128957296815946a6f3393cbbf2cd130b4e749ebe4e81914c685d742f933547c36cd6f798100a5f04f6288adde46f8838da44c3d2a14c404ab83c0a4616cca2178cf5bb83fc1d4b4bca558d8a459b32363c1cc98b8ba6f0972b3b10bfda2d6ca2e558ccfd3531b3c22a2464a7704b5a9ebe1d70157c4b344535af6ebe7ffb58784493f5dd578739b68541a6a4962d6e12a8aedf2ca4bbb547d09b44e0b7da9a13d8713cbd3087bdfda2a09783dc6ed120ebcda364d2a83106a65546372db21b2b7960300fe732e563e13347daab7a98a5a253c0233be569f45496572378ae0a7a14cee2ac77442e32a28c8c2b85f724ec3b78b7c0e19db579dfcff72e4cfe734c843892226b13ce7dccb92e7078f95d92c4c81cbf6cf9c68ca2acc56d237ccc6e342f0bf9e028ad7a43acd36192e1663f8ffebbc513ee29b562acc42d4f081c9eb44f28e86703c05dc78dbdb027ff148f60926443f2adf989df6c402dbd47065f480530d5178d0153ba902d09604ad6c73454a791d014f2fe6a2b3155e40a4e10d21befc6b41b296435a963f13bd859ce905e4e21f10477edf87227634577587b452d1cd25d9ec788697120bd2fcf646cbd6c3ec8fcd392e553765a45391a52a375c827ad1f4c87db1b9d4fbfc752c08325a2e77e2d975f245f0e45de7c8e8ea188c9efb4c47907b1136db0ca1032e2f335d51772a937dff86f41ed1943d0e6fe9cac800a522db87dab0992a0905fc09c70ed04fadc5bfef434ced29ad543c14d30e8e0fa07346701114fc3aeee4a5fcf7128b5a4fab59b154a7fca2f95e06c2075b850c584a1d3915d7994fcc5cf6c432d4bdc9fcfd66e6fa7dd11a3960e903d14e338e5ad3954fcc30c1832fad05254d3d6c37f56b8c979a13ecfb03ea80e339e3becc79c3f19e916e50915b56c432855a5ee8112f465d1a03fef8acdedffd6c45bd24a4f4c503243860c7d0e87ad94880eb8a8795e25e2b37a210aea8c6249b57a69740ab0a5cd09c82dda8093a900c0f5dda3f84381bd7a8a5bbfab1fcb05271b703f05574dd465f5a2ebfbdaa1374057f6847089b0e84c584e78a4aa46cb647282480a5735729906c5c97814f1c2cc401162a283245ec2e140c062ab7b49fcb0fcfc2dc1bfd0277c998e057df97391010c1cdf7128bb9778734c5ce8c4649e53c53cf918e83da1c6ab4026cacca7a92d8932634a2bb36154a7e1fb391be08bcf7e37b38e543b18c64d9a9cf39154f52192a5ef63c5f79988694bafc74e8673efd0a39804230d16849052a194e79e3249f0f0b5b5e48c85eb12581dc1faf7777e8e5584d3422d6f6df01779e27d507938afd4f838c62fae83b3c9b414d6f599b8e3d0258aa1e082e0839145b153a69e6d1c4988fdaf0fe84b1e01e4dea48b1ca0bc81cf11b7c766ee8b9787f4ee6b63654d71437d4546568d68f8635445e6645d2a541338022a596d057e380906f437a34b8f1b9d3c88f8f34c0ed3cac8678af3ed20af2a6e4ffc12910813233ea0ece42f1a838cf61eee7d4b061c941f723d80c5d085e7223c195842838f4febfa49a5d66e64d901578f8edfef210db969542927db501bc7c6bcf3f54831bbd59cdd80ba4a83a2728909eb6122ee5e30d23dd62ba9da4664e7476d375785ff86bfaf2984cb5923197d8ce0a436331dc55d46831f85a2895742062ae7d8278a052843441e5e3bf332ea0a710196161a1f9233b22e4d1e4d25892bc6b6ae9a0669bacc6d384a98ef04431f42a0c24953f4e1d28b24b878a2d6c5f4f160c37e27f6fa210b31cf8624f358075669597587dba2b745bf9cbd93bf88cc52fa678000e8cdf51d0593a2491ac5947a67f00aaa52bc7e9117463fc15a464116cdcc927ccb995d6897d57430e7e8da47c24c27ee3855cc6d132471d1515c14915946d0bdcb6fca3415365a36cf6e8467c0e73dc60b507ccbfdd0c5aa4baa5e4548580412c085a9659bca6e847a9ab80db467f3bcf5d24dca7ce81c4382a9f5936976a0d7c1d1d349f2fb1af3020c5fbab984404a64250364668dd44160bb443830caf10fb57e7acfc582dfce3cb896be0ce311336a80e7b18bc1ec803e4bb0580bae89a76f14c3c6581db0d444cf1195026665d89ced9aad00d04ecbfc1ad7bf95525720e2373bd37bea7e5d2f6ca107498e85792f7e78bf50c6a2c85252b5f76de33bf2d854eb571aa7d583b36e0c801cbe7c67068286d8fd2b2e4439adb6281bbdb15e40f1299aea9033eec142915f28b29b4707e84a19ea56f72bf85ec755df5a410649abcb19ee56a1b727b7e97d99bc9b26a42fcce488386e6c5118db99e5f8f034ca42f3b85b197e0223349d9a441c12cc7a5b7996963af4ccd466ad5905d79b225de2b66cd500650252611740a9760ac04a0f52991a78d23d3f2b54923e38c43c44bddae9d2cb56e598e04a142751d8ba6919a792ab259e9794f9ac9bf64e9ee6c03801a20c1f646f193827217aea0cca899cfaef60226425bb8c3c48fc8865fc883c072f6869f3683978fb7be5d8602c7e28ca5b692e63c59f359798ef61089a9172b2870d9cc9d5b25cc3c79d740d5b851c0709a438f50b1cef24c32eb6c4e611c2efcf13860a229748e056ea5501a640237c5e4353431aa4b633f222a6da924138e37bd9608bea83ffa530af54d22cb900e18aa6abfa613ff41ae3e529cd73f4a94cc2882a717921f5934399e09352f148e41afe8adac858745b6b66e698ee65d7b4117c1a6beca5aebe6fa53db5c3882a5fc99156d1c66e670270878a33d620144377cf74bf91abc38315896c0edf8cc179c8baa875928fe735826c2b649930028f336d09aa19224cf760f3f9fb94c90e028e8a2852f7090edb90982bc1ce9c5ce6edda8b2566221b36f5dd3cd2da219ba06dad3cab64137da13c46e6d8259ae8f88fde38fc907e25e3a47bf094732b89244e58ea2cf81172b4df66272b6c6048e25f17650d39ca2e842739949f51c3bc6fe09f6241f64d6f0885a94175e3dd7c06e838b1b0627745cd8d70b8100a10c9e844427c38de4d49f71323db47ba719467fc227c2fbdcf4c7427926180c3f68b7249edb67eab16d81daef14b4ed4441ad3cebb3269ac1ae9d3842e022da0c6afe1ae686336644b7d049dc9e6440f6f53344e20430e097e47e4ac3d12a0e"}, {0xf8, 0x10b, 0x6f24, "9a0c9127079d4e238baa8d72d71899e8ef7def4b9a9156e61c68e8fcfa60d488f1c59877f7ae78eff3ab558205f7516a2ec0bddfee60166bcb8649176bd753ea1691787fc758338f42234545d91c88e1fa1313f328b93a57cd0818a2ab1e9e31ae764bb3d2b305dcd59363048942fc962e1a5096b2852817b8ac8b6067770bf9f91279ddadbd84a92ca8b7f48eafe5e196df41ca7c760169c775f980eeeacee7952a17cd350f5e10c51eb3b010194972126dcc688ae0c3527774c9ce41f92ee5757a296e64a95cff7d905f4073ef7f402e18f07b0692721fe4d1e525edc062af8947ed9ba2bcb1ee"}, {0x18, 0x10c, 0xc7, "0dddaea2aa"}, {0x40, 0x29, 0xff, "f910621a703164dcaf75991dca212069b785fbd01031d3298d860376d5da6a8cb153fda5e7c3d3e3f4b3b0"}, {0x20, 0x0, 0xe50b, "6ff5a890c202166b586265e642"}, {0xd0, 0x104, 0x92b, "e96b22b99e00df3e2a8e143be75e8ad5f85f2de819bb5d3eeafb062bdbbb558a0b452450be92c5b8b318e01e05902ddb6e1bcd3fcfc54ad8269b2b33e487914f606edf9207521d5364f08dd1527a5a9033cf5858ba35aad82ec7e3aa111a9e00e04736defe077bbb29d9715b8e7b5613251317b111b49377db91b5f06c6d9f811fe1674fc8ce83979f6cf0b0ea8a1e8d250b4542fdc5cbe3b02b538c20e6e4747c29af45b03d18f3a569491885d004719d8639a61b0ce4b56ce9d1"}], 0x2260}, 0x20000000) pwritev(r2, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) sendfile(r1, r1, 0x0, 0x40fdf) [ 1072.962357][ T8109] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1072.982587][ T8109] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1072.982601][ T8109] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1072.982608][ T8109] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1072.982615][ T8109] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1072.982623][ T8109] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1072.982630][ T8109] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1073.031053][ T8109] Mem-Info: [ 1073.036359][ T8109] active_anon:147130 inactive_anon:659 isolated_anon:0 [ 1073.036359][ T8109] active_file:21605 inactive_file:29669 isolated_file:0 [ 1073.036359][ T8109] unevictable:4096 dirty:289 writeback:0 unstable:0 [ 1073.036359][ T8109] slab_reclaimable:13089 slab_unreclaimable:98947 [ 1073.036359][ T8109] mapped:58948 shmem:253 pagetables:1489 bounce:0 [ 1073.036359][ T8109] free:1216854 free_pcp:492 free_cma:0 [ 1073.079090][ T8109] Node 0 active_anon:588520kB inactive_anon:2636kB active_file:86276kB inactive_file:118676kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235892kB dirty:1152kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 565248kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1073.081849][ T8100] EXT4-fs (loop3): Can't mount with encoding and encryption 05:20:49 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsol']) [ 1073.109681][ T8109] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1073.145614][ T8109] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1073.174911][ T8109] lowmem_reserve[]: 0 2547 2548 2548 [ 1073.182825][ T8109] Node 0 DMA32 free:1075588kB min:36184kB low:45228kB high:54272kB active_anon:586444kB inactive_anon:2736kB active_file:85224kB inactive_file:118792kB unevictable:16384kB writepending:1144kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7936kB pagetables:5956kB bounce:0kB free_pcp:1600kB local_pcp:372kB free_cma:0kB [ 1073.216621][ T8109] lowmem_reserve[]: 0 0 1 1 05:20:49 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_VAPIC_ADDR(r2, 0x4008ae93, &(0x7f0000000000)=0x2) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000780)={"54abec7338595f275a2292c45ff078f1cbbf04241d1c3421ec9bf61b2221bc18246e74f0001e36735c2ad340bf94ad2a35cfc5d0953a3b2bfd41e2e051c6765447395415a9b05dffbe957e300168dc46f8377130fd28e50a805a6005ab6167da65430e3fcc214d7893c6d91026b5f5192f346a367dbc8ae5df0fd099b4e7a6dadd7f555b203f504eda86e0e8d8c5f319604db5a686750d03bf3a67210063e9a17ca0a1ccd80a7d57cb034b828b784b14c9e5dd70ca358c6819c3df7f4443dced6d9a56bb54eac6538cc61c5e9ef3bda9feeb62cbe4f0e1d1c7f6cbbcada85dbb247b0551773f0734e6f4733db49c22e497557c2f74bfa0e4af9b6228643f180d9f9e1e2bcdf0c35a5b8c388e728b574a066e190800db7b42573f534b8f60e8f756dc4d8dec7ad58b0474fc002851b265cc72099d43115828ac723e73009150fcf7196b4133e2988d4b0fc459e57293afef8837fa0d5d24b984a95cb4bdc48fc9c6e73ebee6b1a3239b2c0eef7c751ccb9f2dcdc3c69173db48df6b5d6e59e6465283de675a8d053e7f3abf86f43006a5a0c6225a589c12583e767b9d817f17bf690444a18e6f8a35b2cb4b60c191efbb16393560b568ee6c82bed918aa4a34b575ac9966b395aafa7fc3b7f467b484eb7d2617e0a240e8acbc2a7e02b650f7d1be52f462be20faa32dd88eb041e2c46b24ed7ab79c10f05296f5461f4ebda25dd7b9908da4be62b0871b169016fab8aae31c7ba45e5b30b7556a062999f43d2dbb9995d2d5de72ffe885bf6bce45caa470933c0906807da75cd38533d8f16d875452c543b259e78215011d2be638eab023513cfe0693d3107e17cfc87e038fc7d1db232d15307fe1d2a818d0a4bde2c53d221111ffa646514dd1fbd3c011b058f79c6fb0a31857ea309018bf72180a434611195c975cf5e285777231b6f158ecaf212183600379fe9762277c13cb6cde9cc0178b883fd1f210180e599f8eb33d33a9ff0f70db1de485b2f2434f2707bf9a54bb6aff687c515c430d5087f4d53a57adf7c97a06dcc61d7733a93dc505d57d8d5c83bf83e345a979307d708756c3f0f1c53a28883b665fda239019f32fc6f07d700d05023e9ef5b66d4b6be57ffd6fe39703fd4eed61535568f47ee51eff8290618e8387d0ba0d00c5bc4585d2d85688af46bb1da08bf42901634cb10e6b03ee276c16980090b59f3c57b428ae0a7ede758c781e2a5a8585e903adde0a0a281a7779a59067d82985655d9138b75042970e11aee4b95b8bcf232473767cca0139b2c2fb40045c6e031950c314015db2524c3f2fe941f249d158a44aa14774e61b2ee185bdfea8f317e440a39533c6db7ffd3c2b626c1e1e088bcebc59526b016cc6a0e4b766c3f00f619d366e5a4378bc15f805a6fb8c9400"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1073.223041][ T8109] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1073.250725][ T8109] lowmem_reserve[]: 0 0 0 0 [ 1073.256569][ T8109] Node 1 Normal free:3777648kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1073.290332][ T8109] lowmem_reserve[]: 0 0 0 0 [ 1073.309089][ T8109] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1073.326641][ T8109] Node 0 DMA32: 7760*4kB (UME) 3846*8kB (UME) 1745*16kB (UME) 983*32kB (UME) 516*64kB (UME) 83*128kB (UM) 16*256kB (UM) 25*512kB (U) 9*1024kB (UE) 5*2048kB (UME) 213*4096kB (UM) = 1073632kB [ 1073.347562][ T8109] Node 0 Normal: 2*4kB (M) 1*8kB [ 1073.347595][ T8109] (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1073.384686][ T8109] Node 1 Normal: 0*4kB 36*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777696kB [ 1073.428672][ T8109] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1073.460402][ T8109] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 05:20:50 executing program 5: 05:20:50 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200f5ffffff10", 0x66, 0x400}], 0x0, 0x0) [ 1073.503577][ T8130] REISERFS warning (device loop2): super-6514 reiserfs_parse_options: unknown quota format specified. [ 1073.529770][ T8109] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB 05:20:50 executing program 0: [ 1073.586559][ T8109] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1073.616472][ T8109] 51574 total pagecache pages [ 1073.621902][ T8109] 0 pages in swap cache [ 1073.638553][ T8109] Swap cache stats: add 0, delete 0, find 0/0 [ 1073.648004][ T8109] Free swap = 0kB [ 1073.657997][ T8109] Total swap = 0kB [ 1073.678336][ T8109] 1965979 pages RAM [ 1073.682628][ T8109] 0 pages HighMem/MovableOnly [ 1073.688347][ T8109] 341179 pages reserved [ 1073.698042][ T8109] 0 pages cma reserved 05:20:50 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x4800000000000000, 0x500]}) 05:20:50 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsol']) 05:20:50 executing program 5: [ 1073.976171][ T8160] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1073.998973][ T8152] EXT4-fs (loop3): Can't mount with encoding and encryption [ 1074.024949][ T8160] CPU: 1 PID: 8160 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1074.034019][ T8160] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1074.044085][ T8160] Call Trace: [ 1074.047402][ T8160] dump_stack+0x172/0x1f0 [ 1074.052023][ T8160] warn_alloc.cold+0x87/0x17f [ 1074.056728][ T8160] ? zone_watermark_ok_safe+0x260/0x260 [ 1074.062296][ T8160] ? mark_lock+0xc2/0x1220 [ 1074.066704][ T8160] ? __lock_acquire+0x8a0/0x4a00 [ 1074.071651][ T8160] __vmalloc_node_range+0x483/0x7e0 [ 1074.076893][ T8160] ? is_bpf_text_address+0xac/0x170 [ 1074.082103][ T8160] ? kvm_arch_create_memslot+0xc3/0x570 [ 1074.087649][ T8160] __vmalloc_node_flags_caller+0x71/0x90 [ 1074.093309][ T8160] ? kvm_arch_create_memslot+0xc3/0x570 [ 1074.098847][ T8160] kvmalloc_node+0xdc/0x100 [ 1074.103358][ T8160] kvm_arch_create_memslot+0xc3/0x570 [ 1074.108724][ T8160] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1074.114971][ T8160] __kvm_set_memory_region+0x13b5/0x1d00 [ 1074.120698][ T8160] ? gfn_to_hva+0x470/0x470 [ 1074.125355][ T8160] ? lock_downgrade+0x920/0x920 [ 1074.130527][ T8160] kvm_set_memory_region+0x2f/0x50 [ 1074.135686][ T8160] kvm_vm_ioctl+0x729/0x1860 [ 1074.140360][ T8160] ? debug_check_no_obj_freed+0x20a/0x43f [ 1074.146195][ T8160] ? find_held_lock+0x35/0x130 [ 1074.152389][ T8160] ? kvm_unregister_device_ops+0x70/0x70 [ 1074.158451][ T8160] ? lock_downgrade+0x920/0x920 [ 1074.163473][ T8160] ? rwlock_bug.part.0+0x90/0x90 [ 1074.168446][ T8160] ? tomoyo_path_number_perm+0x214/0x520 [ 1074.174099][ T8160] ? find_held_lock+0x35/0x130 [ 1074.178865][ T8160] ? lock_downgrade+0x920/0x920 [ 1074.183914][ T8160] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1074.189195][ T8160] ? tomoyo_path_number_perm+0x459/0x520 [ 1074.194832][ T8160] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1074.202118][ T8160] ? tomoyo_path_number_perm+0x263/0x520 [ 1074.207833][ T8160] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1074.213718][ T8160] ? kvm_unregister_device_ops+0x70/0x70 [ 1074.219345][ T8160] do_vfs_ioctl+0xdb6/0x13e0 [ 1074.224202][ T8160] ? ioctl_preallocate+0x210/0x210 [ 1074.230143][ T8160] ? __fget+0x384/0x560 [ 1074.234596][ T8160] ? ksys_dup3+0x3e0/0x3e0 [ 1074.239012][ T8160] ? nsecs_to_jiffies+0x30/0x30 [ 1074.243867][ T8160] ? tomoyo_file_ioctl+0x23/0x30 [ 1074.248806][ T8160] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1074.255128][ T8160] ? security_file_ioctl+0x8d/0xc0 [ 1074.260258][ T8160] ksys_ioctl+0xab/0xd0 [ 1074.264421][ T8160] __x64_sys_ioctl+0x73/0xb0 [ 1074.269267][ T8160] do_syscall_64+0xfa/0x760 [ 1074.273762][ T8160] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1074.279656][ T8160] RIP: 0033:0x4598e9 [ 1074.284069][ T8160] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1074.304850][ T8160] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1074.313268][ T8160] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1074.321244][ T8160] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1074.329674][ T8160] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1074.337961][ T8160] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1074.345982][ T8160] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1074.361618][ T8160] Mem-Info: [ 1074.366937][ T8160] active_anon:146613 inactive_anon:660 isolated_anon:0 [ 1074.366937][ T8160] active_file:21605 inactive_file:29682 isolated_file:0 [ 1074.366937][ T8160] unevictable:4096 dirty:305 writeback:0 unstable:0 [ 1074.366937][ T8160] slab_reclaimable:13127 slab_unreclaimable:99056 [ 1074.366937][ T8160] mapped:59008 shmem:253 pagetables:1451 bounce:0 [ 1074.366937][ T8160] free:1217158 free_pcp:584 free_cma:0 [ 1074.407638][ T8160] Node 0 active_anon:586452kB inactive_anon:2640kB active_file:86276kB inactive_file:118728kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:236032kB dirty:1216kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 559104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1074.450317][ T8161] REISERFS warning (device loop2): super-6514 reiserfs_parse_options: unknown quota format specified. [ 1074.478609][ T8160] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1074.524758][ T8160] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1074.554020][ T8160] lowmem_reserve[]: 0 2547 2548 2548 [ 1074.559554][ T8160] Node 0 DMA32 free:1076172kB min:36184kB low:45228kB high:54272kB active_anon:584244kB inactive_anon:2640kB active_file:85224kB inactive_file:118644kB unevictable:16384kB writepending:1208kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7744kB pagetables:5656kB bounce:0kB free_pcp:2660kB local_pcp:1336kB free_cma:0kB [ 1074.592032][ T8160] lowmem_reserve[]: 0 0 1 1 [ 1074.596860][ T8160] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1074.625016][ T8160] lowmem_reserve[]: 0 0 0 0 [ 1074.629835][ T8160] Node 1 Normal free:3777696kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1074.660017][ T8160] lowmem_reserve[]: 0 0 0 0 [ 1074.665074][ T8160] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1074.679768][ T8160] Node 0 DMA32: 7834*4kB (UME) 3718*8kB (UME) 1737*16kB (UME) 992*32kB (UME) 517*64kB (UME) 75*128kB (UM) 17*256kB (UM) 25*512kB (U) 9*1024kB (UE) 7*2048kB (UME) 213*4096kB (UM) = 1076456kB [ 1074.699559][ T8160] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1074.713720][ T8160] Node 1 Normal: 0*4kB 36*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777696kB [ 1074.730615][ T8160] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1074.744105][ T8160] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1074.753870][ T8160] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1074.763869][ T8160] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1074.773333][ T8160] 51539 total pagecache pages [ 1074.778280][ T8160] 0 pages in swap cache [ 1074.783969][ T8160] Swap cache stats: add 0, delete 0, find 0/0 [ 1074.800324][ T8160] Free swap = 0kB [ 1074.804375][ T8160] Total swap = 0kB [ 1074.808344][ T8160] 1965979 pages RAM [ 1074.812321][ T8160] 0 pages HighMem/MovableOnly [ 1074.817293][ T8160] 341179 pages reserved [ 1074.821600][ T8160] 0 pages cma reserved 05:20:51 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x10}) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:51 executing program 5: r0 = syz_open_dev$sndseq(&(0x7f00000007c0)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000000)={0x0, 0x0, {0x2, 0x0, 0x5}, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa]}) 05:20:51 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getuid() gettid() r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x200004) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x2}, 0x8) sendfile(r0, r2, 0x0, 0x80001d00c0d0) getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)=""/115, 0x0) 05:20:51 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200f6ffffff10", 0x66, 0x400}], 0x0, 0x0) 05:20:51 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="11dca50d5e0bcfe47bf070") syz_mount_image$reiserfs(&(0x7f0000000340)='reiserfs\x00', &(0x7f0000000380)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001840)=ANY=[@ANYBLOB='jqfmt=vfsol']) 05:20:51 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x4c00000000000000, 0x500]}) [ 1075.625237][ T8183] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:20:52 executing program 5: r0 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000140)=0x400, 0x4) bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20}, 0x1c) listen(r0, 0x5) r1 = socket$inet6(0xa, 0x6, 0x0) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) r2 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg(r2, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0}}], 0x4000000000000d0, 0x0) [ 1075.702802][ T8180] REISERFS warning (device loop2): super-6514 reiserfs_parse_options: unknown quota format specified. [ 1075.712183][ T8183] CPU: 0 PID: 8183 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1075.722909][ T8183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1075.733244][ T8183] Call Trace: [ 1075.736573][ T8183] dump_stack+0x172/0x1f0 [ 1075.742823][ T8183] warn_alloc.cold+0x87/0x17f [ 1075.742841][ T8183] ? zone_watermark_ok_safe+0x260/0x260 [ 1075.742870][ T8183] ? mark_lock+0xc2/0x1220 [ 1075.742882][ T8183] ? __lock_acquire+0x8a0/0x4a00 [ 1075.742902][ T8183] __vmalloc_node_range+0x483/0x7e0 [ 1075.767915][ T8183] ? is_bpf_text_address+0xac/0x170 [ 1075.773146][ T8183] ? kvm_arch_create_memslot+0xc3/0x570 [ 1075.778704][ T8183] __vmalloc_node_flags_caller+0x71/0x90 [ 1075.778725][ T8183] ? kvm_arch_create_memslot+0xc3/0x570 [ 1075.778744][ T8183] kvmalloc_node+0xdc/0x100 [ 1075.778762][ T8183] kvm_arch_create_memslot+0xc3/0x570 [ 1075.778784][ T8183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1075.778809][ T8183] __kvm_set_memory_region+0x13b5/0x1d00 [ 1075.800262][ T8183] ? gfn_to_hva+0x470/0x470 [ 1075.800292][ T8183] ? lock_downgrade+0x920/0x920 [ 1075.800325][ T8183] kvm_set_memory_region+0x2f/0x50 [ 1075.800343][ T8183] kvm_vm_ioctl+0x729/0x1860 [ 1075.800359][ T8183] ? debug_check_no_obj_freed+0x20a/0x43f [ 1075.800372][ T8183] ? find_held_lock+0x35/0x130 [ 1075.800394][ T8183] ? kvm_unregister_device_ops+0x70/0x70 [ 1075.848242][ T8183] ? lock_downgrade+0x920/0x920 [ 1075.853240][ T8183] ? rwlock_bug.part.0+0x90/0x90 [ 1075.858209][ T8183] ? tomoyo_path_number_perm+0x214/0x520 [ 1075.863898][ T8183] ? find_held_lock+0x35/0x130 [ 1075.868755][ T8183] ? lock_downgrade+0x920/0x920 [ 1075.873635][ T8183] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1075.875110][ T8182] EXT4-fs (loop3): Can't mount with encoding and encryption [ 1075.879223][ T8183] ? tomoyo_path_number_perm+0x459/0x520 [ 1075.879247][ T8183] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1075.879260][ T8183] ? tomoyo_path_number_perm+0x263/0x520 [ 1075.879277][ T8183] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1075.879314][ T8183] ? kvm_unregister_device_ops+0x70/0x70 [ 1075.879332][ T8183] do_vfs_ioctl+0xdb6/0x13e0 [ 1075.879356][ T8183] ? ioctl_preallocate+0x210/0x210 [ 1075.925310][ T8183] ? __fget+0x384/0x560 [ 1075.929502][ T8183] ? ksys_dup3+0x3e0/0x3e0 [ 1075.933942][ T8183] ? nsecs_to_jiffies+0x30/0x30 [ 1075.938825][ T8183] ? tomoyo_file_ioctl+0x23/0x30 [ 1075.943889][ T8183] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 05:20:52 executing program 5: [ 1075.950163][ T8183] ? security_file_ioctl+0x8d/0xc0 [ 1075.955314][ T8183] ksys_ioctl+0xab/0xd0 [ 1075.959504][ T8183] __x64_sys_ioctl+0x73/0xb0 [ 1075.964118][ T8183] do_syscall_64+0xfa/0x760 [ 1075.968650][ T8183] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1075.974558][ T8183] RIP: 0033:0x4598e9 [ 1075.978472][ T8183] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1075.998197][ T8183] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1076.006632][ T8183] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1076.014625][ T8183] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1076.022619][ T8183] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1076.030615][ T8183] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1076.038605][ T8183] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1076.066746][ T8183] Mem-Info: [ 1076.092290][ T8183] active_anon:147636 inactive_anon:660 isolated_anon:0 [ 1076.092290][ T8183] active_file:21606 inactive_file:29783 isolated_file:0 [ 1076.092290][ T8183] unevictable:4096 dirty:321 writeback:0 unstable:0 [ 1076.092290][ T8183] slab_reclaimable:13106 slab_unreclaimable:98238 [ 1076.092290][ T8183] mapped:58952 shmem:253 pagetables:1484 bounce:0 [ 1076.092290][ T8183] free:1217099 free_pcp:373 free_cma:0 05:20:52 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000002000010", 0x66, 0x400}], 0x0, 0x0) 05:20:52 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) modify_ldt$read(0x0, &(0x7f0000000100)=""/132, 0x84) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:52 executing program 5: [ 1076.192334][ T8183] Node 0 active_anon:582352kB inactive_anon:2640kB active_file:86380kB inactive_file:119232kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235908kB dirty:1280kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 567296kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no 05:20:52 executing program 2: [ 1076.322358][ T8183] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1076.349031][ T26] audit: type=1800 audit(1568524852.783:45): pid=8196 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=17137 res=0 [ 1076.392945][ T8183] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 05:20:52 executing program 5: 05:20:52 executing program 2: 05:20:53 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getuid() gettid() r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x200004) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x2}, 0x8) sendfile(r0, r2, 0x0, 0x80001d00c0d0) getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)=""/115, 0x0) 05:20:53 executing program 1: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x1080}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x0) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000c34000)) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000068000/0x800000)=nil, 0x800000}, 0x1}) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) [ 1076.490083][ T8183] lowmem_reserve[]: 0 2547 2548 2548 [ 1076.499131][ T8183] Node 0 DMA32 free:1079840kB min:36184kB low:45228kB high:54272kB active_anon:584276kB inactive_anon:2640kB active_file:85328kB inactive_file:120448kB unevictable:16384kB writepending:1272kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7776kB pagetables:5936kB bounce:0kB free_pcp:1908kB local_pcp:1488kB free_cma:0kB [ 1076.583799][ T8211] EXT4-fs (loop3): Encoding requested by superblock is unknown [ 1076.668856][ T8183] lowmem_reserve[]: 0 0 1 1 05:20:53 executing program 2: [ 1076.690966][ T8183] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1076.767963][ T8183] lowmem_reserve[]: 0 0 0 0 [ 1076.789801][ T8183] Node 1 Normal free:3777696kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1076.901767][ T8183] lowmem_reserve[]: 0 0 0 0 [ 1076.929030][ T8183] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1077.034434][ T8183] Node 0 DMA32: 7688*4kB (UME) 3774*8kB (UME) 1752*16kB (UME) 1006*32kB (UME) 520*64kB (UME) 73*128kB (UM) 18*256kB (UM) 25*512kB (U) 9*1024kB (UE) 9*2048kB (UME) 214*4096kB (UM) = 1085392kB [ 1077.063926][ T8183] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1077.077180][ T8183] Node 1 Normal: 0*4kB 36*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777696kB [ 1077.099557][ T8183] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1077.115261][ T8183] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1077.126490][ T8183] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1077.137856][ T8183] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1077.148124][ T8183] 51559 total pagecache pages [ 1077.152973][ T8183] 0 pages in swap cache [ 1077.157142][ T8183] Swap cache stats: add 0, delete 0, find 0/0 [ 1077.163388][ T8183] Free swap = 0kB [ 1077.167127][ T8183] Total swap = 0kB [ 1077.170847][ T8183] 1965979 pages RAM [ 1077.174837][ T8183] 0 pages HighMem/MovableOnly [ 1077.179623][ T8183] 341179 pages reserved [ 1077.183922][ T8183] 0 pages cma reserved 05:20:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x6000000000000000, 0x500]}) 05:20:53 executing program 5: 05:20:53 executing program 2: 05:20:53 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000003000010", 0x66, 0x400}], 0x0, 0x0) 05:20:53 executing program 1: r0 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000000)=0x8) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000c34000)) socketpair$unix(0x1, 0x1000000000005, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r3}}, 0x20}}, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r4, &(0x7f0000000140), 0x4924b68, 0x0) getsockname$packet(r4, &(0x7f0000002700)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000002740)=0x14) socketpair$unix(0x1, 0x1000000000005, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000002780)={'batadv0\x00', 0x0}) r8 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r8, &(0x7f0000000140), 0x4924b68, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r9}}, 0x20}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f00000027c0)={'vcan0\x00', r9}) r11 = socket$inet6_tcp(0xa, 0x1, 0x0) pread64(r11, &(0x7f00000040c0)=""/119, 0x77, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newlink={0x20, 0x10, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r12}}, 0x20}}, 0x0) sendmmsg$inet(r2, &(0x7f0000004000)=[{{&(0x7f0000000040)={0x2, 0x4e24, @rand_addr=0x6}, 0x10, &(0x7f00000001c0)=[{&(0x7f00000000c0)="3436c87b2167a179b1346a95f177becb53398171131c323b21125d23240542ef51493b2aa3b5353bc52237fe1870048eab71810ade491be0c62944c48fc61bf56b0a68e51addaefec51b27f8c763407fd940b49db99c136d3a99df44b246757e11b7683d972db723372f7ab28c052ddbbc0c49c8a751902b6b4db03a9ee73147aa2be54701abd37be933573372688ccd525b6c5782e506e498f0b4ae94c177a38ebf100bf515ee74d8ba0410192bbfeebac7022ef01e16278c2fc783d054c197c4ec39bdcbae536540076dd970", 0xcd}], 0x1, &(0x7f0000000200)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x7}}], 0x18}}, {{&(0x7f0000000240)={0x2, 0x4e22, @empty}, 0x10, &(0x7f0000002640)=[{&(0x7f0000000280)="ecdd3e08a401c6d3d59ebc83addbe2ffd3ee8c8e072616e06f1a4668a9c1cc05d3ba494cfbe9221435b58a5bc551859ad699863b461dcddaa722181aaae96ecf861467f0eb166e307a13e26e3922d0ff9c9bcac0c76e50bd01e3c49e6cd55da6c441b9c34e5f5c84882323f05820bddfe13453d7a173f7423d75e3b64ba3caf872724920238693c8638eacad292c10106c41a138cd2b2f0d4a2d05130139a9c735ad352885f6c032869b6566c78d1b02e54a77226a84e382fc10929dcd607f2e39b871a2db4fa80b73ff4cb47385794e41", 0xd1}, {&(0x7f0000000380)="2fba076a5afd79cccfabc01b1b65674a405bb69b94619ffdd1e9d9a2b314c6daf82be5f704aa171349f0d687c45384e36d3bb3906dcf5ad40a2ab93636abfccfb9256e6f68d3d283e181263b80b2f481bc67cdb73900085ab0386d03994c46ebb27506131196d4d1011d9969c4cbf4e3be14c00dcdf86cd827095c856f8088cc80ba83da5652f579a2a66db874d4524aab34c107d0ef5594e532f25fd3ba562e1b6e6c70aad244f1258ee8380149d6cd89d6de8c34b534af0a85253c0b8ea4844135e3b7ec68d19bfe73673ab32276dcfef0622e26bb3294bf72bbb3a57fc816efaf3b84c14db75ad1d2f5011cc3f975e885acdb495f5112770e151de7d5cbdedd752fedbdb974cbc62aeeb6e56eed70cb5f35b9f6602b5588dbf588c26df592b68e0cf1397b93e6a8fdce20a45ee741c32b8218696d36e465a45c2e0aaa59697c5def62252e47fe63ca3bc52b4c9971a8742a7f899392c13da983542b9ec81b0eec2e50888ec19f1f9d722ace489fac2cb9e2df844005e1b1d0a2b59002cf1a6549022c25ae552f24c1db4962ae892cce478e597912d6a35485a541a701625a71c11431211758ff56b138c5191c0751183d83a125342d0a42ab29bed287841dea56b185ae4ccfde987855ab50727f909ab0655dcacfd70bbecf7204d57ee23d4b4fad6411ea5a9f691c197ff45e4217754b34c3a7e53e107b8eb2d7356f9b9be9dfc8e9512c169db54106879030f6ee64703d927c69669ef7d63a5bf787a7ba9bfa6c7fe7fc742d8f32a22b35f8957a8976c1938d9ee15a74c3ffb46b1b8052c5a7ae7f28fc0a0445e5d296e67b4d35b92469626271e3ba84dd187dfa78dfc82bafdf857d0360626cfec59fb993e90977c487c2b2288c9388f840253f952298d711b0e7899b534ed18858670815e63d5519d96ffc7f835f5addf712f45e7d43523cb6f62c4b96b7247bc125f39b821fc13e794e322a720938c3b5d2116008b9c61e519437fa062f27db14ed8ac66a4332ab637e7e1a25f7e8f5fec42cd83f004b1e8abcb0c0487ab12b87e7d828c88d720c567e53677f3fd15b7cec3a4b8d5d86e1bbde96ecd6639f63c7b3200c3c2472c76bfc9e86db2022da7e111635b4372448282afb4e0565115f11ee7d6e63a5abfd28923b1990339f4ae648aafe0e842ac4fa83e044f9b22d69c41b77649169d87182f7de7a0e81125b02ba6cb1592aabe812261cd63daae47293fdebe8e8aa276068d6e5a858e93d6286870caf259f9783b6c03e460f34905619e48326d6e6c45a2a1a55c080b9f32eb66212627f629b447cfe9d437ee62995a2235e8dcf25b87dbb3f8abf0dd361a8cfedc4bcb7910bf08f01dcf4c991a6aaed831ab10c3473a9fed6d53ddbb800ca91a5f05ae0d08c34d8892dd44a49b8c33f6072b6040d47d97704ce87639dff566d2ee93b83394f873e7795ac67d6f00a209609419ca59b0982e113c3f6190ec8229a3aa529277b234d1a496e6474997786ce8496c54fe88aa6f3f9d359c3348363e66c5facaff459623a7d95b8f950b8cadba6ec1683d05e88a2681f557441df40fa8b13007a48a05bd424f517c4c319e292ea62a0be9be97b8e90827434811ecd8b8593a384a594e04fd259d5e81be08ebc80a22aaf155816435f1fa183f7900b840003799c8d72d953175fc4c69ec6c49ddd5f98388704a7de7081fd02c341139d9b3d56fbd597023943eb217ad126478980adc52f5593b3422a6887528ae7cf2d183d49e34624918872288bad4058319abad69736ea66a3d509b034a427afd633bff0f95749fed0a34f653f8819c07c61ca6c5b4577c9d570a107b59f99a6dc32f612fb63c4ed9ebadb19f31ef523b5ac60a5e85bd3dfa2cb356e654c69973cb3a7c396116d734656b3424d0aefbc6a3c0f34ed1fbc4ad7b5a1fdd58a55cca50526344a9c658c3c1e8e3e82f4d809926107c8377242b49dfa5a00153a9f412af9c89f9ac406c31376dc96e78594920c4afae9384e81cd261b69628d7533012838bb8e27547310dbf78859d2ceecbcac82e9916c510e106ab7cd25e1d721a180314f37894320992bc3b5ad2be274573ffe8584e87e5b3e6de8e19cd45fdc58ae5438a64d5db20c53f188399d18a9a3cb5253ef230d3d703ee649f3e27edcf7bb43fc3939327a6664411887975d3acad235c18e16b2d4053e5b635d38a030e8ae401d81fd663506cbb2646b995c498729f7e402476e0cc2c473f8b7d1f4e886c8a6074176758fac68cfa07fb81d10a8f8ae69acd1deeae47715de17e04d605cea5377926d3da6fac26d6208d3c5947662af47c2d9e6a6e86d4fe2845791bcfaa3cd0630f0b2968fcee668bf74afb22610af8f8dee824eadb60d4a35591c09f87979aaa6982da7e307a4b1225cdd2efddccf25d112f7b2fbb24316ddcd14ad2db73795e90cb5f269e58eace5eaa5f003346b93eff6242d9b28bb452ae2ad0142e3c59228088d123c8d4042b784ef3f6a152ef6635563b5c94fb31129bc95a9b428cc56cd8bb18016c355460db98045a19599a39572c0372144d5c316895b9f4d686e721889eb4ad73e814685d70ac678722eeee3b053fae948f51becbd244318b442352ee68d929e4b369c8365124c1a20837d9e7860db33817180d423e0cde7dcb79e63031adcba88c77a1da0f90eddbeb5bfd2d7e5067c6a647518a76c6c71a859c142269ed444a34869d6a24cb472a70473ef8cc391395b0355ce0cde46eed9b773269e5cf595036a50974048d8733488ad98c554777e99a9a186acb2aad40302036f6e7783ef1a418299d1a51d408fbe00cd5c4e6990643f8fc21f8ae61bfdfc0a2db4fde8401205522db076400e8dddaeca778a5b3957f7a3d02db7f068a3d0bc1db7c87391c1d80de4f8a9515537115ec31f9ac1eace917b27e5da21c5d2e4d02cd9925a62e5fa82eef8feb3df4ceef25b97e529b8bf201d1ae4b36374ccabd43c40635f4edbd12eb80466c80f6b0832583c24fed18494297e024109085e1dbdb6d1f2c63f759af917325eaba01c9d45b415d7201a15ec24b3bdd1e2bc1edc37bc390debd22ececf0e75f1f495698d5c08b1326198b79b003aca8bd27d18ae46e9641c70fa08fb830eec1d873e9c4263440489416daae18231e5a1a5c3c7ac1b1ad56c4e3aebfcb2744c41280c844ac5dd55145ff03ffcc6d92a8ea0c00d96eff080f3de3877cdff0471d1b0f7ca8c8af9b003aa9f4e5d3bab4ab96fb987378446f71e6e62de0819ffad5cb5cd37c8a2ce156ac426d5d7b6daf8a5d7098dcdfb6a781203a6787b7666cdd5de553165d4c751062e821e2b24649cfa4096a4de17fbe8aa21b7f802d8a209241e79a3c30e299ff62daf01edfbea4dad1af0dbc1d5be0abc3bc227caa2e3fe47e29fa101b32f7708140b1538b18273d2ab130e8fb6cfa05fae5f9c5b71fbbe834955ea0dbfe80f33f734c749ba8d33b809a8d89ebb429643d0acce541e654c17a5f301954cbe4a404ff26b89cfa7efb90463f53ba5665ee143ca3424ff222af37e6378867ff200dce8b89e611559e1b8b3d165458ceb7b2a580339a8d26925df0047c581867bb4112c393bcc9b0be2b8bf89ae3db22956a698ae099ff47bf4222da34234cf499b6f9c080c7f8fc6b15730b8cf3b3810469859de685771878015e666c88d9a57b9e2a268e6083d96f0b3f0db523b9389c4394741887058d4dbdc08cd7453a98e8543e379ae9bd20559fa8cc24960e1c6f21388ee870ed1f3949f0352023a84f558cba60954a3f287bd200db583722e8cc2d16bfa059727aa8126b1f80201ea4db5ca176e80b97655af21f81600be49004b6f81d205f601bff3fbc874b10bf7f76795155540f8d221a7561f0311be4c1eb11080c58c65a002059a5a20013bf0bb3e7ffc59b658d7bcf30daf9d40b043b800ebaf16876e6f8a4ad54e1c5ec14e3d1edcc2109e3ae29cf4f85d19f50b6aea97250c3535bedb882869f75ccb1281b7b2971343908bd0da1c99e6f4505d4fa5b5e9aa8804bef4db08da64b40394198e25a68998da2e319c1621d6f3fdb77e1a4b971a1935e50caf68a0abbb67dc35448c6ed9969ec31ca38e4b968f05f899a1acf4a6c182c89b80610fc7c48aec2ef630b63a5ec63ee9c9996ba8901ffda5fd075c711f85ca09bf5c9b763e1b58397f93f05489252afcc3a4c2bd56d719fdd3f7d7811071585b807ace9a9cd90fe8e9f6791e83c000e14e6d0eeba43687c901b3a2573c1fe2dcd1698af5c105c4eec327c61c95fd3ee713d4b1ae69b0b70b911aedde98b5275495403d6299aaff9853ecf720766042fba243547e26ba1a04e581ee899165bd9f2fb49aec5eaf42cab42be71778be0565ca422dcded987179e098f66148678faefbcd9bfd5f7bcf504f829ea249e91918d593bbabcafa8f7f95b87da9c240ad98577c16689c748332322c77d156e6d1f1ef67272959f81a058cea251ce235933e10c6bbeed8c3d542341149fcb341118e4dd892c89700c2fd758e8995a3b638c66ade7fd2711db9555edfa9c45827c261fa734d77c87aafe1fdb9da31dcf97efed8a0ac8f31a980a78316db5030ab445eb57a0790e4fcbbd5dbfd7e67a69291f475ed7060eddebb7c21cc59acabdf126a99f2763f79333351b09592c0222d24e8693a85a9b06a9a05c05b325c5e522b7d03b739536358f400e4c26eca266d6201ef9e0bc93031b1116b7a9644c98a37de4785d39efd1dfb607bc5abaca4dd5f076b659c4dce29882cb760954f18a03f4ba1087c383d0fbe88503b31b52ab759a363abe1d70a8c48cd9d727a8e47fc234a8c50d9305ea7df6eca5738ad0614c1591a595f84f56c7ad1b723fe68ac6e056d5baaacaf3f36127bf81ebbd2007136ec96273c47cc2c1951221b172270d1e7d4dc8bb572cf289bd4a0f6fac3fa3e3371c99a1e09dfa5b0f36d6b9270d09f16218c23363b952a43215477bd9dd3f947c4bfc542cb1ad12bb1059138dd2ee47c5a8de0960080eb83b8847e3e783176e9d2c73568b55bd16db2e4a1e91be54c29e88c2bf7dc80ca676dfd98dc42cdb7aeabf8d152d52d7241def65de1f28a274eb06ffe89afffb7fbb2c50ed1d364ac660947d17b94a3c10bbf8741e140a9e2c573db1c1305fe86341a46a53f2e053ff5d58cde6b16e23da71274485ba8156cb3fce6b82a089224902d4f8cfb0bf3049c52fe273c37dfa0719499b16fb06b0b7a8c9b47264c1c66e55b6aad8546d03b1c003af6a70c2a0e8662fd96c104bc1a8a0b8052d207415babae09a0c5da631d693e50f3f351e7525bce0118c750a9cb2f23d9f1c47802f9aa3cde938875a663de26e748120efe6a6c78339d7370dee487949c528edaccddcea0408f26db9366aae6390cb3071e3941e2982e4296a0f4d8e44514ad312f0ab36a6cbfd3c615634b028839bb28850171ea84d8e80dee11156426ff6136d1e8471cdb75c588841b1bc49edf5f778eba341c7f1fbb7db37616fffbbe11f4c8d612bc541a01046ececb2ead61c6c470988cf57579019e8030bdf88dc532cf6ed73d8cd5e3138215776ea29af2815b3a4436fca8e6d1c5952be3e3d7d2c53955db01ed59445d138dcb12e6f13795f575a5929dbbfffd9de71087be09b62fe51be996d79d2f4bebbc15beedb7612adc938a294921832e0dd78668f68f2a2352f9c7c0262639c5ce656b24497c3875bae47ccb625fdcfb34e3abd03ad093f7514511e66496ee6f74e114d11ebbd9995a06e52ef0bc57b296ac7a3a8771ef7f8230ba0ee1d892f1", 0x1000}, {&(0x7f0000001380)="66a17e641d8cd6e0fd20d6ff30a3662b84d825be745052c923c5624175bc0635d5d52a69ca7c07fc994dad1352f36d0176a8a535e0df621173b99bbd98edf39d48de3563746cc63589f65d3e35e75097b75859a43d478ed806898d52bccf552fdcb5cadf9a5f41b0b534e9b7d69da96428dda024a1801235f7fb0b79b93572fc342bb5536768fa609a892e3b8507f6533eee02053c937caabfd942fa2d02dddce6139c75cd1223c3fc0b20f9d761576f12a4a5e269bc0024b879d61c8f221174d8661dcb6203f36b5b59d795ea31dae0f8bf91a2", 0xd4}, {&(0x7f0000001480)="cad83610e522cc6f00ab0a30789f225fcb74e3fb57f32b8e6c2051708ee0dab6", 0x20}, {&(0x7f00000014c0)="90813215b416b98b7a654067d48c890ffaa0e29b0804f73f9343dd1f86801cdcb45e74d60645516c2038cd73bbbf415663d5b154a18ec972", 0x38}, {&(0x7f0000001500)="975ad69dd9ddd4efe55918e7b0b5583dff19a4f30be7dd5438e1cb818ef2e295a47679a0f6b630044b4a9b9a409114cdc34800c28b62765faae06b9303b42b166c4889", 0x43}, {&(0x7f0000001580)="ae3f5bb9c428c7bd009b2f3b4752761bc6f66dac89fb2feac648303f0c1cefa3303ff4d6c181eb4fc9caad2c089f35534499ae339ad573d8cf443ce9614fd1ef337bedd9c612ad96273da4013720605fa8e1254df558b039e204b7def458b59e35a978fcedc6eaf72698fb38b36793350d8209dcf7beb5c1605dbb0cf6a311134742af414c59d8b39a6a7465e0fcb5bbbf8e099b1c0d48b69eb73a2e95b2af49bf6f48062c4e737809fd", 0xaa}, {&(0x7f0000001640)="e37cb8af935881d67f2200188a1285a124d745d349936972ac854cc112497d89c659318f6b9c60949f599f34da6dba2785cc9ed91a290c476d00f3106f6b84749a77f5e6d36b76cf73c0ff0565208c6bc625ccd83266e0b640bd6c7fa81e68e2d67aa4fda2ac5c2f6dcdfd9edffe41ae01ed34b3b4ea0af46731935e320e65c9037a2dd917908b8e19da908c10588532922d870f13eedd10509f53732e85ec9e953988c5d1245102a3b2d138a750d9f8322cd919dd542181210d03a14bfe17797e87f0243d9fcb3adbc9ef34ba14a6f88daa8e631060e6c20a5b2a8f72817f0801c40aeaa99a1f53f1ffba1d576b981d59d2d24be1a07d73832a1318a1aaa58aee8a4533f04928ffecdf16fe9b1e8c7487f361db7b03582de1b09aa03beadef9851f2f38ffd8008ac41d132d9cc9fb11c157da63a420b21a201abfe09baffa4336806d8174232e03870043d030f5eca1504ed669bcd9b0c83c93f8cd7820dfcec129fa7e2cd3f4aa296876af1602f405bcb44f94e3fbc543df22253a9ef8a235bae8cb89ec96b68b835a142802a88805bfb9aa3224622b26ceaaef5e50585948bef4a3e6baf459711305cb69df770fb82f40e8c7208ae97aca61b36d68e2982b6f4df3d08689dd1db10bd34bd18b0b346822b8301813614c262a92bae1e61d462de0ee271244fbbb36e22a6ecb5be2cfd9f1f786d8836031008826f8c158a2b97db87ab4702f96d524bd0d18cf809ffe3f8dbfeeacec36eee9e305aef9d4d2f408bd01e4e457fa17e2a310f85b47e0820a986772e840245a6378b77ea101a9f7c77d16696d403dbf62d6b8771aca44acf28040dcc97b4f7c7700094192cd47cf1d08fe69c23eb02fea3cac82dffdc204a606fc44129646a12f752989f9938cbb5fee43ba304390649d7f5700a75820280258c2e6b3f8de248b776a8394871d227db5a07e9d9b329fe6cdb0547eddc41f6d8acdd64c9aaa9a2f7f8473874859e632d43d8a747cba5748c7ff926baa919919a401a7bb917e444e446a065a36540fae96fbd0c0a4a17a27b6b7a2136619b073b4f00216f0544b5a895659f4b7fa780862b6c8ab2a8504e4d2c1ce489a50d5e557d2580891b0b7e3275e5916e7fa1e8530b2fc8d782712b7d817c0c39fcc5f9e97211244ca1a04720c328279db4fe2461583100c089416591e950eea391f02ca9ac8f70aebb4c0ea76ee5a21bf54333637b43025f17a3c5b8dfea5601f41cfc37ee3796c1a6c92df84dce76cbef64724d53ffb1c12210bbe43a2c552f4a54d123a52e8dbe35db07e5c5ff2afa19b57a86fda3609e1fc6524cf479b7880286d71531f5d584d636f33df9a28745eab86496709f9a94145d302a52f9b767c4e159a8168208639c09a7a6d019e8b0ee04b81e42ded3d721c029f626c6dafe23c14c959c91f33ecca6f25161407fb6caed7a5169baaf66f61675025f236d1036f2ab8f129d65394a45065973f29b1e0c6c023d82858e1e5ae62c2b6732fe4221c62403d60ca10eec54d3c4993f9a6e1e5f9408dbe33563f8650e79d7bfdde5caa29d33d9c5c936d39959e801657678df29cbb454e3826a0c1d87df78ebedac1bd93c0f626601d5ce06320613bf77932134a8dc463c8d167314e36f07d382e4d4001e08b47283c416c848375c144c7fcec6dca28a3bf2818a2c08737d379bcf44e8ed7e84ba3b2595d74652e11da68c05045766fbce19c087d4eabdf617a263762518d46ac1b90f0e274492b2e282f0237ad03de3c9964179e5d19d16ea9f6ab36e2a343cae0e61b96a87909e601f4cc05bac969d766ba658bb13dd56b93e4bf8b1b6272ede745a00990e7d5997a7e2ae9a2fff67b9e520decec17652aaad44279df64257fe4e9602afda62cbccd663932caf93b0e216fb169ec04f3eca65fc09159ae3090d423aa8be0d93df76fb5d8d4b28b8906478619721e675f4f5ff2b863d8f48d9d56cad757a400dc50a5a6d4df43c372f3b3d9456e973c3821ff974691b2e1aed7a793ec6ba45b6873f6147e308717649c5430d157c6a21984ab7ee6feb6079320aeabddd98d367692f539112785c68b1971952d95b80163d471faaa8f14c45ae929fb089b5dd388c6ce381d7e8626cc42c82eb1fca0b7ebf1801cd55049e855c6187cc1c81db978c41e4b9202df517d7ad3c1e381bb78c1a55e811d39760de8c72fb41ed5be90d8fedff19045d4836b6c97298a740c35167110f7cd408424681602d812a7665a1903b5b9b48dfbc39112bc560662c960139a6cafa34efb24c25b410e3a218e0319fbe7120d97367049da86448512db06cc74c87225038da3b56059dc2b69d8b5a689003fb97886b01de67f3c793a1a5b730b35c8c2372081243d03a29e92abe1cf31c8e07d40d140a0e22de7193c5341d6665152bea803c5b3c030c26a66f546b971ec387083bafc55cb474e6cb55785c5346db7f6a4e87beceb37ce7591b51a3d5b4da30df51cd92822ba902d56d14d50c1f51c791f5f126ef57e099a357f167930b87c09431b728c15ef301f824f558cf281129921d9c89d212d2c1e57e6e9899c0e1fd263b0e5c9ca6338316c809ef153241654e1d21b2f87fc870bffbe37643ea1132e7b446261017a1a7670c138c9c2fa61f096313f8e72f9d8ecafdbd346148e38b45d1765fb2916a799eb5f646eace0a79e29f9a95d3120274e15f9b1a047f3f25cc702841f53b366c818813ddf515d42b998dcab2f01d0df6776e0471840726efa8d315b8f46acb50b8b979fce76908871d7ee02d07506d872fa169139451b2a2771338dcbfa464a3488ce55951863a49b48774899ac961fa611b533d66ada41963a685a6fa0c57d3d0dceee3c3cf39435c0d6cbb0cfb6a7fcd1b13ac046d5734c0036c3aec3264f6061d8999b24ae9e7bbf4aae933ac1cc09acb8c5e7822b923a1fe765e20fb75bc2d7584abdfa96b8aee6270acef3c56bd48f3f0964c08b4295da089f5df7b5ae83abb7a929e45b776378639a28797d3ce2942939fce70d8c63cfe8afba6133dc59a7289d79a596ab722a6a002c2bde357c587b38624e9e70ec73ac6515f45aaa9c5a4b0f23b03ec033e0ec6a9b222cc60e2f739a41950b12d0b55c6ebeec57d74231d6f4e184f016bcf6b1f4b7d054e7d79a8fb09ab5889e20a84737dd56b98bea4e00e30501b8412db514e8ee24d672b30c3e74de96581c1c22f9952e19e90f59c16d293f0b339c79b6bb8c987243630fe8ef9e1f041c71d4060077adddb7cfe4501388a11299931c50c5e983df8590b556a7910b875d1f2236bba07ada892d8260317efa54392137229ad4511add2dec78f195a60b9ea4aecbbf502c8983f3c2a5dc90ca5add0561f4ed7794db0150e403c230dae26164ba7eebefb018aa9cbe31e9b62b7ef9a7ad3d9886d0e88e52334091b13987c4680f221034ca906410a1fdf66d8b8765f251bf8edbec127b65aa5a92af4ec4c46d3c77434d6b163da236cf673c5d3cf6fba901f5eae0b7c544871e041d0970bda574d45bad1ecd78eed236fefe5d7b5d26c71a51a468fd7d08a1e3ffa12af8f415083039343ca18b9f8b354a1ec63cd911b5f9ce2896fff950863a09856ab17a2d2aab124bd345284eeea787bd14b08c8e48c209d0ecb3b529cafae14ccebd3cc1044fde91e4ca29ba1983ab3da96e2bf967997e554c10f9303f389408e9d596d05c9f7d0a7516971b3bbb662dd29aa0d36484966f20e33180c574e09dd7a0ce290597b89b3abb2b61b1bc9d5d558881dd24042d7e2a71e5b34977f7d038571033c695a27a96884351298c8b4facd040724f362ddf2790fc389fe1065b2e17c9fbcd5a5eebd3a2c1ff116103bc94aa3b27e69f126bc6e8521f36600964236bc85acb91b0af4c14931eebafbb7ec29f1c2fd0ded588d8fc02f4474d6f604cfbeb499a747f6798c2a81962edf3225169b927f6f49ad45768679acefecf8cb3d14ea9c712688d15eed73b815c2eeb0a5ac83723db9fc91c282cffe97e5722739c4ead368ff9e627a63f9f77cbdee74d86fe6a761938ccb5bb3cdcc757f88ad4028b481c612ead6f352053f1ac61d3131c721086182c157cb879a7032a598532ee0b74da64fb434dd7b315d1d8fc81af7033ea7acb813b7bc04ce1b8594ea8e4b3a7a313e0a5a759b39f67147af5f22472784756616af39574b52fc91b22315b4a74ee3d0f875a69ab84bedd7c72d1b60b1c2af0bad1f3c6d4f2a503d391dd9ef60ff5a6d18fc284708511511f1635e21d13769863188197db66c75f7d60f50586082b52e013a0193c0ca4f13ebbfae8b2ee3d0928506c7a14285273f59d42e716d7f59f394206ea940b9e6a363b2cc8aacdf8aabcfd4944da325e5a8679375bc7ff3c0b7f88bd979417ff36e77cb49dd0c316c7883462e3a4aee083776c09e0429c069baf4e756e415ac7121175bfc7ad144142ea89c5ad6886a68dfb32cb858d499cbb9963ff5ba507684e8ae76d35bf7c5437e335e8f703017d0fb225ca3eec313839585c6506a47a65656397f8170fac0f3d9235f2b753e3dea0a882dec7ba42d5e7d36bdf092c8ff0ea3049f4cbfb1dd873d47fa73d9a2c4932be194971843522c2a8560baef236a462a030e6661fd434fad350b9336924ce8948f04f8cf351d90b3bdeae09da2d9053eacc0dc546f958627fc03b311574ab86f79ae911b1aebb976713240f3b1439b377b132ed223ebd95b1a509ef3db442fe739b5f98900498895b6c495ed8f91d0d15043cd777f7d01be10760ba9a885e4ca548c9af891a5d8b47f0cc248bbe11ce779abe72996992fb3684a6ded6dc29c6e19e29911656db53aa779fb384a40703bce63d264dc56d775b63802887a4f1e6a5ac5b0a846cb3e330c95c8e37a37848ed9a73513c57a85272251220428142bd5eee6bfaa357c8706b3fa428d7a6d58b027c96fb39cac9ed13e9e89883d3921a44b67be2d76ff73d6f18cd7ef0affd222e3fc9baa56eafee43e4d1ccfad3eefdb04914990dc2e7149f7ba96dd3d139497e3a15c1053ba73b752e7322be0af7ac751b27573a343767e9d929e6b5d35227f8c950f42edc9e76695bdaf801e1170c45555028fc18e48f24742979754e056215a97d7cab079cfca2dc0325c59f589a6e0b0ac2dfa349b12e81209dc63f799c079f317b9ec62386dbb36ae14cde32076bb981d44a8f08cc3e3c6e3ae9744660010e66d35e0e019750f4bc79e5e2fe8d7df441052689d1ecff18fb143f87dbd9635a492bce9b333c1792ad013c1826f0b5f77ab5ed43f258a0e793547b0a9353331db5190ee49ab3fa31ec0dae7d34d1becd012444d586625113448da0ec211c02b1ec3b5f2ba6db73570fd07f6dbfb047f97eb6ecdea8084aa9ea754760385295a96124461cff794a9232fc50b171e2cc5d02cf04db227aa75538a0b1aff527f669e7227512a70be79016c313fe061041413ad429509f47cc740acc2fa643b83d2cbb6ffc3113b8dfdea7939e43d74e52653671ce8512d7da50e5de5255f342677bd050bc3705c97169b3351272c57137f1b1e22a595e8b9900c2a6f58692aab89da6a4120824ba71472cabee2c72bafb60a6f7d7f7985c039a52947203f01492b9cbb9fdf6a5b2f360d2959c9dd380212c0ad2462c267a2ce4b739c04ee69d8a7469141e803f28dc46c56930a4d174f15cafcb6fe937442b99e471b2b580f0b7fcf44fe9b14de1c6d13bcc3291d3c7c95ebc70a7130fd7a4cfe54773f8b6ad4aba4aba0d94301b2d5dc92df6891d964000a3047c0f8c6bb9ef", 0x1000}], 0x8, &(0x7f0000002800)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @rand_addr=0x81, @loopback}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r3, @multicast1, @local}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r5, @multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r7, @multicast2, @loopback}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1000}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x7f1}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r10, @dev={0xac, 0x14, 0x14, 0x23}, @dev={0xac, 0x14, 0x14, 0x2b}}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x1f}}, @ip_ttl={{0x14, 0x0, 0x2, 0x8001}}], 0x100}}, {{&(0x7f0000002900)={0x2, 0x4e24, @rand_addr=0x9}, 0x10, &(0x7f0000003e80)=[{&(0x7f0000002940)="65be973dd7c251f01f89c11420c6b595f5b662d3a62c1923d28c393d405ff55b0fd8d629ef30c8c10bda66dcd415e7d16c53bd9e0628f0dcb62228dcbd85d9c214aa82d1aa1953ca8df51d1409fb889a3eda457a6e05417b5ae5f7580e6878db9a29c476be3de64a4a5bfb3a48a7626ce932fac2e4234a3c764d8f6c1229bc97564fa74161a3ba5c11aac7d42448790c7574c7fd94ce608ea05f74dcb665bdb4d51ff76f99ce9b2650aa828a6f30d206296097dbc6d3572f", 0xb8}, {&(0x7f0000002a00)="8d33e926c79cea206db27cfb7da042c3924607a0a0c7bfd5af70c55d7220899e191badb2de6164e24963e626dfc823a36a591d4aaf9c5b305433f7e246295388c23062e520e88d115f0102904bd358608ac7596240424a4584045c8413cc171056ed49319d4a8b3bcba9bbc3d61939b034045bea074ddca8452938d18652ea69d8d42b1eefcd426f98d998ebe53f690d13ad53982b3394d834d1bc435e26020d66b9ecefae0f8f4b7bc09606b0bcea65160f079599e0cfabc8f95138423270fecef724e792487cb45d63e3eae82dde56296d1a7e14b943267ee3ceec643acf4fb275c71c7f24e102607a1302ea372a68146667f364f8518ca1ea5f96f9dbcc4948d73f412d0cce73fb0b26d4a4d2f559701686873aa0a9ee5c64d13a584ba79290182847b953846fda676ec93b57ee8f67cd64d629d485423f13adde6640961ff87422e8e8358a698843465b64f6a6f488803318da25e742de869f82897c0f1883f46bcfa6cb2ea3146caa225163f66df745bcd3be86a7ba93d2e0a655a09a747eec9b2b6a638a3519bb9a3870b69cb0a2755c20c335d0245069ac539db6beb0de97690cfde9cad1b0f623ac63e7e8162e2d6e82e4657262f1a8d9bad93df528a6750563a571b6f99bf8c112441c994cd3e3dff553e6051bbb8554c0a10b56bb13ae47dd93bf3b15d19837987a5957e359aefe625b5a695c7065bc8f5dd02e83767cdf428d8ebcc74bded1a9e054d60692ef3aab2a5f0691581e55634bf261616b99d31dde8a48ea50001f2e4c02127cb6d89135bc2d1a8103a9c7fd6a9acbca46cc8b18ab49ccf5db0eaed42e10c2208f2946281249cc65305b9a75f4a20e342872a6fbb4c54554f45a811c23cb40a15e8b950b9666a0dd13daca1d43da010f88a5f89a342369f11d7af8bf6f784405ce9c364ac7c694de69119ee062c33f5ee0045a7d0951462f2552f9f827f617487838faa94e482f4ed60d7a37787bf83e03775e0ccd70a13e0bad6cafd413ed2a2d01600cb18119fb22d4c948642e867221fe02cfc395559ef4537039ff0a186a6867477210279870e78ddc95bf7c67be9d469dad71eaa6e51c076c6d4c473545927e1178225c3985c19c1713dc5052a4feb6d7ccf3a61363f53b083d912a488acf8618e8d622b0c7ce1fed83691c52c5f27df511599e307afc17abb2359502df30adbff011fdd66de03ba4a7affb5a0bf8ce6a7335e0bdc77056303f47e9fc7f4baefae19b5db3a1b9c695d967ca5ed0b987d24e5e1ad57b4582a40574316a69dded7b226fba65a904cb585e0005983c79f0841f7f522f1c22b06c02d709b8c8de141c35a2f09324b5c4d48375360e9b3ce307a0747cec44bb812fcb9a6ee8f083c04b1d93742a3510ec54c1506f886b17c82ccb703cb733b7bc0c39ff01df28e77d1ec60493b9a507a1a70ef0bdbaf702d274445cdbf948660a393f7da89395ec0bc88212e34d988ef6c246aa4270dcbb97e1b6e9d955d57d82ae5b30769d2588deac2ab3f9c1cee849fbaa48e7e55c391764aba81237816005b867dcc0ffab73f0e0516cc2fba1e0b9a709826318785c0ff04d7ecec4214cb1e585fc8502ecfb327a95d23c7215e6c6b97c31a84b68181ecbd96ce44803a2d8f4e1dc7a4714a94bbd8f7c799cd9240c7f0e9f40fbb0356905276b3caf41b7b29f876fc2262766c01996684cb75f78bc2560a4e63ee03b8510d1fae745877f37e1f84eb5d86d27d2ef9d07155aff1e869e72a69c7e71967c5a7f40fc6548af08acc33a947456074d12f491041b2144559d6ffd3e5fc02c42fa27174bc3dff80199ce040705322ffc7bc28d8c2ad055e142b1ba76e6970d4a1895f2b4215945faa6975a986d9dde1ba4933803d578a946ca138ab6e9be248bad6fbf0998b6215983fab461514ec4808975d340821e0e3c9b77e4447f9cf1119d513b12a818a84d27f351b8a8aaf76e8813aab85386bd63c4c1d64e2a01a2d2fe6d3ce6a06750ef044aa67a331bee3106a2fb1dab16228f5c5efd2e3f39929f5d162eadf499f0d0bfb4a3a2202c5df559162442a98f7d5b5a4e82c9cd1ef5d1334f77251328b5a8fc6c4aa065898e3567ac2ead89fe4d141048c2ac8692f5fa204db8dc909f82c28c13a310055c5e119ec93aa6a669130867acc9d2d1ed478c6d9246c0213dd1b0577578b5073ed549779d18aa6f79a4cd840e0513a34216379df03f79d0e65185addd20a3676a575868ab0a1de9314599bbf706e20384660be614cfef368c35b680c91469ded03c4251b20279af9f58c96773b86f59532038c5e650cd89e929487b181f77d96ba8ba93b03589aa360e6b93d136c1956442d92472ecff8dd0086cbff4387374b3df4efcb267fdb488b14c994d318bd66c3253ddaeb5339e0b1bdaf7381efddab22972f0c9d9294ed45298d94218bb1b7d3c4d42d8e4e963f64162e156d484b5c8506f66068be93afaee6f242d1595087ea85a0ed39077b12cd742f5ecc209c130deb2899dc754b5b5ac02d12b549fc03bc564390a06eae75d1cb28fd76feff938ae6022d5defe2099faf611fc5bb79642c4e51b72855d32efb085c5d3c4de81ca1405d4a4069a79ee6cf0f753799f14fde6b2d8a8a86f65993af25df58b7a390bd279ff7719ea117be2d2257e08742a0a13376a68fdc559a7a1f1976b7bbda189509cfb52737b9ddfca6cf9368f060fe7b5c04f866456e2ef30b502ee6aa35f737fe66c5d76c1783717d38049aa2132983e8dbebcbbffb4d6e234474eae83da9aedbcc8b0ef3852ad47b652db7d9d9accc3c7c42cdb8141f722798c2afbc16612ebc460ed90386f215a0524b7a5fe86589a4fdda2ec2b518be9f2b9cba748b0f7afaffd0af03b8dd4bb33a0f31b024354cf3bc9b74abbeda6856cb674ce75cb1e311f7b5e4caf7a64b9770112a13c0eef09e1af9afbf226d542f6635b9dc04025782b91491f0e5b8003c1ce87804b7076c435538c81973afbb1f8049b637ffb730f857c134e4ed979a1a29e26c85d6880973f0b46383a27e22b3a479e3410b2ff548bd483136d3ffe7425009d7f1effb7c0ee8c3acc4361ef6477491ad9f67166401d6c5aa34e882889ecac08d16d27c57e65fb3b4dad4eaded989d94b389f16edb8f40c0366a9f0c9f49a8ffbd08d7fad3b3a2197d78217cf5c3cf7253570943865777f9b586b75062b54bc2eb9025a9eb0f364dec1e08788d19fa5c2a1ab165a7970145a0a1b402d7833feb567eb5e34b8c5eb23d8f47a9afb36cbff0f5b46cc6bf05a2e19890403e5eafcf30e9f2086b74f75f48afa6bbc79aced59757055e5e6fe83b8336ed1545672478f1a63ee97f87fe21c1d13a33c3f9ad9191417b4f294dd21ae1374ce6fd8224583a24bac1d7488f82fd36abf62c317a0d16c19516e1ba15ea4558d421d93d36a255ca5376e46ffd59e0455cef8439f8c57b00e814bd959293d54532cedf5ccbc2b9eef3581919c614c908e7c31ae6e238830a79f93e7edd15265e28307f1316a609dd9405a646f83d868f1140fe37b523bd5e922796ce0515941b58ece8effa5e79633ebf04d6dddc509775e80565a4b5654a04a490586cac0e64561f4c0e62a57d5db2eff36553bc44557796361ed1ee6f3019a39f133d4eeb8f3c8f60028fe95d8bc178348aece124238fb2bacb88aa9097fcddcccc618898b7d000c0eb5173d31dafa0ae3c12d466d5c2d607ff32cbc1a29eee987d91ef5d4fa5f66664ecc893d4954a8bf2051cd5ceddd153b4f7f2cd0642ebe052a7db32779a646d2d431b4a24b09ff8915411dc6b2e16173d98d46396efcba275b91d683cc560b053c17810ec76ad491022142a0f41e4c6e4f72e41b56102dd952c1462a3828866b80daa95ec8b11384ac516504d40536bc7b24ab6bcdce8907ac90babc58e8566ffd43442bc1653162309d259f50abc64310ad455eaca7fdc7030802ad8c0ffd4b16d75238d10820a8b94b95a5d1243b7e9a2162e6fcc8e7f33268926e46217dfdf1e8ef7462bed56422cbbc70d0b32523074e34066ce47d0ab84a167dc73f268068d743bb640e7ec03194da7a0305e19bb477c8d85835638b081b2751ad7995a47eb894a7685e97bf72fcf7ea5f955aad223ddbe48415c0a9095e7b4650f1c2f028328dcbf0fae5fd8b2ef8bd83262ff3c03db7250830f0fe0ccd847ca80737d3bb5897aa2806f53a0977beea36f89595ee452ba8b3b9ffb1b2a044b76f63f67eb3d3253fc76394b6c17294a0e99aeb9e0c6246c2b026dcc4e340a6e246f1a91a26a07150932c0588ed4a95107b513bf5ec550342bd1d3e8a9b7de178bc3ea192ff4c3c24843e398a385fa89119cdae6b6e9f17f9d864e01e8a1ba18828e9157ce90acf3c27472d47771ad193825604e9502dbed896ec2bb5c58c0d71ffaf4224d8fee467f25d21dad88d439ddc479570cbbf3bf3f5bd04059b028b2fdbf7c6c7c60c5da407576bb8b6cc607edb00eb82c355aba641a24fdb8451b5fbb34595739bc81697fc075e7f672b90a4417c9e7b8ac14bfd89ddc7ac0604aa65bd8f34d51afd7f822f1324c21b533ae09a08873af07772b199019ece490f4ca949ad6ed4627772750d6c792003700d3294849f35ede0b3996e7578bf24849a1e57307dcfdfb11491ccbfbfe215f11769d3a87572976cd9e05d5d53612ab3ce51768656680d6d53cabd81ae40bbde1ee596f8ace105e3578244a2078c4b7e79d0b9a0293f3617fdd0baebf98c6fef10759d6f95909184768cfab05ed9d831c73a8be8b6023c9449804dc84e6c52eb1b6e1dc5e252c21e4d910fe02434e2eb2adf9dc992ac581df80cfc2655cd4130a85c54177660f928f34a6cef4aae21593aa690490edd6ba2ca1e551706729740c286bee878acb1dfde838c691216c97d9957e377fcf752ce8ca00c08adf940e07ead7baf2ae95ce3d5c7c7829e2cdd42a4d85a3fbcf5e3852eeb1030c101cb40e99c3e944a91024e5bf69ace15827e8ec66e245774b7787bacb4844472f3ee1d321d4487243dfd86e61cd2cdadccbf9a7dbf611b8c30db3f16f1e742875cd8d9adf55a0c1c44ad39161784bd3360f0f0858e498d6760b43b232ef5e958d90ee02f637ba54e25a18cdaae0787a0ecdd06d167773679bc3112e519b900493c147d52428bb7dea2574fe7069d8c52d9da4463d7acbf58d19f0e32d1cf496a6c848b8c449d4c35014b7017d071dc34efd8e2b8d13579945f6bb8652a918a36c1b8f2eccd0ca5326f0b2a8b610a80dccbfea4b2b225f11d419ba637c0d0ae43ea940d1b75af78e8c8b68eb2725d000e390bcc105aa53276e0f5ba87ed1f334b54f93db18fe945c2705b8f2b608d600c5553713cace1d407e65928d6480de94d7cae0f2307eab2d2ff88b46936824bf089089882efac795c4f3b6d19053ff78fb91ffa7b07c7e8467cb84df0b0037610d06c2572f7a2b8d08ebc2fbe13840ddd46d0fe231a02e8b3555167c481946ea88d5d98fe8693f9652de6b61ea76db779b6dde460a50fecb901291b0332670c7163ffd2dec8c8e21fdc0fbb0aa4884bcd1eb7f929fad059a06ec4f6808773c6d5b5db0e5c35f4b67b7b193940c2bc7b6894cef9684630db0a25e3d2456feae0641ef3802d78a5b2b77ef354aac92948ed2fb71a12d0781843df5fe93747b104e336d5cedca94f321540d6be9baea8b2dd4f79b41874721b936019f8f4f4dc69d16cae33e451c8f8233e23159d808783d2a3962607eb855a70c9b627ac52b1100006fa4757167fe7ba25ce0554653f204", 0x1000}, {&(0x7f0000003a00)="745fe9ec762b9231124e097de246cfbc4c2d54774ee2a01d73900e0c487dc2145c1a19bed49e2cd081648e199805bc5a76c577187903bc10e1c48d61762869a8fb6330dc83762a4dcd2e1650b7439514ba3d1b09c1d8430401cea84fe694a4d9dd838d4e526cd1515d29f61bbacbe1f3d87737837ca5499e8158660dcafd4960a61d7eb32ec1cf7e3e7485a6d5835aba050df8caa974b38c", 0x98}, {&(0x7f0000003ac0)="0242c789c45c2b92074551ebeea5b48558c22b7641ae1cf8fd0f9e2ed92baf6811b6177b2521379f5743350b0fe8f0d8add92b63232855dee067aff287f13868f032b9a6f9af0e1070b573e58ae869801545fc15858e83ddc929c1c6ffdf88d00f50a941415bd068f68a060b47087b1754d69510d99d1eb2105a86863bafe4413d3231d9abd44bc2b19f539a93d47b660ed19eb5d5df2a385a3d3a30ba34024322f162e5af8af471a448728e03a349e94c6a06b1f1d6f52bc6a0762cfcdd202e8f4b49423dc536bca0718d5d230f0106095dec57fb0958ae1a563e2ecc339569d4f028dbc425", 0xe6}, {&(0x7f0000003bc0)="b9d1bcc5e69b9f50959fd7d849105c15050c2d3169b450fd424261a1c4560cc35bbc0563c0b52fae1981c5b6b1e9b9b404064c9c99ed384129adab09e05b219303fbee97e1a3ecd66c14c761e98082060ef5c99f1c13b88e37261af9a88c638e82c5ed16deefe76e3221f1a8d0396a3be7a5a830377afe0ee8416eb6b2960462071fc059735a991f42bd062f0befc38a4b9872f402f2074529cd305260e5406c475c25168afcabdf54fc1418f1f1db45e48185f46cddf4a4390b0015549780df66d89d", 0xc3}, {&(0x7f0000003cc0)="13432360075b20f2f2ec47a552e44af73ceda0819e2551c0e1a1f233a83f4ae69d10d51b068f6b1aae0a8211aad0b31d0e4e861f00b316221683b9830eb030c1af02d9ac8251899c911fc676e19e8a73fd1579ff47d33c79ecdf8b3059fa5f80", 0x60}, {&(0x7f0000003d40)="d8571bdee05fce9c9fc0063268041542bd5ba3393e370c20d558aac68f09f20d0aa1838018df9d384c9970ef48b1b6d3b6756e7e6734b0c8de730714a1ba8d12", 0x40}, {&(0x7f0000003d80)="07a1570d0236527bd5c5f12935bbe64ed36340b08cd2944ee4bcd2c13a5e821c", 0x20}, {&(0x7f0000003dc0)="130135f8ec09dc6c4f36bee32766ab4707c056a75ae5db9fe1708cf159a73ec5a71c39e4164ff2eddd99faf6c326026190b8ca0b6d5eecf23aa04e908e993161a9a12dd77c33517064ed65a1622b89e97df353ed5b60614b1282b05b3c4403d03c27796e57248c24d042afc7dbdb2ecb4d5e1da57f4c1a2cdfed3bf5dfde4e7c54beea3e43b374e3a065be5c0d45fa41da9155", 0x93}], 0x9, &(0x7f0000003f40)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r12, @initdev={0xac, 0x1e, 0x1, 0x0}, @local}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x4}}, @ip_ttl={{0x14}}, @ip_retopts={{0x20, 0x0, 0x7, {[@ssrr={0x89, 0xf, 0xec1, [@multicast2, @remote, @empty]}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x9}}], 0x88}}], 0x3, 0x40) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000080)={{&(0x7f0000291000/0x400000)=nil, 0x400000}}) 05:20:53 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getuid() gettid() r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x200004) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x2}, 0x8) sendfile(r0, r2, 0x0, 0x80001d00c0d0) getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)=""/115, 0x0) 05:20:53 executing program 2: 05:20:53 executing program 5: [ 1077.384157][ T8248] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:20:53 executing program 2: [ 1077.464543][ T8246] EXT4-fs (loop3): Can't mount with encoding and encryption [ 1077.472210][ T8248] CPU: 0 PID: 8248 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1077.481280][ T8248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1077.491351][ T8248] Call Trace: [ 1077.494676][ T8248] dump_stack+0x172/0x1f0 [ 1077.499039][ T8248] warn_alloc.cold+0x87/0x17f [ 1077.504263][ T8248] ? zone_watermark_ok_safe+0x260/0x260 [ 1077.509855][ T8248] ? mark_lock+0xc2/0x1220 [ 1077.514296][ T8248] ? __lock_acquire+0x8a0/0x4a00 [ 1077.519269][ T8248] __vmalloc_node_range+0x483/0x7e0 [ 1077.524619][ T8248] ? is_bpf_text_address+0xac/0x170 [ 1077.529857][ T8248] ? kvm_arch_create_memslot+0xc3/0x570 [ 1077.535443][ T8248] __vmalloc_node_flags_caller+0x71/0x90 [ 1077.541107][ T8248] ? kvm_arch_create_memslot+0xc3/0x570 [ 1077.546680][ T8248] kvmalloc_node+0xdc/0x100 [ 1077.551201][ T8248] kvm_arch_create_memslot+0xc3/0x570 [ 1077.556598][ T8248] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1077.562868][ T8248] __kvm_set_memory_region+0x13b5/0x1d00 [ 1077.568524][ T8248] ? gfn_to_hva+0x470/0x470 [ 1077.573073][ T8248] ? lock_downgrade+0x920/0x920 [ 1077.577962][ T8248] kvm_set_memory_region+0x2f/0x50 [ 1077.583090][ T8248] kvm_vm_ioctl+0x729/0x1860 [ 1077.587714][ T8248] ? debug_check_no_obj_freed+0x20a/0x43f [ 1077.593464][ T8248] ? find_held_lock+0x35/0x130 [ 1077.598254][ T8248] ? kvm_unregister_device_ops+0x70/0x70 [ 1077.603911][ T8248] ? lock_downgrade+0x920/0x920 [ 1077.608790][ T8248] ? rwlock_bug.part.0+0x90/0x90 [ 1077.613744][ T8248] ? tomoyo_path_number_perm+0x214/0x520 [ 1077.619403][ T8248] ? find_held_lock+0x35/0x130 [ 1077.624211][ T8248] ? lock_downgrade+0x920/0x920 [ 1077.629056][ T8248] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1077.634370][ T8248] ? tomoyo_path_number_perm+0x459/0x520 [ 1077.640012][ T8248] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1077.646262][ T8248] ? tomoyo_path_number_perm+0x263/0x520 [ 1077.651894][ T8248] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1077.657973][ T8248] ? kvm_unregister_device_ops+0x70/0x70 [ 1077.663621][ T8248] do_vfs_ioctl+0xdb6/0x13e0 [ 1077.668224][ T8248] ? ioctl_preallocate+0x210/0x210 [ 1077.673356][ T8248] ? __fget+0x384/0x560 [ 1077.677513][ T8248] ? ksys_dup3+0x3e0/0x3e0 [ 1077.681920][ T8248] ? nsecs_to_jiffies+0x30/0x30 [ 1077.686767][ T8248] ? tomoyo_file_ioctl+0x23/0x30 [ 1077.691712][ T8248] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1077.697955][ T8248] ? security_file_ioctl+0x8d/0xc0 [ 1077.703245][ T8248] ksys_ioctl+0xab/0xd0 [ 1077.707429][ T8248] __x64_sys_ioctl+0x73/0xb0 [ 1077.712018][ T8248] do_syscall_64+0xfa/0x760 [ 1077.716538][ T8248] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1077.722414][ T8248] RIP: 0033:0x4598e9 [ 1077.726301][ T8248] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1077.748796][ T8248] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1077.757286][ T8248] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 05:20:54 executing program 5: 05:20:54 executing program 1: [ 1077.765248][ T8248] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1077.773208][ T8248] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1077.781172][ T8248] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1077.789138][ T8248] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff 05:20:54 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getuid() gettid() r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ftruncate(r2, 0x200004) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x2}, 0x8) sendfile(r0, r2, 0x0, 0x80001d00c0d0) getsockopt$IP_VS_SO_GET_SERVICES(0xffffffffffffffff, 0x0, 0x482, &(0x7f0000000000)=""/115, 0x0) [ 1077.829193][ T8248] Mem-Info: [ 1077.835466][ T8248] active_anon:145056 inactive_anon:659 isolated_anon:0 [ 1077.835466][ T8248] active_file:21605 inactive_file:29703 isolated_file:0 [ 1077.835466][ T8248] unevictable:4096 dirty:330 writeback:0 unstable:0 [ 1077.835466][ T8248] slab_reclaimable:13106 slab_unreclaimable:98067 [ 1077.835466][ T8248] mapped:58982 shmem:252 pagetables:1400 bounce:0 [ 1077.835466][ T8248] free:1219950 free_pcp:496 free_cma:0 [ 1077.922167][ T8248] Node 0 active_anon:580064kB inactive_anon:2632kB active_file:86276kB inactive_file:118844kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235768kB dirty:1392kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 559104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1078.184433][ T8248] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1078.231911][ T8248] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1078.259011][ T8248] lowmem_reserve[]: 0 2547 2548 2548 [ 1078.264511][ T8248] Node 0 DMA32 free:1084360kB min:36184kB low:45228kB high:54272kB active_anon:582140kB inactive_anon:2632kB active_file:85224kB inactive_file:118960kB unevictable:16384kB writepending:1384kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7648kB pagetables:5600kB bounce:0kB free_pcp:2152kB local_pcp:1208kB free_cma:0kB [ 1078.301937][ T8248] lowmem_reserve[]: 0 0 1 1 [ 1078.306982][ T8248] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1078.340155][ T8248] lowmem_reserve[]: 0 0 0 0 [ 1078.344835][ T8248] Node 1 Normal free:3777696kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1078.373746][ T8248] lowmem_reserve[]: 0 0 0 0 [ 1078.378286][ T8248] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1078.392732][ T8248] Node 0 DMA32: 7318*4kB (UME) 3952*8kB (UME) 1818*16kB (UME) 1008*32kB (UME) 520*64kB (UME) 71*128kB (UM) 18*256kB (UM) 25*512kB (U) 9*1024kB (UE) 10*2048kB (UME) 214*4096kB (UM) = 1088248kB [ 1078.411640][ T8248] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1078.423991][ T8248] Node 1 Normal: 0*4kB 36*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777696kB [ 1078.440740][ T8248] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1078.450599][ T8248] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1078.459939][ T8248] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1078.469789][ T8248] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1078.479147][ T8248] 51593 total pagecache pages [ 1078.483887][ T8248] 0 pages in swap cache 05:20:55 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x6800000000000000, 0x500]}) 05:20:55 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000004000010", 0x66, 0x400}], 0x0, 0x0) 05:20:55 executing program 5: 05:20:55 executing program 2: 05:20:55 executing program 1: 05:20:55 executing program 0: [ 1078.488045][ T8248] Swap cache stats: add 0, delete 0, find 0/0 [ 1078.494189][ T8248] Free swap = 0kB [ 1078.497912][ T8248] Total swap = 0kB [ 1078.501626][ T8248] 1965979 pages RAM [ 1078.506366][ T8248] 0 pages HighMem/MovableOnly [ 1078.511060][ T8248] 341179 pages reserved [ 1078.515307][ T8248] 0 pages cma reserved 05:20:55 executing program 0: 05:20:55 executing program 2: 05:20:55 executing program 1: 05:20:55 executing program 5: [ 1078.716964][ T8283] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1078.816007][ T8280] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1078.824894][ T8283] CPU: 0 PID: 8283 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1078.833932][ T8283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1078.844001][ T8283] Call Trace: [ 1078.847319][ T8283] dump_stack+0x172/0x1f0 [ 1078.851679][ T8283] warn_alloc.cold+0x87/0x17f [ 1078.856638][ T8283] ? zone_watermark_ok_safe+0x260/0x260 [ 1078.862226][ T8283] ? mark_lock+0xc2/0x1220 [ 1078.866668][ T8283] ? __lock_acquire+0x8a0/0x4a00 [ 1078.871650][ T8283] __vmalloc_node_range+0x483/0x7e0 [ 1078.876879][ T8283] ? is_bpf_text_address+0xac/0x170 [ 1078.882104][ T8283] ? kvm_arch_create_memslot+0xc3/0x570 [ 1078.887671][ T8283] __vmalloc_node_flags_caller+0x71/0x90 [ 1078.893327][ T8283] ? kvm_arch_create_memslot+0xc3/0x570 [ 1078.899065][ T8283] kvmalloc_node+0xdc/0x100 [ 1078.903597][ T8283] kvm_arch_create_memslot+0xc3/0x570 [ 1078.909038][ T8283] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1078.915298][ T8283] __kvm_set_memory_region+0x13b5/0x1d00 [ 1078.915329][ T8283] ? gfn_to_hva+0x470/0x470 [ 1078.915354][ T8283] ? lock_downgrade+0x920/0x920 [ 1078.930462][ T8283] kvm_set_memory_region+0x2f/0x50 [ 1078.935603][ T8283] kvm_vm_ioctl+0x729/0x1860 [ 1078.940206][ T8283] ? debug_check_no_obj_freed+0x20a/0x43f [ 1078.946036][ T8283] ? find_held_lock+0x35/0x130 [ 1078.950828][ T8283] ? kvm_unregister_device_ops+0x70/0x70 [ 1078.956492][ T8283] ? lock_downgrade+0x920/0x920 [ 1078.961456][ T8283] ? rwlock_bug.part.0+0x90/0x90 [ 1078.966416][ T8283] ? tomoyo_path_number_perm+0x214/0x520 [ 1078.972069][ T8283] ? find_held_lock+0x35/0x130 [ 1078.976865][ T8283] ? lock_downgrade+0x920/0x920 [ 1078.981739][ T8283] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1078.987047][ T8283] ? tomoyo_path_number_perm+0x459/0x520 [ 1078.992698][ T8283] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1078.998958][ T8283] ? tomoyo_path_number_perm+0x263/0x520 [ 1079.004623][ T8283] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1079.010474][ T8283] ? kvm_unregister_device_ops+0x70/0x70 [ 1079.016129][ T8283] do_vfs_ioctl+0xdb6/0x13e0 [ 1079.020730][ T8283] ? ioctl_preallocate+0x210/0x210 [ 1079.025839][ T8283] ? __fget+0x384/0x560 [ 1079.025858][ T8283] ? ksys_dup3+0x3e0/0x3e0 [ 1079.025873][ T8283] ? nsecs_to_jiffies+0x30/0x30 [ 1079.025897][ T8283] ? tomoyo_file_ioctl+0x23/0x30 [ 1079.044248][ T8283] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1079.050517][ T8283] ? security_file_ioctl+0x8d/0xc0 [ 1079.055652][ T8283] ksys_ioctl+0xab/0xd0 [ 1079.059844][ T8283] __x64_sys_ioctl+0x73/0xb0 05:20:55 executing program 1: 05:20:55 executing program 5: [ 1079.064464][ T8283] do_syscall_64+0xfa/0x760 [ 1079.068990][ T8283] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1079.074905][ T8283] RIP: 0033:0x4598e9 [ 1079.078825][ T8283] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1079.098933][ T8283] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1079.107453][ T8283] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1079.115665][ T8283] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1079.123628][ T8283] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1079.131595][ T8283] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1079.139569][ T8283] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1079.149765][ T8283] Mem-Info: [ 1079.153005][ T8283] active_anon:145022 inactive_anon:658 isolated_anon:0 [ 1079.153005][ T8283] active_file:21606 inactive_file:29717 isolated_file:0 [ 1079.153005][ T8283] unevictable:4096 dirty:367 writeback:0 unstable:0 [ 1079.153005][ T8283] slab_reclaimable:13109 slab_unreclaimable:98246 [ 1079.153005][ T8283] mapped:58975 shmem:253 pagetables:1423 bounce:0 [ 1079.153005][ T8283] free:1219812 free_pcp:495 free_cma:0 [ 1079.191452][ T8283] Node 0 active_anon:580108kB inactive_anon:2640kB active_file:86280kB inactive_file:118892kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235952kB dirty:1484kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 559104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1079.221079][ T8283] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1079.247850][ T8283] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1079.275925][ T8283] lowmem_reserve[]: 0 2547 2548 2548 [ 1079.281476][ T8283] Node 0 DMA32 free:1086188kB min:36184kB low:45228kB high:54272kB active_anon:580188kB inactive_anon:2640kB active_file:85228kB inactive_file:118808kB unevictable:16384kB writepending:1476kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7744kB pagetables:5600kB bounce:0kB free_pcp:1836kB local_pcp:796kB free_cma:0kB [ 1079.313403][ T8283] lowmem_reserve[]: 0 0 1 1 [ 1079.318014][ T8283] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1079.352459][ T8283] lowmem_reserve[]: 0 0 0 0 [ 1079.357095][ T8283] Node 1 Normal free:3777696kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1079.393534][ T8283] lowmem_reserve[]: 0 0 0 0 [ 1079.410217][ T8283] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1079.425276][ T8283] Node 0 DMA32: 7365*4kB (UME) 3894*8kB (UME) 1862*16kB (UME) 1011*32kB (UME) 520*64kB (UME) 70*128kB (UM) 18*256kB (UM) 25*512kB (U) 9*1024kB (UE) 10*2048kB (UME) 214*4096kB (UM) = 1088644kB [ 1079.446712][ T8283] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1079.460895][ T8283] Node 1 Normal: 0*4kB 36*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777696kB [ 1079.478244][ T8283] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1079.488084][ T8283] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1079.497711][ T8283] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1079.507471][ T8283] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 05:20:56 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x6c00000000000000, 0x500]}) 05:20:56 executing program 2: 05:20:56 executing program 1: 05:20:56 executing program 0: 05:20:56 executing program 5: 05:20:56 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000005000010", 0x66, 0x400}], 0x0, 0x0) [ 1079.517002][ T8283] 51581 total pagecache pages [ 1079.521812][ T8283] 0 pages in swap cache [ 1079.526059][ T8283] Swap cache stats: add 0, delete 0, find 0/0 [ 1079.533181][ T8283] Free swap = 0kB [ 1079.537019][ T8283] Total swap = 0kB [ 1079.540723][ T8283] 1965979 pages RAM [ 1079.544747][ T8283] 0 pages HighMem/MovableOnly [ 1079.549556][ T8283] 341179 pages reserved [ 1079.553903][ T8283] 0 pages cma reserved 05:20:56 executing program 2: 05:20:56 executing program 0: 05:20:56 executing program 5: 05:20:56 executing program 1: [ 1079.793812][ T8313] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1079.816994][ T8306] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1079.911514][ T8313] CPU: 1 PID: 8313 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1079.920681][ T8313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1079.930965][ T8313] Call Trace: [ 1079.934358][ T8313] dump_stack+0x172/0x1f0 [ 1079.938688][ T8313] warn_alloc.cold+0x87/0x17f [ 1079.943359][ T8313] ? zone_watermark_ok_safe+0x260/0x260 [ 1079.948910][ T8313] ? mark_lock+0xc2/0x1220 [ 1079.954272][ T8313] ? __lock_acquire+0x8a0/0x4a00 [ 1079.959213][ T8313] __vmalloc_node_range+0x483/0x7e0 [ 1079.964422][ T8313] ? is_bpf_text_address+0xac/0x170 [ 1079.969636][ T8313] ? kvm_arch_create_memslot+0xc3/0x570 [ 1079.975180][ T8313] __vmalloc_node_flags_caller+0x71/0x90 [ 1079.980807][ T8313] ? kvm_arch_create_memslot+0xc3/0x570 [ 1079.986350][ T8313] kvmalloc_node+0xdc/0x100 [ 1079.990849][ T8313] kvm_arch_create_memslot+0xc3/0x570 [ 1079.996226][ T8313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1080.002464][ T8313] __kvm_set_memory_region+0x13b5/0x1d00 [ 1080.008147][ T8313] ? gfn_to_hva+0x470/0x470 [ 1080.012934][ T8313] ? lock_downgrade+0x920/0x920 [ 1080.017832][ T8313] kvm_set_memory_region+0x2f/0x50 [ 1080.022944][ T8313] kvm_vm_ioctl+0x729/0x1860 [ 1080.027529][ T8313] ? debug_check_no_obj_freed+0x20a/0x43f [ 1080.033241][ T8313] ? find_held_lock+0x35/0x130 [ 1080.038001][ T8313] ? kvm_unregister_device_ops+0x70/0x70 [ 1080.043632][ T8313] ? lock_downgrade+0x920/0x920 [ 1080.048476][ T8313] ? rwlock_bug.part.0+0x90/0x90 [ 1080.053417][ T8313] ? tomoyo_path_number_perm+0x214/0x520 [ 1080.059141][ T8313] ? find_held_lock+0x35/0x130 [ 1080.063925][ T8313] ? lock_downgrade+0x920/0x920 [ 1080.069512][ T8313] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1080.074800][ T8313] ? tomoyo_path_number_perm+0x459/0x520 [ 1080.080431][ T8313] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1080.086665][ T8313] ? tomoyo_path_number_perm+0x263/0x520 [ 1080.092306][ T8313] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1080.098122][ T8313] ? kvm_unregister_device_ops+0x70/0x70 [ 1080.103747][ T8313] do_vfs_ioctl+0xdb6/0x13e0 [ 1080.108330][ T8313] ? ioctl_preallocate+0x210/0x210 [ 1080.113429][ T8313] ? __fget+0x384/0x560 [ 1080.117577][ T8313] ? ksys_dup3+0x3e0/0x3e0 [ 1080.122087][ T8313] ? nsecs_to_jiffies+0x30/0x30 [ 1080.126936][ T8313] ? tomoyo_file_ioctl+0x23/0x30 [ 1080.131886][ T8313] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1080.138125][ T8313] ? security_file_ioctl+0x8d/0xc0 [ 1080.143229][ T8313] ksys_ioctl+0xab/0xd0 [ 1080.147377][ T8313] __x64_sys_ioctl+0x73/0xb0 [ 1080.151963][ T8313] do_syscall_64+0xfa/0x760 [ 1080.156478][ T8313] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1080.162365][ T8313] RIP: 0033:0x4598e9 [ 1080.166254][ T8313] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1080.185849][ T8313] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1080.194375][ T8313] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1080.202345][ T8313] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 05:20:56 executing program 5: 05:20:56 executing program 1: [ 1080.210337][ T8313] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1080.218304][ T8313] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1080.226265][ T8313] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1080.347417][ T8313] Mem-Info: [ 1080.351133][ T8313] active_anon:144510 inactive_anon:660 isolated_anon:0 [ 1080.351133][ T8313] active_file:21606 inactive_file:29723 isolated_file:0 [ 1080.351133][ T8313] unevictable:4096 dirty:372 writeback:0 unstable:0 [ 1080.351133][ T8313] slab_reclaimable:13111 slab_unreclaimable:98435 [ 1080.351133][ T8313] mapped:58963 shmem:253 pagetables:1437 bounce:0 [ 1080.351133][ T8313] free:1220061 free_pcp:486 free_cma:0 [ 1080.406593][ T8313] Node 0 active_anon:577940kB inactive_anon:2640kB active_file:86280kB inactive_file:118892kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235852kB dirty:1484kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 559104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1080.497311][ T8313] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1080.538678][ T8313] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1080.565965][ T8313] lowmem_reserve[]: 0 2547 2548 2548 [ 1080.571285][ T8313] Node 0 DMA32 free:1087364kB min:36184kB low:45228kB high:54272kB active_anon:578020kB inactive_anon:2640kB active_file:85228kB inactive_file:118808kB unevictable:16384kB writepending:1476kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7552kB pagetables:5452kB bounce:0kB free_pcp:2248kB local_pcp:952kB free_cma:0kB [ 1080.603367][ T8313] lowmem_reserve[]: 0 0 1 1 [ 1080.607885][ T8313] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1080.634985][ T8313] lowmem_reserve[]: 0 0 0 0 [ 1080.639506][ T8313] Node 1 Normal free:3777696kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1080.668475][ T8313] lowmem_reserve[]: 0 0 0 0 [ 1080.673265][ T8313] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1080.688617][ T8313] Node 0 DMA32: 7365*4kB (UME) 3872*8kB (UME) 1790*16kB (UME) 1012*32kB (UME) 520*64kB (UME) 70*128kB (UM) 18*256kB (UM) 25*512kB (U) 9*1024kB (UE) 10*2048kB (UME) 214*4096kB (UM) = 1087348kB [ 1080.707885][ T8313] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1080.720128][ T8313] Node 1 Normal: 0*4kB 36*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777696kB [ 1080.737266][ T8313] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1080.747101][ T8313] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1080.756494][ T8313] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1080.767020][ T8313] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1080.776483][ T8313] 51581 total pagecache pages [ 1080.781296][ T8313] 0 pages in swap cache [ 1080.785621][ T8313] Swap cache stats: add 0, delete 0, find 0/0 [ 1080.791842][ T8313] Free swap = 0kB 05:20:57 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x7400000000000000, 0x500]}) 05:20:57 executing program 2: 05:20:57 executing program 0: 05:20:57 executing program 5: 05:20:57 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000006000010", 0x66, 0x400}], 0x0, 0x0) 05:20:57 executing program 1: [ 1080.795684][ T8313] Total swap = 0kB [ 1080.799524][ T8313] 1965979 pages RAM [ 1080.803398][ T8313] 0 pages HighMem/MovableOnly [ 1080.808092][ T8313] 341179 pages reserved [ 1080.812368][ T8313] 0 pages cma reserved 05:20:57 executing program 5: 05:20:57 executing program 1: 05:20:57 executing program 0: 05:20:57 executing program 2: [ 1081.008326][ T8341] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1081.084736][ T8339] EXT4-fs (loop3): Encoding requested by superblock is unknown [ 1081.102438][ T8341] CPU: 0 PID: 8341 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1081.111507][ T8341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1081.121576][ T8341] Call Trace: [ 1081.124900][ T8341] dump_stack+0x172/0x1f0 [ 1081.129280][ T8341] warn_alloc.cold+0x87/0x17f 05:20:57 executing program 0: [ 1081.133996][ T8341] ? zone_watermark_ok_safe+0x260/0x260 [ 1081.139585][ T8341] ? mark_lock+0xc2/0x1220 [ 1081.144035][ T8341] ? __lock_acquire+0x8a0/0x4a00 [ 1081.149016][ T8341] __vmalloc_node_range+0x483/0x7e0 [ 1081.154253][ T8341] ? is_bpf_text_address+0xac/0x170 [ 1081.159476][ T8341] ? kvm_arch_create_memslot+0xc3/0x570 [ 1081.165047][ T8341] __vmalloc_node_flags_caller+0x71/0x90 [ 1081.170716][ T8341] ? kvm_arch_create_memslot+0xc3/0x570 [ 1081.176321][ T8341] kvmalloc_node+0xdc/0x100 05:20:57 executing program 2: [ 1081.180858][ T8341] kvm_arch_create_memslot+0xc3/0x570 [ 1081.186263][ T8341] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1081.192629][ T8341] __kvm_set_memory_region+0x13b5/0x1d00 [ 1081.198296][ T8341] ? gfn_to_hva+0x470/0x470 [ 1081.202834][ T8341] ? lock_downgrade+0x920/0x920 [ 1081.207748][ T8341] kvm_set_memory_region+0x2f/0x50 [ 1081.212970][ T8341] kvm_vm_ioctl+0x729/0x1860 [ 1081.217587][ T8341] ? debug_check_no_obj_freed+0x20a/0x43f [ 1081.223742][ T8341] ? find_held_lock+0x35/0x130 [ 1081.228710][ T8341] ? kvm_unregister_device_ops+0x70/0x70 [ 1081.234557][ T8341] ? lock_downgrade+0x920/0x920 [ 1081.239417][ T8341] ? rwlock_bug.part.0+0x90/0x90 [ 1081.244363][ T8341] ? tomoyo_path_number_perm+0x214/0x520 [ 1081.249989][ T8341] ? find_held_lock+0x35/0x130 [ 1081.254854][ T8341] ? lock_downgrade+0x920/0x920 [ 1081.259988][ T8341] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1081.265276][ T8341] ? tomoyo_path_number_perm+0x459/0x520 [ 1081.270930][ T8341] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1081.277168][ T8341] ? tomoyo_path_number_perm+0x263/0x520 [ 1081.282939][ T8341] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1081.288889][ T8341] ? kvm_unregister_device_ops+0x70/0x70 [ 1081.294530][ T8341] do_vfs_ioctl+0xdb6/0x13e0 [ 1081.299286][ T8341] ? ioctl_preallocate+0x210/0x210 [ 1081.304512][ T8341] ? __fget+0x384/0x560 [ 1081.308883][ T8341] ? ksys_dup3+0x3e0/0x3e0 [ 1081.313454][ T8341] ? nsecs_to_jiffies+0x30/0x30 [ 1081.318322][ T8341] ? tomoyo_file_ioctl+0x23/0x30 [ 1081.323267][ T8341] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1081.329535][ T8341] ? security_file_ioctl+0x8d/0xc0 [ 1081.334814][ T8341] ksys_ioctl+0xab/0xd0 [ 1081.338995][ T8341] __x64_sys_ioctl+0x73/0xb0 [ 1081.343607][ T8341] do_syscall_64+0xfa/0x760 [ 1081.348170][ T8341] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1081.354209][ T8341] RIP: 0033:0x4598e9 [ 1081.358102][ T8341] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1081.377820][ T8341] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1081.386230][ T8341] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1081.395599][ T8341] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1081.403572][ T8341] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1081.411635][ T8341] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1081.419756][ T8341] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1081.435925][ T8341] Mem-Info: [ 1081.439108][ T8341] active_anon:145023 inactive_anon:660 isolated_anon:0 [ 1081.439108][ T8341] active_file:21605 inactive_file:29738 isolated_file:0 [ 1081.439108][ T8341] unevictable:4096 dirty:389 writeback:0 unstable:0 [ 1081.439108][ T8341] slab_reclaimable:13109 slab_unreclaimable:98845 [ 1081.439108][ T8341] mapped:58992 shmem:252 pagetables:1459 bounce:0 [ 1081.439108][ T8341] free:1219029 free_pcp:581 free_cma:0 [ 1081.478295][ T8341] Node 0 active_anon:580092kB inactive_anon:2640kB active_file:86276kB inactive_file:118952kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235968kB dirty:1552kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 557056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1081.508859][ T8341] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1081.535770][ T8341] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1081.564592][ T8341] lowmem_reserve[]: 0 2547 2548 2548 [ 1081.569908][ T8341] Node 0 DMA32 free:1083220kB min:36184kB low:45228kB high:54272kB active_anon:580072kB inactive_anon:2640kB active_file:85224kB inactive_file:118868kB unevictable:16384kB writepending:1544kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7744kB pagetables:5688kB bounce:0kB free_pcp:2188kB local_pcp:920kB free_cma:0kB [ 1081.601448][ T8341] lowmem_reserve[]: 0 0 1 1 [ 1081.601471][ T8341] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1081.601506][ T8341] lowmem_reserve[]: 0 0 0 0 [ 1081.601525][ T8341] Node 1 Normal free:3777696kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1081.601555][ T8341] lowmem_reserve[]: 0 0 0 0 [ 1081.601570][ T8341] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1081.644162][ T8341] Node 0 DMA32: 7237*4kB (UME) 3844*8kB (UME) 1732*16kB (UME) 1008*32kB (UME) 520*64kB (UME) 70*128kB (UM) 18*256kB (UM) 25*512kB (U) 9*1024kB (UE) 9*2048kB (UME) 214*4096kB (UM) = 1083508kB [ 1081.755409][ T8341] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1081.771227][ T8355] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1081.787231][ T8341] Node 1 Normal: 0*4kB 36*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777696kB [ 1081.804743][ T8355] CPU: 0 PID: 8355 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1081.813786][ T8355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1081.823861][ T8355] Call Trace: [ 1081.827179][ T8355] dump_stack+0x172/0x1f0 [ 1081.831530][ T8355] warn_alloc.cold+0x87/0x17f [ 1081.836246][ T8355] ? zone_watermark_ok_safe+0x260/0x260 [ 1081.841843][ T8355] ? mark_lock+0xc2/0x1220 [ 1081.841858][ T8355] ? __lock_acquire+0x8a0/0x4a00 [ 1081.841883][ T8355] __vmalloc_node_range+0x483/0x7e0 [ 1081.851233][ T8355] ? is_bpf_text_address+0xac/0x170 [ 1081.851255][ T8355] ? kvm_arch_create_memslot+0xc3/0x570 [ 1081.851275][ T8355] __vmalloc_node_flags_caller+0x71/0x90 [ 1081.861689][ T8355] ? kvm_arch_create_memslot+0xc3/0x570 [ 1081.872895][ T8355] kvmalloc_node+0xdc/0x100 [ 1081.872918][ T8355] kvm_arch_create_memslot+0xc3/0x570 [ 1081.872937][ T8355] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1081.872960][ T8355] __kvm_set_memory_region+0x13b5/0x1d00 [ 1081.883110][ T8355] ? gfn_to_hva+0x470/0x470 [ 1081.883136][ T8355] ? lock_downgrade+0x920/0x920 [ 1081.883165][ T8355] kvm_set_memory_region+0x2f/0x50 [ 1081.895189][ T8355] kvm_vm_ioctl+0x729/0x1860 [ 1081.895207][ T8355] ? debug_check_no_obj_freed+0x20a/0x43f [ 1081.895222][ T8355] ? find_held_lock+0x35/0x130 [ 1081.895237][ T8355] ? kvm_unregister_device_ops+0x70/0x70 [ 1081.895256][ T8355] ? lock_downgrade+0x920/0x920 [ 1081.940968][ T8355] ? rwlock_bug.part.0+0x90/0x90 [ 1081.945932][ T8355] ? tomoyo_path_number_perm+0x214/0x520 [ 1081.951595][ T8355] ? find_held_lock+0x35/0x130 [ 1081.956422][ T8355] ? lock_downgrade+0x920/0x920 [ 1081.961328][ T8355] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1081.966814][ T8355] ? tomoyo_path_number_perm+0x459/0x520 [ 1081.972500][ T8355] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1081.978772][ T8355] ? tomoyo_path_number_perm+0x263/0x520 [ 1081.984432][ T8355] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1081.990281][ T8355] ? kvm_unregister_device_ops+0x70/0x70 [ 1081.991866][ T8341] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1081.995957][ T8355] do_vfs_ioctl+0xdb6/0x13e0 [ 1081.995977][ T8355] ? ioctl_preallocate+0x210/0x210 [ 1081.995989][ T8355] ? __fget+0x384/0x560 [ 1081.996007][ T8355] ? ksys_dup3+0x3e0/0x3e0 [ 1081.996022][ T8355] ? nsecs_to_jiffies+0x30/0x30 [ 1081.996042][ T8355] ? tomoyo_file_ioctl+0x23/0x30 [ 1082.006264][ T8341] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1082.010164][ T8355] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1082.010180][ T8355] ? security_file_ioctl+0x8d/0xc0 [ 1082.010198][ T8355] ksys_ioctl+0xab/0xd0 [ 1082.015782][ T8341] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1082.019444][ T8355] __x64_sys_ioctl+0x73/0xb0 [ 1082.019462][ T8355] do_syscall_64+0xfa/0x760 [ 1082.019484][ T8355] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1082.024269][ T8341] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1082.028711][ T8355] RIP: 0033:0x4598e9 [ 1082.028727][ T8355] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1082.028733][ T8355] RSP: 002b:00007f92b6d82c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1082.034148][ T8341] 51594 total pagecache pages [ 1082.042948][ T8355] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1082.042957][ T8355] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1082.042964][ T8355] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1082.042970][ T8355] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6d836d4 [ 1082.042978][ T8355] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1082.096361][ T8341] 0 pages in swap cache [ 1082.154287][ T8341] Swap cache stats: add 0, delete 0, find 0/0 [ 1082.182196][ T8341] Free swap = 0kB [ 1082.186120][ T8341] Total swap = 0kB [ 1082.189971][ T8341] 1965979 pages RAM [ 1082.194149][ T8341] 0 pages HighMem/MovableOnly [ 1082.198998][ T8341] 341179 pages reserved 05:20:58 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x7a00000000000000, 0x500]}) 05:20:58 executing program 1: 05:20:58 executing program 5: 05:20:58 executing program 0: 05:20:58 executing program 2: 05:20:58 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000007000010", 0x66, 0x400}], 0x0, 0x0) [ 1082.206539][ T8341] 0 pages cma reserved 05:20:58 executing program 2: 05:20:58 executing program 5: 05:20:58 executing program 0: 05:20:58 executing program 1: [ 1082.394084][ T8370] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:20:59 executing program 5: [ 1082.513271][ T8367] EXT4-fs (loop3): Can't mount with encoding and encryption [ 1082.563079][ T8370] CPU: 1 PID: 8370 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1082.572267][ T8370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1082.582875][ T8370] Call Trace: [ 1082.586249][ T8370] dump_stack+0x172/0x1f0 [ 1082.590619][ T8370] warn_alloc.cold+0x87/0x17f [ 1082.595327][ T8370] ? zone_watermark_ok_safe+0x260/0x260 [ 1082.601004][ T8370] ? mark_lock+0xc2/0x1220 [ 1082.605478][ T8370] ? __lock_acquire+0x8a0/0x4a00 05:20:59 executing program 2: [ 1082.610451][ T8370] __vmalloc_node_range+0x483/0x7e0 [ 1082.615684][ T8370] ? is_bpf_text_address+0xac/0x170 [ 1082.621328][ T8370] ? kvm_arch_create_memslot+0xc3/0x570 [ 1082.626900][ T8370] __vmalloc_node_flags_caller+0x71/0x90 [ 1082.632678][ T8370] ? kvm_arch_create_memslot+0xc3/0x570 [ 1082.638442][ T8370] kvmalloc_node+0xdc/0x100 [ 1082.642962][ T8370] kvm_arch_create_memslot+0xc3/0x570 [ 1082.648528][ T8370] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1082.654959][ T8370] __kvm_set_memory_region+0x13b5/0x1d00 [ 1082.660598][ T8370] ? gfn_to_hva+0x470/0x470 [ 1082.665108][ T8370] ? lock_downgrade+0x920/0x920 [ 1082.670113][ T8370] kvm_set_memory_region+0x2f/0x50 [ 1082.675237][ T8370] kvm_vm_ioctl+0x729/0x1860 [ 1082.679951][ T8370] ? debug_check_no_obj_freed+0x20a/0x43f [ 1082.685688][ T8370] ? find_held_lock+0x35/0x130 [ 1082.690452][ T8370] ? kvm_unregister_device_ops+0x70/0x70 [ 1082.696205][ T8370] ? lock_downgrade+0x920/0x920 [ 1082.701167][ T8370] ? rwlock_bug.part.0+0x90/0x90 [ 1082.706102][ T8370] ? tomoyo_path_number_perm+0x214/0x520 [ 1082.711731][ T8370] ? find_held_lock+0x35/0x130 [ 1082.716491][ T8370] ? lock_downgrade+0x920/0x920 [ 1082.721530][ T8370] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1082.727457][ T8370] ? tomoyo_path_number_perm+0x459/0x520 [ 1082.733098][ T8370] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1082.739335][ T8370] ? tomoyo_path_number_perm+0x263/0x520 [ 1082.745118][ T8370] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1082.751031][ T8370] ? kvm_unregister_device_ops+0x70/0x70 [ 1082.757086][ T8370] do_vfs_ioctl+0xdb6/0x13e0 [ 1082.761735][ T8370] ? ioctl_preallocate+0x210/0x210 [ 1082.767039][ T8370] ? __fget+0x384/0x560 [ 1082.772005][ T8370] ? ksys_dup3+0x3e0/0x3e0 [ 1082.776558][ T8370] ? nsecs_to_jiffies+0x30/0x30 [ 1082.781505][ T8370] ? tomoyo_file_ioctl+0x23/0x30 [ 1082.786466][ T8370] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1082.792811][ T8370] ? security_file_ioctl+0x8d/0xc0 [ 1082.797950][ T8370] ksys_ioctl+0xab/0xd0 [ 1082.802116][ T8370] __x64_sys_ioctl+0x73/0xb0 [ 1082.806726][ T8370] do_syscall_64+0xfa/0x760 [ 1082.811529][ T8370] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1082.817514][ T8370] RIP: 0033:0x4598e9 [ 1082.821488][ T8370] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1082.842011][ T8370] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1082.851982][ T8370] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1082.859954][ T8370] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1082.868289][ T8370] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1082.876986][ T8370] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1082.885429][ T8370] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1082.897425][ T8370] warn_alloc_show_mem: 1 callbacks suppressed [ 1082.897433][ T8370] Mem-Info: [ 1082.908507][ T8370] active_anon:145013 inactive_anon:658 isolated_anon:0 [ 1082.908507][ T8370] active_file:21605 inactive_file:29753 isolated_file:0 [ 1082.908507][ T8370] unevictable:4096 dirty:405 writeback:0 unstable:0 [ 1082.908507][ T8370] slab_reclaimable:13121 slab_unreclaimable:98779 [ 1082.908507][ T8370] mapped:58975 shmem:253 pagetables:1398 bounce:0 [ 1082.908507][ T8370] free:1219305 free_pcp:447 free_cma:0 [ 1082.947529][ T8370] Node 0 active_anon:580052kB inactive_anon:2632kB active_file:86276kB inactive_file:119012kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235900kB dirty:1616kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 555008kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1082.947557][ T8370] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1082.947569][ T8370] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1083.005277][ T8370] lowmem_reserve[]: 0 2547 2548 2548 [ 1083.037677][ T8370] Node 0 DMA32 free:1083332kB min:36184kB low:45228kB high:54272kB active_anon:580068kB inactive_anon:2644kB active_file:85224kB inactive_file:118948kB unevictable:16384kB writepending:1628kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7712kB pagetables:5592kB bounce:0kB free_pcp:2024kB local_pcp:560kB free_cma:0kB [ 1083.122423][ T8370] lowmem_reserve[]: 0 0 1 1 [ 1083.130024][ T8370] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1083.157719][ T8370] lowmem_reserve[]: 0 0 0 0 [ 1083.162379][ T8370] Node 1 Normal free:3777696kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1083.191044][ T8370] lowmem_reserve[]: 0 0 0 0 [ 1083.195724][ T8370] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1083.210236][ T8370] Node 0 DMA32: 7375*4kB (UME) 3834*8kB (UME) 1647*16kB (UME) 998*32kB (UME) 522*64kB (UME) 74*128kB (UM) 20*256kB (UM) 25*512kB (U) 9*1024kB (UE) 10*2048kB (UME) 214*4096kB (UM) = 1085500kB [ 1083.241416][ T8370] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1083.290098][ T8370] Node 1 Normal: 0*4kB 36*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777696kB [ 1083.346532][ T8384] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1083.366495][ T8370] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1083.366691][ T8384] CPU: 1 PID: 8384 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1083.378894][ T8370] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1083.385120][ T8384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1083.385127][ T8384] Call Trace: [ 1083.385149][ T8384] dump_stack+0x172/0x1f0 [ 1083.385168][ T8384] warn_alloc.cold+0x87/0x17f [ 1083.385183][ T8384] ? zone_watermark_ok_safe+0x260/0x260 [ 1083.385210][ T8384] ? mark_lock+0xc2/0x1220 [ 1083.385223][ T8384] ? __lock_acquire+0x8a0/0x4a00 [ 1083.385246][ T8384] __vmalloc_node_range+0x483/0x7e0 [ 1083.385261][ T8384] ? is_bpf_text_address+0xac/0x170 [ 1083.385286][ T8384] ? kvm_arch_create_memslot+0xc3/0x570 [ 1083.400901][ T8370] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1083.404777][ T8384] __vmalloc_node_flags_caller+0x71/0x90 [ 1083.404795][ T8384] ? kvm_arch_create_memslot+0xc3/0x570 [ 1083.404812][ T8384] kvmalloc_node+0xdc/0x100 [ 1083.404829][ T8384] kvm_arch_create_memslot+0xc3/0x570 [ 1083.404848][ T8384] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1083.404867][ T8384] __kvm_set_memory_region+0x13b5/0x1d00 [ 1083.409460][ T8370] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1083.412481][ T8384] ? gfn_to_hva+0x470/0x470 [ 1083.412504][ T8384] ? lock_downgrade+0x920/0x920 [ 1083.412535][ T8384] kvm_set_memory_region+0x2f/0x50 [ 1083.412551][ T8384] kvm_vm_ioctl+0x729/0x1860 [ 1083.412567][ T8384] ? debug_check_no_obj_freed+0x20a/0x43f [ 1083.412582][ T8384] ? find_held_lock+0x35/0x130 [ 1083.412598][ T8384] ? kvm_unregister_device_ops+0x70/0x70 [ 1083.412618][ T8384] ? lock_downgrade+0x920/0x920 [ 1083.412634][ T8384] ? rwlock_bug.part.0+0x90/0x90 [ 1083.426728][ T8370] 51615 total pagecache pages [ 1083.427390][ T8384] ? tomoyo_path_number_perm+0x214/0x520 [ 1083.436363][ T8370] 0 pages in swap cache [ 1083.437494][ T8384] ? find_held_lock+0x35/0x130 [ 1083.437523][ T8384] ? lock_downgrade+0x920/0x920 [ 1083.445717][ T8370] Swap cache stats: add 0, delete 0, find 0/0 [ 1083.448412][ T8384] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1083.448435][ T8384] ? tomoyo_path_number_perm+0x459/0x520 [ 1083.448458][ T8384] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1083.463976][ T8370] Free swap = 0kB [ 1083.469159][ T8384] ? tomoyo_path_number_perm+0x263/0x520 [ 1083.469179][ T8384] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1083.469212][ T8384] ? kvm_unregister_device_ops+0x70/0x70 [ 1083.477909][ T8370] Total swap = 0kB [ 1083.479246][ T8384] do_vfs_ioctl+0xdb6/0x13e0 [ 1083.479266][ T8384] ? ioctl_preallocate+0x210/0x210 [ 1083.479282][ T8384] ? __fget+0x384/0x560 [ 1083.487941][ T8370] 1965979 pages RAM [ 1083.491236][ T8384] ? ksys_dup3+0x3e0/0x3e0 [ 1083.491252][ T8384] ? nsecs_to_jiffies+0x30/0x30 [ 1083.491273][ T8384] ? tomoyo_file_ioctl+0x23/0x30 [ 1083.507107][ T8370] 0 pages HighMem/MovableOnly [ 1083.509889][ T8384] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1083.509905][ T8384] ? security_file_ioctl+0x8d/0xc0 [ 1083.509923][ T8384] ksys_ioctl+0xab/0xd0 [ 1083.516611][ T8370] 341179 pages reserved [ 1083.519656][ T8384] __x64_sys_ioctl+0x73/0xb0 [ 1083.519674][ T8384] do_syscall_64+0xfa/0x760 [ 1083.519697][ T8384] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1083.530449][ T8370] 0 pages cma reserved [ 1083.535793][ T8384] RIP: 0033:0x4598e9 [ 1083.535809][ T8384] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1083.535816][ T8384] RSP: 002b:00007f92b6da3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1083.535828][ T8384] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1083.535836][ T8384] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 05:21:00 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x8000000000000000, 0x500]}) 05:21:00 executing program 1: 05:21:00 executing program 0: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000080)={'sit0\x00', @ifru_flags}) 05:21:00 executing program 2: 05:21:00 executing program 5: 05:21:00 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000008000010", 0x66, 0x400}], 0x0, 0x0) [ 1083.535844][ T8384] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1083.535852][ T8384] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6da46d4 [ 1083.535859][ T8384] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff 05:21:00 executing program 2: 05:21:00 executing program 1: 05:21:00 executing program 5: 05:21:00 executing program 0: [ 1083.941475][ T8403] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:21:00 executing program 2: [ 1084.048889][ T8399] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1084.082256][ T8403] CPU: 1 PID: 8403 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 05:21:00 executing program 5: [ 1084.091336][ T8403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1084.101418][ T8403] Call Trace: [ 1084.104739][ T8403] dump_stack+0x172/0x1f0 [ 1084.109107][ T8403] warn_alloc.cold+0x87/0x17f [ 1084.113821][ T8403] ? zone_watermark_ok_safe+0x260/0x260 [ 1084.119416][ T8403] ? mark_lock+0xc2/0x1220 [ 1084.123866][ T8403] ? __lock_acquire+0x8a0/0x4a00 [ 1084.128837][ T8403] __vmalloc_node_range+0x483/0x7e0 [ 1084.134073][ T8403] ? is_bpf_text_address+0xac/0x170 [ 1084.139309][ T8403] ? kvm_arch_create_memslot+0xc3/0x570 [ 1084.144890][ T8403] __vmalloc_node_flags_caller+0x71/0x90 [ 1084.151509][ T8403] ? kvm_arch_create_memslot+0xc3/0x570 [ 1084.157082][ T8403] kvmalloc_node+0xdc/0x100 [ 1084.161590][ T8403] kvm_arch_create_memslot+0xc3/0x570 [ 1084.166985][ T8403] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1084.173409][ T8403] __kvm_set_memory_region+0x13b5/0x1d00 [ 1084.179068][ T8403] ? gfn_to_hva+0x470/0x470 [ 1084.183579][ T8403] ? lock_downgrade+0x920/0x920 [ 1084.188441][ T8403] kvm_set_memory_region+0x2f/0x50 [ 1084.193545][ T8403] kvm_vm_ioctl+0x729/0x1860 [ 1084.198130][ T8403] ? debug_check_no_obj_freed+0x20a/0x43f [ 1084.203863][ T8403] ? find_held_lock+0x35/0x130 [ 1084.208645][ T8403] ? kvm_unregister_device_ops+0x70/0x70 [ 1084.214890][ T8403] ? lock_downgrade+0x920/0x920 [ 1084.219828][ T8403] ? rwlock_bug.part.0+0x90/0x90 [ 1084.224759][ T8403] ? tomoyo_path_number_perm+0x214/0x520 [ 1084.230473][ T8403] ? find_held_lock+0x35/0x130 [ 1084.235382][ T8403] ? lock_downgrade+0x920/0x920 [ 1084.240236][ T8403] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1084.245512][ T8403] ? tomoyo_path_number_perm+0x459/0x520 [ 1084.251141][ T8403] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1084.257404][ T8403] ? tomoyo_path_number_perm+0x263/0x520 [ 1084.263034][ T8403] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1084.268847][ T8403] ? kvm_unregister_device_ops+0x70/0x70 [ 1084.274467][ T8403] do_vfs_ioctl+0xdb6/0x13e0 [ 1084.279051][ T8403] ? ioctl_preallocate+0x210/0x210 [ 1084.284157][ T8403] ? __fget+0x384/0x560 [ 1084.288308][ T8403] ? ksys_dup3+0x3e0/0x3e0 [ 1084.292720][ T8403] ? nsecs_to_jiffies+0x30/0x30 [ 1084.297658][ T8403] ? tomoyo_file_ioctl+0x23/0x30 [ 1084.302588][ T8403] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1084.308897][ T8403] ? security_file_ioctl+0x8d/0xc0 [ 1084.314003][ T8403] ksys_ioctl+0xab/0xd0 [ 1084.318153][ T8403] __x64_sys_ioctl+0x73/0xb0 [ 1084.322735][ T8403] do_syscall_64+0xfa/0x760 [ 1084.327343][ T8403] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1084.333224][ T8403] RIP: 0033:0x4598e9 [ 1084.337112][ T8403] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1084.356708][ T8403] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1084.365110][ T8403] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1084.373601][ T8403] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1084.381570][ T8403] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1084.389535][ T8403] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1084.397582][ T8403] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1084.551440][ T8403] warn_alloc_show_mem: 1 callbacks suppressed [ 1084.551447][ T8403] Mem-Info: [ 1084.564347][ T8403] active_anon:144545 inactive_anon:660 isolated_anon:0 [ 1084.564347][ T8403] active_file:21605 inactive_file:29768 isolated_file:0 [ 1084.564347][ T8403] unevictable:4096 dirty:351 writeback:0 unstable:0 [ 1084.564347][ T8403] slab_reclaimable:13112 slab_unreclaimable:98836 [ 1084.564347][ T8403] mapped:58988 shmem:253 pagetables:1360 bounce:0 [ 1084.564347][ T8403] free:1219634 free_pcp:642 free_cma:0 [ 1084.603625][ T8403] Node 0 active_anon:578180kB inactive_anon:2640kB active_file:86276kB inactive_file:119072kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235952kB dirty:1400kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 557056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1084.633737][ T8403] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1084.668301][ T8403] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1084.699556][ T8403] lowmem_reserve[]: 0 2547 2548 2548 [ 1084.710319][ T8421] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1084.726675][ T8403] Node 0 DMA32 free:1084372kB min:36184kB low:45228kB high:54272kB active_anon:577960kB inactive_anon:2640kB active_file:85224kB inactive_file:118988kB unevictable:16384kB writepending:1396kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7712kB pagetables:5440kB bounce:0kB free_pcp:2628kB local_pcp:1240kB free_cma:0kB [ 1084.759464][ T8421] CPU: 0 PID: 8421 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1084.768521][ T8421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1084.778597][ T8421] Call Trace: [ 1084.781914][ T8421] dump_stack+0x172/0x1f0 [ 1084.786272][ T8421] warn_alloc.cold+0x87/0x17f [ 1084.790982][ T8421] ? zone_watermark_ok_safe+0x260/0x260 [ 1084.796636][ T8421] ? mark_lock+0xc2/0x1220 [ 1084.801080][ T8421] ? __lock_acquire+0x8a0/0x4a00 [ 1084.806050][ T8421] __vmalloc_node_range+0x483/0x7e0 [ 1084.807634][ T8403] lowmem_reserve[]: 0 0 1 1 [ 1084.811270][ T8421] ? is_bpf_text_address+0xac/0x170 [ 1084.816070][ T8403] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:4kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1084.821181][ T8421] ? kvm_arch_create_memslot+0xc3/0x570 [ 1084.848274][ T8403] lowmem_reserve[]: 0 0 0 0 [ 1084.853867][ T8421] __vmalloc_node_flags_caller+0x71/0x90 [ 1084.853889][ T8421] ? kvm_arch_create_memslot+0xc3/0x570 [ 1084.858367][ T8403] Node 1 Normal free:3777696kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1084.864153][ T8421] kvmalloc_node+0xdc/0x100 [ 1084.864175][ T8421] kvm_arch_create_memslot+0xc3/0x570 [ 1084.864193][ T8421] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1084.864215][ T8421] __kvm_set_memory_region+0x13b5/0x1d00 [ 1084.869743][ T8403] lowmem_reserve[]: 0 0 0 0 [ 1084.898800][ T8421] ? gfn_to_hva+0x470/0x470 [ 1084.898825][ T8421] ? lock_downgrade+0x920/0x920 [ 1084.898854][ T8421] kvm_set_memory_region+0x2f/0x50 [ 1084.903489][ T8403] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1084.908812][ T8421] kvm_vm_ioctl+0x729/0x1860 [ 1084.915059][ T8403] Node 0 DMA32: 7279*4kB (UME) 3756*8kB (UME) 1644*16kB (UME) 987*32kB (UME) 522*64kB (UME) 72*128kB (UM) 21*256kB (UM) 25*512kB (U) 9*1024kB (UE) 10*2048kB (UME) 214*4096kB (UM) = 1084092kB [ 1084.920776][ T8421] ? debug_check_no_obj_freed+0x20a/0x43f [ 1084.925323][ T8403] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1084.929759][ T8421] ? find_held_lock+0x35/0x130 [ 1084.934613][ T8403] Node 1 Normal: 0*4kB 36*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777696kB [ 1084.939694][ T8421] ? kvm_unregister_device_ops+0x70/0x70 [ 1084.953951][ T8403] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1084.958497][ T8421] ? lock_downgrade+0x920/0x920 [ 1084.977191][ T8403] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1084.982865][ T8421] ? rwlock_bug.part.0+0x90/0x90 [ 1084.982881][ T8421] ? tomoyo_path_number_perm+0x214/0x520 [ 1084.982899][ T8421] ? find_held_lock+0x35/0x130 [ 1084.995541][ T8403] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1085.000255][ T8421] ? lock_downgrade+0x920/0x920 [ 1085.016759][ T8403] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1085.022350][ T8421] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1085.022369][ T8421] ? tomoyo_path_number_perm+0x459/0x520 [ 1085.022391][ T8421] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1085.032030][ T8403] 51625 total pagecache pages [ 1085.032114][ T8403] 0 pages in swap cache [ 1085.036957][ T8421] ? tomoyo_path_number_perm+0x263/0x520 [ 1085.036973][ T8421] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1085.037004][ T8421] ? kvm_unregister_device_ops+0x70/0x70 [ 1085.037024][ T8421] do_vfs_ioctl+0xdb6/0x13e0 [ 1085.046582][ T8403] Swap cache stats: add 0, delete 0, find 0/0 [ 1085.051262][ T8421] ? ioctl_preallocate+0x210/0x210 [ 1085.051274][ T8421] ? __fget+0x384/0x560 [ 1085.051293][ T8421] ? ksys_dup3+0x3e0/0x3e0 [ 1085.057059][ T8403] Free swap = 0kB [ 1085.061692][ T8421] ? nsecs_to_jiffies+0x30/0x30 [ 1085.061712][ T8421] ? tomoyo_file_ioctl+0x23/0x30 [ 1085.061732][ T8421] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1085.071347][ T8403] Total swap = 0kB [ 1085.076107][ T8421] ? security_file_ioctl+0x8d/0xc0 [ 1085.076125][ T8421] ksys_ioctl+0xab/0xd0 [ 1085.076141][ T8421] __x64_sys_ioctl+0x73/0xb0 [ 1085.076161][ T8421] do_syscall_64+0xfa/0x760 [ 1085.085512][ T8403] 1965979 pages RAM [ 1085.090709][ T8421] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1085.090720][ T8421] RIP: 0033:0x4598e9 [ 1085.090737][ T8421] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1085.096438][ T8403] 0 pages HighMem/MovableOnly [ 1085.102660][ T8421] RSP: 002b:00007f92b6d82c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1085.102674][ T8421] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 05:21:01 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0xc00c000000000000, 0x500]}) 05:21:01 executing program 1: 05:21:01 executing program 0: 05:21:01 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000009000010", 0x66, 0x400}], 0x0, 0x0) 05:21:01 executing program 2: 05:21:01 executing program 5: [ 1085.102681][ T8421] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1085.102689][ T8421] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1085.102696][ T8421] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6d836d4 [ 1085.102705][ T8421] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1085.109384][ T8403] 341179 pages reserved [ 1085.126183][ T8403] 0 pages cma reserved 05:21:01 executing program 2: 05:21:01 executing program 1: 05:21:01 executing program 0: 05:21:01 executing program 2: 05:21:01 executing program 5: [ 1085.492033][ T8427] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities 05:21:02 executing program 1: [ 1085.561389][ T8437] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1085.702304][ T8437] CPU: 0 PID: 8437 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1085.711477][ T8437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1085.721548][ T8437] Call Trace: [ 1085.724869][ T8437] dump_stack+0x172/0x1f0 [ 1085.729370][ T8437] warn_alloc.cold+0x87/0x17f [ 1085.734086][ T8437] ? zone_watermark_ok_safe+0x260/0x260 [ 1085.739675][ T8437] ? mark_lock+0xc2/0x1220 [ 1085.744123][ T8437] ? __lock_acquire+0x8a0/0x4a00 [ 1085.749091][ T8437] __vmalloc_node_range+0x483/0x7e0 [ 1085.754312][ T8437] ? is_bpf_text_address+0xac/0x170 [ 1085.759545][ T8437] ? kvm_arch_create_memslot+0xc3/0x570 [ 1085.765108][ T8437] __vmalloc_node_flags_caller+0x71/0x90 [ 1085.770767][ T8437] ? kvm_arch_create_memslot+0xc3/0x570 [ 1085.770792][ T8437] kvmalloc_node+0xdc/0x100 [ 1085.780834][ T8437] kvm_arch_create_memslot+0xc3/0x570 [ 1085.786238][ T8437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1085.792494][ T8437] __kvm_set_memory_region+0x13b5/0x1d00 [ 1085.792515][ T8437] ? gfn_to_hva+0x470/0x470 [ 1085.792538][ T8437] ? lock_downgrade+0x920/0x920 [ 1085.792566][ T8437] kvm_set_memory_region+0x2f/0x50 [ 1085.812706][ T8437] kvm_vm_ioctl+0x729/0x1860 [ 1085.817336][ T8437] ? debug_check_no_obj_freed+0x20a/0x43f [ 1085.823116][ T8437] ? find_held_lock+0x35/0x130 [ 1085.827918][ T8437] ? kvm_unregister_device_ops+0x70/0x70 [ 1085.833595][ T8437] ? lock_downgrade+0x920/0x920 [ 1085.838474][ T8437] ? rwlock_bug.part.0+0x90/0x90 [ 1085.843562][ T8437] ? tomoyo_path_number_perm+0x214/0x520 [ 1085.849236][ T8437] ? find_held_lock+0x35/0x130 [ 1085.854036][ T8437] ? lock_downgrade+0x920/0x920 [ 1085.859036][ T8437] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1085.864348][ T8437] ? tomoyo_path_number_perm+0x459/0x520 [ 1085.870148][ T8437] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1085.876423][ T8437] ? tomoyo_path_number_perm+0x263/0x520 [ 1085.882080][ T8437] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1085.887931][ T8437] ? kvm_unregister_device_ops+0x70/0x70 [ 1085.893556][ T8437] do_vfs_ioctl+0xdb6/0x13e0 [ 1085.898135][ T8437] ? ioctl_preallocate+0x210/0x210 [ 1085.903232][ T8437] ? __fget+0x384/0x560 [ 1085.907380][ T8437] ? ksys_dup3+0x3e0/0x3e0 [ 1085.911799][ T8437] ? nsecs_to_jiffies+0x30/0x30 [ 1085.916668][ T8437] ? tomoyo_file_ioctl+0x23/0x30 [ 1085.921599][ T8437] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1085.927993][ T8437] ? security_file_ioctl+0x8d/0xc0 [ 1085.933093][ T8437] ksys_ioctl+0xab/0xd0 [ 1085.937246][ T8437] __x64_sys_ioctl+0x73/0xb0 [ 1085.941823][ T8437] do_syscall_64+0xfa/0x760 [ 1085.946324][ T8437] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1085.952393][ T8437] RIP: 0033:0x4598e9 [ 1085.956458][ T8437] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1085.976596][ T8437] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1085.985018][ T8437] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1085.992989][ T8437] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1086.000950][ T8437] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1086.009020][ T8437] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1086.016988][ T8437] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1086.052263][ T8437] warn_alloc_show_mem: 1 callbacks suppressed [ 1086.052269][ T8437] Mem-Info: [ 1086.070277][ T8437] active_anon:144502 inactive_anon:663 isolated_anon:0 [ 1086.070277][ T8437] active_file:21605 inactive_file:29786 isolated_file:0 [ 1086.070277][ T8437] unevictable:4096 dirty:381 writeback:0 unstable:0 [ 1086.070277][ T8437] slab_reclaimable:13117 slab_unreclaimable:98535 [ 1086.070277][ T8437] mapped:58954 shmem:252 pagetables:1379 bounce:0 [ 1086.070277][ T8437] free:1219945 free_pcp:661 free_cma:0 [ 1086.109597][ T8437] Node 0 active_anon:578008kB inactive_anon:2652kB active_file:86276kB inactive_file:119144kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235816kB dirty:1520kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 555008kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1086.141157][ T8437] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1086.168691][ T8437] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1086.195660][ T8437] lowmem_reserve[]: 0 2547 2548 2548 [ 1086.201088][ T8437] Node 0 DMA32 free:1086044kB min:36184kB low:45228kB high:54272kB active_anon:577988kB inactive_anon:2652kB active_file:85224kB inactive_file:119060kB unevictable:16384kB writepending:1516kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7584kB pagetables:5368kB bounce:0kB free_pcp:2476kB local_pcp:1180kB free_cma:0kB [ 1086.233024][ T8437] lowmem_reserve[]: 0 0 1 1 [ 1086.237547][ T8437] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:4kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1086.264742][ T8437] lowmem_reserve[]: 0 0 0 0 [ 1086.269281][ T8437] Node 1 Normal free:3777696kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1086.297707][ T8437] lowmem_reserve[]: 0 0 0 0 [ 1086.302283][ T8437] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1086.316696][ T8437] Node 0 DMA32: 7316*4kB (UME) 3784*8kB (UME) 1645*16kB (UME) 985*32kB (UME) 522*64kB (UME) 78*128kB (UM) 22*256kB (UM) 25*512kB (U) 9*1024kB (UE) 10*2048kB (UME) 214*4096kB (UM) = 1085440kB [ 1086.336233][ T8437] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1086.348604][ T8437] Node 1 Normal: 0*4kB 36*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777696kB [ 1086.365565][ T8437] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1086.375315][ T8437] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1086.385159][ T8437] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1086.395306][ T8437] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1086.404762][ T8437] 51642 total pagecache pages [ 1086.409456][ T8437] 0 pages in swap cache [ 1086.413670][ T8437] Swap cache stats: add 0, delete 0, find 0/0 [ 1086.419741][ T8437] Free swap = 0kB [ 1086.423793][ T8437] Total swap = 0kB [ 1086.427528][ T8437] 1965979 pages RAM [ 1086.431321][ T8437] 0 pages HighMem/MovableOnly [ 1086.436069][ T8437] 341179 pages reserved [ 1086.440225][ T8437] 0 pages cma reserved 05:21:02 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0xfc01000000000000, 0x500]}) 05:21:02 executing program 5: 05:21:02 executing program 2: 05:21:02 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe20200000a000010", 0x66, 0x400}], 0x0, 0x0) 05:21:02 executing program 1: 05:21:02 executing program 0: 05:21:03 executing program 1: 05:21:03 executing program 2: 05:21:03 executing program 5: [ 1086.587179][ T8461] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:21:03 executing program 0: [ 1086.693019][ T8457] EXT4-fs (loop3): Encoding requested by superblock is unknown [ 1086.724546][ T8461] CPU: 0 PID: 8461 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1086.733616][ T8461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1086.743687][ T8461] Call Trace: [ 1086.747013][ T8461] dump_stack+0x172/0x1f0 [ 1086.751376][ T8461] warn_alloc.cold+0x87/0x17f [ 1086.756087][ T8461] ? zone_watermark_ok_safe+0x260/0x260 [ 1086.761679][ T8461] ? mark_lock+0xc2/0x1220 [ 1086.766120][ T8461] ? __lock_acquire+0x8a0/0x4a00 [ 1086.771960][ T8461] __vmalloc_node_range+0x483/0x7e0 [ 1086.777186][ T8461] ? is_bpf_text_address+0xac/0x170 [ 1086.782422][ T8461] ? kvm_arch_create_memslot+0xc3/0x570 [ 1086.788098][ T8461] __vmalloc_node_flags_caller+0x71/0x90 [ 1086.793762][ T8461] ? kvm_arch_create_memslot+0xc3/0x570 [ 1086.799351][ T8461] kvmalloc_node+0xdc/0x100 [ 1086.803892][ T8461] kvm_arch_create_memslot+0xc3/0x570 [ 1086.809485][ T8461] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1086.816371][ T8461] __kvm_set_memory_region+0x13b5/0x1d00 [ 1086.822035][ T8461] ? gfn_to_hva+0x470/0x470 [ 1086.826580][ T8461] ? lock_downgrade+0x920/0x920 [ 1086.831473][ T8461] kvm_set_memory_region+0x2f/0x50 [ 1086.837586][ T8461] kvm_vm_ioctl+0x729/0x1860 05:21:03 executing program 5: 05:21:03 executing program 5: [ 1086.842349][ T8461] ? debug_check_no_obj_freed+0x20a/0x43f [ 1086.848095][ T8461] ? find_held_lock+0x35/0x130 [ 1086.852895][ T8461] ? kvm_unregister_device_ops+0x70/0x70 [ 1086.858588][ T8461] ? lock_downgrade+0x920/0x920 [ 1086.863637][ T8461] ? rwlock_bug.part.0+0x90/0x90 [ 1086.868582][ T8461] ? tomoyo_path_number_perm+0x214/0x520 [ 1086.874218][ T8461] ? find_held_lock+0x35/0x130 [ 1086.878995][ T8461] ? lock_downgrade+0x920/0x920 [ 1086.883900][ T8461] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1086.889206][ T8461] ? tomoyo_path_number_perm+0x459/0x520 [ 1086.895241][ T8461] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1086.901484][ T8461] ? tomoyo_path_number_perm+0x263/0x520 [ 1086.907152][ T8461] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1086.913413][ T8461] ? kvm_unregister_device_ops+0x70/0x70 [ 1086.919058][ T8461] do_vfs_ioctl+0xdb6/0x13e0 [ 1086.923645][ T8461] ? ioctl_preallocate+0x210/0x210 [ 1086.928767][ T8461] ? __fget+0x384/0x560 [ 1086.932927][ T8461] ? ksys_dup3+0x3e0/0x3e0 [ 1086.937341][ T8461] ? nsecs_to_jiffies+0x30/0x30 [ 1086.942403][ T8461] ? tomoyo_file_ioctl+0x23/0x30 [ 1086.947515][ T8461] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1086.953778][ T8461] ? security_file_ioctl+0x8d/0xc0 [ 1086.958883][ T8461] ksys_ioctl+0xab/0xd0 [ 1086.963061][ T8461] __x64_sys_ioctl+0x73/0xb0 [ 1086.967665][ T8461] do_syscall_64+0xfa/0x760 [ 1086.972175][ T8461] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1086.978069][ T8461] RIP: 0033:0x4598e9 [ 1086.981957][ T8461] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1087.001569][ T8461] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1087.009996][ T8461] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1087.017981][ T8461] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1087.025969][ T8461] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1087.034022][ T8461] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1087.042002][ T8461] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1087.072398][ T8473] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1087.088371][ T8473] CPU: 1 PID: 8473 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1087.097984][ T8473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1087.108076][ T8473] Call Trace: [ 1087.111386][ T8473] dump_stack+0x172/0x1f0 [ 1087.115840][ T8473] warn_alloc.cold+0x87/0x17f [ 1087.120683][ T8473] ? zone_watermark_ok_safe+0x260/0x260 [ 1087.126466][ T8473] ? mark_lock+0xc2/0x1220 [ 1087.130902][ T8473] ? __lock_acquire+0x8a0/0x4a00 [ 1087.135873][ T8473] __vmalloc_node_range+0x483/0x7e0 [ 1087.141178][ T8473] ? is_bpf_text_address+0xac/0x170 [ 1087.149799][ T8473] ? kvm_arch_create_memslot+0xc3/0x570 [ 1087.155624][ T8473] __vmalloc_node_flags_caller+0x71/0x90 [ 1087.161404][ T8473] ? kvm_arch_create_memslot+0xc3/0x570 [ 1087.166980][ T8473] kvmalloc_node+0xdc/0x100 [ 1087.171776][ T8473] kvm_arch_create_memslot+0xc3/0x570 [ 1087.177387][ T8473] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1087.184088][ T8473] __kvm_set_memory_region+0x13b5/0x1d00 [ 1087.190707][ T8473] ? gfn_to_hva+0x470/0x470 [ 1087.195235][ T8473] ? lock_downgrade+0x920/0x920 [ 1087.200365][ T8473] kvm_set_memory_region+0x2f/0x50 [ 1087.205613][ T8473] kvm_vm_ioctl+0x729/0x1860 [ 1087.210273][ T8473] ? debug_check_no_obj_freed+0x20a/0x43f [ 1087.216440][ T8473] ? find_held_lock+0x35/0x130 [ 1087.222433][ T8473] ? kvm_unregister_device_ops+0x70/0x70 [ 1087.228089][ T8473] ? lock_downgrade+0x920/0x920 [ 1087.234201][ T8473] ? rwlock_bug.part.0+0x90/0x90 [ 1087.239462][ T8473] ? tomoyo_path_number_perm+0x214/0x520 [ 1087.245126][ T8473] ? find_held_lock+0x35/0x130 [ 1087.250134][ T8473] ? lock_downgrade+0x920/0x920 [ 1087.255115][ T8473] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1087.260726][ T8473] ? tomoyo_path_number_perm+0x459/0x520 [ 1087.266391][ T8473] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1087.273085][ T8473] ? tomoyo_path_number_perm+0x263/0x520 [ 1087.279327][ T8473] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1087.285513][ T8473] ? kvm_unregister_device_ops+0x70/0x70 [ 1087.291421][ T8473] do_vfs_ioctl+0xdb6/0x13e0 [ 1087.296261][ T8473] ? ioctl_preallocate+0x210/0x210 [ 1087.301391][ T8473] ? __fget+0x384/0x560 [ 1087.306353][ T8473] ? ksys_dup3+0x3e0/0x3e0 [ 1087.310973][ T8473] ? nsecs_to_jiffies+0x30/0x30 [ 1087.316047][ T8473] ? tomoyo_file_ioctl+0x23/0x30 [ 1087.321811][ T8473] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1087.330600][ T8473] ? security_file_ioctl+0x8d/0xc0 [ 1087.336380][ T8473] ksys_ioctl+0xab/0xd0 [ 1087.340838][ T8473] __x64_sys_ioctl+0x73/0xb0 [ 1087.346044][ T8473] do_syscall_64+0xfa/0x760 [ 1087.350702][ T8473] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1087.357712][ T8473] RIP: 0033:0x4598e9 [ 1087.362338][ T8473] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1087.383709][ T8473] RSP: 002b:00007f92b6da3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1087.392777][ T8473] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1087.402952][ T8473] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1087.412384][ T8473] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1087.421734][ T8473] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6da46d4 [ 1087.432493][ T8473] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1087.444633][ T8473] warn_alloc_show_mem: 1 callbacks suppressed [ 1087.444642][ T8473] Mem-Info: [ 1087.458935][ T8473] active_anon:145047 inactive_anon:660 isolated_anon:0 [ 1087.458935][ T8473] active_file:21606 inactive_file:29798 isolated_file:0 [ 1087.458935][ T8473] unevictable:4096 dirty:406 writeback:0 unstable:0 [ 1087.458935][ T8473] slab_reclaimable:13150 slab_unreclaimable:98766 [ 1087.458935][ T8473] mapped:58988 shmem:253 pagetables:1407 bounce:0 [ 1087.458935][ T8473] free:1219112 free_pcp:510 free_cma:0 [ 1087.549966][ T8473] Node 0 active_anon:577936kB inactive_anon:2640kB active_file:86280kB inactive_file:119192kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235852kB dirty:1620kB writeback:0kB shmem:1012kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 559104kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1087.592745][ T8473] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1087.629462][ T8473] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1087.689903][ T8473] lowmem_reserve[]: 0 2547 2548 2548 [ 1087.697440][ T8473] Node 0 DMA32 free:1084652kB min:36184kB low:45228kB high:54272kB active_anon:577916kB inactive_anon:2640kB active_file:85228kB inactive_file:119108kB unevictable:16384kB writepending:1616kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7616kB pagetables:5628kB bounce:0kB free_pcp:2276kB local_pcp:1232kB free_cma:0kB [ 1087.753463][ T8473] lowmem_reserve[]: 0 0 1 1 [ 1087.758705][ T8473] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:4kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1087.790023][ T8473] lowmem_reserve[]: 0 0 0 0 [ 1087.797450][ T8473] Node 1 Normal free:3777696kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1087.839042][ T8473] lowmem_reserve[]: 0 0 0 0 [ 1087.845467][ T8473] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1087.862745][ T8473] Node 0 DMA32: 7450*4kB (UM) 3747*8kB (UME) 1641*16kB (UME) 946*32kB (UME) 522*64kB (UME) 74*128kB (UM) 22*256kB (UM) 25*512kB (U) 9*1024kB (UE) 10*2048kB (UME) 214*4096kB (UM) = 1083856kB [ 1087.885430][ T8473] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1087.900625][ T8473] Node 1 Normal: 0*4kB 36*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777696kB [ 1087.921471][ T8473] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1087.937406][ T8473] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1087.948618][ T8473] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1087.959971][ T8473] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1087.971452][ T8473] 51666 total pagecache pages [ 1087.976996][ T8473] 0 pages in swap cache [ 1087.981271][ T8473] Swap cache stats: add 0, delete 0, find 0/0 [ 1087.987900][ T8473] Free swap = 0kB [ 1087.992113][ T8473] Total swap = 0kB [ 1087.995968][ T8473] 1965979 pages RAM 05:21:04 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0xffffffff00000000, 0x500]}) 05:21:04 executing program 2: 05:21:04 executing program 0: 05:21:04 executing program 1: 05:21:04 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000010000010", 0x66, 0x400}], 0x0, 0x0) 05:21:04 executing program 5: [ 1088.000069][ T8473] 0 pages HighMem/MovableOnly [ 1088.006279][ T8473] 341179 pages reserved [ 1088.010582][ T8473] 0 pages cma reserved 05:21:04 executing program 2: 05:21:04 executing program 5: 05:21:04 executing program 0: 05:21:04 executing program 1: [ 1088.214211][ T8489] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 05:21:04 executing program 5: [ 1088.318068][ T8486] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities [ 1088.343948][ T8489] CPU: 0 PID: 8489 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1088.354671][ T8489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 05:21:04 executing program 0: [ 1088.365452][ T8489] Call Trace: [ 1088.369446][ T8489] dump_stack+0x172/0x1f0 [ 1088.374347][ T8489] warn_alloc.cold+0x87/0x17f [ 1088.379230][ T8489] ? zone_watermark_ok_safe+0x260/0x260 [ 1088.385756][ T8489] ? mark_lock+0xc2/0x1220 [ 1088.390619][ T8489] ? __lock_acquire+0x8a0/0x4a00 [ 1088.399795][ T8489] __vmalloc_node_range+0x483/0x7e0 [ 1088.408120][ T8489] ? is_bpf_text_address+0xac/0x170 [ 1088.415507][ T8489] ? kvm_arch_create_memslot+0xc3/0x570 [ 1088.421523][ T8489] __vmalloc_node_flags_caller+0x71/0x90 [ 1088.431709][ T8489] ? kvm_arch_create_memslot+0xc3/0x570 [ 1088.446805][ T8489] kvmalloc_node+0xdc/0x100 [ 1088.458960][ T8489] kvm_arch_create_memslot+0xc3/0x570 [ 1088.471670][ T8489] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1088.483338][ T8489] __kvm_set_memory_region+0x13b5/0x1d00 [ 1088.507320][ T8489] ? gfn_to_hva+0x470/0x470 [ 1088.521992][ T8489] ? lock_downgrade+0x920/0x920 [ 1088.537206][ T8489] kvm_set_memory_region+0x2f/0x50 [ 1088.551774][ T8489] kvm_vm_ioctl+0x729/0x1860 [ 1088.561263][ T8489] ? debug_check_no_obj_freed+0x20a/0x43f [ 1088.570921][ T8489] ? find_held_lock+0x35/0x130 [ 1088.580893][ T8489] ? kvm_unregister_device_ops+0x70/0x70 [ 1088.596004][ T8489] ? lock_downgrade+0x920/0x920 [ 1088.604870][ T8489] ? rwlock_bug.part.0+0x90/0x90 [ 1088.616933][ T8489] ? tomoyo_path_number_perm+0x214/0x520 [ 1088.624345][ T8489] ? find_held_lock+0x35/0x130 [ 1088.633712][ T8489] ? lock_downgrade+0x920/0x920 [ 1088.639943][ T8489] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1088.648232][ T8489] ? tomoyo_path_number_perm+0x459/0x520 [ 1088.655295][ T8489] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1088.662429][ T8489] ? tomoyo_path_number_perm+0x263/0x520 [ 1088.668748][ T8489] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1088.675623][ T8489] ? kvm_unregister_device_ops+0x70/0x70 [ 1088.682096][ T8489] do_vfs_ioctl+0xdb6/0x13e0 [ 1088.687430][ T8489] ? ioctl_preallocate+0x210/0x210 [ 1088.693562][ T8489] ? __fget+0x384/0x560 [ 1088.698582][ T8489] ? ksys_dup3+0x3e0/0x3e0 [ 1088.703871][ T8489] ? nsecs_to_jiffies+0x30/0x30 [ 1088.710474][ T8489] ? tomoyo_file_ioctl+0x23/0x30 [ 1088.715567][ T8489] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1088.723385][ T8489] ? security_file_ioctl+0x8d/0xc0 [ 1088.729460][ T8489] ksys_ioctl+0xab/0xd0 [ 1088.734666][ T8489] __x64_sys_ioctl+0x73/0xb0 [ 1088.739746][ T8489] do_syscall_64+0xfa/0x760 [ 1088.745061][ T8489] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1088.751829][ T8489] RIP: 0033:0x4598e9 [ 1088.755928][ T8489] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1088.778451][ T8489] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1088.787972][ T8489] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1088.797206][ T8489] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1088.807540][ T8489] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1088.816971][ T8489] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1088.826729][ T8489] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1088.845575][ T8489] Mem-Info: [ 1088.849468][ T8489] active_anon:145024 inactive_anon:662 isolated_anon:0 [ 1088.849468][ T8489] active_file:21605 inactive_file:29807 isolated_file:0 [ 1088.849468][ T8489] unevictable:4096 dirty:190 writeback:0 unstable:0 [ 1088.849468][ T8489] slab_reclaimable:13167 slab_unreclaimable:98917 [ 1088.849468][ T8489] mapped:58982 shmem:252 pagetables:1399 bounce:0 [ 1088.849468][ T8489] free:1218970 free_pcp:486 free_cma:0 [ 1088.896297][ T8489] Node 0 active_anon:580196kB inactive_anon:2648kB active_file:86276kB inactive_file:119228kB unevictable:16384kB isolated(anon):0kB isolated(file):0kB mapped:235928kB dirty:756kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 557056kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1088.930136][ T8489] Node 1 active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? no [ 1089.018825][ T8489] Node 0 DMA free:15908kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1089.085324][ T8489] lowmem_reserve[]: 0 2547 2548 2548 [ 1089.115437][ T8508] syz-executor.4: vmalloc: allocation failure: 10737418240 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1089.148316][ T8489] Node 0 DMA32 free:1084744kB min:36184kB low:45228kB high:54272kB active_anon:577944kB inactive_anon:2636kB active_file:85224kB inactive_file:119184kB unevictable:16384kB writepending:736kB present:3129332kB managed:2611876kB mlocked:16384kB kernel_stack:7680kB pagetables:5340kB bounce:0kB free_pcp:1624kB local_pcp:1264kB free_cma:0kB [ 1089.150874][ T8508] CPU: 0 PID: 8508 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1089.190414][ T8489] lowmem_reserve[]: 0 0 1 1 [ 1089.192080][ T8508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1089.192087][ T8508] Call Trace: [ 1089.192151][ T8508] dump_stack+0x172/0x1f0 [ 1089.192175][ T8508] warn_alloc.cold+0x87/0x17f [ 1089.192189][ T8508] ? zone_watermark_ok_safe+0x260/0x260 [ 1089.192217][ T8508] ? mark_lock+0xc2/0x1220 [ 1089.197083][ T8489] Node 0 Normal free:16kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:1052kB inactive_file:84kB unevictable:0kB writepending:8kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1089.208230][ T8508] ? __lock_acquire+0x8a0/0x4a00 [ 1089.208254][ T8508] __vmalloc_node_range+0x483/0x7e0 [ 1089.208273][ T8508] ? is_bpf_text_address+0xac/0x170 [ 1089.208302][ T8508] ? kvm_arch_create_memslot+0xc3/0x570 [ 1089.212403][ T8489] lowmem_reserve[]: 0 0 0 0 [ 1089.217121][ T8508] __vmalloc_node_flags_caller+0x71/0x90 [ 1089.221875][ T8489] Node 1 Normal free:3777696kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:144kB inactive_file:0kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1089.228117][ T8508] ? kvm_arch_create_memslot+0xc3/0x570 [ 1089.228134][ T8508] kvmalloc_node+0xdc/0x100 [ 1089.228149][ T8508] kvm_arch_create_memslot+0xc3/0x570 [ 1089.228167][ T8508] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1089.228187][ T8508] __kvm_set_memory_region+0x13b5/0x1d00 [ 1089.232875][ T8489] lowmem_reserve[]: 0 0 0 0 [ 1089.261099][ T8508] ? gfn_to_hva+0x470/0x470 [ 1089.261124][ T8508] ? lock_downgrade+0x920/0x920 [ 1089.261154][ T8508] kvm_set_memory_region+0x2f/0x50 [ 1089.266119][ T8489] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB [ 1089.271782][ T8508] kvm_vm_ioctl+0x729/0x1860 [ 1089.277345][ T8489] Node 0 DMA32: 7664*4kB (UME) 3792*8kB (UME) 1660*16kB (UME) 925*32kB (UME) 522*64kB (UME) 72*128kB (UM) 22*256kB (UM) 25*512kB (U) 9*1024kB (UE) 10*2048kB (UME) 214*4096kB (UM) = 1084448kB [ 1089.283546][ T8508] ? debug_check_no_obj_freed+0x20a/0x43f [ 1089.283570][ T8508] ? find_held_lock+0x35/0x130 [ 1089.283587][ T8508] ? kvm_unregister_device_ops+0x70/0x70 [ 1089.283608][ T8508] ? lock_downgrade+0x920/0x920 [ 1089.288459][ T8489] Node 0 Normal: 2*4kB (M) 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 16kB [ 1089.294470][ T8508] ? rwlock_bug.part.0+0x90/0x90 [ 1089.294486][ T8508] ? tomoyo_path_number_perm+0x214/0x520 [ 1089.294501][ T8508] ? find_held_lock+0x35/0x130 [ 1089.294533][ T8508] ? lock_downgrade+0x920/0x920 [ 1089.327370][ T8489] Node 1 Normal: 0*4kB 36*8kB (UM) 176*16kB (UM) 70*32kB (U) 35*64kB (U) 16*128kB (UM) 9*256kB (UM) 3*512kB (U) 2*1024kB (ME) 1*2048kB (M) 918*4096kB (M) = 3777696kB [ 1089.333992][ T8508] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1089.334013][ T8508] ? tomoyo_path_number_perm+0x459/0x520 [ 1089.334032][ T8508] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1089.334043][ T8508] ? tomoyo_path_number_perm+0x263/0x520 [ 1089.334057][ T8508] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1089.334094][ T8508] ? kvm_unregister_device_ops+0x70/0x70 [ 1089.339787][ T8489] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1089.345250][ T8508] do_vfs_ioctl+0xdb6/0x13e0 [ 1089.345268][ T8508] ? ioctl_preallocate+0x210/0x210 [ 1089.345278][ T8508] ? __fget+0x384/0x560 [ 1089.345294][ T8508] ? ksys_dup3+0x3e0/0x3e0 [ 1089.345315][ T8508] ? nsecs_to_jiffies+0x30/0x30 [ 1089.352389][ T8489] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1089.358432][ T8508] ? tomoyo_file_ioctl+0x23/0x30 [ 1089.364969][ T8489] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1089.369964][ T8508] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1089.375183][ T8489] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1089.380959][ T8508] ? security_file_ioctl+0x8d/0xc0 [ 1089.397234][ T8489] 51673 total pagecache pages [ 1089.402348][ T8508] ksys_ioctl+0xab/0xd0 [ 1089.402373][ T8508] __x64_sys_ioctl+0x73/0xb0 [ 1089.423101][ T8489] 0 pages in swap cache [ 1089.433285][ T8508] do_syscall_64+0xfa/0x760 [ 1089.433316][ T8508] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1089.433326][ T8508] RIP: 0033:0x4598e9 [ 1089.433341][ T8508] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1089.433355][ T8508] RSP: 002b:00007f92b6d82c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1089.439322][ T8489] Swap cache stats: add 0, delete 0, find 0/0 [ 1089.446091][ T8508] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1089.446099][ T8508] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1089.446106][ T8508] RBP: 000000000075c070 R08: 0000000000000000 R09: 0000000000000000 [ 1089.446112][ T8508] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6d836d4 [ 1089.446119][ T8508] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1089.459483][ T8489] Free swap = 0kB [ 1089.792537][ T8489] Total swap = 0kB [ 1089.797462][ T8489] 1965979 pages RAM 05:21:06 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r1, 0x4020ae46, &(0x7f0000000080)={0x0, [0x0, 0x0, 0x0, 0x0, 0x300]}) 05:21:06 executing program 1: 05:21:06 executing program 2: 05:21:06 executing program 0: 05:21:06 executing program 3: syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1a, &(0x7f0000000200)=[{&(0x7f00000000c0)="25bca274769e620aa734fa0095e0612687463915e3a702a9d8aea872943afd874e2f98b579a7186270146d0e02c06cffa8c63cd7dcc6760253ef0b2a20a602210318f8104a27ea57b012d31c34951dc119dac04eab9c68842086234a45fbe202000023000010", 0x66, 0x400}], 0x0, 0x0) 05:21:06 executing program 5: [ 1089.801630][ T8489] 0 pages HighMem/MovableOnly [ 1089.806965][ T8489] 341179 pages reserved [ 1089.811818][ T8489] 0 pages cma reserved 05:21:06 executing program 0: 05:21:06 executing program 2: 05:21:06 executing program 5: 05:21:06 executing program 1: [ 1090.061392][ T8514] EXT4-fs (loop3): Can't mount with encoding and encryption 05:21:06 executing program 0: 05:21:06 executing program 2: [ 1090.881865][ T8523] syz-executor.4 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1090.903144][ T8523] CPU: 0 PID: 8523 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1090.917072][ T8523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1090.929588][ T8523] Call Trace: [ 1090.934160][ T8523] dump_stack+0x172/0x1f0 [ 1090.940008][ T8523] dump_header+0x177/0x1152 [ 1090.945840][ T8523] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1090.952650][ T8523] ? ___ratelimit+0x2c8/0x595 [ 1090.957828][ T8523] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1090.964636][ T8523] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1090.970719][ T8523] ? trace_hardirqs_on+0x67/0x240 [ 1090.976054][ T8523] ? pagefault_out_of_memory+0x11c/0x11c [ 1090.983951][ T8523] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1090.991935][ T8523] ? ___ratelimit+0x60/0x595 [ 1090.998388][ T8523] ? do_raw_spin_unlock+0x57/0x270 [ 1091.004400][ T8523] oom_kill_process.cold+0x10/0x15 [ 1091.011490][ T8523] out_of_memory+0x334/0x1340 [ 1091.016885][ T8523] ? lock_downgrade+0x920/0x920 [ 1091.022368][ T8523] ? mem_cgroup_unmark_under_oom+0x8d/0xb0 [ 1091.028193][ T8523] ? oom_killer_disable+0x280/0x280 [ 1091.033791][ T8523] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1091.039368][ T8523] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1091.045687][ T8523] ? do_raw_spin_unlock+0x57/0x270 [ 1091.051684][ T8523] ? _raw_spin_unlock+0x2d/0x50 [ 1091.056650][ T8523] try_charge+0xf4b/0x1440 [ 1091.061621][ T8523] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1091.067186][ T8523] ? find_held_lock+0x35/0x130 [ 1091.072172][ T8523] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1091.078293][ T8523] ? lock_downgrade+0x920/0x920 [ 1091.084245][ T8523] ? percpu_ref_tryget_live+0x111/0x290 [ 1091.090554][ T8523] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1091.096728][ T8523] ? memcg_kmem_put_cache+0x50/0x50 [ 1091.102470][ T8523] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1091.108754][ T8523] __memcg_kmem_charge+0x13a/0x3a0 [ 1091.114602][ T8523] __alloc_pages_nodemask+0x4f7/0x900 [ 1091.120238][ T8523] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1091.126788][ T8523] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1091.134006][ T8523] alloc_pages_current+0x107/0x210 [ 1091.140128][ T8523] ? ___might_sleep+0x163/0x280 [ 1091.145764][ T8523] __vmalloc_node_range+0x4a9/0x7e0 [ 1091.152070][ T8523] ? kvm_arch_create_memslot+0xc3/0x570 [ 1091.158385][ T8523] __vmalloc_node_flags_caller+0x71/0x90 [ 1091.164937][ T8523] ? kvm_arch_create_memslot+0xc3/0x570 [ 1091.171752][ T8523] kvmalloc_node+0xdc/0x100 [ 1091.177384][ T8523] kvm_arch_create_memslot+0xc3/0x570 [ 1091.183230][ T8523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1091.190067][ T8523] __kvm_set_memory_region+0x13b5/0x1d00 [ 1091.196740][ T8523] ? gfn_to_hva+0x470/0x470 [ 1091.201594][ T8523] ? lock_downgrade+0x920/0x920 [ 1091.206770][ T8523] kvm_set_memory_region+0x2f/0x50 [ 1091.212598][ T8523] kvm_vm_ioctl+0x729/0x1860 [ 1091.217761][ T8523] ? debug_check_no_obj_freed+0x20a/0x43f [ 1091.223950][ T8523] ? find_held_lock+0x35/0x130 [ 1091.229393][ T8523] ? kvm_unregister_device_ops+0x70/0x70 [ 1091.235776][ T8523] ? lock_downgrade+0x920/0x920 [ 1091.241489][ T8523] ? rwlock_bug.part.0+0x90/0x90 [ 1091.246795][ T8523] ? tomoyo_path_number_perm+0x214/0x520 [ 1091.253040][ T8523] ? find_held_lock+0x35/0x130 [ 1091.258164][ T8523] ? lock_downgrade+0x920/0x920 [ 1091.263294][ T8523] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1091.269986][ T8523] ? tomoyo_path_number_perm+0x459/0x520 [ 1091.276136][ T8523] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1091.283671][ T8523] ? tomoyo_path_number_perm+0x263/0x520 [ 1091.289864][ T8523] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1091.296241][ T8523] ? kvm_unregister_device_ops+0x70/0x70 [ 1091.302192][ T8523] do_vfs_ioctl+0xdb6/0x13e0 [ 1091.307338][ T8523] ? ioctl_preallocate+0x210/0x210 [ 1091.313484][ T8523] ? __fget+0x384/0x560 [ 1091.318465][ T8523] ? ksys_dup3+0x3e0/0x3e0 [ 1091.323155][ T8523] ? nsecs_to_jiffies+0x30/0x30 [ 1091.328981][ T8523] ? tomoyo_file_ioctl+0x23/0x30 [ 1091.334270][ T8523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1091.341413][ T8523] ? security_file_ioctl+0x8d/0xc0 [ 1091.347124][ T8523] ksys_ioctl+0xab/0xd0 [ 1091.351719][ T8523] __x64_sys_ioctl+0x73/0xb0 [ 1091.356915][ T8523] do_syscall_64+0xfa/0x760 [ 1091.363311][ T8523] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1091.369929][ T8523] RIP: 0033:0x4598e9 [ 1091.374507][ T8523] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1091.395436][ T8523] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1091.405008][ T8523] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1091.413258][ T8523] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1091.421892][ T8523] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1091.430563][ T8523] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1091.438862][ T8523] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1091.455233][ T8523] memory: usage 307200kB, limit 307200kB, failcnt 51 [ 1091.462851][ T8523] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1091.471226][ T8523] Memory cgroup stats for /syz4: [ 1091.471539][ T8523] anon 27402240 [ 1091.471539][ T8523] file 0 [ 1091.471539][ T8523] kernel_stack 131072 [ 1091.471539][ T8523] slab 11255808 [ 1091.471539][ T8523] sock 0 [ 1091.471539][ T8523] shmem 0 [ 1091.471539][ T8523] file_mapped 0 [ 1091.471539][ T8523] file_dirty 0 [ 1091.471539][ T8523] file_writeback 0 [ 1091.471539][ T8523] anon_thp 25165824 [ 1091.471539][ T8523] inactive_anon 1941504 [ 1091.471539][ T8523] active_anon 8671232 [ 1091.471539][ T8523] inactive_file 0 [ 1091.471539][ T8523] active_file 0 [ 1091.471539][ T8523] unevictable 16924672 [ 1091.471539][ T8523] slab_reclaimable 2433024 [ 1091.471539][ T8523] slab_unreclaimable 8822784 [ 1091.471539][ T8523] pgfault 61116 [ 1091.471539][ T8523] pgmajfault 0 [ 1091.471539][ T8523] workingset_refault 0 [ 1091.471539][ T8523] workingset_activate 0 [ 1091.471539][ T8523] workingset_nodereclaim 0 [ 1091.471539][ T8523] pgrefill 133 [ 1091.471539][ T8523] pgscan 138 [ 1091.471539][ T8523] pgsteal 0 [ 1091.471539][ T8523] pgactivate 99 [ 1091.583947][ T8523] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=14238,uid=0 [ 1091.601407][ T8523] Memory cgroup out of memory: Killed process 14238 (syz-executor.4) total-vm:72708kB, anon-rss:18232kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:159744kB oom_score_adj:1000 [ 1091.627697][ T1065] oom_reaper: reaped process 14238 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1091.629628][ T8517] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1091.680171][ T8517] CPU: 1 PID: 8517 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1091.690784][ T8517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1091.702058][ T8517] Call Trace: [ 1091.705996][ T8517] dump_stack+0x172/0x1f0 [ 1091.711484][ T8517] dump_header+0x177/0x1152 [ 1091.716254][ T8517] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1091.722951][ T8517] ? ___ratelimit+0x2c8/0x595 [ 1091.728255][ T8517] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1091.734439][ T8517] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1091.740639][ T8517] ? trace_hardirqs_on+0x67/0x240 [ 1091.746798][ T8517] ? pagefault_out_of_memory+0x11c/0x11c [ 1091.753648][ T8517] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1091.760695][ T8517] ? ___ratelimit+0x60/0x595 [ 1091.766530][ T8517] ? do_raw_spin_unlock+0x57/0x270 [ 1091.773203][ T8517] oom_kill_process.cold+0x10/0x15 [ 1091.779089][ T8517] out_of_memory+0x334/0x1340 [ 1091.784573][ T8517] ? lock_downgrade+0x920/0x920 [ 1091.789993][ T8517] ? oom_killer_disable+0x280/0x280 [ 1091.796312][ T8517] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1091.802744][ T8517] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1091.809034][ T8517] ? do_raw_spin_unlock+0x57/0x270 [ 1091.814260][ T8517] ? _raw_spin_unlock+0x2d/0x50 [ 1091.819209][ T8517] try_charge+0xa2d/0x1440 [ 1091.823985][ T8517] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1091.829995][ T8517] ? percpu_ref_tryget_live+0x111/0x290 [ 1091.836150][ T8517] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1091.843367][ T8517] ? __kasan_check_read+0x11/0x20 [ 1091.848647][ T8517] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1091.855134][ T8517] mem_cgroup_try_charge+0x136/0x590 [ 1091.860863][ T8517] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1091.867705][ T8517] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1091.874142][ T8517] __handle_mm_fault+0x1e34/0x3f20 [ 1091.879638][ T8517] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1091.886646][ T8517] ? __kasan_check_read+0x11/0x20 [ 1091.893170][ T8517] handle_mm_fault+0x1b5/0x6c0 [ 1091.898316][ T8517] __do_page_fault+0x536/0xdd0 [ 1091.903820][ T8517] do_page_fault+0x38/0x590 [ 1091.908347][ T8517] page_fault+0x39/0x40 [ 1091.912841][ T8517] RIP: 0033:0x45c29d [ 1091.917501][ T8517] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 30 8e fb ff 48 85 f6 0f 84 27 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 1091.941595][ T8517] RSP: 002b:00007fff97d71fd8 EFLAGS: 00010202 [ 1091.948751][ T8517] RAX: ffffffffffffffea RBX: 00007f92b6d83700 RCX: 00007f92b6d83700 [ 1091.957571][ T8517] RDX: 00000000003d0f00 RSI: 00007f92b6d82db0 RDI: 0000000000410620 [ 1091.965922][ T8517] RBP: 00007fff97d721f0 R08: 00007f92b6d839d0 R09: 00007f92b6d83700 [ 1091.974621][ T8517] R10: 00007f92b6d82dc0 R11: 0000000000000246 R12: 0000000000000000 [ 1091.983649][ T8517] R13: 00007fff97d7208f R14: 00007f92b6d839c0 R15: 000000000075c07c [ 1091.997741][ T8517] memory: usage 307196kB, limit 307200kB, failcnt 96 [ 1092.006493][ T8517] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1092.013897][ T8517] Memory cgroup stats for /syz4: [ 1092.014137][ T8517] anon 8695808 [ 1092.014137][ T8517] file 0 [ 1092.014137][ T8517] kernel_stack 131072 [ 1092.014137][ T8517] slab 11255808 [ 1092.014137][ T8517] sock 0 [ 1092.014137][ T8517] shmem 0 [ 1092.014137][ T8517] file_mapped 0 [ 1092.014137][ T8517] file_dirty 0 [ 1092.014137][ T8517] file_writeback 0 [ 1092.014137][ T8517] anon_thp 8388608 [ 1092.014137][ T8517] inactive_anon 253952 [ 1092.014137][ T8517] active_anon 8671232 [ 1092.014137][ T8517] inactive_file 0 [ 1092.014137][ T8517] active_file 0 [ 1092.014137][ T8517] unevictable 131072 [ 1092.014137][ T8517] slab_reclaimable 2433024 [ 1092.014137][ T8517] slab_unreclaimable 8822784 [ 1092.014137][ T8517] pgfault 61116 [ 1092.014137][ T8517] pgmajfault 0 [ 1092.014137][ T8517] workingset_refault 0 [ 1092.014137][ T8517] workingset_activate 0 [ 1092.014137][ T8517] workingset_nodereclaim 0 [ 1092.014137][ T8517] pgrefill 133 [ 1092.014137][ T8517] pgscan 138 [ 1092.014137][ T8517] pgsteal 0 [ 1092.014137][ T8517] pgactivate 132 [ 1092.121721][ T8517] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=12718,uid=0 [ 1092.143224][ T8517] Memory cgroup out of memory: Killed process 12718 (syz-executor.4) total-vm:72708kB, anon-rss:6292kB, file-rss:35816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000 [ 1092.164459][ T1065] oom_reaper: reaped process 12718 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 1092.165959][ T8538] syz-executor.4 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1092.195304][ T8538] CPU: 1 PID: 8538 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1092.205079][ T8538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1092.216668][ T8538] Call Trace: [ 1092.220017][ T8538] dump_stack+0x172/0x1f0 [ 1092.225161][ T8538] dump_header+0x177/0x1152 [ 1092.230010][ T8538] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1092.236049][ T8538] ? ___ratelimit+0x2c8/0x595 [ 1092.241138][ T8538] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 1092.247002][ T8538] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1092.252739][ T8538] ? trace_hardirqs_on+0x67/0x240 [ 1092.259013][ T8538] ? pagefault_out_of_memory+0x11c/0x11c [ 1092.264760][ T8538] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1092.270681][ T8538] ? ___ratelimit+0x60/0x595 [ 1092.275444][ T8538] ? do_raw_spin_unlock+0x57/0x270 [ 1092.281127][ T8538] oom_kill_process.cold+0x10/0x15 [ 1092.286949][ T8538] out_of_memory+0x334/0x1340 [ 1092.291864][ T8538] ? lock_downgrade+0x920/0x920 [ 1092.297090][ T8538] ? oom_killer_disable+0x280/0x280 [ 1092.302506][ T8538] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1092.308430][ T8538] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1092.314416][ T8538] ? do_raw_spin_unlock+0x57/0x270 [ 1092.319973][ T8538] ? _raw_spin_unlock+0x2d/0x50 [ 1092.325916][ T8538] try_charge+0xa2d/0x1440 [ 1092.330374][ T8538] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1092.335960][ T8538] ? find_held_lock+0x35/0x130 [ 1092.340842][ T8538] ? get_mem_cgroup_from_mm+0x139/0x320 [ 1092.346874][ T8538] ? lock_downgrade+0x920/0x920 [ 1092.356491][ T8538] ? percpu_ref_tryget_live+0x111/0x290 [ 1092.362157][ T8538] __memcg_kmem_charge_memcg+0x71/0xf0 [ 1092.367854][ T8538] ? memcg_kmem_put_cache+0x50/0x50 [ 1092.373638][ T8538] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1092.379628][ T8538] __memcg_kmem_charge+0x13a/0x3a0 [ 1092.385198][ T8538] __alloc_pages_nodemask+0x4f7/0x900 [ 1092.392074][ T8538] ? rcu_read_lock_sched_held+0x9c/0xd0 [ 1092.397669][ T8538] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1092.404269][ T8538] ? kasan_unpoison_shadow+0x35/0x50 [ 1092.410253][ T8538] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1092.416753][ T8538] alloc_pages_current+0x107/0x210 [ 1092.421981][ T8538] ? ___might_sleep+0x163/0x280 [ 1092.427211][ T8538] __vmalloc_node_range+0x4a9/0x7e0 [ 1092.432824][ T8538] __vmalloc+0x44/0x50 [ 1092.437021][ T8538] ? vmx_vm_alloc+0x44/0x60 [ 1092.441639][ T8538] vmx_vm_alloc+0x44/0x60 [ 1092.446016][ T8538] kvm_dev_ioctl+0x1bf/0x1650 [ 1092.451224][ T8538] ? kvm_debugfs_release+0x90/0x90 [ 1092.456386][ T8538] ? kvm_debugfs_release+0x90/0x90 [ 1092.462073][ T8538] do_vfs_ioctl+0xdb6/0x13e0 [ 1092.466957][ T8538] ? ioctl_preallocate+0x210/0x210 [ 1092.472339][ T8538] ? __fget+0x384/0x560 [ 1092.476965][ T8538] ? ksys_dup3+0x3e0/0x3e0 [ 1092.481550][ T8538] ? nsecs_to_jiffies+0x30/0x30 [ 1092.486972][ T8538] ? tomoyo_file_ioctl+0x23/0x30 [ 1092.493358][ T8538] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1092.500217][ T8538] ? security_file_ioctl+0x8d/0xc0 [ 1092.505555][ T8538] ksys_ioctl+0xab/0xd0 [ 1092.510310][ T8538] __x64_sys_ioctl+0x73/0xb0 [ 1092.515264][ T8538] do_syscall_64+0xfa/0x760 [ 1092.519831][ T8538] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1092.526423][ T8538] RIP: 0033:0x4598e9 [ 1092.531063][ T8538] Code: fd b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1092.551697][ T8538] RSP: 002b:00007f92b6da3c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1092.560904][ T8538] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1092.569472][ T8538] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003 [ 1092.578022][ T8538] RBP: 000000000075bfc8 R08: 0000000000000000 R09: 0000000000000000 [ 1092.586499][ T8538] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6da46d4 [ 1092.595518][ T8538] R13: 00000000004c2841 R14: 00000000004d5ec8 R15: 00000000ffffffff [ 1092.605220][ T8538] memory: usage 418896kB, limit 307200kB, failcnt 55982 [ 1092.613569][ T8538] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1092.620919][ T8538] Memory cgroup stats for /syz4: [ 1092.621203][ T8538] anon 2310144 [ 1092.621203][ T8538] file 0 [ 1092.621203][ T8538] kernel_stack 65536 [ 1092.621203][ T8538] slab 11255808 [ 1092.621203][ T8538] sock 0 [ 1092.621203][ T8538] shmem 0 [ 1092.621203][ T8538] file_mapped 0 [ 1092.621203][ T8538] file_dirty 0 [ 1092.621203][ T8538] file_writeback 0 [ 1092.621203][ T8538] anon_thp 2097152 [ 1092.621203][ T8538] inactive_anon 253952 [ 1092.621203][ T8538] active_anon 2301952 [ 1092.621203][ T8538] inactive_file 0 [ 1092.621203][ T8538] active_file 0 [ 1092.621203][ T8538] unevictable 131072 [ 1092.621203][ T8538] slab_reclaimable 2433024 [ 1092.621203][ T8538] slab_unreclaimable 8822784 [ 1092.621203][ T8538] pgfault 61116 [ 1092.621203][ T8538] pgmajfault 0 [ 1092.621203][ T8538] workingset_refault 0 [ 1092.621203][ T8538] workingset_activate 0 [ 1092.621203][ T8538] workingset_nodereclaim 0 [ 1092.621203][ T8538] pgrefill 133 [ 1092.621203][ T8538] pgscan 138 [ 1092.621203][ T8538] pgsteal 0 [ 1092.621203][ T8538] pgactivate 132 [ 1092.728505][ T8538] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=8517,uid=0 [ 1092.748399][ T8538] Memory cgroup out of memory: Killed process 8523 (syz-executor.4) total-vm:72840kB, anon-rss:2212kB, file-rss:35788kB, shmem-rss:0kB, UID:0 pgtables:139264kB oom_score_adj:1000 [ 1092.773890][ T1065] [ 1092.778124][ T1065] ============================================ [ 1092.786491][ T1065] WARNING: possible recursive locking detected [ 1092.798092][ T1065] 5.3.0-rc6-next-20190830 #75 Not tainted [ 1092.805140][ T1065] -------------------------------------------- [ 1092.812627][ T1065] oom_reaper/1065 is trying to acquire lock: [ 1092.819848][ T1065] ffffffff8904ff60 (mmu_notifier_invalidate_range_start){+.+.}, at: __mmu_notifier_invalidate_range_end+0x0/0x360 [ 1092.849063][ T1065] [ 1092.849063][ T1065] but task is already holding lock: [ 1092.861147][ T1065] ffffffff8904ff60 (mmu_notifier_invalidate_range_start){+.+.}, at: __oom_reap_task_mm+0x196/0x490 [ 1092.881021][ T1065] [ 1092.881021][ T1065] other info that might help us debug this: [ 1092.892664][ T1065] Possible unsafe locking scenario: [ 1092.892664][ T1065] [ 1092.909707][ T1065] CPU0 [ 1092.917587][ T1065] ---- [ 1092.921584][ T1065] lock(mmu_notifier_invalidate_range_start); [ 1092.928114][ T1065] lock(mmu_notifier_invalidate_range_start); [ 1092.938366][ T1065] [ 1092.938366][ T1065] *** DEADLOCK *** [ 1092.938366][ T1065] [ 1092.957618][ T1065] May be due to missing lock nesting notation [ 1092.957618][ T1065] [ 1092.976733][ T1065] 2 locks held by oom_reaper/1065: [ 1092.984250][ T1065] #0: ffff8880a067b290 (&mm->mmap_sem#2){++++}, at: oom_reaper+0x3a7/0x1320 [ 1092.994542][ T1065] #1: ffffffff8904ff60 (mmu_notifier_invalidate_range_start){+.+.}, at: __oom_reap_task_mm+0x196/0x490 [ 1093.009104][ T1065] [ 1093.009104][ T1065] stack backtrace: [ 1093.016070][ T1065] CPU: 0 PID: 1065 Comm: oom_reaper Not tainted 5.3.0-rc6-next-20190830 #75 [ 1093.026677][ T1065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1093.039905][ T1065] Call Trace: [ 1093.043308][ T1065] dump_stack+0x172/0x1f0 [ 1093.048973][ T1065] __lock_acquire.cold+0x15d/0x385 [ 1093.055545][ T1065] ? mark_held_locks+0xf0/0xf0 [ 1093.060635][ T1065] ? unmap_page_range+0x1df4/0x2380 [ 1093.066581][ T1065] lock_acquire+0x190/0x410 [ 1093.071108][ T1065] ? __mmu_notifier_invalidate_range_start+0x210/0x210 [ 1093.081521][ T1065] __mmu_notifier_invalidate_range_end+0x3c/0x360 [ 1093.088724][ T1065] ? __mmu_notifier_invalidate_range_start+0x210/0x210 [ 1093.095607][ T1065] ? __mmu_notifier_invalidate_range_start+0x1a5/0x210 [ 1093.102893][ T1065] __oom_reap_task_mm+0x3fa/0x490 [ 1093.108032][ T1065] ? process_shares_mm+0x130/0x130 [ 1093.113338][ T1065] ? oom_reaper+0x3a7/0x1320 [ 1093.117946][ T1065] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1093.124352][ T1065] ? rcu_read_lock_any_held.part.0+0x50/0x50 [ 1093.130372][ T1065] ? __kasan_check_read+0x11/0x20 [ 1093.135618][ T1065] ? do_raw_spin_unlock+0x57/0x270 [ 1093.140821][ T1065] oom_reaper+0x2b2/0x1320 [ 1093.145251][ T1065] ? __oom_reap_task_mm+0x490/0x490 [ 1093.150873][ T1065] ? trace_hardirqs_on+0x67/0x240 [ 1093.155918][ T1065] ? finish_wait+0x260/0x260 [ 1093.160533][ T1065] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1093.166789][ T1065] ? __kthread_parkme+0x108/0x1c0 [ 1093.171825][ T1065] ? __kasan_check_read+0x11/0x20 [ 1093.176958][ T1065] kthread+0x361/0x430 [ 1093.181120][ T1065] ? __oom_reap_task_mm+0x490/0x490 [ 1093.186357][ T1065] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 1093.192621][ T1065] ret_from_fork+0x24/0x30 [ 1093.203121][ T1065] oom_reaper: reaped process 8523 (syz-executor.4), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 1093.218117][ T9019] syz-executor.4 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=0 [ 1093.228182][ T9019] CPU: 1 PID: 9019 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1093.237206][ T9019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1093.247384][ T9019] Call Trace: [ 1093.250728][ T9019] dump_stack+0x172/0x1f0 [ 1093.255072][ T9019] dump_header+0x177/0x1152 [ 1093.260020][ T9019] ? ___ratelimit+0xf8/0x595 [ 1093.264624][ T9019] ? trace_hardirqs_on+0x67/0x240 [ 1093.269651][ T9019] ? pagefault_out_of_memory+0x11c/0x11c [ 1093.275302][ T9019] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1093.281120][ T9019] ? ___ratelimit+0x60/0x595 [ 1093.285722][ T9019] ? do_raw_spin_unlock+0x57/0x270 [ 1093.290861][ T9019] oom_kill_process.cold+0x10/0x15 [ 1093.295985][ T9019] out_of_memory+0x334/0x1340 [ 1093.300669][ T9019] ? lock_downgrade+0x920/0x920 [ 1093.305543][ T9019] ? oom_killer_disable+0x280/0x280 [ 1093.310776][ T9019] mem_cgroup_out_of_memory+0x1d8/0x240 [ 1093.316342][ T9019] ? mem_cgroup_nr_lru_pages+0x1b0/0x1b0 [ 1093.322031][ T9019] ? do_raw_spin_unlock+0x57/0x270 [ 1093.327168][ T9019] ? _raw_spin_unlock+0x2d/0x50 [ 1093.332152][ T9019] try_charge+0xf4b/0x1440 [ 1093.336594][ T9019] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 1093.342261][ T9019] ? percpu_ref_tryget_live+0x111/0x290 [ 1093.348020][ T9019] ? get_mem_cgroup_from_mm+0x16/0x320 [ 1093.353501][ T9019] ? get_mem_cgroup_from_mm+0x156/0x320 [ 1093.359087][ T9019] mem_cgroup_try_charge+0x136/0x590 [ 1093.365352][ T9019] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1093.371618][ T9019] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 1093.377458][ T9019] wp_page_copy+0x41e/0x1590 [ 1093.382517][ T9019] ? page_trans_huge_mapcount+0x166/0x450 [ 1093.388368][ T9019] ? pmd_pfn+0x1d0/0x1d0 [ 1093.392731][ T9019] ? lock_downgrade+0x920/0x920 [ 1093.397614][ T9019] ? swp_swapcount+0x540/0x540 [ 1093.402402][ T9019] ? do_raw_spin_unlock+0x57/0x270 [ 1093.407565][ T9019] ? __kasan_check_read+0x11/0x20 [ 1093.412601][ T9019] ? do_raw_spin_unlock+0x57/0x270 [ 1093.417737][ T9019] do_wp_page+0x499/0x14d0 [ 1093.422176][ T9019] ? finish_mkwrite_fault+0x570/0x570 [ 1093.427578][ T9019] __handle_mm_fault+0x22f1/0x3f20 [ 1093.432724][ T9019] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1093.438401][ T9019] ? __kasan_check_read+0x11/0x20 [ 1093.443541][ T9019] ? trace_hardirqs_on+0x67/0x240 [ 1093.448597][ T9019] handle_mm_fault+0x1b5/0x6c0 [ 1093.453793][ T9019] __do_page_fault+0x536/0xdd0 [ 1093.458927][ T9019] do_page_fault+0x38/0x590 [ 1093.463857][ T9019] page_fault+0x39/0x40 [ 1093.468207][ T9019] RIP: 0033:0x4309ca [ 1093.472105][ T9019] Code: 48 29 e8 31 c9 48 81 fb 40 56 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 48 89 4a 08 <48> 89 46 08 48 8d 4a 10 8b 05 9c 45 64 00 85 c0 0f 84 3a f7 ff ff [ 1093.492488][ T9019] RSP: 002b:00007fff97d72120 EFLAGS: 00010206 [ 1093.498765][ T9019] RAX: 0000000000018691 RBX: 0000000000715640 RCX: 0000000000008041 [ 1093.507115][ T9019] RDX: 0000555555942930 RSI: 000055555594a970 RDI: 0000000000000003 [ 1093.515373][ T9019] RBP: 0000000000008041 R08: 0000000000000001 R09: 0000555555941940 [ 1093.523765][ T9019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000715698 [ 1093.533294][ T9019] R13: 0000000000715698 R14: 000000000010a18d R15: 0000000000002710 [ 1093.553938][ T9019] memory: usage 854096kB, limit 307200kB, failcnt 274943 [ 1093.561227][ T9019] swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 1093.568264][ T9019] Memory cgroup stats for /syz4: [ 1093.568364][ T9019] anon 102400 [ 1093.568364][ T9019] file 0 [ 1093.568364][ T9019] kernel_stack 65536 [ 1093.568364][ T9019] slab 11395072 [ 1093.568364][ T9019] sock 0 [ 1093.568364][ T9019] shmem 0 [ 1093.568364][ T9019] file_mapped 0 [ 1093.568364][ T9019] file_dirty 0 [ 1093.568364][ T9019] file_writeback 0 [ 1093.568364][ T9019] anon_thp 0 [ 1093.568364][ T9019] inactive_anon 253952 [ 1093.568364][ T9019] active_anon 102400 [ 1093.568364][ T9019] inactive_file 0 [ 1093.568364][ T9019] active_file 0 [ 1093.568364][ T9019] unevictable 131072 [ 1093.568364][ T9019] slab_reclaimable 2433024 [ 1093.568364][ T9019] slab_unreclaimable 8962048 [ 1093.568364][ T9019] pgfault 61149 [ 1093.568364][ T9019] pgmajfault 0 [ 1093.568364][ T9019] workingset_refault 0 [ 1093.568364][ T9019] workingset_activate 0 [ 1093.568364][ T9019] workingset_nodereclaim 0 [ 1093.568364][ T9019] pgrefill 298 [ 1093.568364][ T9019] pgscan 336 [ 1093.568364][ T9019] pgsteal 0 [ 1093.568364][ T9019] pgactivate 330 [ 1093.663500][ T9019] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=syz4,mems_allowed=0-1,oom_memcg=/syz4,task_memcg=/syz4,task=syz-executor.4,pid=9019,uid=0 [ 1093.679197][ T9019] Memory cgroup out of memory: Killed process 9019 (syz-executor.4) total-vm:72444kB, anon-rss:104kB, file-rss:35776kB, shmem-rss:0kB, UID:0 pgtables:131072kB oom_score_adj:0 [ 1093.697344][ T1065] oom_reaper: reaped process 9019 (syz-executor.4), now anon-rss:0kB, file-rss:34880kB, shmem-rss:0kB [ 1099.404645][ T8523] syz-executor.4 invoked oom-killer: gfp_mask=0x402dc2(GFP_KERNEL_ACCOUNT|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=1000 [ 1099.419915][ T8523] CPU: 1 PID: 8523 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1099.429072][ T8523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1099.440690][ T8523] Call Trace: [ 1099.443977][ T8523] dump_stack+0x172/0x1f0 [ 1099.448294][ T8523] dump_header+0x177/0x1152 [ 1099.452793][ T8523] ? ___ratelimit+0xf8/0x595 [ 1099.457369][ T8523] ? trace_hardirqs_on+0x67/0x240 [ 1099.462464][ T8523] ? pagefault_out_of_memory+0x11c/0x11c [ 1099.468234][ T8523] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1099.474167][ T8523] ? ___ratelimit+0x60/0x595 [ 1099.478763][ T8523] ? do_raw_spin_unlock+0x57/0x270 [ 1099.483999][ T8523] oom_kill_process.cold+0x10/0x15 [ 1099.489114][ T8523] out_of_memory+0x334/0x1340 [ 1099.493776][ T8523] ? oom_killer_disable+0x280/0x280 [ 1099.498956][ T8523] ? mutex_trylock+0x252/0x2d0 [ 1099.503715][ T8523] ? __alloc_pages_slowpath+0xb84/0x2540 [ 1099.509849][ T8523] __alloc_pages_slowpath+0x1df9/0x2540 [ 1099.515397][ T8523] ? __zone_watermark_ok+0x208/0x360 [ 1099.520677][ T8523] ? warn_alloc+0x110/0x110 [ 1099.525178][ T8523] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1099.531409][ T8523] ? should_fail+0x1de/0x852 [ 1099.535986][ T8523] ? __kasan_check_read+0x11/0x20 [ 1099.541542][ T8523] __alloc_pages_nodemask+0x63a/0x900 [ 1099.546991][ T8523] ? __this_cpu_preempt_check+0x3a/0x210 [ 1099.552772][ T8523] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1099.558498][ T8523] ? get_task_policy.part.0+0x9c/0xb0 [ 1099.563862][ T8523] ? __sanitizer_cov_trace_pc+0x3b/0x50 [ 1099.569403][ T8523] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1099.575633][ T8523] alloc_pages_current+0x107/0x210 [ 1099.580747][ T8523] ? ___might_sleep+0x163/0x280 [ 1099.585692][ T8523] __vmalloc_node_range+0x4a9/0x7e0 [ 1099.592269][ T8523] ? kvm_arch_create_memslot+0xc3/0x570 [ 1099.597842][ T8523] __vmalloc_node_flags_caller+0x71/0x90 [ 1099.603499][ T8523] ? kvm_arch_create_memslot+0xc3/0x570 [ 1099.609041][ T8523] kvmalloc_node+0xdc/0x100 [ 1099.613529][ T8523] kvm_arch_create_memslot+0xc3/0x570 [ 1099.618885][ T8523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1099.625482][ T8523] __kvm_set_memory_region+0x13b5/0x1d00 [ 1099.631118][ T8523] ? gfn_to_hva+0x470/0x470 [ 1099.635633][ T8523] ? lock_downgrade+0x920/0x920 [ 1099.640515][ T8523] kvm_set_memory_region+0x2f/0x50 [ 1099.645798][ T8523] kvm_vm_ioctl+0x729/0x1860 [ 1099.650376][ T8523] ? debug_check_no_obj_freed+0x20a/0x43f [ 1099.656212][ T8523] ? find_held_lock+0x35/0x130 [ 1099.660992][ T8523] ? kvm_unregister_device_ops+0x70/0x70 [ 1099.666794][ T8523] ? lock_downgrade+0x920/0x920 [ 1099.671807][ T8523] ? rwlock_bug.part.0+0x90/0x90 [ 1099.676875][ T8523] ? tomoyo_path_number_perm+0x214/0x520 [ 1099.683062][ T8523] ? find_held_lock+0x35/0x130 [ 1099.687963][ T8523] ? lock_downgrade+0x920/0x920 [ 1099.693841][ T8523] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1099.699115][ T8523] ? tomoyo_path_number_perm+0x459/0x520 [ 1099.704740][ T8523] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1099.711340][ T8523] ? tomoyo_path_number_perm+0x263/0x520 [ 1099.716964][ T8523] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1099.722862][ T8523] ? kvm_unregister_device_ops+0x70/0x70 [ 1099.728564][ T8523] do_vfs_ioctl+0xdb6/0x13e0 [ 1099.733136][ T8523] ? ioctl_preallocate+0x210/0x210 [ 1099.738229][ T8523] ? __fget+0x384/0x560 [ 1099.742365][ T8523] ? ksys_dup3+0x3e0/0x3e0 [ 1099.746786][ T8523] ? nsecs_to_jiffies+0x30/0x30 [ 1099.751630][ T8523] ? tomoyo_file_ioctl+0x23/0x30 [ 1099.756551][ T8523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1099.763020][ T8523] ? security_file_ioctl+0x8d/0xc0 [ 1099.768135][ T8523] ksys_ioctl+0xab/0xd0 [ 1099.772367][ T8523] __x64_sys_ioctl+0x73/0xb0 [ 1099.776976][ T8523] do_syscall_64+0xfa/0x760 [ 1099.781466][ T8523] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1099.787479][ T8523] RIP: 0033:0x4598e9 [ 1099.791617][ T8523] Code: Bad RIP value. [ 1099.795672][ T8523] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1099.804080][ T8523] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1099.812051][ T8523] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1099.820053][ T8523] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1099.828013][ T8523] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1099.836148][ T8523] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1099.844315][ T8523] Mem-Info: [ 1099.847464][ T8523] active_anon:142166 inactive_anon:203 isolated_anon:0 [ 1099.847464][ T8523] active_file:12 inactive_file:0 isolated_file:0 [ 1099.847464][ T8523] unevictable:0 dirty:15 writeback:0 unstable:0 [ 1099.847464][ T8523] slab_reclaimable:13150 slab_unreclaimable:96693 [ 1099.847464][ T8523] mapped:52226 shmem:252 pagetables:1207 bounce:0 [ 1099.847464][ T8523] free:13736 free_pcp:123 free_cma:0 [ 1099.884675][ T8523] Node 0 active_anon:568664kB inactive_anon:812kB active_file:44kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208904kB dirty:56kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 532480kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1099.915156][ T8523] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1099.942129][ T8523] Node 0 DMA free:10288kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1099.969210][ T8523] lowmem_reserve[]: 0 2547 2548 2548 [ 1099.974583][ T8523] Node 0 DMA32 free:20356kB min:36184kB low:45228kB high:54272kB active_anon:568644kB inactive_anon:812kB active_file:8kB inactive_file:84kB unevictable:0kB writepending:40kB present:3129332kB managed:2611876kB mlocked:0kB kernel_stack:7328kB pagetables:4828kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1100.003919][ T8523] lowmem_reserve[]: 0 0 1 1 [ 1100.008430][ T8523] Node 0 Normal free:0kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1100.035594][ T8523] lowmem_reserve[]: 0 0 0 0 [ 1100.040168][ T8523] Node 1 Normal free:26956kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1100.068276][ T8523] lowmem_reserve[]: 0 0 0 0 [ 1100.072827][ T8523] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 1*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 2*4096kB (M) = 10288kB [ 1100.085775][ T8523] Node 0 DMA32: 1126*4kB (UME) 671*8kB (UME) 298*16kB (UME) 122*32kB (UME) 14*64kB (UM) 8*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20464kB [ 1100.101189][ T8523] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1100.112721][ T8523] Node 1 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 2*32kB (UM) 0*64kB 0*128kB 1*256kB (U) 2*512kB (UM) 3*1024kB (UME) 1*2048kB (M) 5*4096kB (M) = 26956kB [ 1100.127766][ T8523] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1100.137352][ T8523] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1100.146692][ T8523] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1100.156273][ T8523] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1100.165572][ T8523] 277 total pagecache pages [ 1100.170056][ T8523] 0 pages in swap cache [ 1100.174243][ T8523] Swap cache stats: add 0, delete 0, find 0/0 [ 1100.180308][ T8523] Free swap = 0kB [ 1100.184080][ T8523] Total swap = 0kB [ 1100.187794][ T8523] 1965979 pages RAM [ 1100.191576][ T8523] 0 pages HighMem/MovableOnly [ 1100.196274][ T8523] 341179 pages reserved [ 1100.200405][ T8523] 0 pages cma reserved [ 1100.204523][ T8523] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=syz4,mems_allowed=0-1,global_oom,task_memcg=/syz5,task=syz-executor.5,pid=11816,uid=0 [ 1100.219854][ T8523] Out of memory: Killed process 11816 (syz-executor.5) total-vm:72840kB, anon-rss:4256kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1100.238691][ T1065] oom_reaper: reaped process 11816 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 1100.238754][ T8523] syz-executor.4: vmalloc: allocation failure, allocated 5176819712 of 6442455040 bytes, mode:0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1 [ 1100.269192][ T8995] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1100.271851][ T8523] CPU: 0 PID: 8523 Comm: syz-executor.4 Not tainted 5.3.0-rc6-next-20190830 #75 [ 1100.288891][ T8523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1100.298947][ T8523] Call Trace: [ 1100.302270][ T8523] dump_stack+0x172/0x1f0 [ 1100.306601][ T8523] warn_alloc.cold+0x87/0x17f [ 1100.311271][ T8523] ? zone_watermark_ok_safe+0x260/0x260 [ 1100.316808][ T8523] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1100.322525][ T8523] ? get_task_policy.part.0+0x9c/0xb0 [ 1100.327893][ T8523] ? __sanitizer_cov_trace_pc+0x3b/0x50 [ 1100.333443][ T8523] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1100.339698][ T8523] __vmalloc_node_range+0x561/0x7e0 [ 1100.344900][ T8523] ? kvm_arch_create_memslot+0xc3/0x570 [ 1100.350455][ T8523] __vmalloc_node_flags_caller+0x71/0x90 [ 1100.356094][ T8523] ? kvm_arch_create_memslot+0xc3/0x570 [ 1100.361725][ T8523] kvmalloc_node+0xdc/0x100 [ 1100.366237][ T8523] kvm_arch_create_memslot+0xc3/0x570 [ 1100.371783][ T8523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1100.378038][ T8523] __kvm_set_memory_region+0x13b5/0x1d00 [ 1100.383670][ T8523] ? gfn_to_hva+0x470/0x470 [ 1100.388174][ T8523] ? lock_downgrade+0x920/0x920 [ 1100.393065][ T8523] kvm_set_memory_region+0x2f/0x50 [ 1100.398179][ T8523] kvm_vm_ioctl+0x729/0x1860 [ 1100.402768][ T8523] ? debug_check_no_obj_freed+0x20a/0x43f [ 1100.408489][ T8523] ? find_held_lock+0x35/0x130 [ 1100.413254][ T8523] ? kvm_unregister_device_ops+0x70/0x70 [ 1100.418964][ T8523] ? lock_downgrade+0x920/0x920 [ 1100.423893][ T8523] ? rwlock_bug.part.0+0x90/0x90 [ 1100.428969][ T8523] ? tomoyo_path_number_perm+0x214/0x520 [ 1100.434701][ T8523] ? find_held_lock+0x35/0x130 [ 1100.439482][ T8523] ? lock_downgrade+0x920/0x920 [ 1100.444329][ T8523] ? lockdep_hardirqs_on+0x418/0x5d0 [ 1100.449613][ T8523] ? tomoyo_path_number_perm+0x459/0x520 [ 1100.455271][ T8523] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1100.461519][ T8523] ? tomoyo_path_number_perm+0x263/0x520 [ 1100.467147][ T8523] ? tomoyo_execute_permission+0x4a0/0x4a0 [ 1100.473153][ T8523] ? kvm_unregister_device_ops+0x70/0x70 [ 1100.478784][ T8523] do_vfs_ioctl+0xdb6/0x13e0 [ 1100.483384][ T8523] ? ioctl_preallocate+0x210/0x210 [ 1100.488487][ T8523] ? __fget+0x384/0x560 [ 1100.493687][ T8523] ? ksys_dup3+0x3e0/0x3e0 [ 1100.498110][ T8523] ? nsecs_to_jiffies+0x30/0x30 [ 1100.502963][ T8523] ? tomoyo_file_ioctl+0x23/0x30 [ 1100.507918][ T8523] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 1100.514160][ T8523] ? security_file_ioctl+0x8d/0xc0 [ 1100.519352][ T8523] ksys_ioctl+0xab/0xd0 [ 1100.523507][ T8523] __x64_sys_ioctl+0x73/0xb0 [ 1100.528097][ T8523] do_syscall_64+0xfa/0x760 [ 1100.532967][ T8523] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1100.539994][ T8523] RIP: 0033:0x4598e9 [ 1100.543925][ T8523] Code: Bad RIP value. [ 1100.548028][ T8523] RSP: 002b:00007f92b6dc4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1100.556436][ T8523] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000004598e9 [ 1100.564407][ T8523] RDX: 0000000020000080 RSI: 000000004020ae46 RDI: 0000000000000004 [ 1100.572472][ T8523] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1100.580798][ T8523] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f92b6dc56d4 [ 1100.588778][ T8523] R13: 00000000004c2815 R14: 00000000004d5e98 R15: 00000000ffffffff [ 1100.597123][ T8995] CPU: 1 PID: 8995 Comm: syz-fuzzer Not tainted 5.3.0-rc6-next-20190830 #75 [ 1100.602648][ T8523] warn_alloc_show_mem: 1 callbacks suppressed [ 1100.602652][ T8523] Mem-Info: [ 1100.605834][ T8995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1100.611913][ T8523] active_anon:141124 inactive_anon:203 isolated_anon:0 [ 1100.611913][ T8523] active_file:2 inactive_file:0 isolated_file:0 [ 1100.611913][ T8523] unevictable:0 dirty:11 writeback:0 unstable:0 [ 1100.611913][ T8523] slab_reclaimable:13100 slab_unreclaimable:96324 [ 1100.611913][ T8523] mapped:52226 shmem:252 pagetables:1170 bounce:0 [ 1100.611913][ T8523] free:15388 free_pcp:122 free_cma:0 [ 1100.614975][ T8995] Call Trace: [ 1100.615001][ T8995] dump_stack+0x172/0x1f0 [ 1100.615015][ T8995] dump_header+0x177/0x1152 [ 1100.615031][ T8995] ? ___ratelimit+0xf8/0x595 [ 1100.625137][ T8523] Node 0 active_anon:564496kB inactive_anon:812kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208904kB dirty:40kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 532480kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1100.663447][ T8995] ? trace_hardirqs_on+0x67/0x240 [ 1100.663462][ T8995] ? pagefault_out_of_memory+0x11c/0x11c [ 1100.663475][ T8995] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1100.663493][ T8995] ? ___ratelimit+0x60/0x595 [ 1100.666788][ T8523] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1100.671079][ T8995] ? do_raw_spin_unlock+0x57/0x270 [ 1100.671097][ T8995] oom_kill_process.cold+0x10/0x15 [ 1100.675704][ T8523] Node 0 DMA free:10288kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1100.680272][ T8995] out_of_memory+0x334/0x1340 [ 1100.708674][ T8523] lowmem_reserve[]: 0 2547 2548 2548 [ 1100.713682][ T8995] ? oom_killer_disable+0x280/0x280 [ 1100.713698][ T8995] ? mutex_trylock+0x252/0x2d0 [ 1100.713708][ T8995] ? __alloc_pages_slowpath+0xb84/0x2540 [ 1100.713727][ T8995] __alloc_pages_slowpath+0x1df9/0x2540 [ 1100.722685][ T8523] Node 0 DMA32 free:24308kB min:36184kB low:45228kB high:54272kB active_anon:564476kB inactive_anon:812kB active_file:8kB inactive_file:84kB unevictable:0kB writepending:40kB present:3129332kB managed:2611876kB mlocked:0kB kernel_stack:7296kB pagetables:4680kB bounce:0kB free_pcp:488kB local_pcp:248kB free_cma:0kB [ 1100.728460][ T8995] ? warn_alloc+0x110/0x110 [ 1100.733034][ T8523] lowmem_reserve[]: 0 0 1 1 [ 1100.759481][ T8995] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1100.759502][ T8995] ? should_fail+0x1de/0x852 [ 1100.759524][ T8995] ? __kasan_check_read+0x11/0x20 [ 1100.764686][ T8523] Node 0 Normal free:0kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1100.769768][ T8995] __alloc_pages_nodemask+0x63a/0x900 [ 1100.796696][ T8523] lowmem_reserve[]: 0 0 0 0 [ 1100.801360][ T8995] ? xas_descend+0x144/0x370 [ 1100.806678][ T8523] Node 1 Normal free:26956kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1100.811820][ T8995] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1100.816571][ T8523] lowmem_reserve[]: 0 0 0 0 [ 1100.822397][ T8995] ? xas_load+0x67/0x150 [ 1100.822414][ T8995] ? find_get_entry+0x4ab/0x7a0 [ 1100.822427][ T8995] ? __kasan_check_read+0x11/0x20 [ 1100.822449][ T8995] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1100.827998][ T8523] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 1*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 2*4096kB (M) = 10288kB [ 1100.858987][ T8995] alloc_pages_current+0x107/0x210 [ 1100.859005][ T8995] __page_cache_alloc+0x2a2/0x490 [ 1100.859019][ T8995] pagecache_get_page+0x27e/0x900 [ 1100.859039][ T8995] filemap_fault+0x901/0x2b70 [ 1100.863561][ T8523] Node 0 DMA32: 1063*4kB (UME) 671*8kB (UME) 298*16kB (UME) 123*32kB (UME) 14*64kB (UM) 8*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 24340kB [ 1100.868066][ T8995] ? __kasan_check_read+0x11/0x20 [ 1100.874305][ T8523] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1100.878980][ T8995] ? mark_held_locks+0xf0/0xf0 [ 1100.884042][ T8523] Node 1 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 2*32kB (UM) 0*64kB 0*128kB 1*256kB (U) 2*512kB (UM) 3*1024kB (UME) 1*2048kB (M) 5*4096kB (M) = 26956kB [ 1100.911353][ T8995] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1100.911370][ T8995] ? lock_downgrade+0x920/0x920 [ 1100.911386][ T8995] ? pagecache_get_page+0x900/0x900 [ 1100.911412][ T8995] ? __kasan_check_write+0x14/0x20 [ 1100.916808][ T8523] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1100.921377][ T8995] ? down_read+0x109/0x430 [ 1100.925960][ T8523] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1100.954656][ T8995] ? down_read_killable+0x490/0x490 [ 1100.954671][ T8995] ? find_lock_entry+0x560/0x560 [ 1100.954681][ T8995] ? pmd_val+0x85/0x100 [ 1100.954702][ T8995] ext4_filemap_fault+0x86/0xb2 [ 1100.960402][ T8523] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1100.964883][ T8995] __do_fault+0x111/0x540 [ 1100.964898][ T8995] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1100.964918][ T8995] __handle_mm_fault+0x2cb8/0x3f20 [ 1100.969169][ T8523] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1100.974285][ T8995] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1100.974297][ T8995] ? __kasan_check_read+0x11/0x20 [ 1100.974315][ T8995] ? trace_hardirqs_on+0x67/0x240 [ 1100.974335][ T8995] handle_mm_fault+0x1b5/0x6c0 [ 1100.979616][ T8523] 277 total pagecache pages [ 1100.985845][ T8995] __do_page_fault+0x536/0xdd0 [ 1100.985856][ T8995] ? page_fault+0x16/0x40 [ 1100.985869][ T8995] do_page_fault+0x38/0x590 [ 1100.985887][ T8995] page_fault+0x39/0x40 [ 1100.998752][ T8523] 0 pages in swap cache [ 1101.003988][ T8995] RIP: 0033:0x45ddf3 [ 1101.004010][ T8995] Code: Bad RIP value. [ 1101.004015][ T8995] RSP: 002b:000000c420025ea0 EFLAGS: 00010202 [ 1101.004024][ T8995] RAX: ffffffffffffff92 RBX: 000000003b98b3ad RCX: 000000000045ddf3 [ 1101.004038][ T8995] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000017f6f00 [ 1101.009052][ T8523] Swap cache stats: add 0, delete 0, find 0/0 [ 1101.014047][ T8995] RBP: 000000c420025ee8 R08: 0000000000000000 R09: 0000000000000000 [ 1101.014054][ T8995] R10: 000000c420025ed8 R11: 0000000000000202 R12: 0000000000000001 [ 1101.014059][ T8995] R13: 0000000000000020 R14: 0000000000000013 R15: 0000000000000020 [ 1101.021030][ T8995] Mem-Info: [ 1101.043518][ T8523] Free swap = 0kB [ 1101.051101][ T8995] active_anon:141115 inactive_anon:203 isolated_anon:0 [ 1101.051101][ T8995] active_file:3 inactive_file:22 isolated_file:0 [ 1101.051101][ T8995] unevictable:0 dirty:11 writeback:0 unstable:0 [ 1101.051101][ T8995] slab_reclaimable:13096 slab_unreclaimable:96305 [ 1101.051101][ T8995] mapped:52226 shmem:252 pagetables:1181 bounce:0 [ 1101.051101][ T8995] free:15396 free_pcp:122 free_cma:0 [ 1101.062476][ T8523] Total swap = 0kB [ 1101.075188][ T8995] Node 0 active_anon:564460kB inactive_anon:812kB active_file:12kB inactive_file:84kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208904kB dirty:40kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 528384kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1101.083367][ T8523] 1965979 pages RAM [ 1101.088627][ T8995] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1101.097501][ T8523] 0 pages HighMem/MovableOnly [ 1101.102544][ T8995] Node 0 DMA free:10288kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1101.106959][ T8523] 341179 pages reserved [ 1101.116293][ T8995] lowmem_reserve[]: 0 2547 2548 2548 [ 1101.116313][ T8995] Node 0 DMA32 free:24340kB min:36184kB low:45228kB high:54272kB active_anon:564440kB inactive_anon:812kB active_file:12kB inactive_file:80kB unevictable:0kB writepending:40kB present:3129332kB managed:2611876kB mlocked:0kB kernel_stack:7296kB pagetables:4724kB bounce:0kB free_pcp:488kB local_pcp:240kB free_cma:0kB [ 1101.116344][ T8995] lowmem_reserve[]: 0 0 1 1 [ 1101.116357][ T8995] Node 0 Normal free:0kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1101.116390][ T8995] lowmem_reserve[]: 0 0 0 0 [ 1101.134106][ T8523] 0 pages cma reserved [ 1101.139579][ T8995] Node 1 Normal free:26956kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1101.526359][ T8995] lowmem_reserve[]: 0 0 0 0 [ 1101.530885][ T8995] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 1*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 2*4096kB (M) = 10288kB [ 1101.543875][ T8995] Node 0 DMA32: 1063*4kB (UME) 671*8kB (UME) 298*16kB (UME) 123*32kB (UME) 14*64kB (UM) 8*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 24340kB [ 1101.559888][ T8995] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1101.571373][ T8995] Node 1 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 2*32kB (UM) 0*64kB 0*128kB 1*256kB (U) 2*512kB (UM) 3*1024kB (UME) 1*2048kB (M) 5*4096kB (M) = 26956kB [ 1101.586344][ T8995] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1101.595931][ T8995] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1101.605272][ T8995] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1101.614850][ T8995] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1101.624267][ T8995] 277 total pagecache pages [ 1101.628763][ T8995] 0 pages in swap cache [ 1101.633028][ T8995] Swap cache stats: add 0, delete 0, find 0/0 [ 1101.639091][ T8995] Free swap = 0kB [ 1101.642859][ T8995] Total swap = 0kB [ 1101.646587][ T8995] 1965979 pages RAM [ 1101.650390][ T8995] 0 pages HighMem/MovableOnly [ 1101.655105][ T8995] 341179 pages reserved [ 1101.659354][ T8995] 0 pages cma reserved [ 1101.663466][ T8995] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/syz3,task=syz-executor.3,pid=10355,uid=0 [ 1101.678177][ T8995] Out of memory: Killed process 10355 (syz-executor.3) total-vm:72708kB, anon-rss:4248kB, file-rss:34688kB, shmem-rss:0kB, UID:0 pgtables:135168kB oom_score_adj:1000 [ 1101.708914][ T8878] rsyslogd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1101.729898][ T8878] CPU: 0 PID: 8878 Comm: rsyslogd Not tainted 5.3.0-rc6-next-20190830 #75 [ 1101.738445][ T8878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1101.748506][ T8878] Call Trace: [ 1101.751815][ T8878] dump_stack+0x172/0x1f0 [ 1101.756176][ T8878] dump_header+0x177/0x1152 [ 1101.760698][ T8878] ? ___ratelimit+0xf8/0x595 [ 1101.765309][ T8878] ? trace_hardirqs_on+0x67/0x240 [ 1101.770353][ T8878] ? pagefault_out_of_memory+0x11c/0x11c [ 1101.776005][ T8878] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 1101.781833][ T8878] ? ___ratelimit+0x60/0x595 [ 1101.786433][ T8878] ? do_raw_spin_unlock+0x57/0x270 [ 1101.791561][ T8878] oom_kill_process.cold+0x10/0x15 [ 1101.796695][ T8878] out_of_memory+0x334/0x1340 [ 1101.801398][ T8878] ? oom_killer_disable+0x280/0x280 [ 1101.806613][ T8878] ? mutex_trylock+0x252/0x2d0 [ 1101.811389][ T8878] ? __alloc_pages_slowpath+0xb84/0x2540 [ 1101.817042][ T8878] __alloc_pages_slowpath+0x1df9/0x2540 [ 1101.822616][ T8878] ? is_bpf_text_address+0xd3/0x170 [ 1101.827857][ T8878] ? warn_alloc+0x110/0x110 [ 1101.832374][ T8878] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1101.838635][ T8878] ? should_fail+0x1de/0x852 [ 1101.843252][ T8878] ? __kasan_check_read+0x11/0x20 [ 1101.848300][ T8878] __alloc_pages_nodemask+0x63a/0x900 [ 1101.853962][ T8878] ? xas_descend+0x144/0x370 [ 1101.858577][ T8878] ? __alloc_pages_slowpath+0x2540/0x2540 [ 1101.864319][ T8878] ? xas_load+0x67/0x150 [ 1101.868585][ T8878] ? find_get_entry+0x4ab/0x7a0 [ 1101.873466][ T8878] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 1101.880783][ T8878] alloc_pages_current+0x107/0x210 [ 1101.885925][ T8878] __page_cache_alloc+0x2a2/0x490 [ 1101.890983][ T8878] pagecache_get_page+0x27e/0x900 [ 1101.896031][ T8878] filemap_fault+0x901/0x2b70 [ 1101.900719][ T8878] ? __kasan_check_read+0x11/0x20 [ 1101.905757][ T8878] ? mark_held_locks+0xf0/0xf0 [ 1101.911500][ T8878] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 1101.917765][ T8878] ? lock_downgrade+0x920/0x920 [ 1101.922635][ T8878] ? pagecache_get_page+0x900/0x900 [ 1101.927861][ T8878] ? __kasan_check_write+0x14/0x20 [ 1101.933042][ T8878] ? down_read+0x109/0x430 [ 1101.937474][ T8878] ? down_read_killable+0x490/0x490 [ 1101.942690][ T8878] ? find_lock_entry+0x560/0x560 [ 1101.947645][ T8878] ? pmd_val+0x85/0x100 [ 1101.952352][ T8878] ext4_filemap_fault+0x86/0xb2 [ 1101.957222][ T8878] __do_fault+0x111/0x540 [ 1101.961575][ T8878] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 1101.967900][ T8878] __handle_mm_fault+0x2cb8/0x3f20 [ 1101.973243][ T8878] ? vmf_insert_mixed_mkwrite+0x40/0x40 [ 1101.978809][ T8878] ? __kasan_check_read+0x11/0x20 [ 1101.983860][ T8878] ? trace_hardirqs_on+0x67/0x240 [ 1101.988933][ T8878] handle_mm_fault+0x1b5/0x6c0 [ 1101.993802][ T8878] __do_page_fault+0x536/0xdd0 [ 1101.998588][ T8878] ? page_fault+0x16/0x40 [ 1102.002938][ T8878] do_page_fault+0x38/0x590 [ 1102.007445][ T8878] page_fault+0x39/0x40 [ 1102.011619][ T8878] RIP: 0033:0x7f8319d6f1fd [ 1102.016056][ T8878] Code: Bad RIP value. [ 1102.020132][ T8878] RSP: 002b:00007f831730ee30 EFLAGS: 00010293 [ 1102.026208][ T8878] RAX: 0000000000000ff9 RBX: 0000000001d34650 RCX: 00007f8319d6f1fd [ 1102.034189][ T8878] RDX: 0000000000000fff RSI: 00007f8318b435a0 RDI: 0000000000000004 [ 1102.042472][ T8878] RBP: 0000000000000000 R08: 0000000001d1f260 R09: 0000000004000001 [ 1102.050459][ T8878] R10: 0000000000000001 R11: 0000000000000293 R12: 000000000065e420 [ 1102.058439][ T8878] R13: 00007f831730f9c0 R14: 00007f831a3b4040 R15: 0000000000000003 [ 1102.071863][ T8878] Mem-Info: [ 1102.075220][ T8878] active_anon:140067 inactive_anon:203 isolated_anon:0 [ 1102.075220][ T8878] active_file:3 inactive_file:22 isolated_file:0 [ 1102.075220][ T8878] unevictable:0 dirty:11 writeback:0 unstable:0 [ 1102.075220][ T8878] slab_reclaimable:13096 slab_unreclaimable:96305 [ 1102.075220][ T8878] mapped:52226 shmem:252 pagetables:1155 bounce:0 [ 1102.075220][ T8878] free:16428 free_pcp:182 free_cma:0 [ 1102.120195][ T8878] Node 0 active_anon:560268kB inactive_anon:812kB active_file:12kB inactive_file:84kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:208904kB dirty:40kB writeback:0kB shmem:1008kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 524288kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1102.153160][ T8878] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB unstable:0kB all_unreclaimable? yes [ 1102.198792][ T8878] Node 0 DMA free:10288kB min:220kB low:272kB high:324kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1102.229999][ T8878] lowmem_reserve[]: 0 2547 2548 2548 [ 1102.235372][ T8878] Node 0 DMA32 free:29168kB min:36184kB low:45228kB high:54272kB active_anon:560248kB inactive_anon:812kB active_file:16kB inactive_file:76kB unevictable:0kB writepending:40kB present:3129332kB managed:2611876kB mlocked:0kB kernel_stack:7264kB pagetables:4620kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1102.273459][ T8878] lowmem_reserve[]: 0 0 1 1 [ 1102.278019][ T8878] Node 0 Normal free:0kB min:16kB low:20kB high:24kB active_anon:20kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:786432kB managed:1172kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1102.309044][ T8878] lowmem_reserve[]: 0 0 0 0 [ 1102.313628][ T8878] Node 1 Normal free:26956kB min:53684kB low:67104kB high:80524kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:4kB present:3932160kB managed:3870244kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1102.349993][ T8878] lowmem_reserve[]: 0 0 0 0 [ 1102.354619][ T8878] Node 0 DMA: 0*4kB 0*8kB 1*16kB (U) 1*32kB (U) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 2*4096kB (M) = 10288kB [ 1102.371381][ T8878] Node 0 DMA32: 1235*4kB (UME) 680*8kB (UME) 296*16kB (UME) 124*32kB (UME) 15*64kB (UM) 8*128kB (U) 0*256kB 0*512kB 0*1024kB 2*2048kB (M) 1*4096kB (M) = 29260kB [ 1102.394975][ T8878] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 1102.410560][ T8878] Node 1 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 2*32kB (UM) 0*64kB 0*128kB 1*256kB (U) 2*512kB (UM) 3*1024kB (UME) 1*2048kB (M) 5*4096kB (M) = 26956kB [ 1102.430038][ T8878] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1102.439728][ T8878] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1102.457315][ T8878] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1102.467011][ T8878] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1102.476902][ T8878] 277 total pagecache pages [ 1102.481416][ T8878] 0 pages in swap cache [ 1102.485616][ T8878] Swap cache stats: add 0, delete 0, find 0/0 [ 1102.491679][ T8878] Free swap = 0kB [ 1102.495538][ T40] kworker/u4:2(40): getblk(): executed=c8 bh_count=2 bh_state=400c029 bdev_super_blocksize=4096 size=4096 bdev_super_blocksize_bits=12 bdev_inode_blkbits=12 [ 1102.511302][ T8878] Total swap = 0kB [ 1102.515461][ T8878] 1965979 pages RAM [ 1102.519274][ T8878] 0 pages HighMem/MovableOnly [ 1102.525181][ T8878] 341179 pages reserved [ 1102.529817][ T8878] 0 pages cma reserved [ 1102.533929][ T8878] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/syz0,task=syz-executor.0,pid=24846,uid=0 [ 1102.552838][ T8878] Out of memory: Killed process 24846 (syz-executor.0) total-vm:73104kB, anon-rss:2232kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:147456kB oom_score_adj:1000