00000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) 06:59:32 executing program 1: [ 2700.739821][ T3752] binder: 3746:3752 unknown command 0 06:59:32 executing program 5: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:32 executing program 1: 06:59:32 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r3, 0x0, 0xffffffffffffffff) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) [ 2700.787042][ T3752] binder: 3746:3752 ioctl c0306201 20000200 returned -22 06:59:32 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2700.887073][ T3770] binder: 3768:3770 ioctl c0306201 0 returned -14 [ 2700.902974][ T3770] binder: 3768:3770 unknown command 0 [ 2700.909175][ T3770] binder: 3768:3770 ioctl c0306201 20000200 returned -22 [ 2701.254151][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2701.902729][T12813] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2702.302675][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2703.332574][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 06:59:35 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:59:35 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:35 executing program 3: 06:59:35 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r3, 0x0, 0xffffffffffffffff) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) 06:59:35 executing program 1: 06:59:35 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:35 executing program 3: 06:59:35 executing program 1: [ 2703.759316][ T3783] binder: 3778:3783 unknown command 0 [ 2703.778809][ T3784] binder: 3782:3784 ioctl c0306201 0 returned -14 [ 2703.785388][ T3783] binder: 3778:3783 ioctl c0306201 20000200 returned -22 06:59:35 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r3, 0x0, 0xffffffffffffffff) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) 06:59:35 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:35 executing program 1: [ 2703.806272][ T3784] binder: 3782:3784 unknown command 0 [ 2703.817869][T12813] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2703.824432][ T3784] binder: 3782:3784 ioctl c0306201 20000200 returned -22 06:59:35 executing program 3: [ 2703.900403][ T3795] binder: 3793:3795 unknown command 0 [ 2703.914743][ T3795] binder: 3793:3795 ioctl c0306201 20000200 returned -22 [ 2704.372508][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2704.942464][T12813] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2705.412338][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2706.452318][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 06:59:38 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:59:38 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) 06:59:38 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:38 executing program 1: 06:59:38 executing program 3: 06:59:38 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:38 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) 06:59:38 executing program 3: 06:59:38 executing program 1: [ 2706.819448][ T3809] binder: 3803:3809 ioctl c0306201 0 returned -14 [ 2706.827084][ T3810] binder: 3808:3810 unknown command 0 [ 2706.842696][ T3810] binder: 3808:3810 ioctl c0306201 20000200 returned -22 [ 2706.851036][ T3809] binder: 3803:3809 unknown command 0 06:59:38 executing program 3: 06:59:38 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) [ 2706.864797][ T3809] binder: 3803:3809 ioctl c0306201 20000200 returned -22 06:59:38 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2706.992678][ T3827] binder: 3820:3827 unknown command 0 [ 2707.006544][ T3827] binder: 3820:3827 ioctl c0306201 20000200 returned -22 [ 2707.492228][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2707.973103][T12813] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2708.532120][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2709.582162][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 06:59:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:59:41 executing program 1: 06:59:41 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:41 executing program 3: 06:59:41 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, 0x0, 0x1) 06:59:41 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:41 executing program 1: 06:59:41 executing program 3: 06:59:41 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, 0x0, 0x1) [ 2709.856197][ T3839] binder: 3832:3839 unknown command 0 [ 2709.867717][ T3839] binder: 3832:3839 ioctl c0306201 20000200 returned -22 06:59:41 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:41 executing program 1: 06:59:41 executing program 3: [ 2709.907281][ T3845] binder: 3835:3845 unknown command 0 [ 2709.928990][ T3845] binder: 3835:3845 ioctl c0306201 20000200 returned -22 [ 2709.937943][ T3849] binder: 3848:3849 unknown command 0 [ 2709.945264][ T3849] binder: 3848:3849 ioctl c0306201 20000200 returned -22 [ 2710.611913][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2711.021834][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2711.651775][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2712.691911][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 06:59:44 executing program 1: 06:59:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:59:44 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, 0x0, 0x1) 06:59:44 executing program 3: 06:59:44 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:44 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:44 executing program 1: 06:59:44 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[], 0x1) 06:59:44 executing program 3: 06:59:44 executing program 1: 06:59:44 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[], 0x1) 06:59:44 executing program 3: [ 2712.911746][ T3865] binder: 3862:3865 unknown command 0 [ 2712.928409][ T3865] binder: 3862:3865 ioctl c0306201 20000200 returned -22 [ 2712.942988][ T3874] binder: 3863:3874 unknown command 0 [ 2712.954935][ T3874] binder: 3863:3874 ioctl c0306201 20000200 returned -22 06:59:44 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2713.008053][ T3881] binder: 3880:3881 ioctl c0306201 0 returned -14 [ 2713.014928][ T3881] binder: 3880:3881 unknown command 0 [ 2713.025413][ T3881] binder: 3880:3881 ioctl c0306201 20000200 returned -22 [ 2713.411665][T12813] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2713.731618][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2714.061592][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2714.771564][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2715.811466][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 06:59:47 executing program 3: 06:59:47 executing program 1: 06:59:47 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:59:47 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[], 0x1) 06:59:47 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:47 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400), 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:47 executing program 1: 06:59:47 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x1) 06:59:47 executing program 1: 06:59:47 executing program 3: [ 2715.943254][ T3897] binder: 3894:3897 ioctl c0306201 0 returned -14 [ 2715.965034][ T3897] binder: 3894:3897 unknown command 0 [ 2715.980405][ T3897] binder: 3894:3897 ioctl c0306201 20000200 returned -22 06:59:47 executing program 3: 06:59:47 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x1) 06:59:47 executing program 1: [ 2715.991568][ T3901] binder: 3892:3901 unknown command 0 [ 2716.006063][ T3901] binder: 3892:3901 ioctl c0306201 20000200 returned -22 [ 2716.851325][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2717.101357][T12813] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2717.109973][T26277] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2717.119410][T12813] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2717.127742][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2717.891213][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 06:59:50 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:59:50 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:50 executing program 3: 06:59:50 executing program 1: 06:59:50 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x1) 06:59:50 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400), 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2718.937921][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 06:59:50 executing program 3: 06:59:50 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00"/454], 0x1) 06:59:50 executing program 1: 06:59:50 executing program 3: [ 2718.978387][ T3925] binder: 3918:3925 ioctl c0306201 0 returned -14 [ 2719.014919][ T3925] binder: 3918:3925 unknown command 0 06:59:50 executing program 1: 06:59:50 executing program 3: [ 2719.028665][ T3932] binder: 3922:3932 unknown command 0 [ 2719.029237][ T3925] binder: 3918:3925 ioctl c0306201 20000200 returned -22 [ 2719.045746][ T3932] binder: 3922:3932 ioctl c0306201 20000200 returned -22 [ 2719.981035][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2720.211203][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2721.011018][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 06:59:53 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:59:53 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00"/454], 0x1) 06:59:53 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:53 executing program 1: 06:59:53 executing program 3: 06:59:53 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400), 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:53 executing program 1: 06:59:53 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00"/454], 0x1) 06:59:53 executing program 3: 06:59:53 executing program 1: 06:59:53 executing program 3: [ 2722.050929][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2722.066244][ T3957] binder: 3946:3957 unknown command 0 06:59:53 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000"], 0x1) [ 2722.091574][ T3957] binder: 3946:3957 ioctl c0306201 20000200 returned -22 [ 2722.093291][ T3961] binder: 3947:3961 unknown command 0 [ 2722.139027][ T3961] binder: 3947:3961 ioctl c0306201 20000200 returned -22 [ 2723.010757][T12813] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2723.092671][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2723.260811][T12813] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2724.130711][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 06:59:56 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000"], 0x1) 06:59:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:59:56 executing program 1: 06:59:56 executing program 3: 06:59:56 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x40400020, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:56 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:56 executing program 3: 06:59:56 executing program 1: 06:59:56 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000"], 0x1) [ 2725.061814][ T3979] binder: 3975:3979 unknown command 0 [ 2725.069220][ T3979] binder: 3975:3979 ioctl c0306201 20000200 returned -22 06:59:56 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) socket(0x0, 0x0, 0x0) pipe(0x0) socket$inet_udp(0x2, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_CREATE(0x20000000000000, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22}, 0x1c) sendto$inet6(r0, 0x0, 0x1cd, 0x200408d4, &(0x7f0000000380)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000000)=0x76, 0x4) ioctl$sock_SIOCOUTQ(0xffffffffffffffff, 0x5411, 0x0) sendto$inet6(r0, &(0x7f0000000000)="cc", 0x1, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f00000003c0)=""/4096, 0x1000}], 0x1}, 0x1ffe) 06:59:56 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x40400020, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:56 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='lowerdir=.:file0']) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000140)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=./file0']) lookup_dcookie(0x2, &(0x7f0000000480)=""/82, 0x52) lsetxattr$security_capability(&(0x7f0000000000)='./bus/file0\x00', &(0x7f0000000640)='security.capability\x00', &(0x7f0000000680)=@v2, 0x14, 0x0) perf_event_open(&(0x7f00000005c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000340), 0xb}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') chown(&(0x7f0000000300)='./bus/file0\x00', 0x0, 0x0) lstat(0x0, 0x0) r0 = creat(&(0x7f0000000180)='./file0\x00', 0x0) sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x2c, 0xb, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0x1}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44840}, 0x80000) 06:59:56 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b00"/795], 0x1) [ 2725.103653][ T3986] binder: 3976:3986 unknown command 0 [ 2725.122796][ T3986] binder: 3976:3986 ioctl c0306201 20000200 returned -22 [ 2725.140102][ T3992] binder: 3991:3992 unknown command 0 [ 2725.145541][ T3992] binder: 3991:3992 ioctl c0306201 20000200 returned -22 [ 2725.170540][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2725.226444][ T4001] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 2725.271945][ T4004] overlayfs: maximum fs stacking depth exceeded [ 2725.284041][ T4001] overlayfs: filesystem on './bus' not supported as upperdir [ 2726.210831][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2726.290741][T12813] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2727.250427][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 06:59:59 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 06:59:59 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x40400020, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:59 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) 06:59:59 executing program 1: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='devpts\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='overlay\x00', 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB='lowerdir=.:file0']) mkdir(&(0x7f00000002c0)='./file1\x00', 0x0) mkdir(&(0x7f0000000140)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000040)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='upperdir=./bus,workdir=./file1,lowerdir=./file0']) lookup_dcookie(0x2, &(0x7f0000000480)=""/82, 0x52) lsetxattr$security_capability(&(0x7f0000000000)='./bus/file0\x00', &(0x7f0000000640)='security.capability\x00', &(0x7f0000000680)=@v2, 0x14, 0x0) perf_event_open(&(0x7f00000005c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000340), 0xb}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) chdir(&(0x7f00000001c0)='./bus\x00') chown(&(0x7f0000000300)='./bus/file0\x00', 0x0, 0x0) lstat(0x0, 0x0) r0 = creat(&(0x7f0000000180)='./file0\x00', 0x0) sendmsg$IPSET_CMD_TEST(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000003c0)={0x2c, 0xb, 0x6, 0x401, 0x0, 0x0, {0x7, 0x0, 0x1}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44840}, 0x80000) 06:59:59 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b00"/795], 0x1) 06:59:59 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 06:59:59 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b00"/795], 0x1) [ 2728.090641][ T4018] binder: 4011:4018 unknown command 0 [ 2728.106923][ T4018] binder: 4011:4018 ioctl c0306201 20000200 returned -22 06:59:59 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x40400020, &(0x7f0000000040)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2728.135153][ T4020] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 2728.151165][ T4026] binder: 4013:4026 unknown command 0 [ 2728.167547][ T4026] binder: 4013:4026 ioctl c0306201 20000200 returned -22 06:59:59 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070009800"], 0x1) 06:59:59 executing program 1: close(0xffffffffffffffff) r0 = socket(0x11, 0x0, 0x0) dup2(r0, 0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) 07:00:00 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x40400020, &(0x7f0000000040)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2728.180562][ T4031] binder: 4028:4031 unknown command 0 [ 2728.192884][ T4031] binder: 4028:4031 ioctl c0306201 20000200 returned -22 07:00:00 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070009800"], 0x1) [ 2728.254733][ T4037] binder: 4035:4037 unknown command 0 [ 2728.260231][ T4037] binder: 4035:4037 ioctl c0306201 20000200 returned -22 [ 2728.290255][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2728.360252][ T2853] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 2728.610216][ T2853] usb 4-1: Using ep0 maxpacket: 8 [ 2728.750214][ T2853] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2728.761336][ T2853] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2728.771552][ T2853] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0 [ 2728.781430][ T2853] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0 [ 2728.960234][ T2853] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2728.969365][ T2853] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2728.977592][ T2853] usb 4-1: Product: syz [ 2728.981940][ T2853] usb 4-1: Manufacturer: syz [ 2728.986516][ T2853] usb 4-1: SerialNumber: syz [ 2729.330203][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2729.342748][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2730.130076][ T2853] cdc_ncm 4-1:1.0: bind() failure [ 2730.150068][ T2853] cdc_ncm: probe of 4-1:1.1 failed with error -71 [ 2730.170062][ T2853] cdc_mbim: probe of 4-1:1.1 failed with error -71 [ 2730.190072][ T2853] usbtest: probe of 4-1:1.1 failed with error -71 [ 2730.198055][ T2853] usb 4-1: USB disconnect, device number 36 [ 2730.371912][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:02 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x40400020, &(0x7f0000000040)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:00:02 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:02 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000070009800"], 0x1) 07:00:02 executing program 1: perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x201}], {0x14}}, 0xa4}}, 0x0) 07:00:02 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400), 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:00:02 executing program 3: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) recvmmsg(r1, &(0x7f0000006100), 0x49f, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 07:00:02 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:00:02 executing program 1: perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) read$fb(0xffffffffffffffff, &(0x7f00000006c0)=""/228, 0xe4) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000640)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000600)=0x14) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x48, 0x10, 0x400, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @gtp={{0x8, 0x1, 'gtp\x00'}, {0x1c, 0x2, 0x0, 0x1, {{0x8}, {0x8}, [@IFLA_GTP_FD1={0x8}]}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'veth0_to_batadv\x00', r1}) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x60002, 0x0) write$P9_RFSYNC(r2, 0x0, 0x7) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @gtp={{0x8, 0x1, 'gtp\x00'}, {0x1c, 0x2, 0x0, 0x1, {{0x8}, {0x8}, [@IFLA_GTP_FD1={0x8}]}}}}, @IFLA_MASTER={0x8}]}, 0x50}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, 0x0, 0x4004000) openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0xc000, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) 07:00:02 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2731.102807][ T4074] binder: 4072:4074 unknown command 0 [ 2731.111796][ T4074] binder: 4072:4074 ioctl c0306201 20000200 returned -22 07:00:02 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000"], 0x1) 07:00:02 executing program 1: perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getdents64(0xffffffffffffffff, 0x0, 0x0) read$fb(0xffffffffffffffff, &(0x7f00000006c0)=""/228, 0xe4) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000640)='/dev/ttyS3\x00', 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000600)=0x14) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x48, 0x10, 0x400, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @gtp={{0x8, 0x1, 'gtp\x00'}, {0x1c, 0x2, 0x0, 0x1, {{0x8}, {0x8}, [@IFLA_GTP_FD1={0x8}]}}}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'veth0_to_batadv\x00', r1}) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x60002, 0x0) write$P9_RFSYNC(r2, 0x0, 0x7) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @gtp={{0x8, 0x1, 'gtp\x00'}, {0x1c, 0x2, 0x0, 0x1, {{0x8}, {0x8}, [@IFLA_GTP_FD1={0x8}]}}}}, @IFLA_MASTER={0x8}]}, 0x50}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, 0x0, 0x4004000) openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0xc000, 0x0) openat$vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) 07:00:03 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000"], 0x1) [ 2731.175548][ T4086] binder: 4073:4086 unknown command 0 [ 2731.182766][ T4086] binder: 4073:4086 ioctl c0306201 20000200 returned -22 07:00:03 executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)={0x70, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}]}, @TIPC_NLA_MEDIA={0x40, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}]}]}, 0x70}}, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfb, 0x0, 0x0, 0x0, 0x400000000000000]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup3(r4, r3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2731.420038][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2731.489959][T19476] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 2731.739961][T19476] usb 4-1: Using ep0 maxpacket: 8 [ 2731.869957][T19476] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2732.080172][T19476] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2732.089278][T19476] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2732.098268][T19476] usb 4-1: Product: syz [ 2732.103485][T19476] usb 4-1: Manufacturer: syz [ 2732.108815][T19476] usb 4-1: SerialNumber: syz [ 2732.369980][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2732.449878][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2732.611170][T26593] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2733.239778][T19476] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2733.246193][T19476] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2733.259815][T19476] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2733.463169][T19476] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2733.477920][T19476] usb 4-1: USB disconnect, device number 37 [ 2733.491370][T19476] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 2733.502560][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:05 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400), 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:00:05 executing program 1: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet_tcp_buf(r2, 0x6, 0xb, &(0x7f0000000240)=""/4096, &(0x7f0000000180)=0x1000) dup(0xffffffffffffffff) write$cgroup_type(r0, &(0x7f0000000200)='threaded\x00', 0x175d900f) 07:00:05 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000"], 0x1) 07:00:05 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:00:05 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2734.209693][T19476] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 2734.217286][ T4186] binder: 4170:4186 unknown command 0 [ 2734.222952][ T4186] binder: 4170:4186 ioctl c0306201 20000200 returned -22 [ 2734.449681][T19476] usb 4-1: Using ep0 maxpacket: 8 [ 2734.529806][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:06 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:00:06 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800"/894], 0x1) 07:00:06 executing program 1: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ttyS3\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TCXONC(r0, 0x540a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000b00)='cpu.stat\x00', 0x275a, 0x0) dup2(r3, r0) 07:00:06 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800"/894], 0x1) 07:00:06 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800"/894], 0x1) 07:00:06 executing program 1: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = socket(0x10, 0x80002, 0x0) close(r0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580)='batadv\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)={0x2c, r1, 0x1, 0x0, 0x0, {0xf}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x2c}}, 0x0) [ 2734.631071][T19476] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 2734.638925][T19476] usb 4-1: can't read configurations, error -71 07:00:06 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800"/901], 0x1) 07:00:06 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400), 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2735.021808][T19476] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 2735.031451][ T4228] binder: 4224:4228 unknown command 0 [ 2735.036860][ T4228] binder: 4224:4228 ioctl c0306201 20000200 returned -22 [ 2735.269736][T19476] usb 4-1: Using ep0 maxpacket: 8 [ 2735.389674][T19476] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2735.409664][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2735.559680][T19476] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2735.568776][T19476] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2735.569603][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2735.578145][T19476] usb 4-1: Product: syz [ 2735.588999][T19476] usb 4-1: Manufacturer: syz [ 2735.593619][T19476] usb 4-1: SerialNumber: syz [ 2736.609559][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2736.719513][T19476] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2736.725925][T19476] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2736.739481][T19476] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2736.931449][T19476] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2736.947802][T19476] usb 4-1: USB disconnect, device number 39 [ 2736.963294][T19476] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM 07:00:08 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:08 executing program 1: perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) r0 = socket(0x10, 0x80002, 0x0) close(r0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580)='batadv\x00') r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000400)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)={0x2c, r1, 0x1, 0x0, 0x0, {0xf}, [@BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x2c}}, 0x0) 07:00:08 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800"/901], 0x1) 07:00:08 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:00:09 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:00:09 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x40400020, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:00:09 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000000c300)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELFLOWTABLE={0x14}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x301, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x7c}}, 0x0) 07:00:09 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800"/901], 0x1) 07:00:09 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000fe"], 0x1) 07:00:09 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x40400020, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2737.470853][ T4293] binder: 4287:4293 unknown command 0 [ 2737.476348][ T4293] binder: 4287:4293 ioctl c0306201 20000200 returned -22 07:00:09 executing program 1: clone(0x400000404e5fd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='syscall\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) preadv(r0, &(0x7f00000002c0)=[{&(0x7f00000001c0)=""/141, 0x8d}], 0x1, 0x7f, 0x0) 07:00:09 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000fe"], 0x1) [ 2737.549446][ T4304] binder: 4302:4304 unknown command 0 [ 2737.556654][ T4304] binder: 4302:4304 ioctl c0306201 20000200 returned -22 [ 2737.618486][ T4317] ptrace attach of "/root/syz-executor.1"[4315] was attempted by "/root/syz-executor.1"[4317] [ 2737.649430][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2737.749364][T19476] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 2737.999421][T19476] usb 4-1: Using ep0 maxpacket: 8 [ 2738.139354][T19476] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2738.339488][T19476] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2738.348589][T19476] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2738.356735][T19476] usb 4-1: Product: syz [ 2738.360986][T19476] usb 4-1: Manufacturer: syz [ 2738.365582][T19476] usb 4-1: SerialNumber: syz [ 2738.449387][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2738.689409][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2739.499248][T19476] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2739.505784][T19476] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2739.519202][T19476] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2739.723096][T19476] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2739.742396][T19476] usb 4-1: USB disconnect, device number 40 [ 2739.748621][T19476] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 2739.761597][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:11 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:11 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x40400020, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:00:11 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000fe"], 0x1) 07:00:11 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000080)={0xa}) 07:00:12 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:00:12 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:00:12 executing program 1: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6(0xa, 0x1, 0x8010000400000084) setsockopt$sock_linger(r1, 0x1, 0xd, &(0x7f0000000040)={0x1, 0x6}, 0x8) close(r1) 07:00:12 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffff"], 0x1) 07:00:12 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x40400020, &(0x7f0000000040)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2740.203491][ T4372] binder: 4366:4372 unknown command 0 [ 2740.224277][ T4372] binder: 4366:4372 ioctl c0306201 20000200 returned -22 07:00:12 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffff"], 0x1) 07:00:12 executing program 1: r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000000080)={0xb}) 07:00:12 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x40400020, &(0x7f0000000040)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2740.301691][ T4389] binder: 4388:4389 unknown command 0 [ 2740.307362][ T4389] binder: 4388:4389 ioctl c0306201 20000200 returned -22 [ 2740.315557][ T4390] binder: 4375:4390 ioctl c0306201 0 returned -14 [ 2740.376961][ T4402] binder: 4401:4402 unknown command 0 [ 2740.382439][ T4402] binder: 4401:4402 ioctl c0306201 20000200 returned -22 [ 2740.539129][T19476] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 2740.779092][T19476] usb 4-1: Using ep0 maxpacket: 8 [ 2740.779189][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2740.899243][T19476] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2741.069182][T19476] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2741.078325][T19476] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2741.088686][T19476] usb 4-1: Product: syz [ 2741.093187][T19476] usb 4-1: Manufacturer: syz [ 2741.097802][T19476] usb 4-1: SerialNumber: syz [ 2741.489132][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2741.809069][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2742.209041][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2742.239047][T19476] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2742.245540][T19476] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2742.258976][T19476] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2742.460832][T19476] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2742.478529][T19476] usb 4-1: USB disconnect, device number 41 [ 2742.487907][T19476] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 2742.850463][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:14 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:14 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffff"], 0x1) 07:00:14 executing program 1: openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) preadv(r0, &(0x7f00000017c0), 0x3da, 0x2000000, 0x0) 07:00:14 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x0, 0x40400020, &(0x7f0000000040)}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:00:14 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:00:14 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) 07:00:15 executing program 1: openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mdstat\x00', 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) preadv(r0, &(0x7f00000017c0), 0x3da, 0x2000000, 0x0) 07:00:15 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:00:15 executing program 2: perf_event_open(&(0x7f0000000240)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt(r0, 0x65, 0x1, &(0x7f0000000080), 0x1d0) bind$can_raw(r0, &(0x7f0000000140), 0x10) [ 2743.233051][ T4451] binder: 4447:4451 unknown command 0 [ 2743.242206][ T4451] binder: 4447:4451 ioctl c0306201 20000200 returned -22 07:00:15 executing program 1: r0 = socket$inet(0x10, 0x2000000002, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="240000002e0007031dfffd946fa2830020200a0000000000000000e50c1be3a20400ff7e280000005e00ffffba16a0aa1c0009b3ebea966cf0554edc7de8ddeb133c2b3ce9fad90f15a36a15", 0x4c}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000002540)=[{{0x0, 0x0, &(0x7f0000001600)=[{&(0x7f0000000400)=""/96, 0x60}, {&(0x7f0000002580)=""/4096, 0x1000}, {&(0x7f0000000040)=""/14, 0xe}], 0x3}}], 0x1, 0x0, 0x0) 07:00:15 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000002b8, 0x0) [ 2743.289209][ T4464] binder: 4449:4464 ioctl c0306201 0 returned -14 07:00:15 executing program 2: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x8802, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r6, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@val, @void, @eth={@broadcast, @empty, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x1, 0x0, @empty, @multicast1}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 2743.508877][ T2853] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 2743.778938][ T2853] usb 4-1: Using ep0 maxpacket: 8 [ 2743.888985][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2743.909013][ T2853] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2744.108940][ T2853] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2744.125880][ T2853] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2744.148776][ T2853] usb 4-1: Product: syz [ 2744.152995][ T2853] usb 4-1: Manufacturer: syz [ 2744.157596][ T2853] usb 4-1: SerialNumber: syz [ 2744.528878][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2744.928772][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2745.318816][ T2853] cdc_ncm 4-1:1.0: bind() failure [ 2745.339047][ T2853] cdc_ncm: probe of 4-1:1.1 failed with error -71 [ 2745.358726][ T2853] cdc_mbim: probe of 4-1:1.1 failed with error -71 [ 2745.378739][ T2853] usbtest: probe of 4-1:1.1 failed with error -71 [ 2745.386414][ T2853] usb 4-1: USB disconnect, device number 42 [ 2745.968960][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:18 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:00:18 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f", 0x1}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:18 executing program 1: bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x15, 0x10, 0x3, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x19]}, 0x3c) 07:00:18 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:00:18 executing program 2: syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x84, 0x0, 0x0, 0x0, &(0x7f00000004c0)={0x20, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000090000082505a8a40700000000010902240001010000000904000012070103000905010200ffe00000090582021a"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000200)=ANY=[], 0x0) 07:00:18 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) 07:00:18 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r1 = syz_open_procfs(0x0, &(0x7f0000000300)='pagemap\x00') sendfile(r0, r1, 0x0, 0xa808) 07:00:18 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x122, &(0x7f00000001c0)="c4c691019919da070000000000000022addebf080c44fca79ce07bee6333b5cacd893169b618322ff6602022511253508b5a4496728c2a46e1bc340e2838350808ffdb2dc4a741357baa16dacdcfac32957d8f6990c3f9c501fcbab083bc1cd083d8c0b2e3482945fef116371f8c8c0c4db583a208718e3cccd9dd3bf7a0f9daf36c29d2d3e73af34a91a4a8844ee4a3e66452419a30843900bb4ff9a7df5ee0fdbb6e3a288594f90399513f49d5135aea235b86495999dd604f5f3bcdc9ded4aad49dc3d22c8e6845a8a8c2e95d09954d467317f1ec9f9a84072163cb1544c90bc92b31e0cc668a8243dfa0a42ab126a3b83190da000000000000000000000000002bd0e9bc6ad198919d2084ccb7af9c30cd041b535f6be16a2294000000000000"}}], 0x1c) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000180)=""/8, 0x2}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2746.307698][ T4550] binder: 4533:4550 ioctl c0306201 0 returned -14 07:00:18 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x120, &(0x7f00000003c0)="c4c691019919da070000000000000022addee07bee6333b5cacd893169b618322ff6602022511253508b5a4496728c2a46e1bc340e29b9ab9b71362838350808ffdb2dc4a741357baa16dacdcfac32957d8f6990c3f9c501fcbab083bc1cd083d8c0b2e3482945fef116371f8c8c0c4db583a208718e3cccd9dd3bf7a0b9daf36c29d2d3e73af34a91a4a8844ee497e66452419a30843900bb4ff9a7df5ee0fdbb6e3a288594f90399513f49d5135aea235b86495999dd604f5f3bcdc9ded4aad49dc3d25b919b831d2c8e6845a8a8c2e95d09954d467317f1ec9f9a84072163cb1544c90bc92b31e0cc668a8243dfa0a42ab126a3b83190da0000000000009eceec25e996332bd0e9bc6ad198919d2084ccb7af9c30cd8f1b535f6be16a2294"}}], 0x1c) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000180), 0xa}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x40) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:18 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_elf64(r0, &(0x7f00000000c0)=ANY=[], 0x10132) pipe(&(0x7f00000000c0)) r2 = open(&(0x7f0000000780)='./bus\x00', 0x14103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r2, 0x0) recvmmsg(r1, &(0x7f0000001140)=[{{0x0, 0x0, 0x0}}], 0x700, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) syz_genetlink_get_family_id$devlink(&(0x7f0000000100)='devlink\x00') bind$inet(0xffffffffffffffff, 0x0, 0x0) 07:00:18 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control={0x6}}], 0x1c) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0, 0xfffffffffffffe4a}, {0x0}, {&(0x7f0000000280)=""/5, 0x8}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x40) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) [ 2746.518585][T24244] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 2746.518597][ T9218] usb 4-1: new high-speed USB device number 43 using dummy_hcd 07:00:18 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_emit_ethernet(0x5e, &(0x7f00000001c0)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x28, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0xa, 0xc2, 0x0, 0x0, 0x0, {[@exp_fastopen={0xfe, 0x12, 0xf989, "4b44e28a154178172aa8e6c86ae0"}]}}}}}}}}, 0x0) [ 2746.758566][T24244] usb 3-1: Using ep0 maxpacket: 8 [ 2746.788585][ T9218] usb 4-1: Using ep0 maxpacket: 8 [ 2746.878898][T24244] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 1792, setting to 1024 [ 2746.890110][T24244] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 1024 [ 2746.900472][T24244] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 26 [ 2746.910424][T24244] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 2746.923380][T24244] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.07 [ 2746.928744][ T9218] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2746.932674][T24244] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2746.969156][ T4534] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 2746.976163][ T4534] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 2746.988797][T24244] hub 3-1:1.0: bad descriptor, ignoring hub [ 2746.994909][T24244] hub: probe of 3-1:1.0 failed with error -5 [ 2747.008707][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:18 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2747.148573][ T9218] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2747.157683][ T9218] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2747.166196][ T9218] usb 4-1: Product: syz [ 2747.170604][ T9218] usb 4-1: Manufacturer: syz [ 2747.175162][ T9218] usb 4-1: SerialNumber: syz [ 2747.196023][ T4534] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 2747.204291][ T4534] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 2747.439646][T24244] usblp 3-1:1.0: usblp0: USB Bidirectional printer dev 25 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 2747.568570][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2748.048496][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2748.068454][ T4534] usb 3-1: reset high-speed USB device number 25 using dummy_hcd [ 2748.328445][ T4534] usb 3-1: Using ep0 maxpacket: 8 [ 2748.338429][ T9218] cdc_ncm 4-1:1.0: bind() failure [ 2748.358444][ T9218] cdc_ncm: probe of 4-1:1.1 failed with error -71 [ 2748.378550][ T9218] cdc_mbim: probe of 4-1:1.1 failed with error -71 [ 2748.398526][ T9218] usbtest: probe of 4-1:1.1 failed with error -71 [ 2748.406557][ T9218] usb 4-1: USB disconnect, device number 43 [ 2748.449568][ T4593] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 2748.456522][ T4593] raw-gadget gadget: fail, usb_ep_enable returned -22 [ 2748.518384][ C1] usblp0: nonzero read bulk status received: -71 [ 2748.698470][ T2853] usb 3-1: USB disconnect, device number 25 [ 2748.707341][ T2853] usblp0: removed [ 2749.088480][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2749.171632][ T4622] udc-core: couldn't find an available UDC or it's busy [ 2749.178759][ T4622] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 07:00:21 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f", 0x1}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:21 executing program 1: 07:00:21 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:00:21 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 07:00:21 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) 07:00:21 executing program 2: 07:00:21 executing program 1: 07:00:21 executing program 2: 07:00:21 executing program 2: 07:00:21 executing program 1: 07:00:21 executing program 2: 07:00:21 executing program 1: [ 2749.568313][T19476] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 2749.838273][T19476] usb 4-1: Using ep0 maxpacket: 8 [ 2749.978465][T19476] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2750.128423][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2750.178485][T19476] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2750.187624][T19476] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2750.195766][T19476] usb 4-1: Product: syz [ 2750.200087][T19476] usb 4-1: Manufacturer: syz [ 2750.204686][T19476] usb 4-1: SerialNumber: syz [ 2750.618287][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2751.168455][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2751.358165][T19476] cdc_ncm 4-1:1.0: bind() failure [ 2751.378171][T19476] cdc_ncm: probe of 4-1:1.1 failed with error -71 [ 2751.398169][T19476] cdc_mbim: probe of 4-1:1.1 failed with error -71 [ 2751.418145][T19476] usbtest: probe of 4-1:1.1 failed with error -71 [ 2751.426413][T19476] usb 4-1: USB disconnect, device number 44 [ 2751.812111][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2751.820628][ T3323] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2751.829626][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2751.837931][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2752.208129][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:24 executing program 1: 07:00:24 executing program 2: 07:00:24 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 07:00:24 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:00:24 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f", 0x1}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:24 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:00:24 executing program 1: 07:00:24 executing program 2: 07:00:24 executing program 2: 07:00:24 executing program 1: 07:00:24 executing program 1: 07:00:24 executing program 2: 07:00:24 executing program 2: 07:00:24 executing program 1: [ 2752.370478][ T4684] binder: 4672:4684 ioctl c0306201 0 returned -14 [ 2752.588068][T19476] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 2752.858045][T19476] usb 4-1: Using ep0 maxpacket: 8 [ 2752.999063][T19476] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 07:00:24 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000004c0), 0x0, 0x0, 0x0}) [ 2753.219272][T19476] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2753.228319][T19476] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2753.236261][T19476] usb 4-1: Product: syz [ 2753.241033][T19476] usb 4-1: Manufacturer: syz [ 2753.245600][T19476] usb 4-1: SerialNumber: syz [ 2753.248077][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2753.648006][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2754.287978][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2754.417951][T19476] cdc_ncm 4-1:1.0: bind() failure [ 2754.439011][T19476] cdc_ncm: probe of 4-1:1.1 failed with error -71 [ 2754.457903][T19476] cdc_mbim: probe of 4-1:1.1 failed with error -71 [ 2754.477892][T19476] usbtest: probe of 4-1:1.1 failed with error -71 [ 2754.486120][T19476] usb 4-1: USB disconnect, device number 45 07:00:27 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:27 executing program 1: 07:00:27 executing program 2: 07:00:27 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:00:27 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000004c0), 0x0, 0x0, 0x0}) 07:00:27 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:00:27 executing program 2: 07:00:27 executing program 1: 07:00:27 executing program 2: [ 2755.329039][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:27 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:27 executing program 1: 07:00:27 executing program 2: 07:00:27 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:27 executing program 1: 07:00:27 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2755.401907][ T4731] binder: 4717:4731 ioctl c0306201 0 returned -14 [ 2755.617831][T24244] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 2755.857742][T24244] usb 4-1: Using ep0 maxpacket: 8 [ 2755.977930][T24244] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 07:00:27 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, 0x0) 07:00:27 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000004c0), 0x0, 0x0, 0x0}) [ 2756.147950][T24244] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2756.167836][T24244] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2756.183948][T24244] usb 4-1: Product: syz [ 2756.191425][T24244] usb 4-1: Manufacturer: syz [ 2756.196824][T24244] usb 4-1: SerialNumber: syz [ 2756.209721][ T4752] binder: 4745:4752 ioctl c0306201 0 returned -14 [ 2756.367751][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2756.697721][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2757.377663][T24244] cdc_ncm 4-1:1.0: bind() failure [ 2757.397661][T24244] cdc_ncm: probe of 4-1:1.1 failed with error -71 [ 2757.407680][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2757.417755][T24244] cdc_mbim: probe of 4-1:1.1 failed with error -71 [ 2757.437756][T24244] usbtest: probe of 4-1:1.1 failed with error -71 [ 2757.445762][T24244] usb 4-1: USB disconnect, device number 46 07:00:29 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:00:29 executing program 2: 07:00:29 executing program 1: 07:00:29 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:29 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 07:00:29 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:00:29 executing program 1: 07:00:29 executing program 2: 07:00:29 executing program 1: 07:00:29 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:29 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:29 executing program 2: [ 2757.920454][ T4792] binder: 4776:4792 unknown command 0 [ 2757.929476][ T4792] binder: 4776:4792 ioctl c0306201 20000200 returned -22 [ 2758.167548][ T9218] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 2758.417518][ T9218] usb 4-1: Using ep0 maxpacket: 8 [ 2758.447625][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2758.567791][ T9218] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2758.767661][ T9218] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2758.776835][ T9218] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2758.784894][ T9218] usb 4-1: Product: syz [ 2758.789061][ T9218] usb 4-1: Manufacturer: syz [ 2758.793642][ T9218] usb 4-1: SerialNumber: syz [ 2759.487505][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2759.727513][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2759.967459][ T9218] cdc_ncm 4-1:1.0: bind() failure [ 2759.987396][ T9218] cdc_ncm: probe of 4-1:1.1 failed with error -71 [ 2760.007469][ T9218] cdc_mbim: probe of 4-1:1.1 failed with error -71 [ 2760.027404][ T9218] usbtest: probe of 4-1:1.1 failed with error -71 [ 2760.035249][ T9218] usb 4-1: USB disconnect, device number 47 07:00:32 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:00:32 executing program 1: 07:00:32 executing program 2: 07:00:32 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 07:00:32 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:00:32 executing program 2: 07:00:32 executing program 1: 07:00:32 executing program 2: fchdir(0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) write$FUSE_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={0x0, 0x1cc}, 0x1, 0x0, 0x0, 0x4}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0xa8, r2, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xfc}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x1000}]}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x6}, @NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_RULES={0x24, 0x22, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x7fffffff}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x3f}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x200}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}]}, @NL80211_ATTR_REG_RULES={0xc, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x8}]}, @NL80211_ATTR_REG_RULES={0x1c, 0x22, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xffffffff}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x7}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x5}]}, @NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x9}, @NL80211_ATTR_FREQ_RANGE_START={0x8}]}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}]}, 0xa8}}, 0x24000025) perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001000fff1fefefd956f76c9b724a6008000000000000000683440150024001b0000000000000000593ab782115ed9043d51d7e88dc62b2ca654a6613b6a080000001cbc882b079881", 0x4c}], 0x1}, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) syz_genetlink_get_family_id$nl80211(0x0) socket$inet6(0xa, 0x0, 0x4) mkdir(0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000040000,user_i', @ANYRESDEC=0x0, @ANYRESDEC=0x0]) 07:00:32 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x11e, &(0x7f0000000200)="c4fe910d6786cec96ddb5322ad863ae8cb9b9d6c5b2821049d69d60a34ad866a422525ee105042f88d45e7886c0f2a93cd82682ce184dbd0f5ecb8a2ca2a6b7c896ce29e8f72ae59edff025c1dd027f9851190fc934ff0f1bb960b5e00b57f5afc611bd7160647f44ddf30923e9cd404347d321ef3c4359805f99b5b78cddf9afab27ac4a59ebbae8a7ff6590c0e7f53a120a0b04d16c749a75ef5e6c02a01d8a4a439f38345c401bb96d4f502982fe96be6ab59e5ebc345d8626e01e0a9db612d887b578a6007c994d36888f15e2aa84c71831146000000000000004254411e3e639373750ead302323f01cabaeafaedca7bf093ff2f46057524f623e27dcc6c13eff7d63506ae001eeaab22190f7d205252206f6a699160d1836fa8e03"}}], 0x1c) wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2760.492054][ T4831] netlink: 'syz-executor.2': attribute type 27 has an invalid length. [ 2760.496628][ T4832] binder: 4817:4832 unknown command 0 [ 2760.501543][ T4831] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2760.505677][ T4832] binder: 4817:4832 ioctl c0306201 20000200 returned -22 [ 2760.527451][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2760.530852][ T4831] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2760.551335][ T4831] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2760.562470][ T4831] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2760.603473][ T4831] netlink: 'syz-executor.2': attribute type 27 has an invalid length. [ 2760.612252][ T4831] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2760.621719][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2760.636164][ T4831] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2760.646020][ T4831] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready 07:00:32 executing program 2: fchdir(0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) write$FUSE_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={0x0, 0x1cc}, 0x1, 0x0, 0x0, 0x4}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0xa8, r2, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xfc}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x1000}]}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x6}, @NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_RULES={0x24, 0x22, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x7fffffff}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x3f}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x200}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}]}, @NL80211_ATTR_REG_RULES={0xc, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x8}]}, @NL80211_ATTR_REG_RULES={0x1c, 0x22, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xffffffff}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x7}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x5}]}, @NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x9}, @NL80211_ATTR_FREQ_RANGE_START={0x8}]}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}]}, 0xa8}}, 0x24000025) perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001000fff1fefefd956f76c9b724a6008000000000000000683440150024001b0000000000000000593ab782115ed9043d51d7e88dc62b2ca654a6613b6a080000001cbc882b079881", 0x4c}], 0x1}, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) syz_genetlink_get_family_id$nl80211(0x0) socket$inet6(0xa, 0x0, 0x4) mkdir(0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000040000,user_i', @ANYRESDEC=0x0, @ANYRESDEC=0x0]) [ 2760.653534][ T4831] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2760.695181][ T4847] netlink: 'syz-executor.2': attribute type 27 has an invalid length. [ 2760.697609][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2760.705006][ T4847] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2760.722281][T24244] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 2760.736030][ T4847] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2760.748529][ T4847] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2760.755998][ T4847] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2760.817844][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:32 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:32 executing program 2: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null-generic\x00'}, 0x58) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = accept$alg(r0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) recvmmsg(r1, &(0x7f0000006100), 0x49f, 0x0, 0x0) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r2, 0x0) [ 2760.997375][T24244] usb 4-1: Using ep0 maxpacket: 8 [ 2761.137525][T24244] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2761.337405][T24244] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2761.346498][T24244] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2761.355013][T24244] usb 4-1: Product: syz [ 2761.359409][T24244] usb 4-1: Manufacturer: syz [ 2761.363991][T24244] usb 4-1: SerialNumber: syz [ 2761.407365][ T2853] net_ratelimit: 1 callbacks suppressed [ 2761.407368][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2761.577307][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2762.067214][T24244] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 2762.073316][T24244] cdc_ncm 4-1:1.0: bind() failure [ 2762.089180][T24244] cdc_ncm 4-1:1.1: bind() failure [ 2762.607191][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2762.777258][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:35 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:00:35 executing program 2: r0 = syz_open_dev$loop(&(0x7f0000000080)='/dev/loop#\x00', 0x0, 0x10d082) r1 = memfd_create(&(0x7f0000000040)='\xbb\x02\xb1\xed\x96\xdb\xb1,\x116\xe0\x89]\xad\x01\xc3r%;\x99\xbck\xe7=\xfa\xe8HB\x00\x00\xd7h\xa4\x06jt\xea\xf9l\x00\x00\x00\x00!\xf8\xac\xdc\x00\x00\x00', 0x0) pwritev(r1, &(0x7f00000001c0)=[{&(0x7f0000000200)="c5", 0x1}], 0x1, 0x40ee1, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write(r0, &(0x7f0000000000), 0x52698b21) 07:00:35 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:00:35 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2763.445490][T24244] usb 4-1: USB disconnect, device number 48 07:00:35 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x0, 0x0, 0x3}, 0x0) prctl$PR_SET_MM(0x23, 0x0, &(0x7f0000ffd000/0x1000)=nil) r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r4, &(0x7f00000000c0)='./file0\x00') mkdirat(r4, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) 07:00:35 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x10a, &(0x7f0000000200)="c4fe910d6786cec96ddb5322ad863ae8cb9b9d6c5b2821049d69d60a34ad866a422525ee105042f88d45e7886c0f2a93cd82682ce184dbd0f5ecb8a2ca2a6b7c896ce29e8f72ae59edff025c1dd027f9851190fc934ff0f1bb960b5e00b57f5afc611bd7160647f44ddf30923e9cd404347d321ef3c4359805f99b5b78cddf9afab27ac4a59ebbae8a7ff6590c0e7f53a120a0b04d16c749a75ef5e6c02a01d8a4a439f38345c401bb96d4f502982fe96be6ab59e5ebc345d8626e01e0a9db612d887b578a6007c994d36888f15e2aa84c71831146000000000000004254411e3e639373750ead302323f01cabaeafaedca7bf093ff2f46057524f623e27dcc6c13eff7d63506ae001ee"}}], 0x1c) wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:35 executing program 2: sysfs$3(0x3) ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0) 07:00:35 executing program 2: sched_setattr(0x0, 0x0, 0x0) creat(&(0x7f0000000000)='./file0\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000240)='ufs\x00', 0x0, 0x0) 07:00:35 executing program 2: sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write(r0, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4000000000000009}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mkdirat(r1, 0x0, 0x0) [ 2763.530753][ T4892] binder: 4878:4892 unknown command 0 [ 2763.537023][ T4892] binder: 4878:4892 ioctl c0306201 20000200 returned -22 07:00:35 executing program 2: prlimit64(0x0, 0xe, 0x0, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, 0x0, 0x0, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) syz_mount_image$nfs(&(0x7f0000000140)='nfs\x00', &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0, 0x0, 0x1000010, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) open(&(0x7f0000000280)='.\x00', 0x0, 0x0) perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x41, 0x0, 0x0, 0x0, 0x0, 0xee33, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x6, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xb) [ 2763.647165][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2763.847040][T24244] usb 4-1: new high-speed USB device number 49 using dummy_hcd 07:00:35 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:35 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f0000000340), 0x41395527) syz_mount_image$nfs(&(0x7f0000000140)='nfs\x00', &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, 0x0, &(0x7f00000008c0), 0x1000010, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0xfe52, 0x3, 0x0, 0x4000000000000009}, 0x0) r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) perf_event_open(&(0x7f00000002c0)={0x2, 0x70, 0x41, 0x0, 0x0, 0x0, 0x0, 0xee33, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x6, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xb) [ 2764.087016][T24244] usb 4-1: Using ep0 maxpacket: 8 [ 2764.207136][T24244] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2764.378784][T24244] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2764.387874][T24244] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2764.399299][T24244] usb 4-1: Product: syz [ 2764.403428][T24244] usb 4-1: Manufacturer: syz [ 2764.408387][T24244] usb 4-1: SerialNumber: syz [ 2764.687020][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2765.106959][T24244] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 2765.112933][T24244] cdc_ncm 4-1:1.0: bind() failure [ 2765.122214][T24244] cdc_ncm 4-1:1.1: bind() failure [ 2765.726934][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2765.816884][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:38 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:00:38 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:38 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000004c0), 0x0, 0x0, 0x0}) 07:00:38 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9}, 0x0) getpid() sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{0x0}], 0x1, 0x0) r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) 07:00:38 executing program 1: fchdir(0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) write$FUSE_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={0x0, 0x1cc}, 0x1, 0x0, 0x0, 0x4}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000c76089319e000000c1ba92a49825526f9040000000aaa068145d571a536367cd6ace1c5be444daf8411bea9d2df77e272368bb9a7c8915b4c7663ddfaddd1036df3c665620d6cf9865f4db9eaeea9170fcc943d0ea9d613b8ed967fe02523cd65c8783400c40bdaa65b462396d131acd10d27f7b3aad773072ecf86efc946ea76be5f0cff69cfe51d217f745591a73e1d0d5be05152c8d68b56c5b64a29feda7163ad74d381e0a351e", @ANYRES16, @ANYBLOB="c18f000000000000000005000000"], 0x14}}, 0x0) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0xb0, r2, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xfc}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x1000}]}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x6}, @NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_RULES={0x24, 0x22, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x7fffffff}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x3f}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x200}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}]}, @NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x401}]}, @NL80211_ATTR_REG_RULES={0x1c, 0x22, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xffffffff}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x7}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x5}]}, @NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x9}, @NL80211_ATTR_FREQ_RANGE_START={0x8}]}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4004804}, 0x24000025) perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001000fff1fefefd956f76c9b724a6008000000000000000683440150024001b0000000000000000593ab782115ed9043d51d7e88dc62b2ca654a6613b6a080000001cbc882b079881", 0x4c}], 0x1}, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) syz_genetlink_get_family_id$nl80211(0x0) socket$inet6(0xa, 0x0, 0x4) mkdir(0x0, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) 07:00:38 executing program 2: fchdir(0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) write$FUSE_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="cc0100001600080025bd7000ffdbdf25ffffffff000000000000000000000000fc01000000006cefde7c75ffdf000000000000000000014e2000024e260000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x1cc}, 0x1, 0x0, 0x0, 0x4}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000c76089319e000000c1ba92a49825526f9040000000aaa068145d571a536367cd6ace1c5be444daf8411bea9d2df77e272368bb9a7c8915b4c7663ddfaddd1036df3c665620d6cf9865f4db9eaeea9170fcc943d0ea9d613b8ed967fe02523cd65c8783400c40bdaa65b462396d131acd10d27f7b3aad773072ecf86efc946ea76be5f0cff69cfe51d217f745591a73e1d0d5be05152c8d68b56c5b64a29feda7163ad74d381e0a351e", @ANYRES16, @ANYBLOB="c18f000000000000000005000000"], 0x14}}, 0x0) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0xb0, r2, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xfc}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x1000}]}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x6}, @NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_RULES={0x24, 0x22, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x7fffffff}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x3f}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x200}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}]}, @NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x401}]}, @NL80211_ATTR_REG_RULES={0x1c, 0x22, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xffffffff}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x7}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x5}]}, @NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x9}, @NL80211_ATTR_FREQ_RANGE_START={0x8}]}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4004804}, 0x24000025) perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001000fff1fefefd956f76c9b724a6008000000000000000683440150024001b0000000000000000593ab782115ed9043d51d7e88dc62b2ca654a6613b6a080000001cbc882b079881", 0x4c}], 0x1}, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) syz_genetlink_get_family_id$nl80211(0x0) socket$inet6(0xa, 0x0, 0x4) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) [ 2766.482465][T30179] usb 4-1: USB disconnect, device number 49 [ 2766.526471][ T4941] netlink: 'syz-executor.1': attribute type 27 has an invalid length. [ 2766.538102][ T4941] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2766.549413][ T4941] IPv6: ADDRCONF(NETDEV_CHANGE): Y­4`Ò˜: link becomes ready [ 2766.567596][ T4941] IPv6: ADDRCONF(NETDEV_CHANGE): Y­4`Ò˜: link becomes ready [ 2766.612538][ T4941] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2766.649816][ T4945] netlink: 'syz-executor.2': attribute type 27 has an invalid length. [ 2766.659807][ T4945] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2766.682639][ T4945] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2766.695311][ T4945] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2766.703233][ T4945] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2766.739097][ T4953] netlink: 'syz-executor.1': attribute type 27 has an invalid length. [ 2766.747748][ T4953] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 2766.757404][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2766.758625][ T4953] IPv6: ADDRCONF(NETDEV_CHANGE): Y­4`Ò˜: link becomes ready [ 2766.773056][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:38 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x0, 0x8d}, 0x0) getrlimit(0x8, &(0x7f0000000100)) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x1, 0x1, 0xfe52, 0x3, 0x0, 0x4000000000000009}, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) prctl$PR_SET_MM(0x23, 0x8, &(0x7f0000ffd000/0x1000)=nil) r4 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) symlinkat(&(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r4, &(0x7f00000000c0)='./file0\x00') mkdirat(r4, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) mount(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0) [ 2766.794996][ T4953] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 2766.806993][ T4955] netlink: 'syz-executor.2': attribute type 27 has an invalid length. [ 2766.818106][ T4955] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2766.833081][ T4955] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:00:38 executing program 2: fchdir(0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) write$FUSE_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="cc0100001600080025bd7000ffdbdf25ffffffff000000000000000000000000fc01000000006cefde7c75ffdf000000000000000000014e2000024e260000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x1cc}, 0x1, 0x0, 0x0, 0x4}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000c76089319e000000c1ba92a49825526f9040000000aaa068145d571a536367cd6ace1c5be444daf8411bea9d2df77e272368bb9a7c8915b4c7663ddfaddd1036df3c665620d6cf9865f4db9eaeea9170fcc943d0ea9d613b8ed967fe02523cd65c8783400c40bdaa65b462396d131acd10d27f7b3aad773072ecf86efc946ea76be5f0cff69cfe51d217f745591a73e1d0d5be05152c8d68b56c5b64a29feda7163ad74d381e0a351e", @ANYRES16, @ANYBLOB="c18f000000000000000005000000"], 0x14}}, 0x0) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0xb0, r2, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xfc}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x1000}]}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x6}, @NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_RULES={0x24, 0x22, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x7fffffff}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x3f}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x200}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}]}, @NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x401}]}, @NL80211_ATTR_REG_RULES={0x1c, 0x22, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xffffffff}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x7}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x5}]}, @NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x9}, @NL80211_ATTR_FREQ_RANGE_START={0x8}]}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4004804}, 0x24000025) perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001000fff1fefefd956f76c9b724a6008000000000000000683440150024001b0000000000000000593ab782115ed9043d51d7e88dc62b2ca654a6613b6a080000001cbc882b079881", 0x4c}], 0x1}, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) syz_genetlink_get_family_id$nl80211(0x0) socket$inet6(0xa, 0x0, 0x4) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) [ 2766.843366][ T4955] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2766.851045][ T4955] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2766.897058][ C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2766.902430][ T4980] netlink: 'syz-executor.2': attribute type 27 has an invalid length. [ 2766.913784][ T4980] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2766.932123][ T4980] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:00:38 executing program 1: fchdir(0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) write$FUSE_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f00000000c0)=ANY=[@ANYBLOB="cc0100001600080025bd7000ffdbdf25ffffffff000000000000000000000000fc01000000006cefde7c75ffdf000000000000000000014e2000024e260000", @ANYRES32=0x0, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB], 0x1cc}, 0x1, 0x0, 0x0, 0x4}, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x4000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_GET_SCAN(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000c76089319e000000c1ba92a49825526f9040000000aaa068145d571a536367cd6ace1c5be444daf8411bea9d2df77e272368bb9a7c8915b4c7663ddfaddd1036df3c665620d6cf9865f4db9eaeea9170fcc943d0ea9d613b8ed967fe02523cd65c8783400c40bdaa65b462396d131acd10d27f7b3aad773072ecf86efc946ea76be5f0cff69cfe51d217f745591a73e1d0d5be05152c8d68b56c5b64a29feda7163ad74d381e0a351e", @ANYRES16, @ANYBLOB="c18f000000000000000005000000"], 0x14}}, 0x0) sendmsg$NL80211_CMD_SET_REG(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)={0xb0, r2, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8}, @NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0xfc}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x1000}]}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x6}, @NL80211_ATTR_REG_RULES={0x4}, @NL80211_ATTR_REG_RULES={0x24, 0x22, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x7fffffff}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x3f}, @NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0x200}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8}]}, @NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x8}, @NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN={0x8, 0x5, 0x401}]}, @NL80211_ATTR_REG_RULES={0x1c, 0x22, 0x0, 0x1, [@NL80211_ATTR_POWER_RULE_MAX_EIRP={0x8, 0x6, 0xffffffff}, @NL80211_ATTR_FREQ_RANGE_MAX_BW={0x8, 0x4, 0x7}, @NL80211_ATTR_FREQ_RANGE_START={0x8, 0x2, 0x5}]}, @NL80211_ATTR_REG_RULES={0x14, 0x22, 0x0, 0x1, [@NL80211_ATTR_FREQ_RANGE_END={0x8, 0x3, 0x9}, @NL80211_ATTR_FREQ_RANGE_START={0x8}]}, @NL80211_ATTR_REG_ALPHA2={0x6, 0x21, 'b\x00'}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4004804}, 0x24000025) perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket(0x10, 0x3, 0x0) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="4c0000001000fff1fefefd956f76c9b724a6008000000000000000683440150024001b0000000000000000593ab782115ed9043d51d7e88dc62b2ca654a6613b6a080000001cbc882b079881", 0x4c}], 0x1}, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) syz_genetlink_get_family_id$nl80211(0x0) socket$inet6(0xa, 0x0, 0x4) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) [ 2766.951882][ T4980] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 2766.960811][ T4980] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 2766.998008][T30179] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 2767.011930][ T4990] netlink: 'syz-executor.1': attribute type 27 has an invalid length. [ 2767.027486][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2767.028376][ T4990] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 07:00:38 executing program 2: socketpair$unix(0x1, 0x80003, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x1}, 0x6e) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f513, 0x0) 07:00:38 executing program 2: r0 = getpid() sched_setattr(r0, 0x0, 0x0) socket$inet6(0xa, 0x0, 0x0) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r3 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) mkdirat(r3, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) [ 2767.047846][ T4990] IPv6: ADDRCONF(NETDEV_CHANGE): Y­4`Ò˜: link becomes ready [ 2767.088376][ T4990] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready 07:00:38 executing program 1: r0 = socket$unix(0x1, 0x2, 0x0) r1 = epoll_create1(0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x200000000000013, &(0x7f0000000000)=0x400100000001, 0x36a) connect$inet6(r3, &(0x7f0000000280)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000440), 0x12f815) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = gettid() setsockopt$inet6_tcp_int(r3, 0x6, 0x2, &(0x7f0000000040), 0x4) ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0xd) wait4(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 2767.236746][T30179] usb 4-1: Using ep0 maxpacket: 8 [ 2767.356740][T30179] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2767.526784][T30179] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2767.535906][T30179] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2767.544369][T30179] usb 4-1: Product: syz [ 2767.548725][T30179] usb 4-1: Manufacturer: syz [ 2767.553352][T30179] usb 4-1: SerialNumber: syz [ 2767.807113][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2768.046777][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2768.256723][T30179] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 2768.262882][T30179] cdc_ncm 4-1:1.0: bind() failure [ 2768.277970][T30179] cdc_ncm 4-1:1.1: bind() failure [ 2768.848325][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2768.856731][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:41 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) getpid() recvmmsg(0xffffffffffffffff, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet(r0, &(0x7f00000010c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @initdev}, 0x10, 0x0, 0x0, &(0x7f000000a240)=ANY=[@ANYBLOB="1800000000000000ff06004a60ebef2c47fe3b04dc8cb2acd37913b1f73ab71d6dc45954a82057877482992d4182e0000002fec513d12adb64fe868b17ee10d2d603892ae97f2c182307050491e76079b7e99a6e319aad462f9691ba629a777fb5d0a0583b7ec4e36f08d215c2de6770338786a729bee41e9ec39b4bc291b928ef9f1b12e68f74ab829bfab4877b07f8132d75f25cfa60b42e5eafe40debd93f5c8843542ce87ccd81b56a7ae49a9d9c05298e5425267d128ce11df000d9fa45e8a8dcbd98d41df16b4ebd66464d1e7f66e11a5463afc56cffa277233a378e5cbdf9d18aa6f823a0eee8e60f2627681200021afcffab6b76713074fabbd14fdf723522e65fa0c1c1598d101b737b6dd68457b0b100000000000000e7aab97628569897d804986838614b32e2eb83b4cd080277abb48728246701000000a3c2b217d76be42e595d751d8dde26cecba021e627df1e13015900953b245c3db57fd510dff19516e6456c9560e298785fe0f90e01c5c5722ea99cfcd862f8000000000000b7f90b24204ee593370bf6b862765e1c604f179b56c1cab48aed63a39b2229f372759187f6113b17a1a679fea2c9a8f3dc9b0687ced9d170914d7c08ea8a3ffc1b4dc2394b3dc3bfe86452f044183729dd5f4baa63f744982ebd6d1a0036e8231e1e5b2d63d4d30be7a17333424475adeafa2a6ca643ed1be45c869a8b4b69098fd7ad2f8d8b50b1eb282db29052c8463c09d239ee2aa3a97a170f7f3afa435df3b9b5d1be8527b9acdc7dea2c4f5969bae4d8115fb6a7bc72e15045dd1d4654ba4bfffffffffffffffb36cae40f0a25955257cac2fbae73e3b066a59b27df5fb6e122534b2cc6c8c298eafff148aefd6cc9b2e9943ffb3414d8713f19009cd2d1c37f68137392f85fd6d5791a8a3c2ac7c6e02662b86b577ceef4dcece7141aa0ff4e0a6dac6b7be3983a7de4c5d2b6a0124ab2cb83d197059dff5229a6a8ed66ad4ab6fe55a0319ab26e804bf14d636e292912f1d52cffad48cc180c8b082a78496675fb70e50d5184e704d5195a3a487c76145ffde841c0153a5ddb433969d359a99965f6cbfb7a7916d6b2297fb602e59143a2b2a40bdfb795986feec7021bc1361ad120c45b0f6d561a56fc3bcd51533245ef2905c6fb46ae068575457fe13804b3514b9903b76a1890c0b7f8713c67850fa93536299396de36eb4d5dff234c0fdb4329eb7a412b072b91b220d300002eac42dd451616bc236e86b741facf767cdb379289fb398fafb2ce8337f254c2214ce0ed6b8295e73f103c4155a050fd8df6d31d039c98e6a18d2e92fb414df2782c99a79ee56b3e0133c92605895bd2e12deaf7923c7a2e04d534e024fa6f0113fa784062203100000000000000000000000000000000000000000000004d7d29f25802d7f69e0047ddc4bac1e5abe0ec025fe0c99253b2fc61155cbbaf22a4b4ee42e4a78aba55e234bd1f7908229371e1821ab83367443c93d7a8e6c0df2c966a3c3e7ae025a84c1830a0c2ba31c6de62873d0578ec0861ab839f36441c8b09885bd5104632b3ad7de4945b6dc9f51a12f77f9019c38f112d4771a1d06ee1ece6f975fb3a7aa4d84090948955685f7e864bed7417f9256cbf742e546588efa4b169a414116ecd4baab5efe145f5b41632a9d3004b01158fea35dd5629e902258507000000535ef11e211e01d1ef0c8604ad8c12a281df04bf13a465e4ceae0bfba098f3cfd5d5518cbf2742881f89e60a3a77c2a97d94512154f392933daf2cd0da58a8ac06e63ef72cd90ec2eb5737002b26db96d1d53d4b500d9409f68635764369e76dcea08c4fe7c28f529ea340da6351c50db6146d7126feb18600000000000000000000000000deddd47e8e154c0e7ee38b293c7352b48bf324cee466a4070cb37711fd21e197257212ed4b3eca34d62d79a5a9255c7012ddee40ea0a540c95a61f06bd0648532c2e8827305b99d7e2810392000e7a7d428693cebd2b9ff0753d4045fb89b122b55f555f20a45aac09e871e6b82c235ffdda7b67405b5b150e024af343c1cf52ecae3573cb5765cd7d9f1157716eebeed011cfc21b521b39d8b34e23f51c4fd86f4dd7c059d0c0140f04fb19e0b0693a768fcdccc9dd65dfcbb278eb23fb485f1b2b4c005e84d31f82555bcbc36ff29d4ad0d2a048145151215507f687385244d219630b5df9a2c1776998d5ab09be31863cfb9c0d031d11f70f865cdb4d85399a4c615d622f7eb83c3bb17f56dd2753bc2dd657a0e7838e22414475b10ce81ff57f20295cb80757faf97be5bd6b219e17b72f76fbd6af206aa729a9288e9b7de4a330511f03000000829d738c9acb41afcd271e27959de20eb1308f00000000000000000000000000f07cdb430c2a07fec2eb0b6883af4bbe91caf24297437d767a94ee4eefca78824c4c262a2e9a812bca6aa3d4610368abc7b87f29cd3700f1bcbacdb057fa77d3b53dbd00"/1794], 0x18}}], 0x1b1, 0x0) socket$inet(0x2, 0x0, 0x0) 07:00:41 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:00:41 executing program 1: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x6}, 0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0xa1d, 0x0, 0x1, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mountstats\x00') r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) sendfile(r1, r0, 0x0, 0x800000080004103) socket(0x22, 0x3, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/seq/clients\x00', 0x0, 0x0) 07:00:41 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000004c0), 0x0, 0x0, 0x0}) 07:00:41 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xac, &(0x7f0000000200)="c4fe910d6786cec96ddb5322ad863ae8cb9b9d6c5b2821049d69d60a34ad866a422525ee105042f88d45e7886c0f2a93cd82682ce184dbd0f5ecb8a2ca2a6b7c896ce29e8f72ae59edff025c1dd027f9851190fc934ff0f1bb960b5e00b57f5afc611bd7160647f44ddf30923e9cd404347d321ef3c4359805f99b5b78cddf9afab27ac4a59ebbae8a7ff6590c0e7f53a120a0b04d16c749a75ef5e6c02a01d8a4a439f38345c401bb96d4f5"}}], 0x1c) wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2769.511544][ T9218] usb 4-1: USB disconnect, device number 50 07:00:41 executing program 4: prlimit64(0x0, 0xe, 0x0, 0x0) getpid() recvmmsg(0xffffffffffffffff, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet(r0, &(0x7f00000010c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @initdev}, 0x10, 0x0, 0x0, &(0x7f000000a240)=ANY=[@ANYBLOB="1800000000000000ff06004a60ebef2c47fe3b04dc8cb2acd37913b1f73ab71d6dc45954a82057877482992d4182e0000002fec513d12adb64fe868b17ee10d2d603892ae97f2c182307050491e76079b7e99a6e319aad462f9691ba629a777fb5d0a0583b7ec4e36f08d215c2de6770338786a729bee41e9ec39b4bc291b928ef9f1b12e68f74ab829bfab4877b07f8132d75f25cfa60b42e5eafe40debd93f5c8843542ce87ccd81b56a7ae49a9d9c05298e5425267d128ce11df000d9fa45e8a8dcbd98d41df16b4ebd66464d1e7f66e11a5463afc56cffa277233a378e5cbdf9d18aa6f823a0eee8e60f2627681200021afcffab6b76713074fabbd14fdf723522e65fa0c1c1598d101b737b6dd68457b0b100000000000000e7aab97628569897d804986838614b32e2eb83b4cd080277abb48728246701000000a3c2b217d76be42e595d751d8dde26cecba021e627df1e13015900953b245c3db57fd510dff19516e6456c9560e298785fe0f90e01c5c5722ea99cfcd862f8000000000000b7f90b24204ee593370bf6b862765e1c604f179b56c1cab48aed63a39b2229f372759187f6113b17a1a679fea2c9a8f3dc9b0687ced9d170914d7c08ea8a3ffc1b4dc2394b3dc3bfe86452f044183729dd5f4baa63f744982ebd6d1a0036e8231e1e5b2d63d4d30be7a17333424475adeafa2a6ca643ed1be45c869a8b4b69098fd7ad2f8d8b50b1eb282db29052c8463c09d239ee2aa3a97a170f7f3afa435df3b9b5d1be8527b9acdc7dea2c4f5969bae4d8115fb6a7bc72e15045dd1d4654ba4bfffffffffffffffb36cae40f0a25955257cac2fbae73e3b066a59b27df5fb6e122534b2cc6c8c298eafff148aefd6cc9b2e9943ffb3414d8713f19009cd2d1c37f68137392f85fd6d5791a8a3c2ac7c6e02662b86b577ceef4dcece7141aa0ff4e0a6dac6b7be3983a7de4c5d2b6a0124ab2cb83d197059dff5229a6a8ed66ad4ab6fe55a0319ab26e804bf14d636e292912f1d52cffad48cc180c8b082a78496675fb70e50d5184e704d5195a3a487c76145ffde841c0153a5ddb433969d359a99965f6cbfb7a7916d6b2297fb602e59143a2b2a40bdfb795986feec7021bc1361ad120c45b0f6d561a56fc3bcd51533245ef2905c6fb46ae068575457fe13804b3514b9903b76a1890c0b7f8713c67850fa93536299396de36eb4d5dff234c0fdb4329eb7a412b072b91b220d300002eac42dd451616bc236e86b741facf767cdb379289fb398fafb2ce8337f254c2214ce0ed6b8295e73f103c4155a050fd8df6d31d039c98e6a18d2e92fb414df2782c99a79ee56b3e0133c92605895bd2e12deaf7923c7a2e04d534e024fa6f0113fa784062203100000000000000000000000000000000000000000000004d7d29f25802d7f69e0047ddc4bac1e5abe0ec025fe0c99253b2fc61155cbbaf22a4b4ee42e4a78aba55e234bd1f7908229371e1821ab83367443c93d7a8e6c0df2c966a3c3e7ae025a84c1830a0c2ba31c6de62873d0578ec0861ab839f36441c8b09885bd5104632b3ad7de4945b6dc9f51a12f77f9019c38f112d4771a1d06ee1ece6f975fb3a7aa4d84090948955685f7e864bed7417f9256cbf742e546588efa4b169a414116ecd4baab5efe145f5b41632a9d3004b01158fea35dd5629e902258507000000535ef11e211e01d1ef0c8604ad8c12a281df04bf13a465e4ceae0bfba098f3cfd5d5518cbf2742881f89e60a3a77c2a97d94512154f392933daf2cd0da58a8ac06e63ef72cd90ec2eb5737002b26db96d1d53d4b500d9409f68635764369e76dcea08c4fe7c28f529ea340da6351c50db6146d7126feb18600000000000000000000000000deddd47e8e154c0e7ee38b293c7352b48bf324cee466a4070cb37711fd21e197257212ed4b3eca34d62d79a5a9255c7012ddee40ea0a540c95a61f06bd0648532c2e8827305b99d7e2810392000e7a7d428693cebd2b9ff0753d4045fb89b122b55f555f20a45aac09e871e6b82c235ffdda7b67405b5b150e024af343c1cf52ecae3573cb5765cd7d9f1157716eebeed011cfc21b521b39d8b34e23f51c4fd86f4dd7c059d0c0140f04fb19e0b0693a768fcdccc9dd65dfcbb278eb23fb485f1b2b4c005e84d31f82555bcbc36ff29d4ad0d2a048145151215507f687385244d219630b5df9a2c1776998d5ab09be31863cfb9c0d031d11f70f865cdb4d85399a4c615d622f7eb83c3bb17f56dd2753bc2dd657a0e7838e22414475b10ce81ff57f20295cb80757faf97be5bd6b219e17b72f76fbd6af206aa729a9288e9b7de4a330511f03000000829d738c9acb41afcd271e27959de20eb1308f00000000000000000000000000f07cdb430c2a07fec2eb0b6883af4bbe91caf24297437d767a94ee4eefca78824c4c262a2e9a812bca6aa3d4610368abc7b87f29cd3700f1bcbacdb057fa77d3b53dbd00"/1794], 0x18}}], 0x1b1, 0x0) socket$inet(0x2, 0x0, 0x0) 07:00:41 executing program 4: sched_setattr(0x0, &(0x7f0000000040)={0x38}, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000340), 0x41395527) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) 07:00:41 executing program 1: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000001c0), 0x6}, 0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0xa1d, 0x0, 0x1, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mountstats\x00') r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) sendfile(r1, r0, 0x0, 0x800000080004103) socket(0x22, 0x3, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/asound/seq/clients\x00', 0x0, 0x0) 07:00:41 executing program 1: r0 = memfd_create(&(0x7f0000000340)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) write(r0, &(0x7f00000004c0)='1', 0x1) 07:00:41 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="34000000000801010000000000000000000000000900010073797a3100000000040004800500030011000000060002400002"], 0x34}}, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x20, 0x2, 0x8, 0x5, 0x0, 0x0, {}, [@CTA_TIMEOUT_NAME={0x9, 0x1, 'syz1\x00'}]}, 0x20}}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) bind(r3, &(0x7f0000000080)=@pptp={0x18, 0x2, {0x0, @broadcast}}, 0x80) ioctl$TIOCMBIS(r2, 0x5416, &(0x7f0000000000)=0x401) ioctl$FITHAW(r3, 0xc0045878) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 2769.886569][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:41 executing program 1: pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) fcntl$setpipe(r0, 0x407, 0x0) write$binfmt_misc(r1, &(0x7f0000000600)=ANY=[], 0x4240a2a0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) splice(r0, 0x0, r2, 0x0, 0x30005, 0x0) [ 2769.946497][ T9218] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 2770.186477][ T9218] usb 4-1: Using ep0 maxpacket: 8 07:00:42 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000004c0), 0x0, 0x0, 0x0}) [ 2770.316490][ T9218] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2770.516456][ T9218] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2770.525762][ T9218] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2770.534065][ T9218] usb 4-1: Product: syz [ 2770.538451][ T9218] usb 4-1: Manufacturer: syz [ 2770.551669][ T9218] usb 4-1: SerialNumber: syz [ 2770.936501][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2771.256508][ T9218] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 2771.262531][ T9218] cdc_ncm 4-1:1.0: bind() failure [ 2771.269699][ T9218] cdc_ncm 4-1:1.1: bind() failure [ 2771.886370][ T9218] net_ratelimit: 1 callbacks suppressed [ 2771.886373][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2771.967719][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:44 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:00:44 executing program 4: bind$inet6(0xffffffffffffffff, &(0x7f00001fefe4)={0xa, 0x4e22, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x5}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bind$inet6(r0, &(0x7f00001fefe4)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}}, 0x1c) 07:00:44 executing program 1: r0 = memfd_create(&(0x7f0000000340)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) write(r0, &(0x7f00000004c0)="3161d417452c8f6d46edb3b1077f2abaa85e3489c66107ab7d9aeb42aa515f23c9150bfd105fa1be4e0415cb2c2d4a1cdff5ab24d3676cc093ea0ffa364b7ed2f3", 0x41) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r0, 0x0) sendfile(r0, r0, &(0x7f0000000200), 0xff8) r1 = perf_event_open(&(0x7f000001d000)={0x200000002, 0x70, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x200800000}}, 0x0, 0x0, 0xffffffffffffffff, 0x8) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000180)='Z\x00') 07:00:44 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:00:44 executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0xa4, 0x2, 0x8, 0x3, 0x0, 0x0, {}, [@CTA_TIMEOUT_DATA={0x1c, 0x4, 0x0, 0x1, @fccp=[@CTA_TIMEOUT_DCCP_REQUEST={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_DCCP_CLOSEREQ={0x8, 0x5, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_DCCP_RESPOND={0x8, 0x2, 0x1, 0x0, 0x3}]}, @CTA_TIMEOUT_DATA={0xc, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x7}]}, @CTA_TIMEOUT_DATA={0x3c, 0x4, 0x0, 0x1, @icmp=[@CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xa504}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x3}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0xc56a}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x7}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x6}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x8001}, @CTA_TIMEOUT_ICMP_TIMEOUT={0x8, 0x1, 0x1, 0x0, 0x1000}]}, @CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x886c}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x88}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}, @CTA_TIMEOUT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000090}, 0xc4) 07:00:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2772.553168][T30179] usb 4-1: USB disconnect, device number 51 07:00:44 executing program 4: clone(0x7ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740)='/dev/ppp\x00', 0x0, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000780)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000240)) 07:00:44 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000240)="6653070000053c27bc3376003639405cb4aef12f0000001500ae47a825d868", 0x1f}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3d) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 07:00:44 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000004300)=[{&(0x7f00000005c0)}, {&(0x7f0000004040)=""/139, 0x8b}, {&(0x7f0000004100)=""/205, 0xcd}, {&(0x7f0000003c80)=""/47, 0x2f}], 0x4}, 0xfffff64b}, {{0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f00000002c0)}, {&(0x7f0000000d40)=""/137, 0x89}], 0x2}, 0x9}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000002440)=""/79, 0x4f}}, {{0x0, 0x0, 0x0}, 0x5}], 0x4, 0x2, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, 0x0, 0x0) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0xfffffffc, 0x6}, 0x0) mkdir(&(0x7f0000000740)='./file0\x00', 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) 07:00:44 executing program 1: open(&(0x7f00000009c0)='./bus\x00', 0x0, 0x0) creat(&(0x7f0000000240)='./bus\x00', 0x0) creat(0x0, 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x63, &(0x7f0000000040)={'ah\x00'}, 0x0) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6100) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffff7fffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) socket(0x840000000002, 0x3, 0x6) write$binfmt_misc(r0, 0x0, 0xef) connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmmsg(r0, &(0x7f0000006d00), 0x800000000000237, 0x1ffffffe) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvram\x00', 0x119040, 0x0) [ 2772.660956][ T5136] binder: 5114:5136 unknown command 0 [ 2772.666671][ T5136] binder: 5114:5136 ioctl c0306201 20000200 returned -22 07:00:44 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x42441) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000004c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a35704000000b6215dd33459"}}], 0xffffff01) 07:00:44 executing program 1: r0 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800002, 0x11, r0, 0x0) r1 = creat(&(0x7f0000000240)='./bus\x00', 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) getsockopt$ARPT_SO_GET_REVISION_TARGET(0xffffffffffffffff, 0x0, 0x63, &(0x7f0000000040)={'ah\x00'}, &(0x7f0000000080)=0x1e) fallocate(r2, 0x0, 0x0, 0x8020003) fcntl$setstatus(r1, 0x4, 0x6100) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x9}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffff7fffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) socket(0x840000000002, 0x3, 0x6) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmmsg(r3, &(0x7f0000006d00), 0x800000000000237, 0x1ffffffe) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) openat$nvram(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvram\x00', 0x119040, 0x0) [ 2772.777654][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 2772.777663][ T28] audit: type=1804 audit(1595919644.553:91): pid=5149 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir236637440/syzkaller.DLFqFZ/4037/bus" dev="sda1" ino=16281 res=1 [ 2772.976235][T30179] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 2773.006392][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2773.216239][T30179] usb 4-1: Using ep0 maxpacket: 8 [ 2773.336263][T30179] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2773.506227][T30179] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2773.516586][T30179] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2773.524772][T30179] usb 4-1: Product: syz [ 2773.530594][T30179] usb 4-1: Manufacturer: syz [ 2773.535263][T30179] usb 4-1: SerialNumber: syz [ 2774.046227][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2774.236133][T30179] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 2774.242225][T30179] cdc_ncm 4-1:1.0: bind() failure [ 2774.251422][T30179] cdc_ncm 4-1:1.1: bind() failure [ 2774.926128][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2775.086152][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:47 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:00:47 executing program 1: syz_open_procfs(0x0, &(0x7f0000000000)='gid_map\x00') 07:00:47 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:00:47 executing program 4: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8e}, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = getpid() sched_setattr(r2, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000340), 0x41395527) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, 0x0, 0x0) creat(0x0, 0x0) 07:00:47 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2775.595178][T19476] usb 4-1: USB disconnect, device number 52 07:00:47 executing program 1: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000013c0)={{{@in6=@remote, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@broadcast, 0x0, 0x32}, 0x0, @in6, 0x0, 0x0, 0x0, 0x2}}, 0xe8) connect$inet6(r0, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) sendmmsg(r0, &(0x7f0000000240), 0x5c3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$key(0xf, 0x3, 0x2) 07:00:47 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:00:47 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2775.694035][ T5204] binder: 5179:5204 unknown command 0 [ 2775.704534][ T5204] binder: 5179:5204 ioctl c0306201 20000200 returned -22 07:00:47 executing program 1: pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x6}, 0x1c) sendmmsg$inet(r0, &(0x7f00000010c0)=[{{&(0x7f00000000c0)={0x2, 0x4e21, @initdev}, 0x10, 0x0, 0x0, &(0x7f000000a240)=ANY=[@ANYBLOB="1800000000000000ff06004a60ebef2c47fe3b04dc8cb2acd37913b1f73ab71d6dc45954a82057877482992d4182e0000002fec513d12adb64fe868b17ee10d2d603892ae97f2c182307050491e76079b7e99a6e319aad462f9691ba629a777fb5d0a0583b7ec4e36f08d215c2de6770338786a729bee41e9ec39b4bc291b928ef9f1b12e68f74ab829bfab4877b07f8132d75f25cfa60b42e5eafe40debd93f5c8843542ce87ccd81b56a7ae49a9d9c05298e5425267d128ce11df000d9fa45e8a8dcbd98d41df16b4ebd66464d1e7f66e11a5463afc56cffa277233a378e5cbdf9d18aa6f823a0eee8e60f2627681200021afcffab6b76713074fabbd14fdf723522e65fa0c1c1598d101b737b6dd68457b0b100000000000000e7aab97628569897d804986838614b32e2eb83b4cd080277abb48728246701000000a3c2b217d76be42e595d751d8dde26cecba021e627df1e13015900953b245c3db57fd510dff19516e6456c9560e298785fe0f90e01c5c5722ea99cfcd862f8000000000000b7f90b24204ee593370bf6b862765e1c604f179b56c1cab48aed63a39b2229f372759187f6113b17a1a679fea2c9a8f3dc9b0687ced9d170914d7c08ea8a3ffc1b4dc2394b3dc3bfe86452f044183729dd5f4baa63f744982ebd6d1a0036e8231e1e5b2d63d4d30be7a17333424475adeafa2a6ca643ed1be45c869a8b4b69098fd7ad2f8d8b50b1eb282db29052c8463c09d239ee2aa3a97a170f7f3afa435df3b9b5d1be8527b9acdc7dea2c4f5969bae4d8115fb6a7bc72e15045dd1d4654ba4bfffffffffffffffb36cae40f0a25955257cac2fbae73e3b066a59b27df5fb6e122534b2cc6c8c298eafff148aefd6cc9b2e9943ffb3414d8713f19009cd2d1c37f68137392f85fd6d5791a8a3c2ac7c6e02662b86b577ceef4dcece7141aa0ff4e0a6dac6b7be3983a7de4c5d2b6a0124ab2cb83d197059dff5229a6a8ed66ad4ab6fe55a0319ab26e804bf14d636e292912f1d52cffad48cc180c8b082a78496675fb70e50d5184e704d5195a3a487c76145ffde841c0153a5ddb433969d359a99965f6cbfb7a7916d6b2297fb602e59143a2b2a40bdfb795986feec7021bc1361ad120c45b0f6d561a56fc3bcd51533245ef2905c6fb46ae068575457fe13804b3514b9903b76a1890c0b7f8713c67850fa93536299396de36eb4d5dff234c0fdb4329eb7a412b072b91b220d300002eac42dd451616bc236e86b741facf767cdb379289fb398fafb2ce8337f254c2214ce0ed6b8295e73f103c4155a050fd8df6d31d039c98e6a18d2e92fb414df2782c99a79ee56b3e0133c92605895bd2e12deaf7923c7a2e04d534e024fa6f0113fa784062203100000000000000000000000000000000000000000000004d7d29f25802d7f69e0047ddc4bac1e5abe0ec025fe0c99253b2fc61155cbbaf22a4b4ee42e4a78aba55e234bd1f7908229371e1821ab83367443c93d7a8e6c0df2c966a3c3e7ae025a84c1830a0c2ba31c6de62873d0578ec0861ab839f36441c8b09885bd5104632b3ad7de4945b6dc9f51a12f77f9019c38f112d4771a1d06ee1ece6f975fb3a7aa4d84090948955685f7e864bed7417f9256cbf742e546588efa4b169a414116ecd4baab5efe145f5b41632a9d3004b01158fea35dd5629e902258507000000535ef11e211e01d1ef0c8604ad8c12a281df04bf13a465e4ceae0bfba098f3cfd5d5518cbf2742881f89e60a3a77c2a97d94512154f392933daf2cd0da58a8ac06e63ef72cd90ec2eb5737002b26db96d1d53d4b500d9409f68635764369e76dcea08c4fe7c28f529ea340da6351c50db6146d7126feb18600000000000000000000000000deddd47e8e154c0e7ee38b293c7352b48bf324cee466a4070cb37711fd21e197257212ed4b3eca34d62d79a5a9255c7012ddee40ea0a540c95a61f06bd0648532c2e8827305b99d7e2810392000e7a7d428693cebd2b9ff0753d4045fb89b122b55f555f20a45aac09e871e6b82c235ffdda7b67405b5b150e024af343c1cf52ecae3573cb5765cd7d9f1157716eebeed011cfc21b521b39d8b34e23f51c4fd86f4dd7c059d0c0140f04fb19e0b0693a768fcdccc9dd65dfcbb278eb23fb485f1b2b4c005e84d31f82555bcbc36ff29d4ad0d2a048145151215507f687385244d219630b5df9a2c1776998d5ab09be31863cfb9c0d031d11f70f865cdb4d85399a4c615d622f7eb83c3bb17f56dd2753bc2dd657a0e7838e22414475b10ce81ff57f20295cb80757faf97be5bd6b219e17b72f76fbd6af206aa729a9288e9b7de4a330511f03000000829d738c9acb41afcd271e27959de20eb1308f00000000000000000000000000f07cdb430c2a07fec2eb0b6883af4bbe91caf24297437d767a94ee4eefca78824c4c262a2e9a812bca6aa3d4610368abc7b87f29cd3700f1bcbacdb057fa77d3b53dbd00"/1794], 0x18}}], 0x1b1, 0x0) 07:00:47 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:00:47 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000440)}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000680)="ff5b93baf4715971ba778a4091bf32a5307d1aad95db841680c544d506ab1c3405176a92ebe5ce0025e269e33dba850c0edff31990e83f65d40e8aec1f8801132a4088456b3f9166215a20ce4113818fe8668752a06696602189d19eb27eeb7c7a8fe69d0e65a052a93b5c4cf71bc11c4bc0bc7fbc5637850e7cf553dc9683e2a77d09196b818171d8e2b85add4e45494bc588edfedd7bd8045fa963bdd79c6885fb32e67153a5050367a53907b55917d7f298c40364e253", 0xffffffe1) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x1}, 0x0) r4 = memfd_create(&(0x7f0000000340)='-B\xd5NI\xc5j\xbappp\xf0\b\x84\xa2m\x00:)\x00\xbb\x8d\xac\xacva}knh#\xcb)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8bCc\xad\x89\x9ck\xde\xc5\xe96\xddU\xa9=\xcdJx\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93?\x88Q\xf7\xd6\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xab\xb6\xa5$4\xd6\xfe7\x0f\xe7\xd9$\xce \xabN\xae\xc9\xbd\xd3g@\xe1\'s\x0e\x90\xf2\xcdr\xb8(', 0x0) write(r4, &(0x7f00000004c0)="3161d417452c8f6d46edb3b1077f2abaa85e3489c66107ab7d9aeb42aa515f23c9150bfd105fa1be4e0415cb2c2d4a1cdff5ab24d3676cc093ea0ffa364b7ec5a99d58d226", 0x45) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000100)=0x20, 0x12) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x4, 0x11, r4, 0x0) sendfile(r4, r4, &(0x7f0000000200), 0xff8) write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000000a00)=ANY=[@ANYBLOB="b0000000000000000700000000000000010000000000000000000000000000007600000000000000000000000000000000000000010001000100000000000000000000000000000005000000000000000100000000000000ff0100"/124, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000878dc4d0d6b506af373f95c30000000000020000002f215b2d2e3a00"/44], 0xb0) r5 = perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x0, 0x4, 0x0, 0x0, 0x0, 0x40000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001fff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_SET_FILTER(r5, 0x40082406, &(0x7f0000000180)='Z\x00') socket$inet(0x2, 0x4000000000000001, 0x0) 07:00:47 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2776.025954][T19476] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 2776.126078][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2776.295919][T19476] usb 4-1: Using ep0 maxpacket: 8 [ 2776.426226][T19476] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2776.635929][T19476] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2776.645322][T19476] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2776.654323][T19476] usb 4-1: Product: syz [ 2776.658800][T19476] usb 4-1: Manufacturer: syz [ 2776.663381][T19476] usb 4-1: SerialNumber: syz [ 2777.166110][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2777.385873][T19476] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 2777.391837][T19476] cdc_ncm 4-1:1.0: bind() failure [ 2777.399859][T19476] cdc_ncm 4-1:1.1: bind() failure [ 2777.976042][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2778.207877][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:50 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:00:50 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:00:50 executing program 4: r0 = socket$inet(0x10, 0x2000000002, 0x0) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000001c0)="240000002e0007031dfffd946fa2830020200a0000000000000000e50c1be3a20400ff7e280000005e00ffffba16a0aa1c0009b3ebea966cf0554edc7de8ddeb133c2b3ce9fad90f15a36a15", 0x4c}], 0x1}, 0x0) recvmmsg(r0, &(0x7f0000002540)=[{{0x0, 0x1b3, &(0x7f0000001600)=[{&(0x7f00000002c0)=""/160, 0x437}, {&(0x7f0000000380)=""/65, 0x41}, {&(0x7f0000000400)=""/96, 0x60}, {&(0x7f0000002580)=""/4096, 0x1005}, {&(0x7f0000000480)=""/119, 0x77}, {&(0x7f0000000040)=""/14, 0xe}], 0x6}}], 0x4000000000004da, 0x42, 0x0) 07:00:50 executing program 5: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:00:50 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:50 executing program 1: r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS3\x00', 0x0, 0x0) r1 = socket$unix(0x1, 0x2, 0x0) r2 = epoll_create1(0x0) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, "97cc5df552a4ee0734077b201b77b8cc215044"}) [ 2778.628924][ T9544] usb 4-1: USB disconnect, device number 53 07:00:50 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:00:50 executing program 1: r0 = syz_open_dev$sndctrl(&(0x7f0000001440)='/dev/snd/controlC#\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140)='/dev/audio\x00', 0x40000000040201, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6(0xa, 0x2, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) dup3(r2, r1, 0x0) 07:00:50 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:00:50 executing program 4: perf_event_open(&(0x7f0000000300)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41bd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x1, 0x0) creat(&(0x7f0000000140)='./bus\x00', 0x0) setsockopt$inet6_IPV6_DSTOPTS(0xffffffffffffffff, 0x29, 0x3b, 0x0, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x240008d6, &(0x7f0000000280)={0x2, 0x4e23, @loopback}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge_slave_1\x00', 0x10) sendto$inet(r0, &(0x7f0000000000), 0xfffffffffffffccf, 0x240, 0x0, 0xffffffffffffff37) [ 2778.752533][ T5287] binder: 5263:5287 unknown command 0 [ 2778.766994][ T5287] binder: 5263:5287 ioctl c0306201 20000200 returned -22 07:00:50 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={{0x14}, [@NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_PRIORITY={0x8}]}]}], {0x14}}, 0x70}}, 0x0) 07:00:50 executing program 1: r0 = socket(0x40000000015, 0x5, 0x0) bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) [ 2779.095701][ T9544] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 2779.245740][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2779.335658][ T9544] usb 4-1: Using ep0 maxpacket: 8 [ 2779.455867][ T9544] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2779.625672][ T9544] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2779.634763][ T9544] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2779.643114][ T9544] usb 4-1: Product: syz [ 2779.647446][ T9544] usb 4-1: Manufacturer: syz [ 2779.652009][ T9544] usb 4-1: SerialNumber: syz [ 2780.285758][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2780.345585][ T9544] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 2780.351553][ T9544] cdc_ncm 4-1:1.0: bind() failure [ 2780.360559][ T9544] cdc_ncm 4-1:1.1: bind() failure [ 2780.615642][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2781.015636][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2781.328053][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:53 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:00:53 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = dup(0xffffffffffffffff) syz_kvm_setup_cpu$x86(r6, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:00:53 executing program 1: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) add_key$user(0x0, 0x0, 0x0, 0x0, 0x0) request_key(&(0x7f0000000000)='user\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0) 07:00:53 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) r1 = socket$unix(0x1, 0x2, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$packet(0x11, 0x0, 0x300) r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r5 = socket$can_raw(0x1d, 0x3, 0x1) dup2(r4, r5) sendfile(r5, r3, 0x0, 0x4000000000dd) 07:00:53 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:00:53 executing program 5: [ 2781.668546][T19476] usb 4-1: USB disconnect, device number 54 07:00:53 executing program 5: 07:00:53 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = dup(0xffffffffffffffff) syz_kvm_setup_cpu$x86(r6, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:00:53 executing program 1: 07:00:53 executing program 5: 07:00:53 executing program 5: 07:00:53 executing program 1: [ 2782.135452][T19476] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 2782.365497][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2782.377950][T19476] usb 4-1: Using ep0 maxpacket: 8 [ 2782.515527][T19476] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2782.715576][T19476] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2782.724633][T19476] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2782.745418][T19476] usb 4-1: Product: syz [ 2782.749574][T19476] usb 4-1: Manufacturer: syz [ 2782.754190][T19476] usb 4-1: SerialNumber: syz [ 2783.407469][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2783.435308][T19476] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 2783.441341][T19476] cdc_ncm 4-1:1.0: bind() failure [ 2783.466262][T19476] cdc_ncm 4-1:1.1: bind() failure [ 2784.047138][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2784.445298][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:00:56 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:00:56 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = dup(0xffffffffffffffff) syz_kvm_setup_cpu$x86(r6, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:00:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2784.721942][T19476] usb 4-1: USB disconnect, device number 55 [ 2785.175146][T19476] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 2785.435178][T19476] usb 4-1: Using ep0 maxpacket: 8 [ 2785.485625][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2785.555371][T19476] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2785.765653][T19476] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2785.779498][T19476] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2785.798557][T19476] usb 4-1: Product: syz [ 2785.808477][T19476] usb 4-1: Manufacturer: syz [ 2785.817618][T19476] usb 4-1: SerialNumber: syz [ 2786.525554][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2786.715016][T19476] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 2786.721087][T19476] cdc_ncm 4-1:1.0: bind() failure [ 2786.743604][T19476] cdc_ncm 4-1:1.1: bind() failure [ 2787.086205][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2787.102667][ T5368] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 2787.144985][ T5368] CPU: 1 PID: 5368 Comm: syz-executor.3 Not tainted 5.8.0-rc7-syzkaller #0 [ 2787.153566][ T5368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2787.163592][ T5368] Call Trace: [ 2787.166861][ T5368] dump_stack+0x10f/0x19d [ 2787.171161][ T5368] dump_header+0x8e/0x400 [ 2787.175474][ T5368] oom_kill_process+0x18d/0x3f0 [ 2787.180292][ T5368] out_of_memory+0x5bd/0x880 [ 2787.184858][ T5368] ? get_page_from_freelist+0x127/0x3c0 [ 2787.190374][ T5368] __alloc_pages_slowpath+0x742/0x970 [ 2787.195717][ T5368] __alloc_pages_nodemask+0x235/0x390 [ 2787.201100][ T5368] alloc_pages_current+0x21d/0x310 [ 2787.206180][ T5368] __page_cache_alloc+0x4f/0x120 [ 2787.211086][ T5368] pagecache_get_page+0x494/0x8b0 [ 2787.216080][ T5368] ? __do_page_cache_readahead+0x96/0xb0 [ 2787.221683][ T5368] filemap_fault+0xba4/0x11e0 [ 2787.226429][ T5368] ext4_filemap_fault+0x4b/0x60 [ 2787.231249][ T5368] do_read_fault+0x41f/0x730 [ 2787.235811][ T5368] handle_mm_fault+0x135d/0x1930 [ 2787.240739][ T5368] do_user_addr_fault+0x393/0x810 [ 2787.245744][ T5368] exc_page_fault+0xb8/0x330 [ 2787.250375][ T5368] ? asm_exc_page_fault+0x8/0x30 [ 2787.255282][ T5368] asm_exc_page_fault+0x1e/0x30 [ 2787.260170][ T5368] RIP: 0033:0x45c369 [ 2787.264039][ T5368] Code: Bad RIP value. [ 2787.268073][ T5368] RSP: 002b:00007ffc1631cb68 EFLAGS: 00010246 [ 2787.274205][ T5368] RAX: ffffffffffffff92 RBX: 0000000000000159 RCX: 000000000045c369 [ 2787.282149][ T5368] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000078bf0c [ 2787.290097][ T5368] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2787.298030][ T5368] R10: 00007ffc1631cc50 R11: 0000000000000246 R12: 00000000000003e8 [ 2787.305964][ T5368] R13: 00000000002a87ee R14: 00000000002a8695 R15: 000000000078bf0c [ 2787.379889][ T5368] Mem-Info: [ 2787.383006][ T5368] active_anon:238647 inactive_anon:9808 isolated_anon:0 [ 2787.383006][ T5368] active_file:37 inactive_file:0 isolated_file:0 [ 2787.383006][ T5368] unevictable:11 dirty:0 writeback:0 [ 2787.383006][ T5368] slab_reclaimable:8034 slab_unreclaimable:25860 [ 2787.383006][ T5368] mapped:57594 shmem:10019 pagetables:5766 bounce:0 [ 2787.383006][ T5368] free:26561 free_pcp:78 free_cma:0 [ 2787.425817][ T5368] Node 0 active_anon:954568kB inactive_anon:39232kB active_file:16kB inactive_file:52kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:230376kB dirty:0kB writeback:0kB shmem:40072kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 671744kB writeback_tmp:0kB all_unreclaimable? yes [ 2787.536878][ T5368] Node 1 active_anon:20kB inactive_anon:0kB active_file:32kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2787.566374][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2787.574740][T21547] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2787.585321][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2787.604978][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2787.713576][ T5368] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2787.830698][ T5368] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2787.852989][ T5368] Node 0 DMA32 free:37052kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:635908kB inactive_anon:0kB active_file:24kB inactive_file:88kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2888kB pagetables:14364kB bounce:0kB free_pcp:64kB local_pcp:64kB free_cma:0kB [ 2787.894889][ T5368] lowmem_reserve[]: 0 0 707 707 707 [ 2787.900111][ T5368] Node 0 Normal free:8536kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:318660kB inactive_anon:39232kB active_file:72kB inactive_file:4kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4464kB pagetables:8692kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2788.023718][ T5368] lowmem_reserve[]: 0 0 0 0 0 [ 2788.044012][ T5368] Node 1 Normal free:46252kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:20kB inactive_anon:0kB active_file:32kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 2788.096440][ T5368] lowmem_reserve[]: 0 0 0 0 0 [ 2788.101206][ T5368] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (M) = 14404kB [ 2788.114074][ T5368] Node 0 DMA32: 264*4kB (UME) 1184*8kB (UME) 636*16kB (UME) 275*32kB (UME) 90*64kB (UME) 18*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 37568kB [ 2788.129767][ T5368] Node 0 Normal: 938*4kB (UME) 367*8kB (UME) 136*16kB (UM) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8864kB [ 2788.143392][ T5368] Node 1 Normal: 7*4kB (ME) 6*8kB (ME) 8*16kB (UME) 6*32kB (UME) 5*64kB (ME) 6*128kB (ME) 3*256kB (M) 4*512kB (UM) 3*1024kB (ME) 1*2048kB (M) 9*4096kB (M) = 46284kB [ 2788.159937][ T5368] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2788.169452][ T5368] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2788.178705][ T5368] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2788.188215][ T5368] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2788.197464][ T5368] 10096 total pagecache pages [ 2788.202099][ T5368] 0 pages in swap cache [ 2788.206231][ T5368] Swap cache stats: add 0, delete 0, find 0/0 [ 2788.212256][ T5368] Free swap = 0kB [ 2788.218736][ T5368] Total swap = 0kB [ 2788.222434][ T5368] 1965979 pages RAM [ 2788.226365][ T5368] 0 pages HighMem/MovableOnly [ 2788.231008][ T5368] 83163 pages reserved [ 2788.235143][ T5368] 0 pages cma reserved [ 2788.239188][ T5368] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.4,pid=26587,uid=0 [ 2788.253439][ T5368] Out of memory: Killed process 26587 (syz-executor.4) total-vm:75108kB, anon-rss:5076kB, file-rss:34816kB, shmem-rss:11480kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2788.685085][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2788.899277][T24244] usb 4-1: USB disconnect, device number 56 [ 2789.352977][ T8260] rs:main Q:Reg invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2789.373489][ T8260] CPU: 0 PID: 8260 Comm: rs:main Q:Reg Not tainted 5.8.0-rc7-syzkaller #0 [ 2789.381961][ T8260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2789.391983][ T8260] Call Trace: [ 2789.395251][ T8260] dump_stack+0x10f/0x19d [ 2789.399551][ T8260] dump_header+0x8e/0x400 [ 2789.403852][ T8260] oom_kill_process+0x18d/0x3f0 [ 2789.408675][ T8260] out_of_memory+0x5bd/0x880 [ 2789.413289][ T8260] ? get_page_from_freelist+0x127/0x3c0 [ 2789.418804][ T8260] __alloc_pages_slowpath+0x742/0x970 [ 2789.424218][ T8260] __alloc_pages_nodemask+0x235/0x390 [ 2789.429563][ T8260] alloc_pages_current+0x21d/0x310 [ 2789.434646][ T8260] __page_cache_alloc+0x4f/0x120 [ 2789.439555][ T8260] pagecache_get_page+0x494/0x8b0 [ 2789.444554][ T8260] ? __do_page_cache_readahead+0x96/0xb0 [ 2789.450217][ T8260] filemap_fault+0xba4/0x11e0 [ 2789.454881][ T8260] ext4_filemap_fault+0x4b/0x60 [ 2789.459899][ T8260] do_read_fault+0x41f/0x730 [ 2789.464473][ T8260] handle_mm_fault+0x135d/0x1930 [ 2789.469418][ T8260] do_user_addr_fault+0x393/0x810 [ 2789.474415][ T8260] exc_page_fault+0xb8/0x330 [ 2789.478981][ T8260] ? asm_exc_page_fault+0x8/0x30 [ 2789.483989][ T8260] asm_exc_page_fault+0x1e/0x30 [ 2789.488820][ T8260] RIP: 0033:0x55653b3e0ef2 [ 2789.493213][ T8260] Code: Bad RIP value. [ 2789.497247][ T8260] RSP: 002b:00007f2a57ffeb50 EFLAGS: 00010246 [ 2789.503288][ T8260] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000004d6d [ 2789.511233][ T8260] RDX: fffffffffffffd90 RSI: 0000000000020000 RDI: 00007f2a50000000 [ 2789.519177][ T8260] RBP: 000055653d0f6250 R08: 0000000000020f90 R09: 0000000000000000 [ 2789.527123][ T8260] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 2789.535064][ T8260] R13: 00007f2a57ffeb90 R14: 000055653b645bec R15: 000055653d0f5d70 [ 2789.744763][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2789.961640][ T8260] Mem-Info: [ 2789.997081][ T8260] active_anon:236309 inactive_anon:6938 isolated_anon:0 [ 2789.997081][ T8260] active_file:38 inactive_file:3 isolated_file:0 [ 2789.997081][ T8260] unevictable:11 dirty:11 writeback:0 [ 2789.997081][ T8260] slab_reclaimable:8001 slab_unreclaimable:25836 [ 2789.997081][ T8260] mapped:54744 shmem:7149 pagetables:5682 bounce:0 [ 2789.997081][ T8260] free:26727 free_pcp:0 free_cma:0 [ 2790.128024][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2790.173036][ T8260] Node 0 active_anon:945216kB inactive_anon:27752kB active_file:104kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:218924kB dirty:0kB writeback:0kB shmem:28592kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 663552kB writeback_tmp:0kB all_unreclaimable? yes [ 2790.208342][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2790.240304][ T8260] Node 1 active_anon:20kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:64kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? no [ 2790.276658][ T8260] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2790.412236][ T8260] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2790.418049][ T8260] Node 0 DMA32 free:37232kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:627716kB inactive_anon:0kB active_file:8kB inactive_file:20kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2872kB pagetables:14212kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2790.577211][ T8260] lowmem_reserve[]: 0 0 707 707 707 [ 2790.582501][ T8260] Node 0 Normal free:8060kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:317500kB inactive_anon:27752kB active_file:84kB inactive_file:32kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4416kB pagetables:8508kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2790.775842][ T8260] lowmem_reserve[]: 0 0 0 0 0 [ 2790.775974][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2790.780608][ T8260] Node 1 Normal free:46192kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:20kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 2790.982425][ T8260] lowmem_reserve[]: 0 0 0 0 0 [ 2791.014388][ T8260] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (M) = 14404kB [ 2791.092829][ T8260] Node 0 DMA32: 273*4kB (UME) 1170*8kB (UME) 615*16kB (UME) 263*32kB (ME) 88*64kB (ME) 17*128kB (UM) 0*256kB 0*512kB 1*1024kB (U) 0*2048kB 0*4096kB = 37540kB [ 2791.180825][ T8260] Node 0 Normal: 736*4kB (UME) 243*8kB (ME) 91*16kB (M) 26*32kB (UM) 22*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8584kB [ 2791.219054][ T8260] Node 1 Normal: 9*4kB (UME) 2*8kB (ME) 6*16kB (UME) 10*32kB (UME) 5*64kB (ME) 4*128kB (ME) 3*256kB (M) 3*512kB (UM) 2*1024kB (ME) 0*2048kB 10*4096kB (M) = 46612kB [ 2791.235519][ T8260] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2791.245098][ T8260] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2791.254347][ T8260] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2791.263873][ T8260] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2791.273134][ T8260] 7176 total pagecache pages [ 2791.278949][ T8260] 0 pages in swap cache [ 2791.283074][ T8260] Swap cache stats: add 0, delete 0, find 0/0 [ 2791.289184][ T8260] Free swap = 0kB [ 2791.292871][ T8260] Total swap = 0kB [ 2791.297944][ T8260] 1965979 pages RAM [ 2791.301742][ T8260] 0 pages HighMem/MovableOnly [ 2791.306469][ T8260] 83163 pages reserved [ 2791.310501][ T8260] 0 pages cma reserved [ 2791.314535][ T8260] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.4,pid=9493,uid=0 [ 2791.329861][ T8260] Out of memory: Killed process 9493 (syz-executor.4) total-vm:74976kB, anon-rss:4260kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 2791.531678][ T8250] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2791.582827][ T8250] CPU: 1 PID: 8250 Comm: in:imklog Not tainted 5.8.0-rc7-syzkaller #0 [ 2791.590953][ T8250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2791.601111][ T8250] Call Trace: [ 2791.604374][ T8250] dump_stack+0x10f/0x19d [ 2791.608677][ T8250] dump_header+0x8e/0x400 [ 2791.612980][ T8250] oom_kill_process+0x18d/0x3f0 [ 2791.617857][ T8250] out_of_memory+0x5bd/0x880 [ 2791.622447][ T8250] ? get_page_from_freelist+0x127/0x3c0 [ 2791.628054][ T8250] __alloc_pages_slowpath+0x742/0x970 [ 2791.633398][ T8250] __alloc_pages_nodemask+0x235/0x390 [ 2791.638759][ T8250] alloc_pages_current+0x21d/0x310 [ 2791.643847][ T8250] __page_cache_alloc+0x4f/0x120 [ 2791.648784][ T8250] pagecache_get_page+0x494/0x8b0 [ 2791.653781][ T8250] ? __do_page_cache_readahead+0x96/0xb0 [ 2791.659498][ T8250] filemap_fault+0xba4/0x11e0 [ 2791.664198][ T8250] ext4_filemap_fault+0x4b/0x60 [ 2791.669023][ T8250] do_read_fault+0x41f/0x730 [ 2791.673588][ T8250] handle_mm_fault+0x135d/0x1930 [ 2791.678497][ T8250] do_user_addr_fault+0x393/0x810 [ 2791.683501][ T8250] exc_page_fault+0xb8/0x330 [ 2791.688079][ T8250] ? asm_exc_page_fault+0x8/0x30 [ 2791.693023][ T8250] asm_exc_page_fault+0x1e/0x30 [ 2791.697840][ T8250] RIP: 0033:0x7f2a5ebe922d [ 2791.702230][ T8250] Code: Bad RIP value. [ 2791.706298][ T8250] RSP: 002b:00007f2a5c585580 EFLAGS: 00010293 [ 2791.712332][ T8250] RAX: 0000000000000826 RBX: 0000000000000000 RCX: 00007f2a5ebe922d [ 2791.720273][ T8250] RDX: 0000000000001fa0 RSI: 00007f2a5c585da0 RDI: 0000000000000004 [ 2791.728214][ T8250] RBP: 000055653d0f99d0 R08: 0000000000000000 R09: 0000000004000001 [ 2791.736156][ T8250] R10: 0000000000000001 R11: 0000000000000293 R12: 00007f2a5c585da0 [ 2791.744098][ T8250] R13: 0000000000001fa0 R14: 0000000000001f9f R15: 00007f2a5c585de4 [ 2791.758990][ T8250] Mem-Info: [ 2791.763179][ T8250] active_anon:235258 inactive_anon:6938 isolated_anon:0 [ 2791.763179][ T8250] active_file:9 inactive_file:5 isolated_file:0 [ 2791.763179][ T8250] unevictable:11 dirty:0 writeback:0 [ 2791.763179][ T8250] slab_reclaimable:7967 slab_unreclaimable:25832 [ 2791.763179][ T8250] mapped:54749 shmem:7149 pagetables:5682 bounce:0 [ 2791.763179][ T8250] free:26647 free_pcp:118 free_cma:0 [ 2791.805452][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2791.813586][ T8250] Node 0 active_anon:941012kB inactive_anon:27752kB active_file:124kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:218896kB dirty:0kB writeback:0kB shmem:28592kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 663552kB writeback_tmp:0kB all_unreclaimable? no [ 2791.841049][ T8250] Node 1 active_anon:20kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2791.866447][ T8250] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2791.895420][ T8250] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2791.901277][ T8250] Node 0 DMA32 free:37672kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:623620kB inactive_anon:0kB active_file:4kB inactive_file:8kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2872kB pagetables:14212kB bounce:0kB free_pcp:184kB local_pcp:0kB free_cma:0kB [ 2791.974530][ T8250] lowmem_reserve[]: 0 0 707 707 707 [ 2791.979712][ T8250] Node 0 Normal free:8296kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:317364kB inactive_anon:27752kB active_file:100kB inactive_file:16kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4416kB pagetables:8508kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2792.162218][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2792.182815][ T8250] Node 1 Normal free:45796kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:20kB inactive_anon:0kB active_file:4kB inactive_file:508kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:760kB local_pcp:352kB free_cma:0kB [ 2792.258193][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2792.262851][ T8250] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (M) = 14404kB [ 2792.305818][ T8250] Node 0 DMA32: 265*4kB (UME) 1170*8kB (UME) 617*16kB (UME) 264*32kB (UME) 89*64kB (UME) 16*128kB (M) 0*256kB 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 38020kB [ 2792.378256][ T8250] Node 0 Normal: 770*4kB (UME) 247*8kB (UME) 91*16kB (M) 26*32kB (UM) 22*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8752kB [ 2792.423961][ T8250] Node 1 Normal: 2*4kB (E) 2*8kB (ME) 4*16kB (UME) 6*32kB (UE) 2*64kB (E) 1*128kB (E) 3*256kB (M) 3*512kB (UM) 2*1024kB (ME) 0*2048kB 10*4096kB (M) = 45848kB [ 2792.475288][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2792.523319][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2792.573119][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2792.635554][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2792.692149][ T8250] 7180 total pagecache pages [ 2792.718781][ T8250] 0 pages in swap cache [ 2792.722910][ T8250] Swap cache stats: add 0, delete 0, find 0/0 [ 2792.764449][ T8250] Free swap = 0kB [ 2792.768993][ T8250] Total swap = 0kB [ 2792.779409][ T8250] 1965979 pages RAM [ 2792.783191][ T8250] 0 pages HighMem/MovableOnly [ 2792.803975][ T8250] 83163 pages reserved [ 2792.808116][ T8250] 0 pages cma reserved [ 2792.812151][ T8250] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.4,pid=28104,uid=0 [ 2792.855587][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2792.936968][ T8250] Out of memory: Killed process 28104 (syz-executor.4) total-vm:75240kB, anon-rss:4276kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2793.165461][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2793.284540][T28101] syz-executor.4 (28101) used greatest stack depth: 8648 bytes left [ 2793.404852][T21547] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2793.413352][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2793.422747][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2794.076879][ T1931] oom_reaper: reaped process 5328 (syz-executor.4), now anon-rss:0kB, file-rss:34752kB, shmem-rss:0kB [ 2794.095764][ T8260] rs:main Q:Reg invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2794.107222][ T8260] CPU: 1 PID: 8260 Comm: rs:main Q:Reg Not tainted 5.8.0-rc7-syzkaller #0 [ 2794.115725][ T8260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2794.124648][ T5328] syz-executor.4: vmalloc: allocation failure, allocated 2370109440 of 3724722176 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 2794.125764][ T8260] Call Trace: [ 2794.145471][ T8260] dump_stack+0x10f/0x19d [ 2794.149867][ T8260] dump_header+0x8e/0x400 [ 2794.154171][ T8260] oom_kill_process+0x18d/0x3f0 [ 2794.159021][ T8260] out_of_memory+0x5bd/0x880 [ 2794.163580][ T8260] ? get_page_from_freelist+0x127/0x3c0 [ 2794.169091][ T8260] __alloc_pages_slowpath+0x742/0x970 [ 2794.174433][ T8260] __alloc_pages_nodemask+0x235/0x390 [ 2794.179822][ T8260] alloc_pages_current+0x21d/0x310 [ 2794.184910][ T8260] __page_cache_alloc+0x4f/0x120 [ 2794.189867][ T8260] pagecache_get_page+0x494/0x8b0 [ 2794.194860][ T8260] ? __do_page_cache_readahead+0x96/0xb0 [ 2794.200460][ T8260] filemap_fault+0xba4/0x11e0 [ 2794.205115][ T8260] ext4_filemap_fault+0x4b/0x60 [ 2794.209944][ T8260] do_read_fault+0x41f/0x730 [ 2794.214541][ T8260] handle_mm_fault+0x135d/0x1930 [ 2794.219492][ T8260] do_user_addr_fault+0x393/0x810 [ 2794.224531][ T8260] exc_page_fault+0xb8/0x330 [ 2794.229095][ T8260] ? asm_exc_page_fault+0x8/0x30 [ 2794.234000][ T8260] asm_exc_page_fault+0x1e/0x30 [ 2794.238819][ T8260] RIP: 0033:0x7f2a5dcfa710 [ 2794.243210][ T8260] Code: Bad RIP value. [ 2794.247241][ T8260] RSP: 002b:00007f2a57ffe628 EFLAGS: 00010206 [ 2794.253268][ T8260] RAX: 0000000000000090 RBX: 00007f2a48000020 RCX: 0000000000047000 [ 2794.261204][ T8260] RDX: 0000000000000003 RSI: 0000000000001000 RDI: 00007f2a48046000 [ 2794.269171][ T8260] RBP: 0000000000000210 R08: 00007f2a48000000 R09: 0000000000046000 [ 2794.277113][ T8260] R10: 00007f2a48046000 R11: 00007f2a48045c01 R12: 00000000000001a0 [ 2794.285057][ T8260] R13: 00007f2a48045e60 R14: 0000000000001000 R15: 0000000000000230 [ 2794.293034][ T5328] CPU: 0 PID: 5328 Comm: syz-executor.4 Not tainted 5.8.0-rc7-syzkaller #0 [ 2794.296933][ T8260] Mem-Info: [ 2794.301616][ T5328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2794.304736][ T8260] active_anon:233652 inactive_anon:6938 isolated_anon:0 [ 2794.304736][ T8260] active_file:26 inactive_file:3 isolated_file:0 [ 2794.304736][ T8260] unevictable:11 dirty:0 writeback:0 [ 2794.304736][ T8260] slab_reclaimable:7838 slab_unreclaimable:25784 [ 2794.304736][ T8260] mapped:54724 shmem:7149 pagetables:5622 bounce:0 [ 2794.304736][ T8260] free:18207 free_pcp:62 free_cma:0 [ 2794.314707][ T5328] Call Trace: [ 2794.314785][ T5328] dump_stack+0x10f/0x19d [ 2794.314798][ T5328] warn_alloc+0x105/0x160 [ 2794.351194][ T8260] Node 0 active_anon:934588kB inactive_anon:27752kB active_file:100kB inactive_file:8kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:218896kB dirty:0kB writeback:0kB shmem:28592kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 655360kB writeback_tmp:0kB all_unreclaimable? yes [ 2794.354445][ T5328] __vmalloc_node_range+0x458/0x530 [ 2794.354459][ T5328] vmalloc_user+0x55/0x60 [ 2794.358756][ T8260] Node 1 active_anon:20kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2794.363049][ T5328] ? vb2_vmalloc_alloc+0x8f/0x120 [ 2794.390515][ T8260] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2794.395671][ T5328] vb2_vmalloc_alloc+0x8f/0x120 [ 2794.395684][ T5328] ? tsan.module_ctor+0x10/0x10 [ 2794.399971][ T8260] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2794.425280][ T5328] __vb2_queue_alloc+0x4fe/0xaf0 [ 2794.425293][ T5328] vb2_core_create_bufs+0x334/0x570 [ 2794.430276][ T8260] Node 0 DMA32 free:27752kB min:53360kB low:62092kB high:70824kB reserved_highatomic:0KB active_anon:617476kB inactive_anon:0kB active_file:0kB inactive_file:16kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2824kB pagetables:14028kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2794.430295][ T8260] lowmem_reserve[]: 0 0 707 707 707 [ 2794.430303][ T8260] Node 0 Normal free:7760kB min:16860kB low:19024kB high:21188kB reserved_highatomic:0KB active_anon:317204kB inactive_anon:27752kB active_file:56kB inactive_file:4kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4416kB pagetables:8452kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2794.430321][ T8260] lowmem_reserve[]: 0 0 0 0 0 [ 2794.459192][ T5328] vb2_create_bufs+0x419/0x560 [ 2794.459253][ T5328] vb2_ioctl_create_bufs+0x2b3/0x310 [ 2794.464055][ T8260] Node 1 Normal free:23008kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:20kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2794.468956][ T5328] v4l_create_bufs+0x15e/0x1b0 [ 2794.468970][ T5328] __video_do_ioctl+0x65b/0x870 [ 2794.474658][ T8260] lowmem_reserve[]: 0 0 0 0 0 [ 2794.479548][ T5328] ? __video_do_ioctl+0x2e1/0x870 [ 2794.484725][ T8260] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2794.515922][ T5328] ? __check_object_size+0x253/0x310 [ 2794.515931][ T5328] video_usercopy+0x6da/0xfc0 [ 2794.515944][ T5328] ? video_ioctl2+0x30/0x30 [ 2794.521107][ T8260] Node 0 DMA32: 234*4kB (UME) 1028*8kB (UME) 504*16kB (UME) 211*32kB (UME) 57*64kB (UME) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 27752kB [ 2794.552404][ T5328] ? putname+0xa5/0xc0 [ 2794.552413][ T5328] ? do_vfs_ioctl+0x4f1/0xec0 [ 2794.552442][ T5328] video_ioctl2+0x25/0x30 [ 2794.557063][ T8260] Node 0 Normal: 772*4kB (UME) 255*8kB (UME) 92*16kB (UM) 22*32kB (UM) 11*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8008kB [ 2794.561795][ T5328] ? video_usercopy+0xfc0/0xfc0 [ 2794.567039][ T8260] Node 1 Normal: 8*4kB (ME) 2*8kB (ME) 5*16kB (ME) 7*32kB (UME) 5*64kB (ME) 5*128kB (UME) 3*256kB (M) 3*512kB (UM) 3*1024kB (UME) 0*2048kB 4*4096kB (M) = 23072kB [ 2794.597297][ T5328] v4l2_ioctl+0xc2/0xd0 [ 2794.597310][ T5328] ? v4l2_poll+0x150/0x150 [ 2794.602112][ T8260] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2794.606923][ T5328] __se_sys_ioctl+0xc9/0x130 [ 2794.606931][ T5328] __x64_sys_ioctl+0x3f/0x50 [ 2794.606944][ T5328] do_syscall_64+0x51/0xb0 [ 2794.611580][ T8260] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2794.616566][ T5328] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2794.616577][ T5328] RIP: 0033:0x45c369 [ 2794.631219][ T8260] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2794.636482][ T5328] Code: Bad RIP value. [ 2794.641124][ T8260] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2794.645582][ T5328] RSP: 002b:00007fae9a16dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2794.645590][ T5328] RAX: ffffffffffffffda RBX: 0000000000019f40 RCX: 000000000045c369 [ 2794.645600][ T5328] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 2794.661000][ T8260] 7178 total pagecache pages [ 2794.665032][ T5328] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2794.665037][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2794.665045][ T5328] R13: 00007ffd6fc37fff R14: 00007fae9a16e9c0 R15: 000000000078bf0c [ 2794.669690][ T8260] 0 pages in swap cache [ 2794.683970][ T5328] Mem-Info: [ 2794.688732][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2794.694105][ T5328] active_anon:233652 inactive_anon:6938 isolated_anon:0 [ 2794.694105][ T5328] active_file:26 inactive_file:3 isolated_file:0 [ 2794.694105][ T5328] unevictable:11 dirty:0 writeback:0 [ 2794.694105][ T5328] slab_reclaimable:7838 slab_unreclaimable:25784 [ 2794.694105][ T5328] mapped:54724 shmem:7149 pagetables:5622 bounce:0 [ 2794.694105][ T5328] free:18207 free_pcp:62 free_cma:0 [ 2794.717265][ T8260] Swap cache stats: add 0, delete 0, find 0/0 [ 2794.724392][ T5328] Node 0 active_anon:934588kB inactive_anon:27752kB active_file:100kB inactive_file:8kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:218896kB dirty:0kB writeback:0kB shmem:28592kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 655360kB writeback_tmp:0kB all_unreclaimable? yes [ 2794.734292][ T8260] Free swap = 0kB [ 2794.741522][ T5328] Node 1 active_anon:20kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2794.758039][ T8260] Total swap = 0kB [ 2794.766758][ T5328] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2794.774969][ T8260] 1965979 pages RAM [ 2794.791596][ T5328] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2794.806984][ T8260] 0 pages HighMem/MovableOnly [ 2794.813749][ T5328] Node 0 DMA32 free:27752kB min:53360kB low:62092kB high:70824kB reserved_highatomic:0KB active_anon:617476kB inactive_anon:0kB active_file:0kB inactive_file:16kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2824kB pagetables:14028kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2794.826967][ T8260] 83163 pages reserved [ 2794.833981][ T5328] lowmem_reserve[]: 0 0 707 707 707 [ 2794.843029][ T8260] 0 pages cma reserved [ 2794.859325][ T5328] Node 0 Normal free:7760kB min:16860kB low:19024kB high:21188kB reserved_highatomic:0KB active_anon:317204kB inactive_anon:27752kB active_file:56kB inactive_file:4kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4416kB pagetables:8452kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2794.892521][ T8260] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=13813,uid=0 [ 2794.902623][ T5328] lowmem_reserve[]: 0 0 0 0 0 [ 2794.926597][ T8260] Out of memory: Killed process 13813 (syz-executor.1) total-vm:74976kB, anon-rss:4252kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2795.118656][ T5328] Node 1 Normal free:23072kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:20kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2795.137007][ T8260] rs:main Q:Reg invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2795.159588][ T5328] lowmem_reserve[]: 0 0 0 0 0 [ 2795.161576][ T8260] CPU: 0 PID: 8260 Comm: rs:main Q:Reg Not tainted 5.8.0-rc7-syzkaller #0 [ 2795.164616][ T5328] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2795.173071][ T8260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2795.187694][ T5328] Node 0 DMA32: 246*4kB (UME) 1025*8kB (UME) 506*16kB (UME) 211*32kB (UME) 56*64kB (UME) 2*128kB (U) 0*256kB 0*512kB 0*1024kB 2*2048kB (M) 0*4096kB = 31968kB [ 2795.197709][ T8260] Call Trace: [ 2795.197732][ T8260] dump_stack+0x10f/0x19d [ 2795.197748][ T8260] dump_header+0x8e/0x400 [ 2795.213527][ T5328] Node 0 Normal: 841*4kB (UME) 260*8kB (UME) 92*16kB (UM) 23*32kB (UM) 11*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8356kB [ 2795.216798][ T8260] oom_kill_process+0x18d/0x3f0 [ 2795.216810][ T8260] out_of_memory+0x5bd/0x880 [ 2795.221094][ T5328] Node 1 Normal: 8*4kB (ME) 5*8kB (UME) 7*16kB (UME) 9*32kB (UME) 7*64kB (UME) 5*128kB (UME) 3*256kB (M) 3*512kB (UM) 3*1024kB (UME) 0*2048kB 4*4096kB (M) = 23320kB [ 2795.225396][ T8260] ? get_page_from_freelist+0x127/0x3c0 [ 2795.225471][ T8260] __alloc_pages_slowpath+0x742/0x970 [ 2795.240102][ T5328] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2795.245000][ T8260] __alloc_pages_nodemask+0x235/0x390 [ 2795.245085][ T8260] alloc_pages_current+0x21d/0x310 [ 2795.249565][ T5328] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2795.265918][ T8260] __page_cache_alloc+0x4f/0x120 [ 2795.265930][ T8260] pagecache_get_page+0x494/0x8b0 [ 2795.271433][ T5328] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2795.276783][ T8260] ? __do_page_cache_readahead+0x96/0xb0 [ 2795.276796][ T8260] filemap_fault+0xba4/0x11e0 [ 2795.286297][ T5328] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2795.291634][ T8260] ext4_filemap_fault+0x4b/0x60 [ 2795.296720][ T5328] 7178 total pagecache pages [ 2795.306018][ T8260] do_read_fault+0x41f/0x730 [ 2795.306031][ T8260] handle_mm_fault+0x135d/0x1930 [ 2795.310922][ T5328] 0 pages in swap cache [ 2795.315915][ T8260] do_user_addr_fault+0x393/0x810 [ 2795.315928][ T8260] exc_page_fault+0xb8/0x330 [ 2795.325473][ T5328] Swap cache stats: add 0, delete 0, find 0/0 [ 2795.331151][ T8260] ? asm_exc_page_fault+0x8/0x30 [ 2795.335718][ T5328] Free swap = 0kB [ 2795.344969][ T8260] asm_exc_page_fault+0x1e/0x30 [ 2795.344979][ T8260] RIP: 0033:0x7f2a5dcfa710 [ 2795.349788][ T5328] Total swap = 0kB [ 2795.354354][ T8260] Code: Bad RIP value. [ 2795.358969][ T5328] 1965979 pages RAM [ 2795.363806][ T8260] RSP: 002b:00007f2a57ffe628 EFLAGS: 00010206 [ 2795.367925][ T5328] 0 pages HighMem/MovableOnly [ 2795.372909][ T8260] RAX: 0000000000000090 RBX: 00007f2a48000020 RCX: 0000000000047000 [ 2795.377460][ T5328] 83163 pages reserved [ 2795.383485][ T8260] RDX: 0000000000000003 RSI: 0000000000001000 RDI: 00007f2a48046000 [ 2795.388399][ T5328] 0 pages cma reserved [ 2795.392087][ T8260] RBP: 0000000000000210 R08: 00007f2a48000000 R09: 0000000000046000 [ 2795.455344][ T8260] R10: 00007f2a48046000 R11: 00007f2a48045c01 R12: 00000000000001a0 [ 2795.463291][ T8260] R13: 00007f2a48045e60 R14: 0000000000001000 R15: 0000000000000230 [ 2795.480578][ T8260] Mem-Info: [ 2795.483768][ T8260] active_anon:232595 inactive_anon:6938 isolated_anon:0 [ 2795.483768][ T8260] active_file:40 inactive_file:0 isolated_file:0 [ 2795.483768][ T8260] unevictable:11 dirty:0 writeback:0 [ 2795.483768][ T8260] slab_reclaimable:7838 slab_unreclaimable:25784 [ 2795.483768][ T8260] mapped:54724 shmem:7149 pagetables:5596 bounce:0 [ 2795.483768][ T8260] free:19435 free_pcp:0 free_cma:0 [ 2795.520158][ T8260] Node 0 active_anon:930360kB inactive_anon:27752kB active_file:156kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:218896kB dirty:0kB writeback:0kB shmem:28592kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 653312kB writeback_tmp:0kB all_unreclaimable? yes [ 2795.548217][ T8260] Node 1 active_anon:20kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2795.573875][ T8260] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2795.604623][ T8260] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2795.611298][ T8260] Node 0 DMA32 free:91084kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:613380kB inactive_anon:0kB active_file:8kB inactive_file:8kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2824kB pagetables:14024kB bounce:0kB free_pcp:1272kB local_pcp:0kB free_cma:0kB [ 2795.642910][ T8260] lowmem_reserve[]: 0 0 707 707 707 [ 2795.648394][ T8260] Node 0 Normal free:25396kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:317004kB inactive_anon:27752kB active_file:300kB inactive_file:6920kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4416kB pagetables:8352kB bounce:0kB free_pcp:1532kB local_pcp:472kB free_cma:0kB [ 2795.681626][ T8260] lowmem_reserve[]: 0 0 0 0 0 [ 2795.686306][ T8260] Node 1 Normal free:688772kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:20kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:1316kB local_pcp:0kB free_cma:0kB [ 2795.718522][ T8260] lowmem_reserve[]: 0 0 0 0 0 [ 2795.723180][ T8260] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2795.739224][ T8260] Node 0 DMA32: 283*4kB (UME) 1214*8kB (UME) 633*16kB (UME) 313*32kB (UME) 135*64kB (UME) 68*128kB (U) 44*256kB (U) 46*512kB (U) 2*1024kB (U) 10*2048kB (UM) 2*4096kB (U) = 113868kB [ 2795.744511][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2795.757074][ T8260] Node 0 Normal: 945*4kB (UME) 595*8kB (UE) 393*16kB (UE) 133*32kB (UME) 56*64kB (UM) 15*128kB (UM) 3*256kB (U) 1*512kB (U) 2*1024kB (U) 2*2048kB (U) 0*4096kB = 32012kB [ 2795.799582][ T8260] Node 1 Normal: 10*4kB (UME) 8*8kB (UME) 9*16kB (UME) 11*32kB (UME) 8*64kB (UME) 6*128kB (UME) 7*256kB (UM) 6*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 226*4096kB (UM) = 938584kB [ 2795.844211][ T8260] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2795.853733][ T8260] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2795.863318][ T8260] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2795.874691][ T8260] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2795.883944][ T8260] 9753 total pagecache pages [ 2795.889751][ T8260] 0 pages in swap cache [ 2795.893881][ T8260] Swap cache stats: add 0, delete 0, find 0/0 [ 2795.900752][ T8260] Free swap = 0kB [ 2795.905479][ T8260] Total swap = 0kB [ 2795.909174][ T8260] 1965979 pages RAM [ 2795.913015][ T8260] 0 pages HighMem/MovableOnly [ 2795.918703][ T8260] 83163 pages reserved [ 2795.922743][ T8260] 0 pages cma reserved [ 2795.928402][ T8260] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=23954,uid=0 [ 2795.943483][ T8260] Out of memory: Killed process 23954 (syz-executor.0) total-vm:74832kB, anon-rss:4256kB, file-rss:34560kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2796.204243][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:01:08 executing program 1: 07:01:08 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:01:08 executing program 5: 07:01:08 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) r1 = socket$unix(0x1, 0x2, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$packet(0x11, 0x0, 0x300) r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r5 = socket$can_raw(0x1d, 0x3, 0x1) dup2(r4, r5) sendfile(r5, r3, 0x0, 0x4000000000dd) 07:01:08 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:01:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r5 = dup(r4) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2796.764330][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:01:08 executing program 1: 07:01:08 executing program 5: 07:01:08 executing program 1: 07:01:08 executing program 5: 07:01:08 executing program 5: 07:01:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r5 = dup(r4) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:08 executing program 1: [ 2797.815552][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2798.854106][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2799.244737][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2799.803924][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2799.884161][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2800.926068][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2801.291080][ T5029] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2801.302282][ T5029] CPU: 1 PID: 5029 Comm: systemd-journal Not tainted 5.8.0-rc7-syzkaller #0 [ 2801.310917][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2801.320964][ T5029] Call Trace: [ 2801.324279][ T5029] dump_stack+0x10f/0x19d [ 2801.328589][ T5029] dump_header+0x8e/0x400 [ 2801.332887][ T5029] oom_kill_process+0x18d/0x3f0 [ 2801.337712][ T5029] out_of_memory+0x5bd/0x880 [ 2801.342281][ T5029] ? get_page_from_freelist+0x127/0x3c0 [ 2801.347798][ T5029] __alloc_pages_slowpath+0x742/0x970 [ 2801.353154][ T5029] __alloc_pages_nodemask+0x235/0x390 [ 2801.358504][ T5029] alloc_pages_current+0x21d/0x310 [ 2801.363584][ T5029] __page_cache_alloc+0x4f/0x120 [ 2801.368567][ T5029] pagecache_get_page+0x494/0x8b0 [ 2801.373644][ T5029] ? __do_page_cache_readahead+0x96/0xb0 [ 2801.379243][ T5029] filemap_fault+0xba4/0x11e0 [ 2801.383895][ T5029] ext4_filemap_fault+0x4b/0x60 [ 2801.388716][ T5029] do_read_fault+0x41f/0x730 [ 2801.393276][ T5029] handle_mm_fault+0x135d/0x1930 [ 2801.398231][ T5029] do_user_addr_fault+0x393/0x810 [ 2801.403291][ T5029] exc_page_fault+0xb8/0x330 [ 2801.407848][ T5029] ? asm_exc_page_fault+0x8/0x30 [ 2801.412747][ T5029] asm_exc_page_fault+0x1e/0x30 [ 2801.417562][ T5029] RIP: 0033:0x7efc27503ea0 [ 2801.421948][ T5029] Code: Bad RIP value. [ 2801.425980][ T5029] RSP: 002b:00007fff65436788 EFLAGS: 00010206 [ 2801.432171][ T5029] RAX: 00007efc276e13b0 RBX: 000055eeda612230 RCX: 6c7967656e657261 [ 2801.440116][ T5029] RDX: 00007fff654367b0 RSI: 0000000000000008 RDI: 00007fff65436798 [ 2801.448073][ T5029] RBP: 0000000000000011 R08: 0000000000000010 R09: 000055eeda61d670 [ 2801.456094][ T5029] R10: 00007efc27616f1c R11: 000000000052545f R12: 0000000000000011 [ 2801.464042][ T5029] R13: 0000000000000003 R14: 0000000000000010 R15: 0000000000000011 [ 2801.472117][ T5029] Mem-Info: [ 2801.475371][ T5029] active_anon:232083 inactive_anon:6937 isolated_anon:0 [ 2801.475371][ T5029] active_file:29 inactive_file:1 isolated_file:0 [ 2801.475371][ T5029] unevictable:11 dirty:0 writeback:0 [ 2801.475371][ T5029] slab_reclaimable:7755 slab_unreclaimable:25703 [ 2801.475371][ T5029] mapped:54786 shmem:7146 pagetables:5542 bounce:0 [ 2801.475371][ T5029] free:26510 free_pcp:0 free_cma:0 [ 2801.511477][ T5029] Node 0 active_anon:928328kB inactive_anon:27748kB active_file:112kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219144kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 647168kB writeback_tmp:0kB all_unreclaimable? yes [ 2801.539084][ T5029] Node 1 active_anon:4kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2801.564381][ T5029] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2801.593312][ T5029] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2801.599080][ T5029] Node 0 DMA32 free:37540kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:609284kB inactive_anon:0kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2792kB pagetables:13924kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2801.630127][ T5029] lowmem_reserve[]: 0 0 707 707 707 [ 2801.635320][ T5029] Node 0 Normal free:8440kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:319044kB inactive_anon:27748kB active_file:220kB inactive_file:0kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4384kB pagetables:8236kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2801.695317][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2801.699981][ T5029] Node 1 Normal free:45656kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2801.732582][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2801.737258][ T5029] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2801.751669][ T5029] Node 0 DMA32: 170*4kB (UME) 1000*8kB (UME) 492*16kB (UME) 198*32kB (ME) 57*64kB (UME) 5*128kB (UM) 1*256kB (U) 2*512kB (UM) 1*1024kB (U) 2*2048kB (UM) 1*4096kB (M) = 37672kB [ 2801.770239][ T5029] Node 0 Normal: 908*4kB (UME) 309*8kB (UME) 109*16kB (UME) 29*32kB (UME) 4*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9032kB [ 2801.786365][ T5029] Node 1 Normal: 4*4kB (UME) 4*8kB (UME) 4*16kB (UME) 5*32kB (UME) 3*64kB (ME) 3*128kB (UME) 2*256kB (UM) 3*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 9*4096kB (UM) = 45904kB [ 2801.803315][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2801.814131][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2801.823380][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2801.833827][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2801.843071][ T5029] 7191 total pagecache pages [ 2801.848644][ T5029] 0 pages in swap cache [ 2801.852802][ T5029] Swap cache stats: add 0, delete 0, find 0/0 [ 2801.859096][ T5029] Free swap = 0kB [ 2801.862786][ T5029] Total swap = 0kB [ 2801.866497][ T5029] 1965979 pages RAM [ 2801.870270][ T5029] 0 pages HighMem/MovableOnly [ 2801.874922][ T5029] 83163 pages reserved [ 2801.878958][ T5029] 0 pages cma reserved [ 2801.883001][ T5029] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.5,pid=21546,uid=0 [ 2801.897346][ T5029] Out of memory: Killed process 21546 (syz-executor.5) total-vm:74964kB, anon-rss:4248kB, file-rss:34560kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2801.963877][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2801.979581][ T8250] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2801.991769][ T8250] CPU: 0 PID: 8250 Comm: in:imklog Not tainted 5.8.0-rc7-syzkaller #0 [ 2801.999883][ T8250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2802.009899][ T8250] Call Trace: [ 2802.013151][ T8250] dump_stack+0x10f/0x19d [ 2802.017449][ T8250] dump_header+0x8e/0x400 [ 2802.021744][ T8250] oom_kill_process+0x18d/0x3f0 [ 2802.026557][ T8250] out_of_memory+0x5bd/0x880 [ 2802.031243][ T8250] ? get_page_from_freelist+0x127/0x3c0 [ 2802.036771][ T8250] __alloc_pages_slowpath+0x742/0x970 [ 2802.042111][ T8250] __alloc_pages_nodemask+0x235/0x390 [ 2802.047458][ T8250] alloc_pages_current+0x21d/0x310 [ 2802.052544][ T8250] __page_cache_alloc+0x4f/0x120 [ 2802.057460][ T8250] pagecache_get_page+0x494/0x8b0 [ 2802.062459][ T8250] ? __do_page_cache_readahead+0x96/0xb0 [ 2802.068062][ T8250] filemap_fault+0xba4/0x11e0 [ 2802.072711][ T8250] ext4_filemap_fault+0x4b/0x60 [ 2802.077636][ T8250] do_read_fault+0x41f/0x730 [ 2802.082273][ T8250] handle_mm_fault+0x135d/0x1930 [ 2802.087222][ T8250] do_user_addr_fault+0x393/0x810 [ 2802.092378][ T8250] exc_page_fault+0xb8/0x330 [ 2802.096931][ T8250] ? asm_exc_page_fault+0x8/0x30 [ 2802.101850][ T8250] asm_exc_page_fault+0x1e/0x30 [ 2802.106674][ T8250] RIP: 0033:0x7f2a5dc91009 [ 2802.111142][ T8250] Code: Bad RIP value. [ 2802.115168][ T8250] RSP: 002b:00007f2a5c585440 EFLAGS: 00010246 [ 2802.121304][ T8250] RAX: 0000000000000000 RBX: 00007f2a50000020 RCX: 0000000000000004 [ 2802.129292][ T8250] RDX: 000000000000003e RSI: 0000000000000001 RDI: 0000000000000260 [ 2802.137228][ T8250] RBP: 0000000000000260 R08: 00007f2a5dd62940 R09: 0000000004000001 [ 2802.145164][ T8250] R10: 0000000000000001 R11: 0000000000000000 R12: 00007f2a5c585da0 [ 2802.153096][ T8250] R13: 00007f2a5c585da3 R14: 0000000000001f9f R15: 00007f2a5c585e20 [ 2802.163790][ T8250] Mem-Info: [ 2802.167020][ T8250] active_anon:232072 inactive_anon:6937 isolated_anon:0 [ 2802.167020][ T8250] active_file:11 inactive_file:20 isolated_file:0 [ 2802.167020][ T8250] unevictable:11 dirty:0 writeback:0 [ 2802.167020][ T8250] slab_reclaimable:7737 slab_unreclaimable:25693 [ 2802.167020][ T8250] mapped:54768 shmem:7146 pagetables:5516 bounce:0 [ 2802.167020][ T8250] free:26643 free_pcp:83 free_cma:0 [ 2802.203446][ T8250] Node 0 active_anon:928284kB inactive_anon:27748kB active_file:188kB inactive_file:8kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219172kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 647168kB writeback_tmp:0kB all_unreclaimable? no [ 2802.231006][ T8250] Node 1 active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2802.256253][ T8250] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2802.286351][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2802.294525][ T8250] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2802.300215][ T8250] Node 0 DMA32 free:37672kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:609284kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2792kB pagetables:13924kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2802.331201][ T8250] lowmem_reserve[]: 0 0 707 707 707 [ 2802.336450][ T8250] Node 0 Normal free:8612kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:319000kB inactive_anon:27748kB active_file:112kB inactive_file:76kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4352kB pagetables:8132kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2802.367789][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2802.372477][ T8250] Node 1 Normal free:45904kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2802.404328][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2802.408976][ T8250] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2802.421951][ T8250] Node 0 DMA32: 170*4kB (UME) 1000*8kB (UME) 492*16kB (UME) 198*32kB (ME) 57*64kB (UME) 5*128kB (UM) 1*256kB (U) 2*512kB (UM) 1*1024kB (U) 2*2048kB (UM) 1*4096kB (M) = 37672kB [ 2802.445672][ T8250] Node 0 Normal: 899*4kB (UME) 310*8kB (UME) 105*16kB (UME) 24*32kB (UME) 3*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8716kB [ 2802.490416][ T8250] Node 1 Normal: 4*4kB (UME) 4*8kB (UME) 4*16kB (UME) 5*32kB (UME) 3*64kB (ME) 3*128kB (UME) 2*256kB (UM) 3*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 9*4096kB (UM) = 45904kB [ 2802.556872][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2802.585797][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2802.623005][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2802.658308][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2802.686916][ T8250] 7177 total pagecache pages [ 2802.691479][ T8250] 0 pages in swap cache [ 2802.704700][ T8250] Swap cache stats: add 0, delete 0, find 0/0 [ 2802.710741][ T8250] Free swap = 0kB [ 2802.723616][ T8250] Total swap = 0kB [ 2802.727396][ T8250] 1965979 pages RAM [ 2802.731165][ T8250] 0 pages HighMem/MovableOnly [ 2802.746135][ T8250] 83163 pages reserved [ 2802.750172][ T8250] 0 pages cma reserved [ 2802.761311][ T8250] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.5,pid=21531,uid=0 [ 2802.780218][ T8250] Out of memory: Killed process 21531 (syz-executor.5) total-vm:74832kB, anon-rss:4240kB, file-rss:34560kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2802.921064][ T8250] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2802.958727][ T8250] CPU: 1 PID: 8250 Comm: in:imklog Not tainted 5.8.0-rc7-syzkaller #0 [ 2802.966858][ T8250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2802.976882][ T8250] Call Trace: [ 2802.980148][ T8250] dump_stack+0x10f/0x19d [ 2802.984454][ T8250] dump_header+0x8e/0x400 [ 2802.988800][ T8250] oom_kill_process+0x18d/0x3f0 [ 2802.993624][ T8250] out_of_memory+0x5bd/0x880 [ 2802.998194][ T8250] ? get_page_from_freelist+0x127/0x3c0 [ 2803.003724][ T8250] __alloc_pages_slowpath+0x742/0x970 [ 2803.009076][ T8250] __alloc_pages_nodemask+0x235/0x390 [ 2803.014427][ T8250] alloc_pages_current+0x21d/0x310 [ 2803.019547][ T8250] __page_cache_alloc+0x4f/0x120 [ 2803.024460][ T8250] pagecache_get_page+0x494/0x8b0 [ 2803.029507][ T8250] ? __do_page_cache_readahead+0x96/0xb0 [ 2803.035154][ T8250] filemap_fault+0xba4/0x11e0 [ 2803.039875][ T8250] ext4_filemap_fault+0x4b/0x60 [ 2803.044706][ T8250] do_read_fault+0x41f/0x730 [ 2803.049294][ T8250] handle_mm_fault+0x135d/0x1930 [ 2803.054235][ T8250] do_user_addr_fault+0x393/0x810 [ 2803.059238][ T8250] exc_page_fault+0xb8/0x330 [ 2803.063802][ T8250] ? asm_exc_page_fault+0x8/0x30 [ 2803.068723][ T8250] asm_exc_page_fault+0x1e/0x30 [ 2803.073539][ T8250] RIP: 0033:0x7f2a5dc90f59 [ 2803.077934][ T8250] Code: Bad RIP value. [ 2803.081973][ T8250] RSP: 002b:00007f2a5c585440 EFLAGS: 00010246 [ 2803.088011][ T8250] RAX: 0000000000000000 RBX: 00007f2a50000020 RCX: 0000000000000004 [ 2803.096018][ T8250] RDX: 000000000000003e RSI: 0000000000000001 RDI: 0000000000000260 [ 2803.104025][ T8250] RBP: 0000000000000260 R08: 00007f2a5dd62940 R09: 0000000004000001 [ 2803.111968][ T8250] R10: 0000000000000001 R11: 0000000000000000 R12: 00007f2a5c585da0 [ 2803.119907][ T8250] R13: 00007f2a5c585da3 R14: 0000000000001f9f R15: 00007f2a5c585e20 [ 2803.128409][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2803.136585][ T8250] Mem-Info: [ 2803.139792][ T8250] active_anon:230990 inactive_anon:6937 isolated_anon:0 [ 2803.139792][ T8250] active_file:12 inactive_file:13 isolated_file:0 [ 2803.139792][ T8250] unevictable:11 dirty:0 writeback:0 [ 2803.139792][ T8250] slab_reclaimable:7737 slab_unreclaimable:25693 [ 2803.139792][ T8250] mapped:54768 shmem:7146 pagetables:5463 bounce:0 [ 2803.139792][ T8250] free:26606 free_pcp:623 free_cma:0 [ 2803.176267][ T8250] Node 0 active_anon:923956kB inactive_anon:27748kB active_file:48kB inactive_file:48kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219072kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 643072kB writeback_tmp:0kB all_unreclaimable? yes [ 2803.203783][ T8250] Node 1 active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2803.229022][ T8250] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2803.258205][ T8250] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2803.263930][ T8250] Node 0 DMA32 free:37684kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:605188kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2792kB pagetables:13924kB bounce:0kB free_pcp:1596kB local_pcp:1336kB free_cma:0kB [ 2803.295483][ T8250] lowmem_reserve[]: 0 0 707 707 707 [ 2803.300653][ T8250] Node 0 Normal free:8432kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:318768kB inactive_anon:27748kB active_file:48kB inactive_file:44kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4320kB pagetables:7920kB bounce:0kB free_pcp:896kB local_pcp:640kB free_cma:0kB [ 2803.332322][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2803.337006][ T8250] Node 1 Normal free:45904kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2803.367098][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2803.371748][ T8250] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2803.384985][ T8250] Node 0 DMA32: 155*4kB (UME) 1002*8kB (UME) 494*16kB (UME) 199*32kB (ME) 57*64kB (UME) 7*128kB (M) 4*256kB (UM) 2*512kB (M) 2*1024kB (UM) 1*2048kB (M) 1*4096kB (M) = 37692kB [ 2803.402336][ T8250] Node 0 Normal: 856*4kB (UME) 300*8kB (ME) 103*16kB (ME) 24*32kB (UME) 3*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8432kB [ 2803.416874][ T8250] Node 1 Normal: 4*4kB (UME) 4*8kB (UME) 4*16kB (UME) 5*32kB (UME) 3*64kB (ME) 3*128kB (UME) 2*256kB (UM) 3*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 9*4096kB (UM) = 45904kB [ 2803.433974][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2803.443481][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2803.452832][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2803.462358][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2803.471606][ T8250] 7171 total pagecache pages [ 2803.476193][ T8250] 0 pages in swap cache [ 2803.480318][ T8250] Swap cache stats: add 0, delete 0, find 0/0 [ 2803.486436][ T8250] Free swap = 0kB [ 2803.490126][ T8250] Total swap = 0kB [ 2803.493840][ T8250] 1965979 pages RAM [ 2803.497631][ T8250] 0 pages HighMem/MovableOnly [ 2803.502274][ T8250] 83163 pages reserved [ 2803.509419][ T8250] 0 pages cma reserved [ 2803.513651][ T8250] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=5154,uid=0 [ 2803.530610][ T8250] Out of memory: Killed process 5154 (syz-executor.1) total-vm:75108kB, anon-rss:2232kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2803.550319][ T1931] oom_reaper: reaped process 5154 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2803.974641][ T5029] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2803.985847][ T5029] CPU: 0 PID: 5029 Comm: systemd-journal Not tainted 5.8.0-rc7-syzkaller #0 [ 2803.994498][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2804.004524][ T5029] Call Trace: [ 2804.007868][ T5029] dump_stack+0x10f/0x19d [ 2804.012199][ T5029] dump_header+0x8e/0x400 [ 2804.016504][ T5029] oom_kill_process+0x18d/0x3f0 [ 2804.021331][ T5029] out_of_memory+0x5bd/0x880 [ 2804.025893][ T5029] ? get_page_from_freelist+0x127/0x3c0 [ 2804.031440][ T5029] __alloc_pages_slowpath+0x742/0x970 [ 2804.036784][ T5029] __alloc_pages_nodemask+0x235/0x390 [ 2804.042132][ T5029] alloc_pages_current+0x21d/0x310 [ 2804.047217][ T5029] __page_cache_alloc+0x4f/0x120 [ 2804.052125][ T5029] pagecache_get_page+0x494/0x8b0 [ 2804.057120][ T5029] ? __do_page_cache_readahead+0x96/0xb0 [ 2804.062723][ T5029] filemap_fault+0xba4/0x11e0 [ 2804.067375][ T5029] ext4_filemap_fault+0x4b/0x60 [ 2804.072241][ T5029] do_read_fault+0x41f/0x730 [ 2804.076793][ T5029] handle_mm_fault+0x135d/0x1930 [ 2804.081721][ T5029] do_user_addr_fault+0x393/0x810 [ 2804.086707][ T5029] exc_page_fault+0xb8/0x330 [ 2804.091260][ T5029] ? asm_exc_page_fault+0x8/0x30 [ 2804.096161][ T5029] asm_exc_page_fault+0x1e/0x30 [ 2804.100970][ T5029] RIP: 0033:0x7efc275025e0 [ 2804.105354][ T5029] Code: Bad RIP value. [ 2804.109380][ T5029] RSP: 002b:00007fff654369e8 EFLAGS: 00010206 [ 2804.115426][ T5029] RAX: 00007fff65436a48 RBX: 000055eeda616700 RCX: 00007fff65436a48 [ 2804.123368][ T5029] RDX: 00007fff65436a50 RSI: 000000000000000a RDI: 000055eeda616700 [ 2804.131301][ T5029] RBP: 000000000000000a R08: 00007fff65436b90 R09: 000055eeda616120 [ 2804.139239][ T5029] R10: 00007fff65436b90 R11: 00007efc26c46060 R12: 000055eeda615e80 [ 2804.147173][ T5029] R13: 00007fff65436ac8 R14: 00007fff65436b98 R15: 00007fff65436a30 [ 2804.156252][ T5029] Mem-Info: [ 2804.159352][ T5029] active_anon:230446 inactive_anon:6937 isolated_anon:0 [ 2804.159352][ T5029] active_file:49 inactive_file:0 isolated_file:0 [ 2804.159352][ T5029] unevictable:11 dirty:0 writeback:0 [ 2804.159352][ T5029] slab_reclaimable:7711 slab_unreclaimable:25685 [ 2804.159352][ T5029] mapped:54784 shmem:7146 pagetables:5437 bounce:0 [ 2804.159352][ T5029] free:26516 free_pcp:2 free_cma:0 [ 2804.195604][ T5029] Node 0 active_anon:921780kB inactive_anon:27748kB active_file:24kB inactive_file:96kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219072kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 641024kB writeback_tmp:0kB all_unreclaimable? no [ 2804.223108][ T5029] Node 1 active_anon:4kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2804.248374][ T5029] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2804.248477][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2804.278688][ T5029] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2804.309673][ T5029] Node 0 DMA32 free:37740kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:603140kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2776kB pagetables:13820kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2804.447750][ T5029] lowmem_reserve[]: 0 0 707 707 707 [ 2804.452956][ T5029] Node 0 Normal free:8608kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:318640kB inactive_anon:27748kB active_file:0kB inactive_file:148kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4320kB pagetables:7920kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2804.516026][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2804.520767][ T5029] Node 1 Normal free:45904kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:24kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2804.573499][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2804.578154][ T5029] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2804.619149][ T5029] Node 0 DMA32: 151*4kB (ME) 997*8kB (ME) 492*16kB (ME) 199*32kB (UME) 56*64kB (ME) 5*128kB (UM) 0*256kB 1*512kB (M) 0*1024kB 3*2048kB (UM) 1*4096kB (M) = 37796kB [ 2804.652744][ T5029] Node 0 Normal: 882*4kB (ME) 307*8kB (UME) 108*16kB (UME) 24*32kB (UME) 2*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8608kB [ 2804.686016][ T5029] Node 1 Normal: 4*4kB (UME) 4*8kB (UME) 4*16kB (UME) 5*32kB (UME) 3*64kB (ME) 3*128kB (UME) 2*256kB (UM) 3*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 9*4096kB (UM) = 45904kB [ 2804.737510][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2804.762872][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2804.772160][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2804.803409][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2804.812659][ T5029] 7177 total pagecache pages [ 2804.836804][ T5029] 0 pages in swap cache [ 2804.840979][ T5029] Swap cache stats: add 0, delete 0, find 0/0 [ 2804.867915][ T5029] Free swap = 0kB [ 2804.871656][ T5029] Total swap = 0kB [ 2804.884819][ T5029] 1965979 pages RAM [ 2804.888667][ T5029] 0 pages HighMem/MovableOnly [ 2804.893311][ T5029] 83163 pages reserved [ 2804.897363][ T5029] 0 pages cma reserved [ 2804.901393][ T5029] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=4315,uid=0 [ 2804.923428][ T5029] Out of memory: Killed process 4315 (syz-executor.1) total-vm:75108kB, anon-rss:2232kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2804.956883][ T1931] oom_reaper: reaped process 4315 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2804.984910][ T8626] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2805.006651][ T8626] CPU: 0 PID: 8626 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2805.014867][ T8626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2805.024884][ T8626] Call Trace: [ 2805.028138][ T8626] dump_stack+0x10f/0x19d [ 2805.032428][ T8626] dump_header+0x8e/0x400 [ 2805.036721][ T8626] oom_kill_process+0x18d/0x3f0 [ 2805.041614][ T8626] out_of_memory+0x5bd/0x880 [ 2805.046305][ T8626] ? get_page_from_freelist+0x127/0x3c0 [ 2805.051888][ T8626] __alloc_pages_slowpath+0x742/0x970 [ 2805.057313][ T8626] __alloc_pages_nodemask+0x235/0x390 [ 2805.062657][ T8626] alloc_pages_current+0x21d/0x310 [ 2805.067732][ T8626] __page_cache_alloc+0x4f/0x120 [ 2805.072631][ T8626] pagecache_get_page+0x494/0x8b0 [ 2805.077620][ T8626] ? __do_page_cache_readahead+0x96/0xb0 [ 2805.083215][ T8626] filemap_fault+0xba4/0x11e0 [ 2805.087917][ T8626] ext4_filemap_fault+0x4b/0x60 [ 2805.092771][ T8626] do_read_fault+0x41f/0x730 [ 2805.097399][ T8626] handle_mm_fault+0x135d/0x1930 [ 2805.102304][ T8626] do_user_addr_fault+0x393/0x810 [ 2805.107292][ T8626] exc_page_fault+0xb8/0x330 [ 2805.111844][ T8626] ? asm_exc_page_fault+0x8/0x30 [ 2805.116771][ T8626] asm_exc_page_fault+0x1e/0x30 [ 2805.121601][ T8626] RIP: 0033:0x469220 [ 2805.125462][ T8626] Code: Bad RIP value. [ 2805.129490][ T8626] RSP: 002b:000000c00004d8d8 EFLAGS: 00010246 [ 2805.135520][ T8626] RAX: 000000c00004d928 RBX: 0000000000000000 RCX: 0000000000000000 [ 2805.143455][ T8626] RDX: 0000000000000000 RSI: 0000028cd7f68150 RDI: 000000c00004df28 [ 2805.151387][ T8626] RBP: 000000c00004df28 R08: 0000028ced017151 R09: 00007ffebadc4080 [ 2805.159323][ T8626] R10: 0000000000000010 R11: 00007ffebadc40b8 R12: 0000000000439470 [ 2805.167395][ T8626] R13: 0000000000000000 R14: 0000000000accd54 R15: 0000000000000000 [ 2805.285781][ T8626] Mem-Info: [ 2805.289000][ T8626] active_anon:229902 inactive_anon:6937 isolated_anon:0 [ 2805.289000][ T8626] active_file:30 inactive_file:0 isolated_file:0 [ 2805.289000][ T8626] unevictable:11 dirty:1 writeback:0 [ 2805.289000][ T8626] slab_reclaimable:7645 slab_unreclaimable:25611 [ 2805.289000][ T8626] mapped:54768 shmem:7146 pagetables:5411 bounce:0 [ 2805.289000][ T8626] free:26597 free_pcp:0 free_cma:0 [ 2805.328811][ T8626] Node 0 active_anon:919604kB inactive_anon:27748kB active_file:120kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219072kB dirty:4kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 638976kB writeback_tmp:0kB all_unreclaimable? yes [ 2805.333628][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2805.364561][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2805.425230][ T8626] Node 1 active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2805.515896][ T8626] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2805.555654][ T8626] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2805.561353][ T8626] Node 0 DMA32 free:37480kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:601092kB inactive_anon:0kB active_file:0kB inactive_file:60kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2760kB pagetables:13716kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2805.614347][ T8626] lowmem_reserve[]: 0 0 707 707 707 [ 2805.619593][ T8626] Node 0 Normal free:8600kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:318512kB inactive_anon:27748kB active_file:100kB inactive_file:0kB unevictable:44kB writepending:4kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4320kB pagetables:7920kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2805.697690][ T8626] lowmem_reserve[]: 0 0 0 0 0 [ 2805.702467][ T8626] Node 1 Normal free:45904kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2805.754204][ T8626] lowmem_reserve[]: 0 0 0 0 0 [ 2805.758863][ T8626] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2805.802443][ T8626] Node 0 DMA32: 148*4kB (UME) 1006*8kB (UME) 493*16kB (UME) 199*32kB (ME) 56*64kB (ME) 4*128kB (M) 1*256kB (U) 1*512kB (M) 0*1024kB 3*2048kB (M) 1*4096kB (M) = 38000kB [ 2805.851681][ T8626] Node 0 Normal: 954*4kB (UME) 316*8kB (UME) 112*16kB (UME) 26*32kB (UME) 3*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9160kB [ 2805.929286][ T8626] Node 1 Normal: 4*4kB (UME) 4*8kB (UME) 4*16kB (UME) 5*32kB (UME) 3*64kB (ME) 3*128kB (UME) 2*256kB (UM) 3*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 9*4096kB (UM) = 45904kB [ 2805.978721][ T8626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2805.988250][ T8626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2806.004116][ T8626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2806.023124][ T8626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2806.043484][ T8626] 7176 total pagecache pages [ 2806.048045][ T8626] 0 pages in swap cache [ 2806.073099][ T8626] Swap cache stats: add 0, delete 0, find 0/0 [ 2806.103636][ T8626] Free swap = 0kB [ 2806.107329][ T8626] Total swap = 0kB [ 2806.111021][ T8626] 1965979 pages RAM [ 2806.138814][ T8626] 0 pages HighMem/MovableOnly [ 2806.154219][ T8626] 83163 pages reserved [ 2806.158293][ T8626] 0 pages cma reserved [ 2806.162333][ T8626] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=4905,uid=0 [ 2806.217657][ T8626] Out of memory: Killed process 4905 (syz-executor.2) total-vm:74976kB, anon-rss:2224kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2806.363813][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2806.497906][ T8630] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2806.508687][ T8630] CPU: 1 PID: 8630 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2806.516897][ T8630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2806.526931][ T8630] Call Trace: [ 2806.530202][ T8630] dump_stack+0x10f/0x19d [ 2806.534506][ T8630] dump_header+0x8e/0x400 [ 2806.538821][ T8630] oom_kill_process+0x18d/0x3f0 [ 2806.543648][ T8630] out_of_memory+0x5bd/0x880 [ 2806.548226][ T8630] ? get_page_from_freelist+0x127/0x3c0 [ 2806.553744][ T8630] __alloc_pages_slowpath+0x742/0x970 [ 2806.559088][ T8630] __alloc_pages_nodemask+0x235/0x390 [ 2806.564437][ T8630] alloc_pages_current+0x21d/0x310 [ 2806.569569][ T8630] __page_cache_alloc+0x4f/0x120 [ 2806.574548][ T8630] pagecache_get_page+0x494/0x8b0 [ 2806.579546][ T8630] ? __do_page_cache_readahead+0x96/0xb0 [ 2806.585155][ T8630] filemap_fault+0xba4/0x11e0 [ 2806.589806][ T8630] ext4_filemap_fault+0x4b/0x60 [ 2806.594627][ T8630] do_read_fault+0x41f/0x730 [ 2806.599187][ T8630] handle_mm_fault+0x135d/0x1930 [ 2806.604106][ T8630] do_user_addr_fault+0x393/0x810 [ 2806.609103][ T8630] exc_page_fault+0xb8/0x330 [ 2806.613664][ T8630] ? asm_exc_page_fault+0x8/0x30 [ 2806.618579][ T8630] asm_exc_page_fault+0x1e/0x30 [ 2806.623403][ T8630] RIP: 0033:0x405040 [ 2806.627274][ T8630] Code: Bad RIP value. [ 2806.631309][ T8630] RSP: 002b:000000c00004bcf0 EFLAGS: 00010202 [ 2806.637351][ T8630] RAX: 00000000004be7fc RBX: 0000000000000000 RCX: 000000c000156300 [ 2806.645294][ T8630] RDX: bfc0112f8dc84a57 RSI: bfc0112f8dc84a57 RDI: 0000000029fd7477 [ 2806.653300][ T8630] RBP: 000000c00004bd20 R08: 000005e0e4d06645 R09: 00007ffebadc4080 [ 2806.661238][ T8630] R10: 0000000000000010 R11: 00007ffebadc40b8 R12: 0000028d7f053bbd [ 2806.669175][ T8630] R13: 0000000000000001 R14: 0000028d7f053bbd R15: 0000000000000000 [ 2806.694828][ T8630] Mem-Info: [ 2806.709845][ T8630] active_anon:229362 inactive_anon:6937 isolated_anon:0 [ 2806.709845][ T8630] active_file:5 inactive_file:29 isolated_file:0 [ 2806.709845][ T8630] unevictable:11 dirty:0 writeback:9 [ 2806.709845][ T8630] slab_reclaimable:7635 slab_unreclaimable:25604 [ 2806.709845][ T8630] mapped:54790 shmem:7146 pagetables:5411 bounce:0 [ 2806.709845][ T8630] free:26437 free_pcp:237 free_cma:0 [ 2806.749230][ T8630] Node 0 active_anon:917444kB inactive_anon:27748kB active_file:56kB inactive_file:76kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219160kB dirty:0kB writeback:32kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 638976kB writeback_tmp:0kB all_unreclaimable? yes [ 2806.778258][ T8630] Node 1 active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:4kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2806.804739][ T8630] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2806.835242][ T8630] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2806.841538][ T8630] Node 0 DMA32 free:37200kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:599044kB inactive_anon:0kB active_file:80kB inactive_file:0kB unevictable:0kB writepending:12kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2744kB pagetables:13716kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2806.893284][ T8630] lowmem_reserve[]: 0 0 707 707 707 [ 2806.898554][ T8630] Node 0 Normal free:8308kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:318512kB inactive_anon:27748kB active_file:44kB inactive_file:28kB unevictable:44kB writepending:8kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4320kB pagetables:7920kB bounce:0kB free_pcp:280kB local_pcp:32kB free_cma:0kB [ 2806.930059][ T8630] lowmem_reserve[]: 0 0 0 0 0 [ 2806.934734][ T8630] Node 1 Normal free:45904kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:40kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2806.965069][ T8630] lowmem_reserve[]: 0 0 0 0 0 [ 2806.969720][ T8630] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2806.982738][ T8630] Node 0 DMA32: 147*4kB (ME) 1006*8kB (UME) 492*16kB (ME) 199*32kB (ME) 56*64kB (ME) 4*128kB (M) 0*256kB 1*512kB (M) 0*1024kB 5*2048kB (UM) 0*4096kB = 37724kB [ 2807.013453][ T8630] Node 0 Normal: 900*4kB (UME) 309*8kB (UME) 108*16kB (UME) 24*32kB (UM) 3*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8760kB [ 2807.037169][ T8630] Node 1 Normal: 4*4kB (UME) 4*8kB (UME) 4*16kB (UME) 5*32kB (UME) 3*64kB (ME) 3*128kB (UME) 2*256kB (UM) 3*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 9*4096kB (UM) = 45904kB [ 2807.087523][ T8630] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2807.097559][ T8630] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2807.113233][ T8630] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2807.122863][ T8630] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2807.134492][ T8630] 7174 total pagecache pages [ 2807.139050][ T8630] 0 pages in swap cache [ 2807.143189][ T8630] Swap cache stats: add 0, delete 0, find 0/0 [ 2807.149231][ T8630] Free swap = 0kB [ 2807.152924][ T8630] Total swap = 0kB [ 2807.163240][ T8630] 1965979 pages RAM [ 2807.167116][ T8630] 0 pages HighMem/MovableOnly [ 2807.171805][ T8630] 83163 pages reserved [ 2807.188971][ T8630] 0 pages cma reserved [ 2807.193104][ T8630] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=3483,uid=0 [ 2807.246257][ T8630] Out of memory: Killed process 3483 (syz-executor.0) total-vm:74976kB, anon-rss:2224kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2807.413412][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2807.777357][ T8630] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2807.796650][ T8630] CPU: 0 PID: 8630 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2807.804863][ T8630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2807.814887][ T8630] Call Trace: [ 2807.818154][ T8630] dump_stack+0x10f/0x19d [ 2807.822494][ T8630] dump_header+0x8e/0x400 [ 2807.826797][ T8630] oom_kill_process+0x18d/0x3f0 [ 2807.831644][ T8630] out_of_memory+0x5bd/0x880 [ 2807.836213][ T8630] ? get_page_from_freelist+0x127/0x3c0 [ 2807.841749][ T8630] __alloc_pages_slowpath+0x742/0x970 [ 2807.847171][ T8630] __alloc_pages_nodemask+0x235/0x390 [ 2807.852517][ T8630] alloc_pages_current+0x21d/0x310 [ 2807.857690][ T8630] __page_cache_alloc+0x4f/0x120 [ 2807.862603][ T8630] pagecache_get_page+0x494/0x8b0 [ 2807.867704][ T8630] ? __do_page_cache_readahead+0x96/0xb0 [ 2807.873308][ T8630] filemap_fault+0xba4/0x11e0 [ 2807.877949][ T8630] ext4_filemap_fault+0x4b/0x60 [ 2807.882793][ T8630] do_read_fault+0x41f/0x730 [ 2807.887408][ T8630] handle_mm_fault+0x135d/0x1930 [ 2807.892357][ T8630] do_user_addr_fault+0x393/0x810 [ 2807.897349][ T8630] exc_page_fault+0xb8/0x330 [ 2807.901926][ T8630] ? asm_exc_page_fault+0x8/0x30 [ 2807.906826][ T8630] asm_exc_page_fault+0x1e/0x30 [ 2807.911635][ T8630] RIP: 0033:0x415d70 [ 2807.915597][ T8630] Code: Bad RIP value. [ 2807.919622][ T8630] RSP: 002b:000000c0000cd900 EFLAGS: 00010206 [ 2807.925648][ T8630] RAX: 0000000000203006 RBX: 00000000000000d0 RCX: 0000000000203006 [ 2807.933588][ T8630] RDX: 0000000000accc3c RSI: 0000000000000000 RDI: 0000000000000000 [ 2807.941523][ T8630] RBP: 000000c0000cd9c8 R08: 00007efc96d5ff00 R09: 00000000008d63a0 [ 2807.949556][ T8630] R10: 00000000000000d0 R11: 0000000000203006 R12: 0000000000203006 [ 2807.957505][ T8630] R13: 0000000000000000 R14: 0000000000accc3c R15: 0000000000000000 [ 2807.978680][ T8630] Mem-Info: [ 2807.981889][ T8630] active_anon:228817 inactive_anon:6937 isolated_anon:0 [ 2807.981889][ T8630] active_file:41 inactive_file:12 isolated_file:0 [ 2807.981889][ T8630] unevictable:11 dirty:0 writeback:0 [ 2807.981889][ T8630] slab_reclaimable:7635 slab_unreclaimable:25604 [ 2807.981889][ T8630] mapped:54793 shmem:7146 pagetables:5385 bounce:0 [ 2807.981889][ T8630] free:26645 free_pcp:0 free_cma:0 [ 2808.043284][ T8630] Node 0 active_anon:915264kB inactive_anon:27748kB active_file:68kB inactive_file:56kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219128kB dirty:0kB writeback:20kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 636928kB writeback_tmp:0kB all_unreclaimable? yes [ 2808.074588][ T8630] Node 1 active_anon:4kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2808.106631][ T8630] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2808.192048][ T8630] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2808.216329][ T8630] Node 0 DMA32 free:37504kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:596996kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2712kB pagetables:13508kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2808.281889][ T8630] lowmem_reserve[]: 0 0 707 707 707 [ 2808.287092][ T8630] Node 0 Normal free:8468kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:318236kB inactive_anon:27748kB active_file:112kB inactive_file:180kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4320kB pagetables:7920kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2808.336128][ T8630] lowmem_reserve[]: 0 0 0 0 0 [ 2808.340792][ T8630] Node 1 Normal free:45904kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2808.371040][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2808.453184][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2808.460927][ T8630] lowmem_reserve[]: 0 0 0 0 0 [ 2808.483086][ T8630] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2808.501995][ T8630] Node 0 DMA32: 148*4kB (ME) 1004*8kB (ME) 492*16kB (UME) 201*32kB (UME) 56*64kB (ME) 5*128kB (UM) 1*256kB (U) 1*512kB (M) 0*1024kB 5*2048kB (M) 0*4096kB = 38160kB [ 2808.547197][ T8630] Node 0 Normal: 925*4kB (UME) 319*8kB (UME) 108*16kB (UME) 24*32kB (UM) 3*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8940kB [ 2808.602003][ T8630] Node 1 Normal: 4*4kB (UME) 4*8kB (UME) 4*16kB (UME) 5*32kB (UME) 3*64kB (ME) 3*128kB (UME) 2*256kB (UM) 3*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 9*4096kB (UM) = 45904kB [ 2808.657722][ T8630] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2808.687191][ T8630] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2808.710662][ T8630] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2808.721549][ T8630] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2808.754378][ T8630] 7173 total pagecache pages [ 2808.759030][ T8630] 0 pages in swap cache [ 2808.771162][ T8630] Swap cache stats: add 0, delete 0, find 0/0 [ 2808.792765][ T8630] Free swap = 0kB [ 2808.805453][ T8630] Total swap = 0kB [ 2808.809157][ T8630] 1965979 pages RAM [ 2808.812999][ T8630] 0 pages HighMem/MovableOnly [ 2808.842637][ T8630] 83163 pages reserved [ 2808.854615][ T8630] 0 pages cma reserved [ 2808.858668][ T8630] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=3437,uid=0 [ 2808.903305][ T8630] Out of memory: Killed process 3437 (syz-executor.0) total-vm:74976kB, anon-rss:2224kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2808.935958][ T1931] oom_reaper: reaped process 3437 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2809.271576][ T5029] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2809.284428][ T5029] CPU: 0 PID: 5029 Comm: systemd-journal Not tainted 5.8.0-rc7-syzkaller #0 [ 2809.293206][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2809.303232][ T5029] Call Trace: [ 2809.306496][ T5029] dump_stack+0x10f/0x19d [ 2809.310818][ T5029] dump_header+0x8e/0x400 [ 2809.315121][ T5029] oom_kill_process+0x18d/0x3f0 [ 2809.319959][ T5029] out_of_memory+0x5bd/0x880 [ 2809.324524][ T5029] ? get_page_from_freelist+0x127/0x3c0 [ 2809.330040][ T5029] __alloc_pages_slowpath+0x742/0x970 [ 2809.335446][ T5029] __alloc_pages_nodemask+0x235/0x390 [ 2809.340794][ T5029] alloc_pages_current+0x21d/0x310 [ 2809.345881][ T5029] __page_cache_alloc+0x4f/0x120 [ 2809.350788][ T5029] pagecache_get_page+0x494/0x8b0 [ 2809.355784][ T5029] ? __do_page_cache_readahead+0x96/0xb0 [ 2809.361388][ T5029] filemap_fault+0xba4/0x11e0 [ 2809.366038][ T5029] ext4_filemap_fault+0x4b/0x60 [ 2809.370857][ T5029] do_read_fault+0x41f/0x730 [ 2809.375425][ T5029] handle_mm_fault+0x135d/0x1930 [ 2809.380344][ T5029] do_user_addr_fault+0x393/0x810 [ 2809.385342][ T5029] exc_page_fault+0xb8/0x330 [ 2809.389909][ T5029] ? asm_exc_page_fault+0x8/0x30 [ 2809.394818][ T5029] asm_exc_page_fault+0x1e/0x30 [ 2809.399636][ T5029] RIP: 0033:0x7efc275d70a9 [ 2809.404029][ T5029] Code: Bad RIP value. [ 2809.408060][ T5029] RSP: 002b:00007fff65439710 EFLAGS: 00010206 [ 2809.414101][ T5029] RAX: 00000000a75b371b RBX: 000055eeda614310 RCX: 00000000000bcb5b [ 2809.422063][ T5029] RDX: 000010c6f7a0b5ec RSI: 00000000a74f6bc0 RDI: 431bde82d7b634db [ 2809.430058][ T5029] RBP: 00007fff65439940 R08: 000005e17747a19d R09: 00007fff654a0080 [ 2809.438002][ T5029] R10: 0000000000000070 R11: 00007fff654a0118 R12: 00007fff65439750 [ 2809.445942][ T5029] R13: 0000000000000001 R14: 0000000000000002 R15: 0005ab7b0190499d [ 2809.458086][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2809.466502][ T5029] Mem-Info: [ 2809.469635][ T5029] active_anon:228266 inactive_anon:6937 isolated_anon:0 [ 2809.469635][ T5029] active_file:29 inactive_file:10 isolated_file:0 [ 2809.469635][ T5029] unevictable:11 dirty:0 writeback:6 [ 2809.469635][ T5029] slab_reclaimable:7621 slab_unreclaimable:25601 [ 2809.469635][ T5029] mapped:54793 shmem:7146 pagetables:5333 bounce:0 [ 2809.469635][ T5029] free:26495 free_pcp:0 free_cma:0 [ 2809.507859][ T5029] Node 0 active_anon:913060kB inactive_anon:27748kB active_file:132kB inactive_file:20kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219172kB dirty:0kB writeback:20kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 632832kB writeback_tmp:0kB all_unreclaimable? yes [ 2809.513074][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2809.535550][ T5029] Node 1 active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:4kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2809.569953][ T5029] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2809.675934][ T5029] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2809.681748][ T5029] Node 0 DMA32 free:37144kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:594948kB inactive_anon:0kB active_file:0kB inactive_file:12kB unevictable:0kB writepending:4kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2696kB pagetables:13404kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2809.761083][ T5029] lowmem_reserve[]: 0 0 707 707 707 [ 2809.784083][ T5029] Node 0 Normal free:8588kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:318112kB inactive_anon:27748kB active_file:124kB inactive_file:64kB unevictable:44kB writepending:16kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4320kB pagetables:7920kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2809.875809][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2809.880549][ T5029] Node 1 Normal free:45904kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:20kB unevictable:0kB writepending:4kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2809.940037][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2809.962985][ T5029] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2809.998827][ T5029] Node 0 DMA32: 146*4kB (UME) 1003*8kB (ME) 493*16kB (ME) 201*32kB (UME) 56*64kB (ME) 5*128kB (UM) 0*256kB 1*512kB (M) 0*1024kB 5*2048kB (UM) 0*4096kB = 37904kB [ 2810.049569][ T5029] Node 0 Normal: 897*4kB (UME) 320*8kB (UME) 108*16kB (UME) 24*32kB (UME) 3*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8836kB [ 2810.108113][ T5029] Node 1 Normal: 4*4kB (UME) 4*8kB (UME) 4*16kB (UME) 5*32kB (UME) 3*64kB (ME) 3*128kB (UME) 2*256kB (UM) 3*512kB (UM) 4*1024kB (UME) 1*2048kB (U) 9*4096kB (UM) = 45904kB [ 2810.130909][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2810.140431][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2810.165928][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2810.192327][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2810.220883][ T5029] 7172 total pagecache pages [ 2810.244968][ T5029] 0 pages in swap cache [ 2810.249190][ T5029] Swap cache stats: add 0, delete 0, find 0/0 [ 2810.267325][ T5029] Free swap = 0kB [ 2810.271015][ T5029] Total swap = 0kB [ 2810.289781][ T5029] 1965979 pages RAM [ 2810.300036][ T5029] 0 pages HighMem/MovableOnly [ 2810.312238][ T5029] 83163 pages reserved [ 2810.316378][ T5029] 0 pages cma reserved [ 2810.320417][ T5029] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=2810,uid=0 [ 2810.375128][ T5029] Out of memory: Killed process 2810 (syz-executor.2) total-vm:74976kB, anon-rss:2224kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2810.526109][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2810.678472][ T1931] oom_reaper: reaped process 5408 (syz-executor.4), now anon-rss:0kB, file-rss:34752kB, shmem-rss:0kB [ 2810.703271][ T8630] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2810.720251][ T8630] CPU: 1 PID: 8630 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2810.728462][ T8630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2810.738487][ T8630] Call Trace: [ 2810.741778][ T8630] dump_stack+0x10f/0x19d [ 2810.745237][ T5408] syz-executor.4: vmalloc: allocation failure, allocated 2409893888 of 3724722176 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 2810.746080][ T8630] dump_header+0x8e/0x400 [ 2810.766815][ T8630] oom_kill_process+0x18d/0x3f0 [ 2810.771632][ T8630] out_of_memory+0x5bd/0x880 [ 2810.776195][ T8630] ? get_page_from_freelist+0x127/0x3c0 [ 2810.781708][ T8630] __alloc_pages_slowpath+0x742/0x970 [ 2810.787045][ T8630] __alloc_pages_nodemask+0x235/0x390 [ 2810.792383][ T8630] alloc_pages_current+0x21d/0x310 [ 2810.797461][ T8630] __page_cache_alloc+0x4f/0x120 [ 2810.802362][ T8630] pagecache_get_page+0x494/0x8b0 [ 2810.807384][ T8630] ? __do_page_cache_readahead+0x96/0xb0 [ 2810.812979][ T8630] filemap_fault+0xba4/0x11e0 [ 2810.817622][ T8630] ext4_filemap_fault+0x4b/0x60 [ 2810.822438][ T8630] do_read_fault+0x41f/0x730 [ 2810.826996][ T8630] handle_mm_fault+0x135d/0x1930 [ 2810.831908][ T8630] do_user_addr_fault+0x393/0x810 [ 2810.836899][ T8630] exc_page_fault+0xb8/0x330 [ 2810.841456][ T8630] ? asm_exc_page_fault+0x8/0x30 [ 2810.846357][ T8630] asm_exc_page_fault+0x1e/0x30 [ 2810.851174][ T8630] RIP: 0033:0x452f8c [ 2810.855043][ T8630] Code: Bad RIP value. [ 2810.859086][ T8630] RSP: 002b:000000c0001798a0 EFLAGS: 00010206 [ 2810.865114][ T8630] RAX: 0000000000e7d6c0 RBX: 0000000000b31ff0 RCX: 00000000000024e3 [ 2810.873049][ T8630] RDX: 00000000000000dc RSI: 00000000004130d2 RDI: 0000000000000dc0 [ 2810.880986][ T8630] RBP: 000000c0001798b0 R08: 0000000000000001 R09: 0000000000203006 [ 2810.888927][ T8630] R10: 0000000000000004 R11: 0000000000000032 R12: 00000000000000f2 [ 2810.896904][ T8630] R13: 0000000000000000 R14: 0000000000accc3c R15: 0000000000000000 [ 2810.904860][ T5408] CPU: 0 PID: 5408 Comm: syz-executor.4 Not tainted 5.8.0-rc7-syzkaller #0 [ 2810.913457][ T5408] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2810.914041][ T8630] Mem-Info: [ 2810.923477][ T5408] Call Trace: [ 2810.923489][ T5408] dump_stack+0x10f/0x19d [ 2810.923497][ T5408] warn_alloc+0x105/0x160 [ 2810.923509][ T5408] __vmalloc_node_range+0x458/0x530 [ 2810.923522][ T5408] vmalloc_user+0x55/0x60 [ 2810.936499][ T8630] active_anon:227176 inactive_anon:6937 isolated_anon:0 [ 2810.936499][ T8630] active_file:19 inactive_file:20 isolated_file:0 [ 2810.936499][ T8630] unevictable:11 dirty:4 writeback:0 [ 2810.936499][ T8630] slab_reclaimable:7600 slab_unreclaimable:25594 [ 2810.936499][ T8630] mapped:54789 shmem:7146 pagetables:5306 bounce:0 [ 2810.936499][ T8630] free:15842 free_pcp:186 free_cma:0 [ 2810.938466][ T5408] ? vb2_vmalloc_alloc+0x8f/0x120 [ 2810.946838][ T8630] Node 0 active_anon:908700kB inactive_anon:27748kB active_file:68kB inactive_file:84kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219156kB dirty:12kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 628736kB writeback_tmp:0kB all_unreclaimable? yes [ 2810.947923][ T5408] vb2_vmalloc_alloc+0x8f/0x120 [ 2810.995273][ T8630] Node 1 active_anon:4kB inactive_anon:0kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2811.016995][ T5408] ? tsan.module_ctor+0x10/0x10 [ 2811.017004][ T5408] __vb2_queue_alloc+0x4fe/0xaf0 [ 2811.017016][ T5408] vb2_core_create_bufs+0x334/0x570 [ 2811.017027][ T5408] vb2_create_bufs+0x419/0x560 [ 2811.017037][ T5408] vb2_ioctl_create_bufs+0x2b3/0x310 [ 2811.017131][ T5408] v4l_create_bufs+0x15e/0x1b0 [ 2811.031028][ T8630] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2811.047070][ T5408] __video_do_ioctl+0x65b/0x870 [ 2811.047080][ T5408] ? __video_do_ioctl+0x2e1/0x870 [ 2811.047090][ T5408] ? __check_object_size+0x253/0x310 [ 2811.047148][ T5408] video_usercopy+0x6da/0xfc0 [ 2811.047161][ T5408] ? video_ioctl2+0x30/0x30 [ 2811.061755][ T8630] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2811.062048][ T5408] ? putname+0xa5/0xc0 [ 2811.067433][ T8630] Node 0 DMA32 free:22128kB min:39024kB low:47756kB high:56488kB reserved_highatomic:0KB active_anon:592896kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2696kB pagetables:13316kB bounce:0kB free_pcp:308kB local_pcp:60kB free_cma:0kB [ 2811.072024][ T5408] ? do_vfs_ioctl+0x4f1/0xec0 [ 2811.087142][ T8630] lowmem_reserve[]: 0 0 707 707 707 [ 2811.105676][ T5408] video_ioctl2+0x25/0x30 [ 2811.105690][ T5408] ? video_usercopy+0xfc0/0xfc0 [ 2811.118466][ T8630] Node 0 Normal free:3900kB min:10716kB low:12880kB high:15044kB reserved_highatomic:0KB active_anon:315804kB inactive_anon:27748kB active_file:56kB inactive_file:40kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4304kB pagetables:7900kB bounce:0kB free_pcp:400kB local_pcp:152kB free_cma:0kB [ 2811.120736][ T5408] v4l2_ioctl+0xc2/0xd0 [ 2811.127859][ T8630] lowmem_reserve[]: 0 0 0 0 0 [ 2811.129854][ T5408] ? v4l2_poll+0x150/0x150 [ 2811.141876][ T8630] Node 1 Normal free:22972kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2811.170922][ T5408] __se_sys_ioctl+0xc9/0x130 [ 2811.170935][ T5408] __x64_sys_ioctl+0x3f/0x50 [ 2811.183925][ T8630] lowmem_reserve[]: 0 0 0 0 0 [ 2811.185030][ T5408] do_syscall_64+0x51/0xb0 [ 2811.189837][ T8630] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2811.221477][ T5408] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2811.221484][ T5408] RIP: 0033:0x45c369 [ 2811.221500][ T5408] Code: Bad RIP value. [ 2811.221504][ T5408] RSP: 002b:00007fae9a16dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2811.234839][ T8630] Node 0 DMA32: 54*4kB (UME) 865*8kB (ME) 440*16kB (UME) 167*32kB (UM) 41*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22144kB [ 2811.264980][ T5408] RAX: ffffffffffffffda RBX: 0000000000019f40 RCX: 000000000045c369 [ 2811.264985][ T5408] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 2811.264990][ T5408] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2811.264995][ T5408] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2811.265069][ T5408] R13: 00007ffd6fc37fff R14: 00007fae9a16e9c0 R15: 000000000078bf0c [ 2811.273815][ T5408] Mem-Info: [ 2811.279327][ T8630] Node 0 Normal: 569*4kB (UME) 121*8kB (UME) 35*16kB (UME) 4*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 3932kB [ 2811.290637][ T5408] active_anon:227176 inactive_anon:6937 isolated_anon:0 [ 2811.290637][ T5408] active_file:14 inactive_file:12 isolated_file:0 [ 2811.290637][ T5408] unevictable:11 dirty:0 writeback:0 [ 2811.290637][ T5408] slab_reclaimable:7575 slab_unreclaimable:25569 [ 2811.290637][ T5408] mapped:54768 shmem:7146 pagetables:5306 bounce:0 [ 2811.290637][ T5408] free:15827 free_pcp:249 free_cma:0 [ 2811.301565][ T8630] Node 1 Normal: 3*4kB (ME) 4*8kB (UME) 3*16kB (ME) 5*32kB (UME) 3*64kB (ME) 2*128kB (ME) 1*256kB (M) 3*512kB (UM) 4*1024kB (UME) 0*2048kB 4*4096kB (M) = 22972kB [ 2811.311595][ T5408] Node 0 active_anon:908700kB inactive_anon:27748kB active_file:48kB inactive_file:52kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219072kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 628736kB writeback_tmp:0kB all_unreclaimable? yes [ 2811.311715][ T8630] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2811.320103][ T5408] Node 1 active_anon:4kB inactive_anon:0kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2811.320172][ T5408] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2811.338350][ T8630] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2811.350212][ T5408] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2811.360495][ T8630] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2811.375252][ T5408] Node 0 DMA32 free:22128kB min:39024kB low:47756kB high:56488kB reserved_highatomic:0KB active_anon:592896kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2696kB pagetables:13316kB bounce:0kB free_pcp:320kB local_pcp:260kB free_cma:0kB [ 2811.383291][ T8630] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2811.402056][ T5408] lowmem_reserve[]: 0 0 707 707 707 [ 2811.434845][ T8630] 7172 total pagecache pages [ 2811.451378][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2811.478880][ T8630] 0 pages in swap cache [ 2811.491909][ T5408] Node 0 Normal free:3900kB min:10716kB low:12880kB high:15044kB reserved_highatomic:0KB active_anon:315804kB inactive_anon:27748kB active_file:48kB inactive_file:48kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4304kB pagetables:7900kB bounce:0kB free_pcp:428kB local_pcp:276kB free_cma:0kB [ 2811.513645][ T8630] Swap cache stats: add 0, delete 0, find 0/0 [ 2811.538126][ T5408] lowmem_reserve[]: 0 0 0 0 0 [ 2811.550903][ T8630] Free swap = 0kB [ 2811.569390][ T5408] Node 1 Normal free:22972kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 2811.600597][ T8630] Total swap = 0kB [ 2811.609343][ T5408] lowmem_reserve[]: 0 0 0 0 0 [ 2811.624411][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2811.658760][ T8630] 1965979 pages RAM [ 2811.711072][ T5408] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2811.715425][ T8630] 0 pages HighMem/MovableOnly [ 2811.731966][ T5408] Node 0 DMA32: 54*4kB (UME) 865*8kB (ME) 440*16kB (UME) 167*32kB (UM) 41*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22144kB [ 2811.733732][ T8630] 83163 pages reserved [ 2811.733734][ T8630] 0 pages cma reserved [ 2811.733739][ T8630] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=2424,uid=0 [ 2811.742451][ T5408] Node 0 Normal: 569*4kB (UME) 121*8kB (UME) 35*16kB (UME) 4*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 3932kB [ 2811.753079][ T8630] Out of memory: Killed process 2424 (syz-executor.0) total-vm:74976kB, anon-rss:2224kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2811.766695][ T8630] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2811.788065][ T5408] Node 1 Normal: 3*4kB (ME) 4*8kB (UME) 3*16kB (ME) 5*32kB (UME) 3*64kB (ME) 2*128kB (ME) 1*256kB (M) 3*512kB (UM) 4*1024kB (UME) 0*2048kB 4*4096kB (M) = 22972kB [ 2811.790790][ T8630] CPU: 0 PID: 8630 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2811.818722][ T5408] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2811.832195][ T8630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2811.832198][ T8630] Call Trace: [ 2811.832211][ T8630] dump_stack+0x10f/0x19d [ 2811.832221][ T8630] dump_header+0x8e/0x400 [ 2811.832234][ T8630] oom_kill_process+0x18d/0x3f0 [ 2811.852178][ T5408] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2811.859971][ T8630] out_of_memory+0x5bd/0x880 [ 2811.859980][ T8630] ? get_page_from_freelist+0x127/0x3c0 [ 2811.859988][ T8630] __alloc_pages_slowpath+0x742/0x970 [ 2811.860000][ T8630] __alloc_pages_nodemask+0x235/0x390 [ 2811.874553][ T5408] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2811.876645][ T8630] alloc_pages_current+0x21d/0x310 [ 2811.898343][ T5408] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2811.901284][ T8630] __page_cache_alloc+0x4f/0x120 [ 2811.911757][ T5408] 7172 total pagecache pages [ 2811.916119][ T8630] pagecache_get_page+0x494/0x8b0 [ 2811.916128][ T8630] ? __do_page_cache_readahead+0x96/0xb0 [ 2811.916136][ T8630] filemap_fault+0xba4/0x11e0 [ 2811.916178][ T8630] ext4_filemap_fault+0x4b/0x60 [ 2811.931038][ T5408] 0 pages in swap cache [ 2811.935375][ T8630] do_read_fault+0x41f/0x730 [ 2811.935386][ T8630] handle_mm_fault+0x135d/0x1930 [ 2811.935473][ T8630] do_user_addr_fault+0x393/0x810 [ 2811.952255][ T5408] Swap cache stats: add 0, delete 0, find 0/0 [ 2811.955211][ T8630] exc_page_fault+0xb8/0x330 [ 2811.955222][ T8630] ? asm_exc_page_fault+0x8/0x30 [ 2811.955237][ T8630] asm_exc_page_fault+0x1e/0x30 [ 2811.960583][ T5408] Free swap = 0kB [ 2811.964228][ T8630] RIP: 0033:0x452f8c [ 2811.964245][ T8630] Code: Bad RIP value. [ 2811.964250][ T8630] RSP: 002b:000000c0001798a0 EFLAGS: 00010206 [ 2811.964256][ T8630] RAX: 0000000000e7d6c0 RBX: 0000000000b31ff0 RCX: 00000000000024e3 [ 2811.964265][ T8630] RDX: 00000000000000dc RSI: 00000000004130d2 RDI: 0000000000000dc0 [ 2811.982444][ T5408] Total swap = 0kB [ 2811.984729][ T8630] RBP: 000000c0001798b0 R08: 0000000000000001 R09: 0000000000203006 [ 2811.984735][ T8630] R10: 0000000000000004 R11: 0000000000000032 R12: 00000000000000f2 [ 2811.984740][ T8630] R13: 0000000000000000 R14: 0000000000accc3c R15: 0000000000000000 [ 2812.001754][ T8630] Mem-Info: [ 2812.016258][ T5408] 1965979 pages RAM [ 2812.016724][ T8630] active_anon:226638 inactive_anon:6937 isolated_anon:0 [ 2812.016724][ T8630] active_file:14 inactive_file:12 isolated_file:0 [ 2812.016724][ T8630] unevictable:11 dirty:0 writeback:0 [ 2812.016724][ T8630] slab_reclaimable:7575 slab_unreclaimable:25569 [ 2812.016724][ T8630] mapped:54768 shmem:7146 pagetables:5269 bounce:0 [ 2812.016724][ T8630] free:16600 free_pcp:2 free_cma:0 [ 2812.039314][ T5408] 0 pages HighMem/MovableOnly [ 2812.046016][ T8630] Node 0 active_anon:906548kB inactive_anon:27748kB active_file:48kB inactive_file:52kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219072kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 628736kB writeback_tmp:0kB all_unreclaimable? yes [ 2812.063498][ T5408] 83163 pages reserved [ 2812.068343][ T8630] Node 1 active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2812.109251][ T5408] 0 pages cma reserved [ 2812.147558][ T8630] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2812.222770][ T8630] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2812.231507][ T8630] Node 0 DMA32 free:24512kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:590848kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2696kB pagetables:13168kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 2812.262985][ T8630] lowmem_reserve[]: 0 0 707 707 707 [ 2812.268343][ T8630] Node 0 Normal free:4496kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:315736kB inactive_anon:27748kB active_file:128kB inactive_file:0kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4304kB pagetables:7900kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2812.300300][ T8630] lowmem_reserve[]: 0 0 0 0 0 [ 2812.305920][ T8630] Node 1 Normal free:422892kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:2408kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:2840kB local_pcp:1332kB free_cma:0kB [ 2812.337507][ T8630] lowmem_reserve[]: 0 0 0 0 0 [ 2812.351798][ T8630] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2812.368753][ T8630] Node 0 DMA32: 96*4kB (UME) 900*8kB (UME) 440*16kB (UME) 166*32kB (UM) 41*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 24608kB [ 2812.389432][ T8630] Node 0 Normal: 654*4kB (UME) 125*8kB (UME) 37*16kB (UME) 8*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4464kB [ 2812.403730][ T8630] Node 1 Normal: 5*4kB (UME) 5*8kB (UE) 4*16kB (UME) 6*32kB (UME) 7*64kB (UME) 2*128kB (UE) 2*256kB (U) 5*512kB (UM) 4*1024kB (UME) 2*2048kB (UM) 226*4096kB (UM) = 937980kB [ 2812.421044][ T8630] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2812.431069][ T8630] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2812.440873][ T8630] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2812.450894][ T8630] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2812.461040][ T8630] 8170 total pagecache pages [ 2812.466031][ T8630] 0 pages in swap cache [ 2812.482737][ T8630] Swap cache stats: add 0, delete 0, find 0/0 [ 2812.488784][ T8630] Free swap = 0kB [ 2812.492483][ T8630] Total swap = 0kB [ 2812.512743][ T8630] 1965979 pages RAM [ 2812.516570][ T8630] 0 pages HighMem/MovableOnly [ 2812.521219][ T8630] 83163 pages reserved [ 2812.525531][ T8630] 0 pages cma reserved [ 2812.542806][ T8630] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=19625,uid=0 [ 2812.572748][ T8630] Out of memory: Killed process 19625 (syz-executor.1) total-vm:75108kB, anon-rss:2228kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2812.683006][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:01:25 executing program 1: 07:01:25 executing program 5: 07:01:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r5 = dup(r4) syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:25 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) r1 = socket$unix(0x1, 0x2, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$packet(0x11, 0x0, 0x300) r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r5 = socket$can_raw(0x1d, 0x3, 0x1) dup2(r4, r5) sendfile(r5, r3, 0x0, 0x4000000000dd) 07:01:25 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:01:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:01:25 executing program 1: 07:01:25 executing program 1: 07:01:25 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x0, 0x2, 0x10000000000002) connect$rxrpc(r0, &(0x7f0000000140)=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @mcast1}}, 0x24) sendmmsg(0xffffffffffffffff, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[{0x18, 0x110, 0x1, "cc"}], 0x18}}], 0x1, 0x0) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100)='NLBL_UNLBL\x00') sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, 0x0, 0x40000) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r0, 0x0, 0x8000) setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x0, 0x0, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_LISTEN(r1, &(0x7f0000000140)={0x7, 0x8, 0xfa00, {r2}}, 0x10) write$RDMA_USER_CM_CMD_DESTROY_ID(r1, &(0x7f00000000c0)={0x1, 0x10, 0xfa00, {&(0x7f0000000040), r2}}, 0x18) 07:01:25 executing program 5: clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) fcntl$setstatus(r0, 0x4, 0x6100) syz_init_net_socket$llc(0x1a, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$cgroup_type(r0, &(0x7f0000000200)='threaded\x00', 0x175d900f) 07:01:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r2, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r2, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:25 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r2, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2813.724035][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2814.522915][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2814.762939][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2815.802573][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:01:28 executing program 5: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$nl_netfilter(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)={0x14, 0x0, 0x6, 0x201}, 0x14}}, 0x0) 07:01:28 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2816.842597][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2817.564155][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2817.685489][ T1931] oom_reaper: reaped process 5441 (syz-executor.4), now anon-rss:0kB, file-rss:34752kB, shmem-rss:0kB [ 2817.718735][ T8626] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2817.743358][ T8626] CPU: 0 PID: 8626 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2817.751573][ T8626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2817.761602][ T8626] Call Trace: [ 2817.764958][ T8626] dump_stack+0x10f/0x19d [ 2817.769312][ T8626] dump_header+0x8e/0x400 [ 2817.773640][ T8626] oom_kill_process+0x18d/0x3f0 [ 2817.778465][ T8626] out_of_memory+0x5bd/0x880 [ 2817.783023][ T8626] ? get_page_from_freelist+0x127/0x3c0 [ 2817.788539][ T8626] __alloc_pages_slowpath+0x742/0x970 [ 2817.793885][ T8626] __alloc_pages_nodemask+0x235/0x390 [ 2817.799298][ T8626] alloc_pages_current+0x21d/0x310 [ 2817.804381][ T8626] __page_cache_alloc+0x4f/0x120 [ 2817.809286][ T8626] pagecache_get_page+0x494/0x8b0 [ 2817.814356][ T8626] ? __do_page_cache_readahead+0x96/0xb0 [ 2817.820035][ T8626] filemap_fault+0xba4/0x11e0 [ 2817.824679][ T8626] ext4_filemap_fault+0x4b/0x60 [ 2817.829495][ T8626] do_read_fault+0x41f/0x730 [ 2817.834054][ T8626] handle_mm_fault+0x135d/0x1930 [ 2817.839029][ T8626] do_user_addr_fault+0x393/0x810 [ 2817.844025][ T8626] exc_page_fault+0xb8/0x330 [ 2817.848581][ T8626] ? asm_exc_page_fault+0x8/0x30 [ 2817.853483][ T8626] asm_exc_page_fault+0x1e/0x30 [ 2817.858296][ T8626] RIP: 0033:0x468a8d [ 2817.862197][ T8626] Code: Bad RIP value. [ 2817.866283][ T8626] RSP: 002b:000000c00004df18 EFLAGS: 00010202 [ 2817.872322][ T8626] RAX: 0000000000000000 RBX: 0000000000004e20 RCX: 0000000000468a8d [ 2817.880260][ T8626] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000c00004df18 [ 2817.888200][ T8626] RBP: 000000c00004df28 R08: 00000000003c81eb R09: 00007ffebadc4080 [ 2817.896136][ T8626] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000439470 [ 2817.904086][ T8626] R13: 0000000000000000 R14: 0000000000accd54 R15: 0000000000000000 [ 2817.912468][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2817.922924][ T8626] Mem-Info: [ 2817.926034][ T8626] active_anon:227450 inactive_anon:6938 isolated_anon:0 [ 2817.926034][ T8626] active_file:28 inactive_file:8 isolated_file:0 [ 2817.926034][ T8626] unevictable:11 dirty:0 writeback:0 [ 2817.926034][ T8626] slab_reclaimable:7557 slab_unreclaimable:25692 [ 2817.926034][ T8626] mapped:54853 shmem:7147 pagetables:5309 bounce:0 [ 2817.926034][ T8626] free:15857 free_pcp:247 free_cma:0 [ 2817.963729][ T8626] Node 0 active_anon:909468kB inactive_anon:27752kB active_file:104kB inactive_file:28kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219412kB dirty:0kB writeback:0kB shmem:28588kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 630784kB writeback_tmp:0kB all_unreclaimable? yes 07:01:29 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) [ 2817.995520][ T8626] Node 1 active_anon:332kB inactive_anon:0kB active_file:8kB inactive_file:5104kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:2800kB dirty:0kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2818.030725][ T8626] Node 0 DMA free:14324kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2818.064656][ T8626] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2818.071670][ T8626] Node 0 DMA32 free:20612kB min:36976kB low:45708kB high:54440kB reserved_highatomic:0KB active_anon:593940kB inactive_anon:16kB active_file:20kB inactive_file:4kB unevictable:0kB writepending:16kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2664kB pagetables:13124kB bounce:0kB free_pcp:256kB local_pcp:0kB free_cma:0kB [ 2818.107519][ T8626] lowmem_reserve[]: 0 0 707 707 707 [ 2818.114500][ T8626] Node 0 Normal free:5380kB min:12764kB low:14928kB high:17092kB reserved_highatomic:0KB active_anon:315444kB inactive_anon:27736kB active_file:28kB inactive_file:44kB unevictable:44kB writepending:20kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4320kB pagetables:8000kB bounce:0kB free_pcp:708kB local_pcp:244kB free_cma:0kB [ 2818.148533][ T8626] lowmem_reserve[]: 0 0 0 0 0 [ 2818.153550][ T8626] Node 1 Normal free:494036kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:564kB inactive_anon:0kB active_file:616kB inactive_file:11316kB unevictable:0kB writepending:28kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:52kB pagetables:248kB bounce:0kB free_pcp:1628kB local_pcp:368kB free_cma:0kB [ 2818.185377][ T8626] lowmem_reserve[]: 0 0 0 0 0 [ 2818.190217][ T8626] Node 0 DMA: 1*4kB (U) 0*8kB 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14324kB [ 2818.206107][ T8626] Node 0 DMA32: 75*4kB (UME) 715*8kB (UME) 428*16kB (UME) 162*32kB (UM) 40*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20612kB [ 2818.220914][ T8626] Node 0 Normal: 723*4kB (UME) 159*8kB (ME) 52*16kB (UME) 12*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5380kB [ 2818.235427][ T8626] Node 1 Normal: 7*4kB (UME) 7*8kB (UE) 7*16kB (UE) 12*32kB (UME) 14*64kB (UME) 17*128kB (UE) 17*256kB (UM) 13*512kB (UM) 12*1024kB (UE) 12*2048kB (UM) 189*4096kB (UM) = 825668kB [ 2818.255537][ T8626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2818.265102][ T8626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2818.274404][ T8626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2818.284030][ T8626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2818.293586][ T8626] 10419 total pagecache pages [ 2818.298802][ T8626] 0 pages in swap cache [ 2818.303401][ T8626] Swap cache stats: add 0, delete 0, find 0/0 [ 2818.309492][ T8626] Free swap = 0kB [ 2818.313224][ T8626] Total swap = 0kB [ 2818.316938][ T8626] 1965979 pages RAM [ 2818.320736][ T8626] 0 pages HighMem/MovableOnly [ 2818.325420][ T8626] 83163 pages reserved [ 2818.329482][ T8626] 0 pages cma reserved [ 2818.333568][ T8626] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.5,pid=5470,uid=0 [ 2818.347835][ T8626] Out of memory: Killed process 5470 (syz-executor.5) total-vm:74976kB, anon-rss:5068kB, file-rss:34816kB, shmem-rss:4kB, UID:0 pgtables:144kB oom_score_adj:1000 [ 2818.922567][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2819.002323][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:01:30 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) r1 = socket$unix(0x1, 0x2, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$packet(0x11, 0x0, 0x300) r3 = syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r5 = socket$can_raw(0x1d, 0x3, 0x1) dup2(r4, r5) sendfile(r5, r3, 0x0, 0x4000000000dd) 07:01:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46802) io_submit(0x0, 0x0, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040)={0x1f}) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0xaeb7, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000080)=0x3) ioctl$KVM_SET_CPUID(r2, 0xae80, 0x0) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00", @ANYRES16=0x0, @ANYBLOB="010000638924bdd6239276000000080003804326289af01697", @ANYBLOB], 0x1c}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) 07:01:30 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:01:30 executing program 1: openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) r0 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) ioctl$int_in(r0, 0x800000c004500a, &(0x7f0000000300)) socket(0x10, 0x803, 0x0) epoll_create1(0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r1, &(0x7f00000000c0)={0x28, 0x0, 0x0, @local}, 0x10) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0) 07:01:30 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x46802) io_submit(0x0, 0x0, 0x0) ioctl$KVM_CREATE_PIT2(0xffffffffffffffff, 0x4040ae77, &(0x7f0000000040)={0x1f}) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_LAPIC(r2, 0xaeb7, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000080)=0x3) ioctl$KVM_SET_CPUID(r2, 0xae80, 0x0) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00", @ANYRES16=0x0, @ANYBLOB="010000638924bdd6239276000000080003804326289af01697", @ANYBLOB], 0x1c}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) 07:01:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r2, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:31 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r5 = dup(r4) syz_kvm_setup_cpu$x86(r5, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2819.462199][ T9218] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 2819.742119][ T9218] usb 4-1: Using ep0 maxpacket: 8 [ 2819.882146][ T9218] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2819.962231][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2820.082125][ T9218] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2820.091252][ T9218] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2820.112088][ T9218] usb 4-1: Product: syz [ 2820.116317][ T9218] usb 4-1: Manufacturer: syz [ 2820.120870][ T9218] usb 4-1: SerialNumber: syz [ 2820.602160][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2821.002468][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:01:32 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:01:32 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r2, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2821.252009][ T9218] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2821.259927][ T9218] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2821.278443][ T9218] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2821.463972][ T9218] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2821.491043][ T9218] usb 4-1: USB disconnect, device number 57 [ 2821.504062][ T9218] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 2822.042039][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2822.616953][ T1931] oom_reaper: reaped process 5493 (syz-executor.4), now anon-rss:0kB, file-rss:34756kB, shmem-rss:0kB [ 2822.635601][ T8250] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2822.648519][ T8250] CPU: 0 PID: 8250 Comm: in:imklog Not tainted 5.8.0-rc7-syzkaller #0 [ 2822.656670][ T8250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2822.666703][ T8250] Call Trace: [ 2822.669966][ T8250] dump_stack+0x10f/0x19d [ 2822.674277][ T8250] dump_header+0x8e/0x400 [ 2822.678585][ T8250] oom_kill_process+0x18d/0x3f0 [ 2822.683401][ T8250] out_of_memory+0x5bd/0x880 [ 2822.688116][ T8250] ? get_page_from_freelist+0x127/0x3c0 [ 2822.693630][ T8250] __alloc_pages_slowpath+0x742/0x970 [ 2822.693744][ T5493] warn_alloc: 1 callbacks suppressed [ 2822.693761][ T5493] syz-executor.4: vmalloc: allocation failure, allocated 2408730624 of 3724722176 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 2822.698979][ T8250] __alloc_pages_nodemask+0x235/0x390 [ 2822.726149][ T8250] alloc_pages_current+0x21d/0x310 [ 2822.731236][ T8250] __page_cache_alloc+0x4f/0x120 [ 2822.736145][ T8250] pagecache_get_page+0x494/0x8b0 [ 2822.741132][ T8250] ? __do_page_cache_readahead+0x96/0xb0 [ 2822.746726][ T8250] filemap_fault+0xba4/0x11e0 [ 2822.751382][ T8250] ext4_filemap_fault+0x4b/0x60 [ 2822.756201][ T8250] do_read_fault+0x41f/0x730 [ 2822.760792][ T8250] handle_mm_fault+0x135d/0x1930 [ 2822.765697][ T8250] do_user_addr_fault+0x393/0x810 [ 2822.770686][ T8250] exc_page_fault+0xb8/0x330 [ 2822.775242][ T8250] ? asm_exc_page_fault+0x8/0x30 [ 2822.780152][ T8250] asm_exc_page_fault+0x1e/0x30 [ 2822.784967][ T8250] RIP: 0033:0x7f2a5ebe922d [ 2822.789356][ T8250] Code: Bad RIP value. [ 2822.793471][ T8250] RSP: 002b:00007f2a5c585580 EFLAGS: 00010293 [ 2822.799503][ T8250] RAX: 000000000000007e RBX: 0000000000000000 RCX: 00007f2a5ebe922d [ 2822.807507][ T8250] RDX: 0000000000001fa0 RSI: 00007f2a5c585da0 RDI: 0000000000000004 [ 2822.815444][ T8250] RBP: 000055653d0f99d0 R08: 0000000000000000 R09: 0000000004000001 [ 2822.823379][ T8250] R10: 0000000000000001 R11: 0000000000000293 R12: 00007f2a5c585da0 [ 2822.831315][ T8250] R13: 0000000000001fa0 R14: 0000000000001f9f R15: 00007f2a5c585dfd [ 2822.839263][ T5493] CPU: 1 PID: 5493 Comm: syz-executor.4 Not tainted 5.8.0-rc7-syzkaller #0 [ 2822.843947][ T8250] Mem-Info: [ 2822.847822][ T5493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2822.850913][ T8250] active_anon:226890 inactive_anon:6938 isolated_anon:0 [ 2822.850913][ T8250] active_file:29 inactive_file:26 isolated_file:0 [ 2822.850913][ T8250] unevictable:11 dirty:40 writeback:0 [ 2822.850913][ T8250] slab_reclaimable:7557 slab_unreclaimable:25720 [ 2822.850913][ T8250] mapped:54889 shmem:7149 pagetables:5327 bounce:0 [ 2822.850913][ T8250] free:16184 free_pcp:186 free_cma:0 [ 2822.860932][ T5493] Call Trace: [ 2822.860942][ T5493] dump_stack+0x10f/0x19d [ 2822.860955][ T5493] warn_alloc+0x105/0x160 [ 2822.897374][ T8250] Node 0 active_anon:906444kB inactive_anon:27736kB active_file:8kB inactive_file:56kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219540kB dirty:88kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 628736kB writeback_tmp:0kB all_unreclaimable? yes [ 2822.900613][ T5493] __vmalloc_node_range+0x458/0x530 [ 2822.904989][ T8250] Node 1 active_anon:1116kB inactive_anon:16kB active_file:108kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:72kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2822.909194][ T5493] vmalloc_user+0x55/0x60 [ 2822.936671][ T8250] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2822.941817][ T5493] ? vb2_vmalloc_alloc+0x8f/0x120 [ 2822.941897][ T5493] vb2_vmalloc_alloc+0x8f/0x120 [ 2822.967982][ T8250] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2822.972278][ T5493] ? tsan.module_ctor+0x10/0x10 [ 2822.972291][ T5493] __vb2_queue_alloc+0x4fe/0xaf0 [ 2823.001233][ T8250] Node 0 DMA32 free:21876kB min:39024kB low:47756kB high:56488kB reserved_highatomic:0KB active_anon:590992kB inactive_anon:4kB active_file:20kB inactive_file:8kB unevictable:0kB writepending:20kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2664kB pagetables:13108kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2823.006218][ T5493] vb2_core_create_bufs+0x334/0x570 [ 2823.006274][ T5493] vb2_create_bufs+0x419/0x560 [ 2823.011088][ T8250] lowmem_reserve[]: 0 0 707 707 707 [ 2823.016772][ T5493] vb2_ioctl_create_bufs+0x2b3/0x310 [ 2823.016786][ T5493] v4l_create_bufs+0x15e/0x1b0 [ 2823.021591][ T8250] Node 0 Normal free:5828kB min:12764kB low:14928kB high:17092kB reserved_highatomic:0KB active_anon:315452kB inactive_anon:27732kB active_file:36kB inactive_file:24kB unevictable:44kB writepending:168kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4288kB pagetables:7904kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2823.026494][ T5493] __video_do_ioctl+0x65b/0x870 [ 2823.026509][ T5493] ? __video_do_ioctl+0x2e1/0x870 [ 2823.065242][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2823.067787][ T5493] ? __check_object_size+0x253/0x310 [ 2823.072944][ T8250] Node 1 Normal free:22724kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:1116kB inactive_anon:16kB active_file:48kB inactive_file:28kB unevictable:0kB writepending:172kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:88kB pagetables:296kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2823.078191][ T5493] video_usercopy+0x6da/0xfc0 [ 2823.082911][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2823.114547][ T5493] ? video_ioctl2+0x30/0x30 [ 2823.114633][ T5493] ? putname+0xa5/0xc0 [ 2823.119438][ T8250] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2823.124426][ T5493] ? do_vfs_ioctl+0x4f1/0xec0 [ 2823.124434][ T5493] video_ioctl2+0x25/0x30 [ 2823.124497][ T5493] ? video_usercopy+0xfc0/0xfc0 [ 2823.124505][ T5493] v4l2_ioctl+0xc2/0xd0 [ 2823.124517][ T5493] ? v4l2_poll+0x150/0x150 [ 2823.129146][ T8250] Node 0 DMA32: 71*4kB (ME) 825*8kB (UME) 434*16kB (UME) 170*32kB (UM) 41*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 21892kB [ 2823.134394][ T5493] __se_sys_ioctl+0xc9/0x130 [ 2823.134457][ T5493] __x64_sys_ioctl+0x3f/0x50 [ 2823.165515][ T8250] Node 0 Normal: 713*4kB (UME) 188*8kB (UME) 52*16kB (UME) 16*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5700kB [ 2823.170157][ T5493] do_syscall_64+0x51/0xb0 [ 2823.174798][ T8250] Node 1 Normal: 76*4kB (UME) 70*8kB (UME) 52*16kB (ME) 52*32kB (UME) 25*64kB (ME) 23*128kB (ME) 9*256kB (UM) 7*512kB (UM) 3*1024kB (ME) 1*2048kB (U) 1*4096kB (M) = 23008kB [ 2823.179273][ T5493] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2823.183304][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2823.197916][ T5493] RIP: 0033:0x45c369 [ 2823.197931][ T5493] Code: Bad RIP value. [ 2823.202584][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2823.206866][ T5493] RSP: 002b:00007fae9a16dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2823.211680][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2823.215799][ T5493] RAX: ffffffffffffffda RBX: 0000000000019f40 RCX: 000000000045c369 [ 2823.215804][ T5493] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 2823.215836][ T5493] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2823.220275][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2823.234886][ T5493] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2823.234891][ T5493] R13: 00007ffd6fc37fff R14: 00007fae9a16e9c0 R15: 000000000078bf0c [ 2823.238307][ T5493] Mem-Info: [ 2823.239502][ T8250] 7202 total pagecache pages [ 2823.244183][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2823.267894][ T5493] active_anon:226909 inactive_anon:6938 isolated_anon:0 [ 2823.267894][ T5493] active_file:17 inactive_file:17 isolated_file:0 [ 2823.267894][ T5493] unevictable:11 dirty:0 writeback:0 [ 2823.267894][ T5493] slab_reclaimable:7557 slab_unreclaimable:25725 [ 2823.267894][ T5493] mapped:54856 shmem:7149 pagetables:5344 bounce:0 [ 2823.267894][ T5493] free:16227 free_pcp:186 free_cma:0 [ 2823.333356][ T8250] 0 pages in swap cache [ 2823.338430][ T5493] Node 0 active_anon:906420kB inactive_anon:27736kB active_file:28kB inactive_file:32kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219424kB dirty:0kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 626688kB writeback_tmp:0kB all_unreclaimable? yes [ 2823.356924][ T8250] Swap cache stats: add 0, delete 0, find 0/0 [ 2823.363474][ T5493] Node 1 active_anon:1216kB inactive_anon:16kB active_file:40kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2823.363481][ T5493] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2823.379839][ T8250] Free swap = 0kB [ 2823.383996][ T5493] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2823.387039][ T8250] Total swap = 0kB [ 2823.395076][ T5493] Node 0 DMA32 free:21892kB min:39024kB low:47756kB high:56488kB reserved_highatomic:0KB active_anon:590992kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2664kB pagetables:13108kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2823.395097][ T5493] lowmem_reserve[]: 0 0 707 707 707 [ 2823.433524][ T8250] 1965979 pages RAM [ 2823.444359][ T5493] Node 0 Normal free:5700kB min:12764kB low:14928kB high:17092kB reserved_highatomic:0KB active_anon:315428kB inactive_anon:27732kB active_file:28kB inactive_file:32kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4288kB pagetables:7936kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2823.465145][ T8250] 0 pages HighMem/MovableOnly [ 2823.478134][ T5493] lowmem_reserve[]: 0 0 0 0 0 [ 2823.497219][ T8250] 83163 pages reserved [ 2823.526866][ T5493] Node 1 Normal free:23008kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:1216kB inactive_anon:16kB active_file:40kB inactive_file:36kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:88kB pagetables:332kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2823.536966][ T8250] 0 pages cma reserved [ 2823.537554][ T5493] lowmem_reserve[]: 0 0 0 0 0 [ 2823.577683][ T8250] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=18268,uid=0 [ 2823.612515][ T5493] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2823.622902][ T8250] Out of memory: Killed process 18268 (syz-executor.1) total-vm:75108kB, anon-rss:2228kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2823.709781][ T5493] Node 0 DMA32: 71*4kB (ME) 825*8kB (UME) 434*16kB (UME) 170*32kB (UM) 41*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 21892kB [ 2823.724619][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2823.733012][ T1931] oom_reaper: reaped process 18268 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2823.747628][ T8647] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2823.756505][ T5493] Node 0 Normal: 713*4kB (UME) 188*8kB (UME) 52*16kB (UME) 16*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5700kB [ 2823.760005][ T8647] CPU: 1 PID: 8647 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2823.772437][ T5493] Node 1 Normal: 81*4kB (UME) 69*8kB (UME) 52*16kB (ME) 52*32kB (UME) 26*64kB (ME) 23*128kB (ME) 8*256kB (M) 6*512kB (M) 4*1024kB (UME) 1*2048kB (U) 1*4096kB (M) = 23340kB [ 2823.780592][ T8647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2823.797571][ T5493] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2823.807635][ T8647] Call Trace: [ 2823.817102][ T5493] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2823.820353][ T8647] dump_stack+0x10f/0x19d [ 2823.829592][ T5493] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2823.833885][ T8647] dump_header+0x8e/0x400 [ 2823.833899][ T8647] oom_kill_process+0x18d/0x3f0 [ 2823.843457][ T5493] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2823.847696][ T8647] out_of_memory+0x5bd/0x880 [ 2823.852504][ T5493] 7208 total pagecache pages [ 2823.861740][ T8647] ? get_page_from_freelist+0x127/0x3c0 [ 2823.861747][ T8647] __alloc_pages_slowpath+0x742/0x970 [ 2823.861825][ T8647] __alloc_pages_nodemask+0x235/0x390 [ 2823.861839][ T8647] alloc_pages_current+0x21d/0x310 [ 2823.866383][ T5493] 0 pages in swap cache [ 2823.870947][ T8647] __page_cache_alloc+0x4f/0x120 [ 2823.876534][ T5493] Swap cache stats: add 0, delete 0, find 0/0 [ 2823.881786][ T8647] pagecache_get_page+0x494/0x8b0 [ 2823.881797][ T8647] ? __do_page_cache_readahead+0x96/0xb0 [ 2823.887125][ T5493] Free swap = 0kB [ 2823.892197][ T8647] filemap_fault+0xba4/0x11e0 [ 2823.892211][ T8647] ext4_filemap_fault+0x4b/0x60 [ 2823.896321][ T5493] Total swap = 0kB [ 2823.901231][ T8647] do_read_fault+0x41f/0x730 [ 2823.907274][ T5493] 1965979 pages RAM [ 2823.912360][ T8647] handle_mm_fault+0x135d/0x1930 [ 2823.912376][ T8647] do_user_addr_fault+0x393/0x810 [ 2823.917961][ T5493] 0 pages HighMem/MovableOnly [ 2823.921653][ T8647] exc_page_fault+0xb8/0x330 [ 2823.926294][ T5493] 83163 pages reserved [ 2823.931157][ T8647] ? asm_exc_page_fault+0x8/0x30 [ 2823.934788][ T5493] 0 pages cma reserved [ 2823.939342][ T8647] asm_exc_page_fault+0x1e/0x30 [ 2823.979990][ T8647] RIP: 0033:0x469240 [ 2823.983881][ T8647] Code: Bad RIP value. [ 2823.987913][ T8647] RSP: 002b:000000c0004ab7f0 EFLAGS: 00010246 [ 2823.993941][ T8647] RAX: 0000000000000000 RBX: 00000000000003e7 RCX: 0000000000469240 [ 2824.001878][ T8647] RDX: 0000000000000080 RSI: 000000c0004ab840 RDI: 0000000000000003 [ 2824.009869][ T8647] RBP: 000000c0004abe40 R08: 0000000000000000 R09: 0000000000000000 [ 2824.017805][ T8647] R10: 00000000000003e7 R11: 0000000000000246 R12: 0000000000000003 [ 2824.025743][ T8647] R13: 000000c000157500 R14: 0000000000000001 R15: ffffffffffffffff [ 2824.151864][ T8647] Mem-Info: [ 2824.154988][ T8647] active_anon:225853 inactive_anon:6938 isolated_anon:0 [ 2824.154988][ T8647] active_file:117 inactive_file:1367 isolated_file:0 [ 2824.154988][ T8647] unevictable:11 dirty:0 writeback:0 [ 2824.154988][ T8647] slab_reclaimable:7557 slab_unreclaimable:25725 [ 2824.154988][ T8647] mapped:55931 shmem:7149 pagetables:5307 bounce:0 [ 2824.154988][ T8647] free:155087 free_pcp:411 free_cma:0 [ 2824.193935][ T8647] Node 0 active_anon:902196kB inactive_anon:27736kB active_file:28kB inactive_file:32kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219424kB dirty:0kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 626688kB writeback_tmp:0kB all_unreclaimable? yes [ 2824.221915][ T8647] Node 1 active_anon:1216kB inactive_anon:16kB active_file:440kB inactive_file:5436kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:4400kB dirty:0kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? no [ 2824.248785][ T8647] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2824.278207][ T8647] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2824.284601][ T8647] Node 0 DMA32 free:26184kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:586896kB inactive_anon:4kB active_file:100kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2664kB pagetables:12960kB bounce:0kB free_pcp:124kB local_pcp:124kB free_cma:0kB [ 2824.316299][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2824.353273][ T8647] lowmem_reserve[]: 0 0 707 707 707 [ 2824.358590][ T8647] Node 0 Normal free:5972kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:315360kB inactive_anon:27732kB active_file:28kB inactive_file:32kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4288kB pagetables:7936kB bounce:0kB free_pcp:72kB local_pcp:56kB free_cma:0kB [ 2824.393221][ T8647] lowmem_reserve[]: 0 0 0 0 0 [ 2824.398043][ T8647] Node 1 Normal free:1881796kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:1216kB inactive_anon:16kB active_file:408kB inactive_file:5612kB unevictable:0kB writepending:156kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:88kB pagetables:332kB bounce:0kB free_pcp:1744kB local_pcp:332kB free_cma:0kB [ 2824.432306][ T8647] lowmem_reserve[]: 0 0 0 0 0 [ 2824.437313][ T8647] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2824.454499][ T8647] Node 0 DMA32: 81*4kB (UME) 849*8kB (UME) 433*16kB (UME) 171*32kB (UM) 41*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 2*2048kB (M) 0*4096kB = 26236kB [ 2824.470375][ T8647] Node 0 Normal: 991*4kB (UME) 202*8kB (UME) 56*16kB (UME) 20*32kB (UM) 3*64kB (U) 2*128kB (U) 0*256kB 1*512kB (U) 1*1024kB (U) 0*2048kB 0*4096kB = 9100kB [ 2824.488291][ T8647] Node 1 Normal: 44*4kB (UE) 29*8kB (UE) 24*16kB (UME) 21*32kB (UE) 18*64kB (UE) 26*128kB (UME) 20*256kB (UM) 20*512kB (UM) 16*1024kB (UME) 13*2048kB (U) 553*4096kB (UM) = 2329400kB [ 2824.509583][ T8647] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2824.520874][ T8647] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2824.533846][ T8647] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2824.544960][ T8647] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2824.555159][ T8647] 9083 total pagecache pages [ 2824.560746][ T8647] 0 pages in swap cache [ 2824.566973][ T8647] Swap cache stats: add 0, delete 0, find 0/0 [ 2824.576487][ T8647] Free swap = 0kB [ 2824.580237][ T8647] Total swap = 0kB [ 2824.585231][ T8647] 1965979 pages RAM [ 2824.589053][ T8647] 0 pages HighMem/MovableOnly [ 2824.594552][ T8647] 83163 pages reserved [ 2824.598646][ T8647] 0 pages cma reserved [ 2824.604171][ T8647] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=17709,uid=0 [ 2824.619543][ T8647] Out of memory: Killed process 17709 (syz-executor.1) total-vm:75108kB, anon-rss:2228kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2824.639230][ T1931] oom_reaper: reaped process 17709 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 07:01:36 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r5 = dup(r4) syz_kvm_setup_cpu$x86(r5, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:36 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000004c0), 0x0, 0x0, 0x0}) 07:01:36 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) r1 = socket$unix(0x1, 0x2, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$packet(0x11, 0x0, 0x300) syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r4 = socket$can_raw(0x1d, 0x3, 0x1) dup2(r3, r4) 07:01:36 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:01:36 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r2, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:36 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:01:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r2, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r5 = dup(r4) syz_kvm_setup_cpu$x86(r5, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2825.321750][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:01:37 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r5 = dup(r4) syz_kvm_setup_cpu$x86(r5, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r2, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r2, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:37 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r5 = dup(r4) syz_kvm_setup_cpu$x86(r5, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2825.471719][ T2853] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 2825.721619][ T2853] usb 4-1: Using ep0 maxpacket: 8 [ 2825.841859][ T2853] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 07:01:37 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) [ 2826.011857][ T2853] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2826.021025][ T2853] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2826.031890][ T2853] usb 4-1: Product: syz [ 2826.036572][ T2853] usb 4-1: Manufacturer: syz [ 2826.042718][ T2853] usb 4-1: SerialNumber: syz [ 2826.092088][ T5650] binder: 5646:5650 unknown command 0 [ 2826.097507][ T5650] binder: 5646:5650 ioctl c0306201 20000200 returned -22 [ 2826.363478][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2826.761632][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2827.181514][ T2853] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2827.188009][ T2853] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2827.203875][ T2853] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2827.393516][ T2853] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2827.425343][ T2853] usb 4-1: USB disconnect, device number 58 [ 2827.431898][ T2853] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 2827.442301][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2828.502442][ T1931] oom_reaper: reaped process 5604 (syz-executor.4), now anon-rss:0kB, file-rss:34748kB, shmem-rss:0kB [ 2828.521572][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2828.524935][ T8250] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2828.543056][ T8250] CPU: 0 PID: 8250 Comm: in:imklog Not tainted 5.8.0-rc7-syzkaller #0 [ 2828.551182][ T8250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2828.561276][ T8250] Call Trace: [ 2828.564535][ T8250] dump_stack+0x10f/0x19d [ 2828.568832][ T8250] dump_header+0x8e/0x400 [ 2828.573130][ T8250] oom_kill_process+0x18d/0x3f0 [ 2828.577945][ T8250] out_of_memory+0x5bd/0x880 [ 2828.582602][ T8250] ? get_page_from_freelist+0x127/0x3c0 [ 2828.588160][ T8250] __alloc_pages_slowpath+0x742/0x970 [ 2828.593501][ T8250] __alloc_pages_nodemask+0x235/0x390 [ 2828.598841][ T8250] alloc_pages_current+0x21d/0x310 [ 2828.603959][ T8250] __page_cache_alloc+0x4f/0x120 [ 2828.608861][ T8250] pagecache_get_page+0x494/0x8b0 [ 2828.613849][ T8250] ? __do_page_cache_readahead+0x96/0xb0 [ 2828.619447][ T8250] filemap_fault+0xba4/0x11e0 [ 2828.624090][ T8250] ext4_filemap_fault+0x4b/0x60 [ 2828.628907][ T8250] do_read_fault+0x41f/0x730 [ 2828.633463][ T8250] handle_mm_fault+0x135d/0x1930 [ 2828.638476][ T8250] do_user_addr_fault+0x393/0x810 [ 2828.643484][ T8250] exc_page_fault+0xb8/0x330 [ 2828.648044][ T8250] ? asm_exc_page_fault+0x8/0x30 [ 2828.652983][ T8250] asm_exc_page_fault+0x1e/0x30 [ 2828.657796][ T8250] RIP: 0033:0x7f2a5ebe922d [ 2828.662183][ T8250] Code: Bad RIP value. [ 2828.666275][ T8250] RSP: 002b:00007f2a5c585580 EFLAGS: 00010293 [ 2828.672304][ T8250] RAX: 000000000000007e RBX: 0000000000000000 RCX: 00007f2a5ebe922d [ 2828.680242][ T8250] RDX: 0000000000001fa0 RSI: 00007f2a5c585da0 RDI: 0000000000000004 [ 2828.688177][ T8250] RBP: 000055653d0f99d0 R08: 0000000000000000 R09: 0000000004000001 [ 2828.696114][ T8250] R10: 0000000000000001 R11: 0000000000000293 R12: 00007f2a5c585da0 [ 2828.704053][ T8250] R13: 0000000000001fa0 R14: 0000000000001f9f R15: 00007f2a5c585e04 [ 2828.715470][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2828.731313][ T8250] Mem-Info: [ 2828.734496][ T8250] active_anon:225091 inactive_anon:6937 isolated_anon:0 [ 2828.734496][ T8250] active_file:54 inactive_file:0 isolated_file:0 [ 2828.734496][ T8250] unevictable:11 dirty:28 writeback:0 [ 2828.734496][ T8250] slab_reclaimable:7557 slab_unreclaimable:25732 [ 2828.734496][ T8250] mapped:54928 shmem:7146 pagetables:5204 bounce:0 [ 2828.734496][ T8250] free:42239 free_pcp:990 free_cma:0 [ 2828.771040][ T8250] Node 0 active_anon:899880kB inactive_anon:27744kB active_file:144kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219640kB dirty:64kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 624640kB writeback_tmp:0kB all_unreclaimable? yes [ 2828.798838][ T8250] Node 1 active_anon:484kB inactive_anon:4kB active_file:72kB inactive_file:252kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:72kB dirty:48kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2828.824737][ T8250] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2828.853887][ T8250] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2828.859626][ T8250] Node 0 DMA32 free:22800kB min:41072kB low:49804kB high:58536kB reserved_highatomic:0KB active_anon:584844kB inactive_anon:8kB active_file:0kB inactive_file:132kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2648kB pagetables:12928kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 2828.891288][ T8250] lowmem_reserve[]: 0 0 707 707 707 [ 2828.896498][ T8250] Node 0 Normal free:9132kB min:18908kB low:21072kB high:23236kB reserved_highatomic:0KB active_anon:315036kB inactive_anon:27736kB active_file:24kB inactive_file:0kB unevictable:44kB writepending:164kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4304kB pagetables:7880kB bounce:0kB free_pcp:876kB local_pcp:756kB free_cma:0kB [ 2828.928420][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2828.933100][ T8250] Node 1 Normal free:908872kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:484kB inactive_anon:4kB active_file:508kB inactive_file:1208kB unevictable:0kB writepending:248kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:2820kB local_pcp:1488kB free_cma:0kB [ 2828.964554][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2828.969234][ T8250] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2828.984011][ T8250] Node 0 DMA32: 73*4kB (UME) 865*8kB (UME) 442*16kB (UME) 173*32kB (UM) 44*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22636kB [ 2828.998868][ T8250] Node 0 Normal: 813*4kB (ME) 345*8kB (ME) 95*16kB (ME) 26*32kB (M) 12*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9132kB [ 2829.013327][ T8250] Node 1 Normal: 18*4kB (UE) 20*8kB (UE) 15*16kB (UME) 36*32kB (UME) 33*64kB (UME) 29*128kB (UME) 18*256kB (UM) 14*512kB (UM) 16*1024kB (UME) 12*2048kB (U) 305*4096kB (UM) = 1309464kB [ 2829.031511][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2829.041060][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2829.050913][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2829.060602][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2829.070250][ T8250] 7779 total pagecache pages [ 2829.075068][ T8250] 0 pages in swap cache [ 2829.079283][ T8250] Swap cache stats: add 0, delete 0, find 0/0 [ 2829.085586][ T8250] Free swap = 0kB [ 2829.090015][ T8250] Total swap = 0kB [ 2829.094050][ T8250] 1965979 pages RAM [ 2829.107279][ T8250] 0 pages HighMem/MovableOnly [ 2829.112227][ T8250] 83163 pages reserved [ 2829.116266][ T8250] 0 pages cma reserved [ 2829.120304][ T8250] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=17683,uid=0 [ 2829.134946][ T8250] Out of memory: Killed process 17683 (syz-executor.1) total-vm:75108kB, anon-rss:2228kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2829.152613][ T1931] oom_reaper: reaped process 17683 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2829.561419][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2829.801343][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:01:41 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:01:41 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) r1 = socket$unix(0x1, 0x2, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$packet(0x11, 0x0, 0x300) syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) socket$can_raw(0x1d, 0x3, 0x1) 07:01:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r2, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:41 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r5 = dup(r4) syz_kvm_setup_cpu$x86(r5, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, &(0x7f0000000380)}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:01:41 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x161, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb04210da1edc0e"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:01:41 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400), 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:01:41 executing program 2: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r2, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = dup(0xffffffffffffffff) syz_kvm_setup_cpu$x86(r5, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:41 executing program 2: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:41 executing program 2: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r2, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = dup(0xffffffffffffffff) syz_kvm_setup_cpu$x86(r5, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2830.145794][ T5709] binder: 5695:5709 unknown command 0 [ 2830.158002][ T5709] binder: 5695:5709 ioctl c0306201 20000200 returned -22 07:01:42 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r2, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = dup(0xffffffffffffffff) syz_kvm_setup_cpu$x86(r5, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2830.331197][T30179] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 2830.601326][T30179] usb 4-1: Using ep0 maxpacket: 8 [ 2830.606777][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2830.721573][T30179] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2830.921616][T30179] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2830.934324][T30179] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2830.942602][T30179] usb 4-1: Product: syz [ 2830.946843][T30179] usb 4-1: Manufacturer: syz [ 2830.953056][T30179] usb 4-1: SerialNumber: syz [ 2831.651174][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2832.081069][T30179] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2832.088596][T30179] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2832.105327][T30179] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2832.304134][T30179] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2832.326265][T30179] usb 4-1: USB disconnect, device number 59 [ 2832.340302][T30179] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 2832.693225][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2832.841060][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:01:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, &(0x7f0000000380)}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:01:44 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:44 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR(r0, 0x40046207, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000400), 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:01:44 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) [ 2833.165192][ T5781] binder: 5769:5781 unknown command 0 [ 2833.171460][ T5781] binder: 5769:5781 ioctl c0306201 20000200 returned -22 [ 2833.390916][T30179] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 2833.721004][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2834.480851][T30179] usb 4-1: Using ep0 maxpacket: 8 [ 2834.761103][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2835.310526][ T5029] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2835.321741][ T5029] CPU: 1 PID: 5029 Comm: systemd-journal Not tainted 5.8.0-rc7-syzkaller #0 [ 2835.330399][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2835.340418][ T5029] Call Trace: [ 2835.343680][ T5029] dump_stack+0x10f/0x19d [ 2835.347981][ T5029] dump_header+0x8e/0x400 [ 2835.352280][ T5029] oom_kill_process+0x18d/0x3f0 [ 2835.357103][ T5029] out_of_memory+0x5bd/0x880 [ 2835.361661][ T5029] ? get_page_from_freelist+0x127/0x3c0 [ 2835.367167][ T5029] __alloc_pages_slowpath+0x742/0x970 [ 2835.372500][ T5029] __alloc_pages_nodemask+0x235/0x390 [ 2835.377835][ T5029] alloc_pages_current+0x21d/0x310 [ 2835.382916][ T5029] __page_cache_alloc+0x4f/0x120 [ 2835.387884][ T5029] pagecache_get_page+0x494/0x8b0 [ 2835.392867][ T5029] ? __do_page_cache_readahead+0x96/0xb0 [ 2835.398459][ T5029] filemap_fault+0xba4/0x11e0 [ 2835.403160][ T5029] ext4_filemap_fault+0x4b/0x60 [ 2835.408045][ T5029] do_read_fault+0x41f/0x730 [ 2835.412599][ T5029] handle_mm_fault+0x135d/0x1930 [ 2835.417499][ T5029] do_user_addr_fault+0x393/0x810 [ 2835.422486][ T5029] exc_page_fault+0xb8/0x330 [ 2835.427039][ T5029] ? asm_exc_page_fault+0x8/0x30 [ 2835.431939][ T5029] asm_exc_page_fault+0x1e/0x30 [ 2835.436765][ T5029] RIP: 0033:0x7efc275e66c0 [ 2835.441152][ T5029] Code: Bad RIP value. [ 2835.445179][ T5029] RSP: 002b:00007fff654366c8 EFLAGS: 00010202 [ 2835.451209][ T5029] RAX: 0000000000000001 RBX: 00007fff654369d0 RCX: 0000000000000100 [ 2835.459142][ T5029] RDX: 0000000000000042 RSI: 00007efc275fd980 RDI: 00007fff654369d0 [ 2835.467076][ T5029] RBP: 0000000000000042 R08: 0000000000000001 R09: 0000000000000001 [ 2835.475012][ T5029] R10: 0000000000000069 R11: 0000000000000001 R12: 00000000ffffffff [ 2835.482954][ T5029] R13: 000055eeda612040 R14: 00007fff65436990 R15: 00007fff65437090 [ 2835.570723][ T5029] Mem-Info: [ 2835.573924][ T5029] active_anon:225740 inactive_anon:6937 isolated_anon:0 [ 2835.573924][ T5029] active_file:2 inactive_file:4 isolated_file:0 [ 2835.573924][ T5029] unevictable:11 dirty:1 writeback:0 [ 2835.573924][ T5029] slab_reclaimable:7558 slab_unreclaimable:25726 [ 2835.573924][ T5029] mapped:54909 shmem:7146 pagetables:5271 bounce:0 [ 2835.573924][ T5029] free:26481 free_pcp:0 free_cma:0 [ 2835.768964][ T5029] Node 0 active_anon:902428kB inactive_anon:27744kB active_file:16kB inactive_file:20kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219664kB dirty:0kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 622592kB writeback_tmp:0kB all_unreclaimable? yes [ 2835.802732][ T9544] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2835.844006][ T5029] Node 1 active_anon:532kB inactive_anon:4kB active_file:24kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2835.912057][ T5029] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2835.920719][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2836.053362][ T5029] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2836.060010][ T5029] Node 0 DMA32 free:37936kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:582908kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2648kB pagetables:12904kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2836.107965][ T5029] lowmem_reserve[]: 0 0 707 707 707 [ 2836.114543][ T5029] Node 0 Normal free:8916kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:319520kB inactive_anon:27740kB active_file:24kB inactive_file:12kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4320kB pagetables:8172kB bounce:0kB free_pcp:148kB local_pcp:0kB free_cma:0kB [ 2836.146088][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2836.150818][ T5029] Node 1 Normal free:46212kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:532kB inactive_anon:4kB active_file:8kB inactive_file:48kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:24kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2836.181326][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2836.185982][ T5029] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2836.198936][ T5029] Node 0 DMA32: 84*4kB (UME) 876*8kB (UME) 454*16kB (ME) 181*32kB (M) 48*64kB (UM) 3*128kB (M) 0*256kB 1*512kB (M) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (U) = 37680kB [ 2836.215817][ T5029] Node 0 Normal: 829*4kB (UME) 355*8kB (UME) 111*16kB (UME) 16*32kB (UME) 5*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8764kB [ 2836.231881][ T5029] Node 1 Normal: 33*4kB (UME) 30*8kB (ME) 29*16kB (UME) 28*32kB (ME) 19*64kB (ME) 14*128kB (ME) 4*256kB (UM) 5*512kB (UM) 7*1024kB (ME) 1*2048kB (M) 7*4096kB (UM) = 46212kB [ 2836.249067][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2836.258597][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2836.267860][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2836.277421][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2836.286728][ T5029] 7219 total pagecache pages [ 2836.291852][ T5029] 0 pages in swap cache [ 2836.296237][ T5029] Swap cache stats: add 0, delete 0, find 0/0 [ 2836.302653][ T5029] Free swap = 0kB [ 2836.306840][ T5029] Total swap = 0kB [ 2836.311146][ T5029] 1965979 pages RAM [ 2836.315057][ T5029] 0 pages HighMem/MovableOnly [ 2836.319723][ T5029] 83163 pages reserved [ 2836.323821][ T5029] 0 pages cma reserved [ 2836.334429][ T5029] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=11208,uid=0 [ 2836.361297][ T5029] Out of memory: Killed process 11208 (syz-executor.2) total-vm:75108kB, anon-rss:2224kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2836.574891][T30179] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 2836.585061][T30179] usb 4-1: can't read configurations, error -71 [ 2836.842665][T18153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2837.057026][ T8647] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2837.085294][ T8647] CPU: 0 PID: 8647 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2837.093508][ T8647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2837.103598][ T8647] Call Trace: [ 2837.106857][ T8647] dump_stack+0x10f/0x19d [ 2837.111152][ T8647] dump_header+0x8e/0x400 [ 2837.115454][ T8647] oom_kill_process+0x18d/0x3f0 [ 2837.120269][ T8647] out_of_memory+0x5bd/0x880 [ 2837.124829][ T8647] ? get_page_from_freelist+0x127/0x3c0 [ 2837.130406][ T8647] __alloc_pages_slowpath+0x742/0x970 [ 2837.135744][ T8647] __alloc_pages_nodemask+0x235/0x390 [ 2837.141082][ T8647] alloc_pages_current+0x21d/0x310 [ 2837.146271][ T8647] __page_cache_alloc+0x4f/0x120 [ 2837.151172][ T8647] pagecache_get_page+0x494/0x8b0 [ 2837.156172][ T8647] ? __do_page_cache_readahead+0x96/0xb0 [ 2837.161778][ T8647] filemap_fault+0xba4/0x11e0 [ 2837.166463][ T8647] ext4_filemap_fault+0x4b/0x60 [ 2837.171283][ T8647] do_read_fault+0x41f/0x730 [ 2837.175867][ T8647] handle_mm_fault+0x135d/0x1930 [ 2837.180772][ T8647] do_user_addr_fault+0x393/0x810 [ 2837.185763][ T8647] exc_page_fault+0xb8/0x330 [ 2837.190407][ T8647] ? asm_exc_page_fault+0x8/0x30 [ 2837.195311][ T8647] asm_exc_page_fault+0x1e/0x30 [ 2837.200183][ T8647] RIP: 0033:0x466830 [ 2837.204046][ T8647] Code: f0 48 c7 44 24 30 00 00 00 00 48 89 54 24 28 48 89 df 48 89 d9 ff d0 48 8b 74 24 28 48 89 f4 89 44 24 18 c3 cc cc cc cc cc cc <48> 8b 5c 24 08 64 48 89 1c 25 f8 ff ff ff c3 cc 64 48 89 3c 25 f8 [ 2837.223615][ T8647] RSP: 002b:000000c015cc19e8 EFLAGS: 00010206 [ 2837.229647][ T8647] RAX: 000000c000000180 RBX: 00000000017f9f5c RCX: 0000000000008004 [ 2837.237585][ T8647] RDX: 0000000000000017 RSI: 000000000169e500 RDI: 000000c000000180 [ 2837.245523][ T8647] RBP: 000000c015cc1a58 R08: fffffffffffffffa R09: 000000c015cc1bf0 [ 2837.253463][ T8647] R10: 0000000000b31fe0 R11: 0000000000bb4fe0 R12: 000000c019f1a098 [ 2837.261402][ T8647] R13: 000000c019f1a080 R14: 0000000000000004 R15: 0000000000000000 [ 2837.386152][ T8647] Mem-Info: [ 2837.389318][ T8647] active_anon:225167 inactive_anon:6937 isolated_anon:0 [ 2837.389318][ T8647] active_file:39 inactive_file:0 isolated_file:0 [ 2837.389318][ T8647] unevictable:11 dirty:0 writeback:0 [ 2837.389318][ T8647] slab_reclaimable:7558 slab_unreclaimable:25726 [ 2837.389318][ T8647] mapped:54896 shmem:7146 pagetables:5219 bounce:0 [ 2837.389318][ T8647] free:26699 free_pcp:0 free_cma:0 [ 2837.475253][ T8647] Node 0 active_anon:900136kB inactive_anon:27744kB active_file:16kB inactive_file:28kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219584kB dirty:0kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 620544kB writeback_tmp:0kB all_unreclaimable? yes [ 2837.532338][ T8647] Node 1 active_anon:532kB inactive_anon:4kB active_file:40kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2837.632886][ T8647] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2837.762120][ T8647] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2837.767923][ T8647] Node 0 DMA32 free:37584kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:580860kB inactive_anon:4kB active_file:36kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2632kB pagetables:12816kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2837.865524][ T8647] lowmem_reserve[]: 0 0 707 707 707 [ 2837.890601][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2837.910278][ T8647] Node 0 Normal free:8548kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:319276kB inactive_anon:27740kB active_file:80kB inactive_file:40kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4304kB pagetables:8052kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2838.084686][ T8647] lowmem_reserve[]: 0 0 0 0 0 [ 2838.089471][ T8647] Node 1 Normal free:46260kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:532kB inactive_anon:4kB active_file:16kB inactive_file:24kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2838.121362][ T8647] lowmem_reserve[]: 0 0 0 0 0 [ 2838.126019][ T8647] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2838.153679][ T8647] Node 0 DMA32: 87*4kB (UME) 875*8kB (UME) 455*16kB (UME) 183*32kB (UM) 47*64kB (M) 4*128kB (UM) 0*256kB 1*512kB (M) 1*1024kB (U) 2*2048kB (M) 2*4096kB (U) = 37828kB [ 2838.210728][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2838.221694][ T8647] Node 0 Normal: 891*4kB (UME) 329*8kB (UME) 107*16kB (UME) 18*32kB (ME) 3*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8676kB [ 2838.292577][ T8647] Node 1 Normal: 36*4kB (UME) 29*8kB (ME) 28*16kB (UME) 28*32kB (UME) 18*64kB (ME) 13*128kB (ME) 5*256kB (UM) 5*512kB (UM) 7*1024kB (ME) 1*2048kB (M) 7*4096kB (UM) = 46264kB [ 2838.390539][ T8647] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2838.400150][ T8647] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2838.481374][ T8647] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2838.519294][ T8647] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2838.562283][ T8647] 7202 total pagecache pages [ 2838.566850][ T8647] 0 pages in swap cache [ 2838.617693][ T8647] Swap cache stats: add 0, delete 0, find 0/0 [ 2838.657162][ T8647] Free swap = 0kB [ 2838.673707][ T8647] Total swap = 0kB [ 2838.677495][ T8647] 1965979 pages RAM [ 2838.706163][ T8647] 0 pages HighMem/MovableOnly [ 2838.735645][ T8647] 83163 pages reserved [ 2838.739710][ T8647] 0 pages cma reserved [ 2838.756480][ T8647] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=11064,uid=0 [ 2838.843341][ T8647] Out of memory: Killed process 11064 (syz-executor.2) total-vm:75108kB, anon-rss:2224kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2838.920678][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2838.928747][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2839.057753][T21814] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2839.095586][T21814] CPU: 1 PID: 21814 Comm: syz-executor.3 Not tainted 5.8.0-rc7-syzkaller #0 [ 2839.104350][T21814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2839.114367][T21814] Call Trace: [ 2839.117631][T21814] dump_stack+0x10f/0x19d [ 2839.121930][T21814] dump_header+0x8e/0x400 [ 2839.126259][T21814] oom_kill_process+0x18d/0x3f0 [ 2839.131076][T21814] out_of_memory+0x5bd/0x880 [ 2839.135770][T21814] ? get_page_from_freelist+0x127/0x3c0 [ 2839.141290][T21814] __alloc_pages_slowpath+0x742/0x970 [ 2839.146657][T21814] __alloc_pages_nodemask+0x235/0x390 [ 2839.151997][T21814] alloc_pages_current+0x21d/0x310 [ 2839.157083][T21814] __page_cache_alloc+0x4f/0x120 [ 2839.161992][T21814] pagecache_get_page+0x494/0x8b0 [ 2839.167023][T21814] ? __do_page_cache_readahead+0x96/0xb0 [ 2839.172620][T21814] filemap_fault+0xba4/0x11e0 [ 2839.177272][T21814] ext4_filemap_fault+0x4b/0x60 [ 2839.182097][T21814] do_read_fault+0x41f/0x730 [ 2839.186667][T21814] handle_mm_fault+0x135d/0x1930 [ 2839.191574][T21814] do_user_addr_fault+0x393/0x810 [ 2839.196572][T21814] exc_page_fault+0xb8/0x330 [ 2839.201136][T21814] ? asm_exc_page_fault+0x8/0x30 [ 2839.206042][T21814] asm_exc_page_fault+0x1e/0x30 [ 2839.210857][T21814] RIP: 0033:0x45ed97 [ 2839.214755][T21814] Code: Bad RIP value. [ 2839.218791][T21814] RSP: 002b:00007ffc1631bc38 EFLAGS: 00010246 [ 2839.224816][T21814] RAX: ffffffffffffffea RBX: 0000000000000000 RCX: 000000000045ed97 [ 2839.232754][T21814] RDX: 0000000000402ca8 RSI: 0000000000000002 RDI: 00007ffc1631bce0 [ 2839.240694][T21814] RBP: 0000000000000660 R08: 0000000000000000 R09: 0000000000000010 [ 2839.248630][T21814] R10: 000000000000000a R11: 0000000000000246 R12: 00007ffc1631cd70 [ 2839.256568][T21814] R13: 0000000001c71940 R14: 0000000000000000 R15: 00007ffc1631cd70 [ 2839.267877][T21814] Mem-Info: [ 2839.270985][T21814] active_anon:224620 inactive_anon:6937 isolated_anon:0 [ 2839.270985][T21814] active_file:32 inactive_file:0 isolated_file:0 [ 2839.270985][T21814] unevictable:11 dirty:0 writeback:0 [ 2839.270985][T21814] slab_reclaimable:7554 slab_unreclaimable:25682 [ 2839.270985][T21814] mapped:54896 shmem:7146 pagetables:5193 bounce:0 [ 2839.270985][T21814] free:26686 free_pcp:124 free_cma:0 [ 2839.309285][T21814] Node 0 active_anon:897948kB inactive_anon:27744kB active_file:88kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219584kB dirty:0kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 618496kB writeback_tmp:0kB all_unreclaimable? yes [ 2839.338465][T21814] Node 1 active_anon:532kB inactive_anon:4kB active_file:40kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2839.367010][T21814] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2839.397922][T21814] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2839.403704][T21814] Node 0 DMA32 free:37640kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:578812kB inactive_anon:4kB active_file:108kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2616kB pagetables:12800kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 2839.438420][T21814] lowmem_reserve[]: 0 0 707 707 707 [ 2839.443625][T21814] Node 0 Normal free:8436kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:319136kB inactive_anon:27740kB active_file:0kB inactive_file:36kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4288kB pagetables:7964kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 2839.476914][T21814] lowmem_reserve[]: 0 0 0 0 0 [ 2839.481764][T21814] Node 1 Normal free:46264kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:532kB inactive_anon:4kB active_file:40kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2839.515815][T21814] lowmem_reserve[]: 0 0 0 0 0 [ 2839.520679][T21814] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2839.536970][T21814] Node 0 DMA32: 86*4kB (UME) 872*8kB (ME) 455*16kB (UME) 182*32kB (UM) 47*64kB (M) 3*128kB (M) 0*256kB 1*512kB (M) 1*1024kB (U) 4*2048kB (UM) 1*4096kB (U) = 37640kB [ 2839.556866][T21814] Node 0 Normal: 825*4kB (UME) 332*8kB (UME) 107*16kB (UME) 20*32kB (UME) 2*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8436kB [ 2839.575111][T21814] Node 1 Normal: 36*4kB (UME) 29*8kB (ME) 28*16kB (UME) 28*32kB (UME) 18*64kB (ME) 13*128kB (ME) 5*256kB (UM) 5*512kB (UM) 7*1024kB (ME) 1*2048kB (M) 7*4096kB (UM) = 46264kB [ 2839.595955][T21814] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2839.605577][T21814] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2839.617076][T21814] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2839.626602][T21814] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2839.637785][T21814] 7177 total pagecache pages [ 2839.642370][T21814] 0 pages in swap cache [ 2839.646563][T21814] Swap cache stats: add 0, delete 0, find 0/0 [ 2839.654508][T21814] Free swap = 0kB [ 2839.658193][T21814] Total swap = 0kB [ 2839.661896][T21814] 1965979 pages RAM [ 2839.665721][T21814] 0 pages HighMem/MovableOnly [ 2839.670379][T21814] 83163 pages reserved [ 2839.674478][T21814] 0 pages cma reserved [ 2839.678637][T21814] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.4,pid=9295,uid=0 [ 2839.694944][T21814] Out of memory: Killed process 9295 (syz-executor.4) total-vm:75240kB, anon-rss:2228kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2839.962162][T18153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2840.125256][ T1931] oom_reaper: reaped process 5693 (syz-executor.4), now anon-rss:0kB, file-rss:34752kB, shmem-rss:0kB [ 2840.157746][ T8250] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2840.181064][ T8250] CPU: 0 PID: 8250 Comm: in:imklog Not tainted 5.8.0-rc7-syzkaller #0 [ 2840.189196][ T8250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2840.199228][ T8250] Call Trace: [ 2840.202497][ T8250] dump_stack+0x10f/0x19d [ 2840.206880][ T8250] dump_header+0x8e/0x400 [ 2840.211261][ T8250] oom_kill_process+0x18d/0x3f0 [ 2840.216078][ T8250] out_of_memory+0x5bd/0x880 [ 2840.220658][ T8250] ? get_page_from_freelist+0x127/0x3c0 [ 2840.226217][ T8250] __alloc_pages_slowpath+0x742/0x970 [ 2840.231576][ T8250] __alloc_pages_nodemask+0x235/0x390 [ 2840.232479][ T5693] warn_alloc: 1 callbacks suppressed [ 2840.232491][ T5693] syz-executor.4: vmalloc: allocation failure, allocated 2420043776 of 3724722176 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 2840.236984][ T8250] alloc_pages_current+0x21d/0x310 [ 2840.263750][ T8250] __page_cache_alloc+0x4f/0x120 [ 2840.268672][ T8250] pagecache_get_page+0x494/0x8b0 [ 2840.273691][ T8250] ? __do_page_cache_readahead+0x96/0xb0 [ 2840.279289][ T8250] filemap_fault+0xba4/0x11e0 [ 2840.283936][ T8250] ext4_filemap_fault+0x4b/0x60 [ 2840.288822][ T8250] do_read_fault+0x41f/0x730 [ 2840.293381][ T8250] handle_mm_fault+0x135d/0x1930 [ 2840.298290][ T8250] do_user_addr_fault+0x393/0x810 [ 2840.303287][ T8250] exc_page_fault+0xb8/0x330 [ 2840.307847][ T8250] ? asm_exc_page_fault+0x8/0x30 [ 2840.312749][ T8250] asm_exc_page_fault+0x1e/0x30 [ 2840.317562][ T8250] RIP: 0033:0x55653b3c8ca0 [ 2840.321954][ T8250] Code: Bad RIP value. [ 2840.325989][ T8250] RSP: 002b:00007f2a5c585498 EFLAGS: 00010246 [ 2840.332022][ T8250] RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 0000000000000003 [ 2840.339961][ T8250] RDX: 00007f2a50017140 RSI: 0000000000000000 RDI: 00007f2a50017000 [ 2840.347961][ T8250] RBP: 0000000000000004 R08: 0000000000000000 R09: a3d70a3d70a3d70b [ 2840.355941][ T8250] R10: 2ce33e6c02ce33e7 R11: 00007f2a5c5853d0 R12: 00007f2a5c585da0 [ 2840.363984][ T8250] R13: 00007f2a5c585da3 R14: 0000000000001f9f R15: 00007f2a5c585dda [ 2840.371984][ T5693] CPU: 1 PID: 5693 Comm: syz-executor.4 Not tainted 5.8.0-rc7-syzkaller #0 [ 2840.380545][ T5693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2840.380948][ T8250] Mem-Info: [ 2840.390573][ T5693] Call Trace: [ 2840.390586][ T5693] dump_stack+0x10f/0x19d [ 2840.390598][ T5693] warn_alloc+0x105/0x160 [ 2840.393712][ T8250] active_anon:223536 inactive_anon:6937 isolated_anon:0 [ 2840.393712][ T8250] active_file:16 inactive_file:3 isolated_file:0 [ 2840.393712][ T8250] unevictable:11 dirty:0 writeback:0 [ 2840.393712][ T8250] slab_reclaimable:7554 slab_unreclaimable:25682 [ 2840.393712][ T8250] mapped:54921 shmem:7146 pagetables:5167 bounce:0 [ 2840.393712][ T8250] free:15373 free_pcp:201 free_cma:0 [ 2840.396931][ T5693] __vmalloc_node_range+0x458/0x530 [ 2840.401236][ T8250] Node 0 active_anon:893612kB inactive_anon:27744kB active_file:48kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219684kB dirty:0kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 616448kB writeback_tmp:0kB all_unreclaimable? yes [ 2840.405608][ T5693] vmalloc_user+0x55/0x60 [ 2840.405617][ T5693] ? vb2_vmalloc_alloc+0x8f/0x120 [ 2840.405624][ T5693] vb2_vmalloc_alloc+0x8f/0x120 [ 2840.405632][ T5693] ? tsan.module_ctor+0x10/0x10 [ 2840.405638][ T5693] __vb2_queue_alloc+0x4fe/0xaf0 [ 2840.405716][ T5693] vb2_core_create_bufs+0x334/0x570 [ 2840.441988][ T8250] Node 1 active_anon:532kB inactive_anon:4kB active_file:16kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2840.447086][ T5693] vb2_create_bufs+0x419/0x560 [ 2840.474462][ T8250] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2840.478759][ T5693] vb2_ioctl_create_bufs+0x2b3/0x310 [ 2840.483746][ T8250] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2840.488584][ T5693] v4l_create_bufs+0x15e/0x1b0 [ 2840.493374][ T8250] Node 0 DMA32 free:20212kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:576764kB inactive_anon:4kB active_file:28kB inactive_file:36kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2616kB pagetables:12796kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2840.498296][ T5693] __video_do_ioctl+0x65b/0x870 [ 2840.503439][ T8250] lowmem_reserve[]: 0 0 707 707 707 [ 2840.529030][ T5693] ? __video_do_ioctl+0x2e1/0x870 [ 2840.529044][ T5693] ? __check_object_size+0x253/0x310 [ 2840.533778][ T8250] Node 0 Normal free:3892kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:316848kB inactive_anon:27740kB active_file:20kB inactive_file:0kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7864kB bounce:0kB free_pcp:308kB local_pcp:28kB free_cma:0kB [ 2840.562630][ T5693] video_usercopy+0x6da/0xfc0 [ 2840.562711][ T5693] ? video_ioctl2+0x30/0x30 [ 2840.567934][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2840.573620][ T5693] ? putname+0xa5/0xc0 [ 2840.573667][ T5693] ? do_vfs_ioctl+0x4f1/0xec0 [ 2840.578362][ T8250] Node 1 Normal free:23080kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:532kB inactive_anon:4kB active_file:16kB inactive_file:20kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2840.609718][ T5693] video_ioctl2+0x25/0x30 [ 2840.614492][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2840.619656][ T5693] ? video_usercopy+0xfc0/0xfc0 [ 2840.624641][ T8250] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2840.629890][ T5693] v4l2_ioctl+0xc2/0xd0 [ 2840.661262][ T8250] Node 0 DMA32: 69*4kB (ME) 752*8kB (ME) 399*16kB (UME) 155*32kB (UM) 38*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20068kB [ 2840.665904][ T5693] ? v4l2_poll+0x150/0x150 [ 2840.670365][ T8250] Node 0 Normal: 535*4kB (UME) 135*8kB (UME) 42*16kB (UME) 4*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4020kB [ 2840.675041][ T5693] __se_sys_ioctl+0xc9/0x130 [ 2840.679030][ T8250] Node 1 Normal: 31*4kB (ME) 28*8kB (ME) 27*16kB (UME) 27*32kB (UME) 17*64kB (ME) 13*128kB (UME) 5*256kB (M) 4*512kB (M) 7*1024kB (ME) 2*2048kB (UM) 1*4096kB (M) = 23084kB [ 2840.683674][ T5693] __x64_sys_ioctl+0x3f/0x50 [ 2840.683715][ T5693] do_syscall_64+0x51/0xb0 [ 2840.714195][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2840.718490][ T5693] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2840.723142][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2840.727969][ T5693] RIP: 0033:0x45c369 [ 2840.742596][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2840.746753][ T5693] Code: Bad RIP value. [ 2840.761263][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2840.765631][ T5693] RSP: 002b:00007fae9a16dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2840.765638][ T5693] RAX: ffffffffffffffda RBX: 0000000000019f40 RCX: 000000000045c369 [ 2840.765642][ T5693] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 2840.765646][ T5693] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2840.765650][ T5693] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2840.765655][ T5693] R13: 00007ffd6fc37fff R14: 00007fae9a16e9c0 R15: 000000000078bf0c [ 2840.775168][ T5693] Mem-Info: [ 2840.785940][ T8250] 7203 total pagecache pages [ 2840.810738][ T5693] active_anon:223536 inactive_anon:6937 isolated_anon:0 [ 2840.810738][ T5693] active_file:16 inactive_file:3 isolated_file:0 [ 2840.810738][ T5693] unevictable:11 dirty:0 writeback:0 [ 2840.810738][ T5693] slab_reclaimable:7554 slab_unreclaimable:25682 [ 2840.810738][ T5693] mapped:54921 shmem:7146 pagetables:5167 bounce:0 [ 2840.810738][ T5693] free:15373 free_pcp:201 free_cma:0 [ 2840.822605][ T8250] 0 pages in swap cache [ 2840.845154][ T5693] Node 0 active_anon:893612kB inactive_anon:27744kB active_file:48kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219684kB dirty:0kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 616448kB writeback_tmp:0kB all_unreclaimable? yes [ 2840.854663][ T8250] Swap cache stats: add 0, delete 0, find 0/0 [ 2840.878820][ T5693] Node 1 active_anon:532kB inactive_anon:4kB active_file:16kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2840.890786][ T8250] Free swap = 0kB [ 2840.916350][ T5693] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2840.923575][ T8250] Total swap = 0kB [ 2841.000353][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2841.019029][ T5693] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2841.068035][ T5693] Node 0 DMA32 free:20212kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:576764kB inactive_anon:4kB active_file:0kB inactive_file:80kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2616kB pagetables:12796kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2841.099380][ T8250] 1965979 pages RAM [ 2841.103174][ T8250] 0 pages HighMem/MovableOnly [ 2841.107861][ T8250] 83163 pages reserved [ 2841.111909][ T5693] lowmem_reserve[]: 0 0 707 707 707 [ 2841.117097][ T5693] Node 0 Normal free:4052kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:316824kB inactive_anon:27740kB active_file:16kB inactive_file:12kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7860kB bounce:0kB free_pcp:308kB local_pcp:28kB free_cma:0kB [ 2841.148667][ T8250] 0 pages cma reserved [ 2841.152713][ T8250] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=4558,uid=0 [ 2841.166958][ T8250] Out of memory: Killed process 4558 (syz-executor.1) total-vm:74976kB, anon-rss:2224kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2841.184668][ T1931] oom_reaper: reaped process 4558 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2841.196940][ T5693] lowmem_reserve[]: 0 0 0 0 0 [ 2841.205686][ T5693] Node 1 Normal free:23084kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:528kB inactive_anon:4kB active_file:20kB inactive_file:16kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2841.237128][ T8629] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2841.238547][ T5693] lowmem_reserve[]: 0 0 0 0 0 [ 2841.256030][ T5693] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2841.273981][ T8629] CPU: 1 PID: 8629 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2841.277087][ T5693] Node 0 DMA32: 69*4kB (ME) 752*8kB (ME) 399*16kB (UME) 155*32kB (UM) 38*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 22116kB [ 2841.282285][ T8629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2841.282288][ T8629] Call Trace: [ 2841.282300][ T8629] dump_stack+0x10f/0x19d [ 2841.282362][ T8629] dump_header+0x8e/0x400 [ 2841.297196][ T5693] Node 0 Normal: 535*4kB (UME) 135*8kB (UME) 42*16kB (UME) 5*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4052kB [ 2841.307217][ T8629] oom_kill_process+0x18d/0x3f0 [ 2841.307300][ T8629] out_of_memory+0x5bd/0x880 [ 2841.310476][ T5693] Node 1 Normal: 31*4kB (ME) 28*8kB (ME) 27*16kB (UME) 27*32kB (UME) 17*64kB (ME) 13*128kB (UME) 5*256kB (M) 4*512kB (M) 7*1024kB (ME) 2*2048kB (UM) 1*4096kB (M) = 23084kB [ 2841.314822][ T8629] ? get_page_from_freelist+0x127/0x3c0 [ 2841.319062][ T5693] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2841.333073][ T8629] __alloc_pages_slowpath+0x742/0x970 [ 2841.333086][ T8629] __alloc_pages_nodemask+0x235/0x390 [ 2841.337896][ T5693] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2841.342446][ T8629] alloc_pages_current+0x21d/0x310 [ 2841.342459][ T8629] __page_cache_alloc+0x4f/0x120 [ 2841.359442][ T5693] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2841.364924][ T8629] pagecache_get_page+0x494/0x8b0 [ 2841.365014][ T8629] ? __do_page_cache_readahead+0x96/0xb0 [ 2841.374515][ T5693] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2841.379848][ T8629] filemap_fault+0xba4/0x11e0 [ 2841.385343][ T5693] 7173 total pagecache pages [ 2841.394585][ T8629] ext4_filemap_fault+0x4b/0x60 [ 2841.394598][ T8629] do_read_fault+0x41f/0x730 [ 2841.399661][ T5693] 0 pages in swap cache [ 2841.404566][ T8629] handle_mm_fault+0x135d/0x1930 [ 2841.404581][ T8629] do_user_addr_fault+0x393/0x810 [ 2841.414085][ T5693] Swap cache stats: add 0, delete 0, find 0/0 [ 2841.419076][ T8629] exc_page_fault+0xb8/0x330 [ 2841.424668][ T5693] Free swap = 0kB [ 2841.433907][ T8629] ? asm_exc_page_fault+0x8/0x30 [ 2841.433915][ T8629] asm_exc_page_fault+0x1e/0x30 [ 2841.433925][ T8629] RIP: 0033:0x402481 [ 2841.438559][ T5693] Total swap = 0kB [ 2841.443118][ T8629] Code: Bad RIP value. [ 2841.447929][ T5693] 1965979 pages RAM [ 2841.452475][ T8629] RSP: 002b:000000c0000c58b8 EFLAGS: 00010216 [ 2841.452482][ T8629] RAX: 000000c0000c58d8 RBX: 0000000000000011 RCX: 0000000000baf364 [ 2841.452490][ T8629] RDX: 0000000000000000 RSI: 0000000000baf364 RDI: 00000000009557e8 [ 2841.456602][ T5693] 0 pages HighMem/MovableOnly [ 2841.461496][ T8629] RBP: 000000c0000c5928 R08: 000000c0000c5848 R09: 0000000000bb05cd [ 2841.461501][ T8629] R10: 0000000000b31fe0 R11: 0000000000baffe0 R12: 000000c019e47918 [ 2841.461510][ T8629] R13: 0000000000000000 R14: 0000000000000000 R15: 00000000000000ac [ 2841.466491][ T5693] 83163 pages reserved [ 2841.485220][ T8629] Mem-Info: [ 2841.512690][ T5693] 0 pages cma reserved [ 2841.523602][ T8629] active_anon:222994 inactive_anon:6937 isolated_anon:0 [ 2841.523602][ T8629] active_file:14 inactive_file:13 isolated_file:0 [ 2841.523602][ T8629] unevictable:11 dirty:0 writeback:0 [ 2841.523602][ T8629] slab_reclaimable:7549 slab_unreclaimable:25682 [ 2841.523602][ T8629] mapped:54896 shmem:7146 pagetables:5129 bounce:0 [ 2841.523602][ T8629] free:16117 free_pcp:0 free_cma:0 [ 2841.605589][ T8629] Node 0 active_anon:891448kB inactive_anon:27744kB active_file:36kB inactive_file:36kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219584kB dirty:0kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 614400kB writeback_tmp:0kB all_unreclaimable? yes [ 2841.665105][ T8629] Node 1 active_anon:528kB inactive_anon:4kB active_file:220kB inactive_file:6016kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:4100kB dirty:100kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2841.730195][ T8629] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2841.786071][ T8629] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2841.792859][ T8629] Node 0 DMA32 free:22416kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:574716kB inactive_anon:4kB active_file:20kB inactive_file:24kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2616kB pagetables:12648kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 2841.825698][ T8629] lowmem_reserve[]: 0 0 707 707 707 [ 2841.831660][ T8629] Node 0 Normal free:4460kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:316756kB inactive_anon:27740kB active_file:16kB inactive_file:12kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7860kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2841.864997][ T8629] lowmem_reserve[]: 0 0 0 0 0 [ 2841.871088][ T8629] Node 1 Normal free:1354864kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:728kB inactive_anon:4kB active_file:420kB inactive_file:9516kB unevictable:0kB writepending:148kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:1416kB local_pcp:156kB free_cma:0kB [ 2841.903872][ T8629] lowmem_reserve[]: 0 0 0 0 0 [ 2841.908841][ T8629] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2841.925772][ T8629] Node 0 DMA32: 105*4kB (UME) 757*8kB (UME) 412*16kB (UME) 155*32kB (UM) 38*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 22508kB [ 2841.941958][ T8629] Node 0 Normal: 576*4kB (UME) 140*8kB (UME) 56*16kB (UME) 5*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4480kB [ 2841.956441][ T8629] Node 1 Normal: 6*4kB (UME) 6*8kB (UME) 7*16kB (UME) 12*32kB (UE) 19*64kB (UME) 17*128kB (UE) 13*256kB (U) 14*512kB (UM) 16*1024kB (UME) 14*2048kB (UM) 423*4096kB (UM) = 1792120kB [ 2841.974730][ T8629] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2841.980219][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2841.985411][ T8629] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2842.002600][ T8629] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2842.013331][ T8629] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2842.024553][ T8629] 10123 total pagecache pages [ 2842.029547][ T8629] 0 pages in swap cache [ 2842.034548][ T8629] Swap cache stats: add 0, delete 0, find 0/0 [ 2842.041255][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2842.049947][ T8629] Free swap = 0kB [ 2842.054910][ T8629] Total swap = 0kB [ 2842.059219][ T8629] 1965979 pages RAM [ 2842.063432][ T8629] 0 pages HighMem/MovableOnly [ 2842.068075][ T8629] 83163 pages reserved [ 2842.072503][ T8629] 0 pages cma reserved [ 2842.076587][ T8629] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=4461,uid=0 [ 2842.108679][ T8629] Out of memory: Killed process 4461 (syz-executor.1) total-vm:74976kB, anon-rss:2224kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 07:01:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:54 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, &(0x7f0000000380)}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:01:54 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) r1 = socket$unix(0x1, 0x2, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$packet(0x11, 0x0, 0x300) syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)) 07:01:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:54 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:54 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:01:54 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xb1, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fa"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:01:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:54 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:54 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:01:54 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = fcntl$dupfd(r3, 0x0, r4) setsockopt$IPT_SO_SET_REPLACE(r5, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) [ 2843.080385][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2843.130168][ T9218] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 2843.380075][ T9218] usb 4-1: Using ep0 maxpacket: 8 [ 2843.540269][ T9218] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2843.730256][ T9218] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2843.740639][ T9218] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2843.748651][ T9218] usb 4-1: Product: syz [ 2843.754577][ T9218] usb 4-1: Manufacturer: syz [ 2843.759258][ T9218] usb 4-1: SerialNumber: syz [ 2844.120119][T18153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2844.909975][ T9218] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2844.917679][ T9218] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2844.934385][ T9218] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2845.010087][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2845.143213][ T9218] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2845.160052][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2845.166088][ T9218] usb 4-1: USB disconnect, device number 62 [ 2845.184894][ T9218] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 2846.200072][T18153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2846.238440][ T5871] systemd-sysctl invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2846.267989][ T5871] CPU: 0 PID: 5871 Comm: systemd-sysctl Not tainted 5.8.0-rc7-syzkaller #0 [ 2846.276547][ T5871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2846.286572][ T5871] Call Trace: [ 2846.289838][ T5871] dump_stack+0x10f/0x19d [ 2846.294142][ T5871] dump_header+0x8e/0x400 [ 2846.298444][ T5871] oom_kill_process+0x18d/0x3f0 [ 2846.303309][ T5871] out_of_memory+0x5bd/0x880 [ 2846.307889][ T5871] ? get_page_from_freelist+0x127/0x3c0 [ 2846.313407][ T5871] __alloc_pages_slowpath+0x742/0x970 [ 2846.318766][ T5871] __alloc_pages_nodemask+0x235/0x390 [ 2846.324103][ T5871] alloc_pages_vma+0x3e6/0x890 [ 2846.328829][ T5871] wp_page_copy+0x16e/0x1640 [ 2846.333510][ T5871] do_wp_page+0x9b3/0xd30 [ 2846.337812][ T5871] handle_mm_fault+0x16f5/0x1930 [ 2846.342725][ T5871] do_user_addr_fault+0x393/0x810 [ 2846.347723][ T5871] exc_page_fault+0xb8/0x330 [ 2846.352295][ T5871] ? asm_exc_page_fault+0x8/0x30 [ 2846.357282][ T5871] asm_exc_page_fault+0x1e/0x30 [ 2846.362166][ T5871] RIP: 0033:0x7f1287e7f84e [ 2846.366556][ T5871] Code: Bad RIP value. [ 2846.370592][ T5871] RSP: 002b:00007ffce9ebff60 EFLAGS: 00010246 [ 2846.376632][ T5871] RAX: 0000000000000000 RBX: 0000000000000001 RCX: 0000000000000000 [ 2846.384575][ T5871] RDX: 00007f1287a32000 RSI: 0000000000000000 RDI: 00007f12880959e8 [ 2846.392543][ T5871] RBP: 00007ffce9ec0080 R08: ffffffffffffffff R09: 0000000000000001 [ 2846.400486][ T5871] R10: 0000000000000022 R11: 00007f12880959e8 R12: 0000000000000001 [ 2846.408466][ T5871] R13: 0000000000000001 R14: 0000000000000010 R15: 00007f1288099170 [ 2846.421143][ T5871] Mem-Info: [ 2846.424597][ T5871] active_anon:223020 inactive_anon:6938 isolated_anon:0 [ 2846.424597][ T5871] active_file:18 inactive_file:39 isolated_file:0 [ 2846.424597][ T5871] unevictable:11 dirty:15 writeback:0 [ 2846.424597][ T5871] slab_reclaimable:7546 slab_unreclaimable:25680 [ 2846.424597][ T5871] mapped:54949 shmem:7149 pagetables:5127 bounce:0 [ 2846.424597][ T5871] free:26779 free_pcp:31 free_cma:0 [ 2846.522548][ T5871] Node 0 active_anon:891192kB inactive_anon:27744kB active_file:4kB inactive_file:68kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219808kB dirty:16kB writeback:0kB shmem:28588kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 612352kB writeback_tmp:0kB all_unreclaimable? yes [ 2846.583985][ T5871] Node 1 active_anon:888kB inactive_anon:8kB active_file:28kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:88kB dirty:44kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2846.615401][ T5871] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2846.651604][ T5871] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2846.657299][ T5871] Node 0 DMA32 free:37332kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:572528kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2568kB pagetables:12516kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2846.724582][ T5871] lowmem_reserve[]: 0 0 707 707 707 [ 2846.729813][ T5871] Node 0 Normal free:8172kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:318664kB inactive_anon:27744kB active_file:0kB inactive_file:4kB unevictable:44kB writepending:16kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7780kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 2846.769749][ T5871] lowmem_reserve[]: 0 0 0 0 0 [ 2846.774403][ T5871] Node 1 Normal free:45912kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:888kB inactive_anon:8kB active_file:156kB inactive_file:48kB unevictable:0kB writepending:44kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:212kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2846.829596][ T5871] lowmem_reserve[]: 0 0 0 0 0 [ 2846.834268][ T5871] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2846.847271][ T5871] Node 0 DMA32: 71*4kB (UME) 854*8kB (UME) 435*16kB (UME) 175*32kB (UM) 42*64kB (M) 5*128kB (M) 1*256kB (U) 2*512kB (UM) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (U) = 37596kB [ 2846.864230][ T5871] Node 0 Normal: 851*4kB (UME) 310*8kB (UME) 108*16kB (UME) 21*32kB (UME) 7*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8732kB [ 2846.879000][ T5871] Node 1 Normal: 67*4kB (UME) 55*8kB (UME) 48*16kB (ME) 50*32kB (ME) 32*64kB (ME) 25*128kB (UME) 12*256kB (M) 2*512kB (M) 5*1024kB (UME) 0*2048kB 7*4096kB (UM) = 46212kB [ 2846.895908][ T5871] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2846.905432][ T5871] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2846.914702][ T5871] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2846.924233][ T5871] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2846.933513][ T5871] 7228 total pagecache pages [ 2846.938072][ T5871] 0 pages in swap cache [ 2846.945044][ T5871] Swap cache stats: add 0, delete 0, find 0/0 [ 2846.951100][ T5871] Free swap = 0kB [ 2846.954780][ T5871] Total swap = 0kB [ 2846.958458][ T5871] 1965979 pages RAM [ 2846.962241][ T5871] 0 pages HighMem/MovableOnly [ 2846.966887][ T5871] 83163 pages reserved [ 2846.971008][ T5871] 0 pages cma reserved [ 2846.975061][ T5871] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=4215,uid=0 [ 2846.989220][ T5871] Out of memory: Killed process 4215 (syz-executor.1) total-vm:74976kB, anon-rss:2224kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2847.005839][ T1931] oom_reaper: reaped process 4215 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2847.239799][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2847.284986][ T5871] systemd-sysctl invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2847.296003][ T5871] CPU: 1 PID: 5871 Comm: systemd-sysctl Not tainted 5.8.0-rc7-syzkaller #0 [ 2847.304553][ T5871] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2847.314569][ T5871] Call Trace: [ 2847.317827][ T5871] dump_stack+0x10f/0x19d [ 2847.322125][ T5871] dump_header+0x8e/0x400 [ 2847.326483][ T5871] oom_kill_process+0x18d/0x3f0 [ 2847.331300][ T5871] out_of_memory+0x5bd/0x880 [ 2847.335851][ T5871] ? get_page_from_freelist+0x127/0x3c0 [ 2847.341393][ T5871] __alloc_pages_slowpath+0x742/0x970 [ 2847.346730][ T5871] __alloc_pages_nodemask+0x235/0x390 [ 2847.352064][ T5871] alloc_pages_vma+0x3e6/0x890 [ 2847.356810][ T5871] do_cow_fault+0x68/0x770 [ 2847.361191][ T5871] handle_mm_fault+0x1561/0x1930 [ 2847.366096][ T5871] do_user_addr_fault+0x393/0x810 [ 2847.371083][ T5871] exc_page_fault+0xb8/0x330 [ 2847.375644][ T5871] ? asm_exc_page_fault+0x8/0x30 [ 2847.380543][ T5871] asm_exc_page_fault+0x1e/0x30 [ 2847.385353][ T5871] RIP: 0033:0x7f1287e7fb2f [ 2847.389767][ T5871] Code: Bad RIP value. [ 2847.393793][ T5871] RSP: 002b:00007ffce9ebff60 EFLAGS: 00010216 [ 2847.399822][ T5871] RAX: 00007f1287a33400 RBX: 00007f12876b7ef0 RCX: 00007f1287a2e7c8 [ 2847.407758][ T5871] RDX: 00007f12876b0fa8 RSI: 00007f128769cd90 RDI: 00007f12876b8718 [ 2847.415766][ T5871] RBP: 00007ffce9ec0080 R08: 00007f12876b8718 R09: 00007f12876b8850 [ 2847.423771][ T5871] R10: 0000000000000022 R11: 00007f12880959e8 R12: 00007f12880959e8 [ 2847.431721][ T5871] R13: 0000000000000001 R14: 00007f1287699000 R15: 00007f1288099170 [ 2847.449796][ T5871] Mem-Info: [ 2847.452909][ T5871] active_anon:222500 inactive_anon:6938 isolated_anon:0 [ 2847.452909][ T5871] active_file:24 inactive_file:32 isolated_file:0 [ 2847.452909][ T5871] unevictable:11 dirty:0 writeback:1 [ 2847.452909][ T5871] slab_reclaimable:7546 slab_unreclaimable:25670 [ 2847.452909][ T5871] mapped:54956 shmem:7149 pagetables:5134 bounce:0 [ 2847.452909][ T5871] free:26802 free_pcp:0 free_cma:0 [ 2847.515185][ T5871] Node 0 active_anon:889112kB inactive_anon:27744kB active_file:60kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219824kB dirty:0kB writeback:0kB shmem:28588kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 610304kB writeback_tmp:0kB all_unreclaimable? yes [ 2847.549716][ T5871] Node 1 active_anon:888kB inactive_anon:8kB active_file:36kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:4kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2847.632601][ T5871] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2847.711311][ T5871] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2847.717097][ T5871] Node 0 DMA32 free:37672kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:570480kB inactive_anon:0kB active_file:132kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2568kB pagetables:12512kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 2847.769658][ T5871] lowmem_reserve[]: 0 0 707 707 707 [ 2847.774999][ T5871] Node 0 Normal free:8364kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:318632kB inactive_anon:27744kB active_file:4kB inactive_file:0kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7812kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2847.807461][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2847.851823][ T5871] lowmem_reserve[]: 0 0 0 0 0 [ 2847.856590][ T5871] Node 1 Normal free:46260kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:888kB inactive_anon:8kB active_file:136kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:212kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2847.909646][ T5871] lowmem_reserve[]: 0 0 0 0 0 [ 2847.914304][ T5871] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2847.952536][ T5871] Node 0 DMA32: 70*4kB (UME) 853*8kB (ME) 434*16kB (ME) 175*32kB (UM) 42*64kB (M) 6*128kB (UM) 1*256kB (U) 2*512kB (UM) 1*1024kB (U) 0*2048kB 3*4096kB (UM) = 37696kB [ 2847.977300][ T5871] Node 0 Normal: 857*4kB (UME) 310*8kB (UME) 99*16kB (UME) 20*32kB (UME) 7*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8580kB [ 2848.009720][ T5871] Node 1 Normal: 65*4kB (UME) 50*8kB (UME) 42*16kB (ME) 44*32kB (ME) 28*64kB (ME) 22*128kB (UME) 12*256kB (M) 4*512kB (M) 5*1024kB (UME) 0*2048kB 7*4096kB (UM) = 46260kB [ 2848.033103][ T5871] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2848.043841][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2848.059681][ T5871] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2848.068998][ T5871] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2848.081009][ T5871] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2848.091248][ T5871] 7183 total pagecache pages [ 2848.095806][ T5871] 0 pages in swap cache [ 2848.125341][ T5871] Swap cache stats: add 0, delete 0, find 0/0 [ 2848.146920][ T5871] Free swap = 0kB [ 2848.158868][ T5871] Total swap = 0kB [ 2848.162579][ T5871] 1965979 pages RAM [ 2848.166357][ T5871] 0 pages HighMem/MovableOnly [ 2848.189633][ T5871] 83163 pages reserved [ 2848.193708][ T5871] 0 pages cma reserved [ 2848.197765][ T5871] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.4,pid=28918,uid=0 [ 2848.240750][ T5871] Out of memory: Killed process 28918 (syz-executor.4) total-vm:75108kB, anon-rss:2224kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2848.257943][ T1931] oom_reaper: reaped process 28918 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2848.279768][T18153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2848.478125][ T8250] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2848.510179][ T8250] CPU: 0 PID: 8250 Comm: in:imklog Not tainted 5.8.0-rc7-syzkaller #0 [ 2848.518317][ T8250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2848.528430][ T8250] Call Trace: [ 2848.531695][ T8250] dump_stack+0x10f/0x19d [ 2848.536004][ T8250] dump_header+0x8e/0x400 [ 2848.540300][ T8250] oom_kill_process+0x18d/0x3f0 [ 2848.545194][ T8250] out_of_memory+0x5bd/0x880 [ 2848.549771][ T8250] ? get_page_from_freelist+0x127/0x3c0 [ 2848.555322][ T8250] __alloc_pages_slowpath+0x742/0x970 [ 2848.560668][ T8250] __alloc_pages_nodemask+0x235/0x390 [ 2848.566018][ T8250] alloc_pages_current+0x21d/0x310 [ 2848.571098][ T8250] __page_cache_alloc+0x4f/0x120 [ 2848.576036][ T8250] pagecache_get_page+0x494/0x8b0 [ 2848.581032][ T8250] ? __do_page_cache_readahead+0x96/0xb0 [ 2848.586695][ T8250] filemap_fault+0xba4/0x11e0 [ 2848.591424][ T8250] ext4_filemap_fault+0x4b/0x60 [ 2848.596248][ T8250] do_read_fault+0x41f/0x730 [ 2848.600893][ T8250] handle_mm_fault+0x135d/0x1930 [ 2848.605808][ T8250] do_user_addr_fault+0x393/0x810 [ 2848.610808][ T8250] exc_page_fault+0xb8/0x330 [ 2848.615371][ T8250] ? asm_exc_page_fault+0x8/0x30 [ 2848.620276][ T8250] asm_exc_page_fault+0x1e/0x30 [ 2848.625085][ T8250] RIP: 0033:0x55653b3c4789 [ 2848.629466][ T8250] Code: Bad RIP value. [ 2848.633496][ T8250] RSP: 002b:00007f2a5c585460 EFLAGS: 00010246 [ 2848.639545][ T8250] RAX: 0000000000000000 RBX: 00007f2a5004f880 RCX: 0000000000000000 [ 2848.647493][ T8250] RDX: 00000000000000c0 RSI: 0000000000000000 RDI: 00007f2a5004f898 [ 2848.655436][ T8250] RBP: 00007f2a5c5854b8 R08: 00007f2a5dd62940 R09: 0000000000000270 [ 2848.663376][ T8250] R10: 0000000000000001 R11: 0000000000000000 R12: 00007f2a5c585da0 [ 2848.671318][ T8250] R13: 00007f2a5c585da3 R14: 0000000000001f9f R15: 00007f2a5c585dfd [ 2848.700780][ T8250] Mem-Info: [ 2848.703873][ T8250] active_anon:221965 inactive_anon:6938 isolated_anon:0 [ 2848.703873][ T8250] active_file:60 inactive_file:0 isolated_file:0 [ 2848.703873][ T8250] unevictable:11 dirty:0 writeback:0 [ 2848.703873][ T8250] slab_reclaimable:7546 slab_unreclaimable:25670 [ 2848.703873][ T8250] mapped:54964 shmem:7149 pagetables:5109 bounce:0 [ 2848.703873][ T8250] free:26689 free_pcp:0 free_cma:0 [ 2848.788755][ T8250] Node 0 active_anon:886972kB inactive_anon:27744kB active_file:4kB inactive_file:48kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219856kB dirty:0kB writeback:0kB shmem:28588kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 610304kB writeback_tmp:0kB all_unreclaimable? yes [ 2848.833109][ T8250] Node 1 active_anon:888kB inactive_anon:8kB active_file:28kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2848.908624][ T8250] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2848.937534][ T8250] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2848.946008][ T8250] Node 0 DMA32 free:37444kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:568436kB inactive_anon:0kB active_file:32kB inactive_file:60kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2552kB pagetables:12412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2848.989601][ T8250] lowmem_reserve[]: 0 0 707 707 707 [ 2848.994780][ T8250] Node 0 Normal free:8648kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:318564kB inactive_anon:27744kB active_file:0kB inactive_file:68kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7812kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2849.026102][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2849.030754][ T8250] Node 1 Normal free:46292kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:888kB inactive_anon:8kB active_file:76kB inactive_file:32kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:212kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2849.062286][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2849.066941][ T8250] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2849.079941][ T8250] Node 0 DMA32: 68*4kB (ME) 853*8kB (ME) 434*16kB (ME) 174*32kB (M) 43*64kB (UM) 5*128kB (M) 1*256kB (U) 2*512kB (UM) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (UM) = 37592kB [ 2849.096970][ T8250] Node 0 Normal: 874*4kB (UME) 311*8kB (UME) 104*16kB (UME) 20*32kB (UME) 7*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8736kB [ 2849.111783][ T8250] Node 1 Normal: 65*4kB (UME) 50*8kB (UME) 42*16kB (ME) 45*32kB (UME) 28*64kB (ME) 22*128kB (UME) 12*256kB (M) 4*512kB (M) 5*1024kB (UME) 0*2048kB 7*4096kB (UM) = 46292kB [ 2849.142702][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2849.152226][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2849.161486][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2849.172043][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2849.181328][ T8250] 7183 total pagecache pages [ 2849.185884][ T8250] 0 pages in swap cache [ 2849.190020][ T8250] Swap cache stats: add 0, delete 0, find 0/0 [ 2849.196073][ T8250] Free swap = 0kB [ 2849.199830][ T8250] Total swap = 0kB [ 2849.203523][ T8250] 1965979 pages RAM [ 2849.207295][ T8250] 0 pages HighMem/MovableOnly [ 2849.211946][ T8250] 83163 pages reserved [ 2849.215977][ T8250] 0 pages cma reserved [ 2849.220038][ T8250] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=4791,uid=0 [ 2849.263816][ T8250] Out of memory: Killed process 4791 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2849.322709][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2849.709705][ T1931] oom_reaper: reaped process 5793 (syz-executor.4), now anon-rss:0kB, file-rss:34748kB, shmem-rss:0kB [ 2849.743402][ T8260] rs:main Q:Reg invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2849.754458][ T8260] CPU: 1 PID: 8260 Comm: rs:main Q:Reg Not tainted 5.8.0-rc7-syzkaller #0 [ 2849.762982][ T8260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2849.773012][ T8260] Call Trace: [ 2849.776272][ T8260] dump_stack+0x10f/0x19d [ 2849.780584][ T8260] dump_header+0x8e/0x400 [ 2849.784891][ T8260] oom_kill_process+0x18d/0x3f0 [ 2849.789703][ T8260] out_of_memory+0x5bd/0x880 [ 2849.794254][ T8260] ? get_page_from_freelist+0x127/0x3c0 [ 2849.799813][ T8260] __alloc_pages_slowpath+0x742/0x970 [ 2849.805278][ T8260] __alloc_pages_nodemask+0x235/0x390 [ 2849.810617][ T8260] alloc_pages_current+0x21d/0x310 [ 2849.815689][ T8260] __page_cache_alloc+0x4f/0x120 [ 2849.820606][ T8260] pagecache_get_page+0x494/0x8b0 [ 2849.825590][ T8260] ? __do_page_cache_readahead+0x96/0xb0 [ 2849.831184][ T8260] filemap_fault+0xba4/0x11e0 [ 2849.835833][ T8260] ext4_filemap_fault+0x4b/0x60 [ 2849.840715][ T8260] do_read_fault+0x41f/0x730 [ 2849.845273][ T8260] handle_mm_fault+0x135d/0x1930 [ 2849.850176][ T8260] do_user_addr_fault+0x393/0x810 [ 2849.855218][ T8260] exc_page_fault+0xb8/0x330 [ 2849.859773][ T8260] ? asm_exc_page_fault+0x8/0x30 [ 2849.864685][ T8260] asm_exc_page_fault+0x1e/0x30 [ 2849.869501][ T8260] RIP: 0033:0x55653b3c8140 [ 2849.873884][ T8260] Code: Bad RIP value. [ 2849.877911][ T8260] RSP: 002b:00007f2a57ffe808 EFLAGS: 00010206 [ 2849.884024][ T8260] RAX: 00007f2a5004fa78 RBX: 0000000000000000 RCX: 0000000000000000 [ 2849.891956][ T8260] RDX: 00007f2a5004f898 RSI: 0000000000000000 RDI: 00007f2a5004f880 [ 2849.899888][ T8260] RBP: 00007f2a48016d40 R08: 0000000000000000 R09: 0000000000000006 [ 2849.907824][ T8260] R10: 000055653b63e280 R11: 0000000000000000 R12: 00007f2a5004f880 [ 2849.915902][ T8260] R13: 0000000000000000 R14: 00007f2a5004fa78 R15: 00007f2a48016d40 [ 2849.933348][ T8260] Mem-Info: [ 2849.936532][ T8260] active_anon:220882 inactive_anon:6938 isolated_anon:0 [ 2849.936532][ T8260] active_file:19 inactive_file:7 isolated_file:0 [ 2849.936532][ T8260] unevictable:11 dirty:4 writeback:2 [ 2849.936532][ T8260] slab_reclaimable:7545 slab_unreclaimable:25669 [ 2849.936532][ T8260] mapped:54953 shmem:7149 pagetables:5057 bounce:0 [ 2849.936532][ T8260] free:15796 free_pcp:0 free_cma:0 [ 2849.977443][ T8260] Node 0 active_anon:882640kB inactive_anon:27744kB active_file:16kB inactive_file:68kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219812kB dirty:16kB writeback:4kB shmem:28588kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 606208kB writeback_tmp:0kB all_unreclaimable? yes [ 2850.007782][ T8260] Node 1 active_anon:888kB inactive_anon:8kB active_file:60kB inactive_file:260kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:4kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2850.036510][ T8260] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2850.068540][ T8260] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2850.075111][ T8260] Node 0 DMA32 free:21060kB min:36976kB low:45708kB high:54440kB reserved_highatomic:0KB active_anon:566400kB inactive_anon:0kB active_file:40kB inactive_file:24kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2520kB pagetables:12216kB bounce:0kB free_pcp:40kB local_pcp:40kB free_cma:0kB [ 2850.108405][ T8260] lowmem_reserve[]: 0 0 707 707 707 [ 2850.114479][ T8260] Node 0 Normal free:5432kB min:10716kB low:12880kB high:15044kB reserved_highatomic:0KB active_anon:316216kB inactive_anon:27744kB active_file:0kB inactive_file:12kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7796kB bounce:0kB free_pcp:72kB local_pcp:68kB free_cma:0kB [ 2850.148456][ T8260] lowmem_reserve[]: 0 0 0 0 0 [ 2850.154522][ T8260] Node 1 Normal free:952772kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:888kB inactive_anon:8kB active_file:100kB inactive_file:3524kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:212kB bounce:0kB free_pcp:1528kB local_pcp:44kB free_cma:0kB [ 2850.187816][ T8260] lowmem_reserve[]: 0 0 0 0 0 [ 2850.193407][ T8260] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2850.211057][ T8260] Node 0 DMA32: 69*4kB (UME) 834*8kB (UME) 418*16kB (UME) 160*32kB (UM) 36*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 21060kB [ 2850.227484][ T8260] Node 0 Normal: 616*4kB (UME) 192*8kB (UME) 64*16kB (UME) 15*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5504kB [ 2850.243840][ T8260] Node 1 Normal: 16*4kB (UME) 15*8kB (UE) 15*16kB (UME) 18*32kB (UME) 14*64kB (UE) 31*128kB (UME) 28*256kB (UM) 22*512kB (UM) 21*1024kB (UME) 15*2048kB (U) 333*4096kB (UM) = 1440488kB [ 2850.264579][ T8260] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2850.274514][ T8260] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2850.285720][ T8260] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2850.305455][ T8260] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2850.329473][ T8260] 8695 total pagecache pages [ 2850.334043][ T8260] 0 pages in swap cache [ 2850.338291][ T8260] Swap cache stats: add 0, delete 0, find 0/0 [ 2850.359552][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2850.373365][ T8260] Free swap = 0kB [ 2850.377068][ T8260] Total swap = 0kB [ 2850.385038][ T8260] 1965979 pages RAM [ 2850.388824][ T8260] 0 pages HighMem/MovableOnly [ 2850.394138][ T8260] 83163 pages reserved [ 2850.398389][ T8260] 0 pages cma reserved [ 2850.402968][ T8260] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=4782,uid=0 [ 2850.417757][ T8260] Out of memory: Killed process 4782 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2851.079816][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:02:02 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:02 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r2, 0x0, r3) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) 07:02:02 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:02:02 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) r1 = socket$unix(0x1, 0x2, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$packet(0x11, 0x0, 0x300) syz_open_procfs(0x0, &(0x7f00000004c0)='net/ip6_flowlabel\x00') 07:02:02 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:02 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xb1, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fa"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:02:02 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:03 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:03 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r2, 0x0, r3) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) 07:02:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:03 executing program 1: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000380)={0x4, 0x0, &(0x7f0000000400)=[@enter_looper], 0x1, 0x40400020, &(0x7f0000000040)='s'}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000200)={0x44, 0x0, &(0x7f00000004c0)=[@transaction={0x40046305, {0x0, 0x400c630e, 0x0, 0x0, 0x400c630f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 07:02:03 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:03 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r2 = dup(r1) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2851.372702][ T5907] binder: 5906:5907 unknown command 0 [ 2851.388030][ T5907] binder: 5906:5907 ioctl c0306201 20000200 returned -22 [ 2851.399518][T18153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2851.549383][T24244] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 2851.789349][T24244] usb 4-1: Using ep0 maxpacket: 8 [ 2851.909637][T24244] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2852.079641][T24244] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2852.090393][T24244] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2852.098450][T24244] usb 4-1: Product: syz [ 2852.104044][T24244] usb 4-1: Manufacturer: syz [ 2852.108701][T24244] usb 4-1: SerialNumber: syz [ 2852.439520][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2853.249251][T24244] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2853.256666][T24244] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2853.272988][T24244] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2853.461138][T24244] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2853.492762][T24244] usb 4-1: USB disconnect, device number 63 [ 2853.500794][T24244] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 2853.514548][T18153] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2854.119190][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:02:06 executing program 3: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:02:06 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xb1, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fa"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:02:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2854.519162][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2855.559088][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2856.299570][ T1931] oom_reaper: reaped process 5883 (syz-executor.4), now anon-rss:0kB, file-rss:34752kB, shmem-rss:0kB [ 2856.599144][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2856.639633][ T8250] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2856.651181][ T8250] CPU: 0 PID: 8250 Comm: in:imklog Not tainted 5.8.0-rc7-syzkaller #0 [ 2856.659342][ T8250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2856.669357][ T8250] Call Trace: [ 2856.672611][ T8250] dump_stack+0x10f/0x19d [ 2856.676902][ T8250] dump_header+0x8e/0x400 [ 2856.681201][ T8250] oom_kill_process+0x18d/0x3f0 [ 2856.686013][ T8250] out_of_memory+0x5bd/0x880 [ 2856.690686][ T8250] ? get_page_from_freelist+0x127/0x3c0 [ 2856.696193][ T8250] __alloc_pages_slowpath+0x742/0x970 [ 2856.701528][ T8250] __alloc_pages_nodemask+0x235/0x390 [ 2856.706862][ T8250] alloc_pages_current+0x21d/0x310 [ 2856.712049][ T8250] __page_cache_alloc+0x4f/0x120 [ 2856.716948][ T8250] pagecache_get_page+0x494/0x8b0 [ 2856.721934][ T8250] ? __do_page_cache_readahead+0x96/0xb0 [ 2856.727586][ T8250] filemap_fault+0xba4/0x11e0 [ 2856.732226][ T8250] ext4_filemap_fault+0x4b/0x60 [ 2856.737094][ T8250] do_read_fault+0x41f/0x730 [ 2856.741648][ T8250] handle_mm_fault+0x135d/0x1930 [ 2856.746551][ T8250] do_user_addr_fault+0x393/0x810 [ 2856.751563][ T8250] exc_page_fault+0xb8/0x330 [ 2856.756114][ T8250] ? asm_exc_page_fault+0x8/0x30 [ 2856.761012][ T8250] asm_exc_page_fault+0x1e/0x30 [ 2856.765821][ T8250] RIP: 0033:0x7f2a5dc42380 [ 2856.770207][ T8250] Code: Bad RIP value. [ 2856.774241][ T8250] RSP: 002b:00007f2a5c585468 EFLAGS: 00010246 [ 2856.780266][ T8250] RAX: 000000000000005b RBX: 00007f2a5c5854a0 RCX: 0000000000000000 [ 2856.788200][ T8250] RDX: 0000000000000000 RSI: 00007f2a5c5854ac RDI: 00007f2a5c5854a0 [ 2856.796139][ T8250] RBP: 00007f2a5c5854ac R08: 0000000000000000 R09: 0000000004000001 [ 2856.804188][ T8250] R10: 0000000000000001 R11: 0000000000000000 R12: 00007f2a5c585da0 [ 2856.812122][ T8250] R13: 00000000fffff7e7 R14: 0000000000001f9f R15: 00007f2a5c585dfd [ 2856.821222][ T8250] Mem-Info: [ 2856.824328][ T8250] active_anon:220241 inactive_anon:6937 isolated_anon:0 [ 2856.824328][ T8250] active_file:0 inactive_file:36 isolated_file:20 [ 2856.824328][ T8250] unevictable:11 dirty:0 writeback:0 [ 2856.824328][ T8250] slab_reclaimable:7542 slab_unreclaimable:25682 [ 2856.824328][ T8250] mapped:54969 shmem:7146 pagetables:5044 bounce:0 [ 2856.824328][ T8250] free:15434 free_pcp:62 free_cma:0 [ 2856.860592][ T8250] Node 0 active_anon:880472kB inactive_anon:27744kB active_file:12kB inactive_file:64kB unevictable:44kB isolated(anon):0kB isolated(file):80kB mapped:219876kB dirty:0kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 602112kB writeback_tmp:0kB all_unreclaimable? yes [ 2856.888178][ T8250] Node 1 active_anon:492kB inactive_anon:4kB active_file:0kB inactive_file:80kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2856.913931][ T8250] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2856.943717][ T8250] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2856.949481][ T8250] Node 0 DMA32 free:20116kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:564328kB inactive_anon:8kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2504kB pagetables:12104kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2856.980486][ T8250] lowmem_reserve[]: 0 0 707 707 707 [ 2856.985649][ T8250] Node 0 Normal free:4328kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:316144kB inactive_anon:27736kB active_file:44kB inactive_file:12kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4272kB pagetables:8064kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2857.016942][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2857.021650][ T8250] Node 1 Normal free:22980kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:492kB inactive_anon:4kB active_file:0kB inactive_file:64kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:88kB pagetables:8kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2857.052962][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2857.057619][ T8250] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2857.072332][ T8250] Node 0 DMA32: 67*4kB (ME) 794*8kB (ME) 403*16kB (UME) 154*32kB (UM) 37*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20364kB [ 2857.086998][ T8250] Node 0 Normal: 520*4kB (UME) 172*8kB (UME) 50*16kB (UME) 5*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4416kB [ 2857.101147][ T8250] Node 1 Normal: 36*4kB (ME) 28*8kB (UME) 28*16kB (ME) 32*32kB (ME) 23*64kB (UME) 14*128kB (ME) 8*256kB (M) 5*512kB (M) 5*1024kB (ME) 2*2048kB (UM) 1*4096kB (M) = 23024kB [ 2857.118061][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2857.127650][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2857.136908][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2857.146426][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2857.155719][ T8250] 7180 total pagecache pages [ 2857.161592][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2857.169701][ T8250] 0 pages in swap cache [ 2857.173820][ T8250] Swap cache stats: add 0, delete 0, find 0/0 [ 2857.179872][ T8250] Free swap = 0kB [ 2857.183553][ T8250] Total swap = 0kB [ 2857.187237][ T8250] 1965979 pages RAM [ 2857.191023][ T8250] 0 pages HighMem/MovableOnly [ 2857.195671][ T8250] 83163 pages reserved [ 2857.199726][ T8250] 0 pages cma reserved [ 2857.203780][ T8250] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=4744,uid=0 [ 2857.217932][ T8250] Out of memory: Killed process 4744 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2857.248115][ T8629] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2857.261189][ T4744] warn_alloc: 1 callbacks suppressed [ 2857.261199][ T4744] syz-executor.0: page allocation failure: order:0, mode:0x101cca(GFP_HIGHUSER_MOVABLE|__GFP_WRITE), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 2857.284845][ T8629] CPU: 1 PID: 8629 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2857.293059][ T8629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2857.303331][ T8629] Call Trace: [ 2857.306603][ T8629] dump_stack+0x10f/0x19d [ 2857.310910][ T8629] dump_header+0x8e/0x400 [ 2857.315206][ T8629] oom_kill_process+0x18d/0x3f0 [ 2857.320026][ T8629] out_of_memory+0x5bd/0x880 [ 2857.324672][ T8629] ? get_page_from_freelist+0x127/0x3c0 [ 2857.330189][ T8629] __alloc_pages_slowpath+0x742/0x970 [ 2857.335535][ T8629] __alloc_pages_nodemask+0x235/0x390 [ 2857.340880][ T8629] alloc_pages_current+0x21d/0x310 [ 2857.345958][ T8629] __page_cache_alloc+0x4f/0x120 [ 2857.350867][ T8629] pagecache_get_page+0x494/0x8b0 [ 2857.355855][ T8629] ? __do_page_cache_readahead+0x96/0xb0 [ 2857.361452][ T8629] filemap_fault+0xba4/0x11e0 [ 2857.366101][ T8629] ext4_filemap_fault+0x4b/0x60 [ 2857.370918][ T8629] do_read_fault+0x41f/0x730 [ 2857.375527][ T8629] handle_mm_fault+0x135d/0x1930 [ 2857.380444][ T8629] do_user_addr_fault+0x393/0x810 [ 2857.385440][ T8629] exc_page_fault+0xb8/0x330 [ 2857.390006][ T8629] ? asm_exc_page_fault+0x8/0x30 [ 2857.394912][ T8629] asm_exc_page_fault+0x1e/0x30 [ 2857.399731][ T8629] RIP: 0033:0x4df24b [ 2857.403598][ T8629] Code: Bad RIP value. [ 2857.407643][ T8629] RSP: 002b:000000c019e45310 EFLAGS: 00010202 [ 2857.413686][ T8629] RAX: 000000c00e34c450 RBX: 0000000000000076 RCX: 0000000000871880 [ 2857.421631][ T8629] RDX: 000000c01945e340 RSI: 000000000091fc4b RDI: 000000c01945e360 [ 2857.429575][ T8629] RBP: 000000c019e45398 R08: 0000000000000076 R09: 0000000000000001 [ 2857.437515][ T8629] R10: 0000000000000000 R11: 000000c00711c900 R12: 0000000000000900 [ 2857.445471][ T8629] R13: 0000000000000046 R14: 0000000000000045 R15: 0000000000000200 [ 2857.458542][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2857.473717][ T4744] CPU: 1 PID: 4744 Comm: syz-executor.0 Not tainted 5.8.0-rc7-syzkaller #0 [ 2857.482278][ T4744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2857.485332][ T8629] Mem-Info: [ 2857.492308][ T4744] Call Trace: [ 2857.492321][ T4744] dump_stack+0x10f/0x19d [ 2857.492330][ T4744] warn_alloc+0x105/0x160 [ 2857.492342][ T4744] ? schedule_timeout+0x13f/0x2c0 [ 2857.492400][ T4744] __alloc_pages_slowpath+0x958/0x970 [ 2857.512909][ T8629] active_anon:219707 inactive_anon:6937 isolated_anon:0 [ 2857.512909][ T8629] active_file:42 inactive_file:0 isolated_file:0 [ 2857.512909][ T8629] unevictable:11 dirty:0 writeback:0 [ 2857.512909][ T8629] slab_reclaimable:7542 slab_unreclaimable:25662 [ 2857.512909][ T8629] mapped:54969 shmem:7146 pagetables:5044 bounce:0 [ 2857.512909][ T8629] free:15461 free_pcp:0 free_cma:0 [ 2857.517666][ T4744] __alloc_pages_nodemask+0x235/0x390 [ 2857.559065][ T4744] alloc_pages_current+0x21d/0x310 [ 2857.564236][ T4744] __page_cache_alloc+0x4f/0x120 [ 2857.569165][ T4744] pagecache_get_page+0x494/0x8b0 [ 2857.569881][ T8629] Node 0 active_anon:878336kB inactive_anon:27744kB active_file:152kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219876kB dirty:0kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 602112kB writeback_tmp:0kB all_unreclaimable? yes [ 2857.574164][ T4744] grab_cache_page_write_begin+0x3f/0x70 [ 2857.607227][ T4744] ext4_da_write_begin+0x33c/0xa30 [ 2857.612403][ T4744] ? __list_add_valid+0x28/0x90 [ 2857.617240][ T4744] ? iov_iter_fault_in_readable+0x58/0x390 [ 2857.623017][ T4744] generic_perform_write+0x196/0x390 [ 2857.625873][ T8629] Node 1 active_anon:492kB inactive_anon:4kB active_file:16kB inactive_file:12kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2857.628275][ T4744] ext4_buffered_write_iter+0x2cc/0x3b0 [ 2857.659341][ T4744] ext4_file_write_iter+0x76f/0x1010 [ 2857.664597][ T4744] ? release_pages+0x895/0x8c0 [ 2857.668092][ T8629] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2857.669332][ T4744] ? free_pgd_range+0xa39/0xab0 [ 2857.669340][ T4744] ? lru_add_drain_cpu+0x295/0x2d0 [ 2857.669350][ T4744] ? check_preemption_disabled+0x51/0x140 [ 2857.669359][ T4744] __kernel_write+0x3a9/0x5a0 [ 2857.669437][ T4744] do_acct_process+0x9c3/0xac0 [ 2857.723205][ T4744] ? mmput+0x38/0x40 [ 2857.727079][ T4744] ? exit_oom_victim+0x53/0x60 [ 2857.731812][ T4744] acct_process+0x1ad/0x250 [ 2857.736398][ T4744] do_exit+0x422/0x16e0 [ 2857.740533][ T4744] do_group_exit+0xcb/0x180 [ 2857.745007][ T4744] get_signal+0x106d/0x1650 [ 2857.749485][ T4744] ? _raw_spin_unlock_irqrestore+0x53/0x70 [ 2857.755264][ T4744] ? rcu_preempt_deferred_qs_irqrestore+0x3e2/0x610 [ 2857.761832][ T4744] do_signal+0x25/0x270 [ 2857.766019][ T4744] ? __se_sys_futex+0x26d/0x330 [ 2857.768887][ T8629] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2857.770920][ T4744] ? check_preemption_disabled+0x51/0x140 [ 2857.776517][ T8629] Node 0 DMA32 free:20144kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:562280kB inactive_anon:8kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2504kB pagetables:12104kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2857.782206][ T4744] __prepare_exit_to_usermode+0x127/0x230 [ 2857.782216][ T4744] __syscall_return_slowpath+0x47/0x60 [ 2857.782230][ T4744] do_syscall_64+0x5d/0xb0 [ 2857.828785][ T4744] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2857.834652][ T4744] RIP: 0033:0x45c369 [ 2857.838526][ T4744] Code: Bad RIP value. [ 2857.842580][ T4744] RSP: 002b:00007f77832eecf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2857.850958][ T4744] RAX: fffffffffffffe00 RBX: 000000000078bf08 RCX: 000000000045c369 [ 2857.858842][ T8629] lowmem_reserve[]: 0 0 707 707 707 [ 2857.858904][ T4744] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000078bf08 [ 2857.864061][ T8629] Node 0 Normal free:4168kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:316144kB inactive_anon:27736kB active_file:48kB inactive_file:52kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4272kB pagetables:8064kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2857.872015][ T4744] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2857.872025][ T4744] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2857.919271][ T4744] R13: 00007ffea9725ebf R14: 00007f77832ef9c0 R15: 000000000078bf0c [ 2857.927774][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2857.945426][ T4744] Mem-Info: [ 2857.948561][ T4744] active_anon:219682 inactive_anon:6937 isolated_anon:0 [ 2857.948561][ T4744] active_file:42 inactive_file:640 isolated_file:0 [ 2857.948561][ T4744] unevictable:11 dirty:0 writeback:0 [ 2857.948561][ T4744] slab_reclaimable:7542 slab_unreclaimable:25662 [ 2857.948561][ T4744] mapped:55244 shmem:7146 pagetables:5044 bounce:0 [ 2857.948561][ T4744] free:157215 free_pcp:435 free_cma:0 [ 2857.966267][ T8629] lowmem_reserve[]: 0 0 0 0 0 [ 2857.987341][ T4744] Node 0 active_anon:878236kB inactive_anon:27744kB active_file:152kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219876kB dirty:0kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 602112kB writeback_tmp:0kB all_unreclaimable? yes [ 2858.020371][ T8629] Node 1 Normal free:747016kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:492kB inactive_anon:4kB active_file:116kB inactive_file:3712kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:88kB pagetables:8kB bounce:0kB free_pcp:1788kB local_pcp:360kB free_cma:0kB [ 2858.050817][ T4744] Node 1 active_anon:472kB inactive_anon:4kB active_file:176kB inactive_file:3808kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:2308kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2858.056716][ T8629] lowmem_reserve[]: 0 0 0 0 0 [ 2858.087228][ T8629] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2858.106059][ T8629] Node 0 DMA32: 80*4kB (UME) 796*8kB (UME) 404*16kB (UME) 154*32kB (UM) 35*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20448kB [ 2858.118834][ T4744] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2858.123172][ T8629] Node 0 Normal: 556*4kB (UME) 175*8kB (UME) 51*16kB (UME) 5*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4600kB [ 2858.170483][ T8629] Node 1 Normal: 10*4kB (UME) 9*8kB (UME) 10*16kB (UE) 6*32kB (UE) 8*64kB (UE) 6*128kB (UE) 9*256kB (UM) 11*512kB (UM) 11*1024kB (UME) 9*2048kB (UM) 276*4096kB (UM) = 1169872kB [ 2858.180617][ T4744] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2858.190273][ T8629] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2858.206348][ T8629] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2858.213948][ T4744] Node 0 DMA32 free:20448kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:562280kB inactive_anon:8kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2504kB pagetables:12060kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2858.216203][ T8629] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2858.260543][ T8629] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2858.274215][ T8629] 9364 total pagecache pages [ 2858.277215][ T4744] lowmem_reserve[]: 0 0 707 707 707 [ 2858.280412][ T8629] 0 pages in swap cache [ 2858.284019][ T4744] Node 0 Normal free:4600kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:315900kB inactive_anon:27736kB active_file:52kB inactive_file:52kB unevictable:44kB writepending:4kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7800kB bounce:0kB free_pcp:412kB local_pcp:404kB free_cma:0kB [ 2858.288195][ T8629] Swap cache stats: add 0, delete 0, find 0/0 [ 2858.328377][ T8629] Free swap = 0kB [ 2858.332885][ T8629] Total swap = 0kB [ 2858.338260][ T8629] 1965979 pages RAM [ 2858.344433][ T8629] 0 pages HighMem/MovableOnly [ 2858.349156][T24244] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 2858.358772][ T4744] lowmem_reserve[]: 0 0 0 0 0 [ 2858.363457][ T4744] Node 1 Normal free:1720200kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:512kB inactive_anon:4kB active_file:400kB inactive_file:9124kB unevictable:0kB writepending:8kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:72kB pagetables:8kB bounce:0kB free_pcp:1504kB local_pcp:1260kB free_cma:0kB [ 2858.370734][ T8629] 83163 pages reserved [ 2858.430687][ T8629] 0 pages cma reserved [ 2858.435242][ T8629] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=4740,uid=0 [ 2858.445798][ T4744] lowmem_reserve[]: 0 0 0 0 0 [ 2858.451224][ T8629] Out of memory: Killed process 4740 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 07:02:10 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r2 = dup(r1) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2858.455887][ T4744] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2858.518793][ T4744] Node 0 DMA32: 80*4kB (UME) 796*8kB (UME) 404*16kB (UME) 155*32kB (UM) 35*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 22528kB [ 2858.548748][ T4744] Node 0 Normal: 687*4kB (UME) 189*8kB (UME) 58*16kB (UME) 9*32kB (UM) 0*64kB 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5860kB [ 2858.578867][ T4744] Node 1 Normal: 5*4kB (UME) 4*8kB (UME) 6*16kB (UME) 5*32kB (UME) 11*64kB (UME) 11*128kB (UE) 11*256kB (U) 12*512kB (U) 12*1024kB (UME) 12*2048kB (U) 543*4096kB (UM) = 2272372kB [ 2858.618752][ T4744] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2858.628388][ T4744] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2858.639874][ T4744] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2858.649557][ T4744] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2858.660323][ T4744] 10889 total pagecache pages [ 2858.664974][ T4744] 0 pages in swap cache [ 2858.669408][ T4744] Swap cache stats: add 0, delete 0, find 0/0 [ 2858.675452][ T4744] Free swap = 0kB [ 2858.678797][T24244] usb 4-1: Using ep0 maxpacket: 8 [ 2858.682652][ T4744] Total swap = 0kB [ 2858.687826][ T4744] 1965979 pages RAM [ 2858.691923][ T4744] 0 pages HighMem/MovableOnly [ 2858.696620][ T4744] 83163 pages reserved [ 2858.701891][ T4744] 0 pages cma reserved [ 2858.808857][T24244] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2858.999087][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2859.048716][T24244] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2859.057806][T24244] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2859.078714][T24244] usb 4-1: Product: syz [ 2859.108737][T24244] usb 4-1: can't set config #1, error -71 [ 2859.115006][T24244] usb 4-1: USB disconnect, device number 64 07:02:11 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) r1 = socket$unix(0x1, 0x2, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$packet(0x11, 0x0, 0x300) 07:02:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r5 = dup(r4) syz_kvm_setup_cpu$x86(r5, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:11 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = fcntl$dupfd(r0, 0x0, r1) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) 07:02:11 executing program 3: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:02:11 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r2 = dup(r1) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:11 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x109, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:02:11 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r2 = dup(r1) syz_kvm_setup_cpu$x86(r2, r0, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r5 = dup(r4) syz_kvm_setup_cpu$x86(r5, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:11 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r3 = dup(r2) syz_kvm_setup_cpu$x86(r3, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:11 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r3 = dup(r2) syz_kvm_setup_cpu$x86(r3, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:11 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r1, r0, 0x0) r2 = socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$inet_udplite(0x2, 0x2, 0x88) r4 = fcntl$dupfd(r2, 0x0, r3) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000340)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000000000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000980200009802000098020000030400000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000000000000000000000000000000000000000000000002000000000c001080200000000000000000000000000000000000000005001686173686c696d69740000000000000000000000000000000004001b0002726f7365300000000000000000000000000000000000000000000000000000000000000000160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003ed2ffffffffffffff00000000000000000000000003000000070000000000000000000000000000004800435400000000000000000000000000000000000000000000000000002000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000457000000000000000000000000000070009000000000000000000000000000000000000000000020004e4f545241434b0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) 07:02:11 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r2 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r5 = dup(r4) syz_kvm_setup_cpu$x86(r5, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2859.640241][T24244] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 2859.898649][T24244] usb 4-1: Using ep0 maxpacket: 8 [ 2860.038692][T24244] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2860.058936][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2860.198674][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2860.238694][T24244] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2860.247702][T24244] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2860.268597][T24244] usb 4-1: Product: syz [ 2860.272765][T24244] usb 4-1: Manufacturer: syz [ 2860.277334][T24244] usb 4-1: SerialNumber: syz [ 2861.078896][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2861.408592][T24244] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2861.416158][T24244] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2861.433809][T24244] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2861.620396][T24244] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2861.650443][T24244] usb 4-1: USB disconnect, device number 65 [ 2861.662707][T24244] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 2862.126959][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2862.823881][ T1931] oom_reaper: reaped process 5985 (syz-executor.4), now anon-rss:0kB, file-rss:34752kB, shmem-rss:0kB [ 2862.845149][ T8250] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2862.858498][ T8250] CPU: 0 PID: 8250 Comm: in:imklog Not tainted 5.8.0-rc7-syzkaller #0 [ 2862.866719][ T8250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2862.876880][ T8250] Call Trace: [ 2862.880144][ T8250] dump_stack+0x10f/0x19d [ 2862.884447][ T8250] dump_header+0x8e/0x400 [ 2862.888819][ T8250] oom_kill_process+0x18d/0x3f0 [ 2862.893642][ T8250] out_of_memory+0x5bd/0x880 [ 2862.898204][ T8250] ? get_page_from_freelist+0x127/0x3c0 [ 2862.903719][ T8250] __alloc_pages_slowpath+0x742/0x970 [ 2862.909065][ T8250] __alloc_pages_nodemask+0x235/0x390 [ 2862.914413][ T8250] alloc_pages_current+0x21d/0x310 [ 2862.919597][ T8250] __page_cache_alloc+0x4f/0x120 [ 2862.924506][ T8250] pagecache_get_page+0x494/0x8b0 [ 2862.929501][ T8250] ? __do_page_cache_readahead+0x96/0xb0 [ 2862.935125][ T8250] filemap_fault+0xba4/0x11e0 [ 2862.939979][ T8250] ext4_filemap_fault+0x4b/0x60 [ 2862.944853][ T8250] do_read_fault+0x41f/0x730 [ 2862.949412][ T8250] handle_mm_fault+0x135d/0x1930 [ 2862.954331][ T8250] do_user_addr_fault+0x393/0x810 [ 2862.959405][ T8250] exc_page_fault+0xb8/0x330 [ 2862.963971][ T8250] ? asm_exc_page_fault+0x8/0x30 [ 2862.968883][ T8250] asm_exc_page_fault+0x1e/0x30 [ 2862.973699][ T8250] RIP: 0033:0x7f2a5ebe922d [ 2862.978109][ T8250] Code: Bad RIP value. [ 2862.982141][ T8250] RSP: 002b:00007f2a5c585580 EFLAGS: 00010293 [ 2862.988175][ T8250] RAX: 000000000000007e RBX: 0000000000000000 RCX: 00007f2a5ebe922d [ 2862.996128][ T8250] RDX: 0000000000001fa0 RSI: 00007f2a5c585da0 RDI: 0000000000000004 [ 2863.004066][ T8250] RBP: 000055653d0f99d0 R08: 0000000000000000 R09: 0000000004000001 [ 2863.012042][ T8250] R10: 0000000000000001 R11: 0000000000000293 R12: 00007f2a5c585da0 [ 2863.019991][ T8250] R13: 0000000000001fa0 R14: 0000000000001f9f R15: 00007f2a5c585dfd [ 2863.030428][ T8250] Mem-Info: [ 2863.033519][ T8250] active_anon:219120 inactive_anon:6937 isolated_anon:0 [ 2863.033519][ T8250] active_file:11 inactive_file:15 isolated_file:0 [ 2863.033519][ T8250] unevictable:11 dirty:0 writeback:0 [ 2863.033519][ T8250] slab_reclaimable:7542 slab_unreclaimable:25667 [ 2863.033519][ T8250] mapped:54996 shmem:7146 pagetables:4917 bounce:0 [ 2863.033519][ T8250] free:16808 free_pcp:216 free_cma:0 [ 2863.071383][ T8250] Node 0 active_anon:875972kB inactive_anon:27744kB active_file:24kB inactive_file:16kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:219984kB dirty:0kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 600064kB writeback_tmp:0kB all_unreclaimable? yes [ 2863.100121][ T8250] Node 1 active_anon:508kB inactive_anon:4kB active_file:32kB inactive_file:3232kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:2200kB dirty:0kB writeback:0kB shmem:4kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2863.127290][ T8250] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2863.158354][ T8250] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2863.158829][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2863.165976][ T8250] Node 0 DMA32 free:22008kB min:39024kB low:47756kB high:56488kB reserved_highatomic:0KB active_anon:560216kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2472kB pagetables:11972kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2863.209858][ T8250] lowmem_reserve[]: 0 0 707 707 707 [ 2863.215134][ T8250] Node 0 Normal free:7792kB min:16860kB low:19024kB high:21188kB reserved_highatomic:0KB active_anon:315732kB inactive_anon:27744kB active_file:20kB inactive_file:20kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7684kB bounce:0kB free_pcp:368kB local_pcp:248kB free_cma:0kB [ 2863.248728][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2863.250546][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2863.262614][ T8250] Node 1 Normal free:727580kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:508kB inactive_anon:4kB active_file:32kB inactive_file:3232kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:2520kB local_pcp:1260kB free_cma:0kB [ 2863.295442][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2863.300284][ T8250] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2863.316681][ T8250] Node 0 DMA32: 68*4kB (UME) 825*8kB (ME) 422*16kB (UME) 168*32kB (UM) 41*64kB (M) 3*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22008kB [ 2863.333180][ T8250] Node 0 Normal: 684*4kB (UME) 280*8kB (UME) 98*16kB (UME) 17*32kB (UME) 11*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7792kB [ 2863.348194][ T8250] Node 1 Normal: 12*4kB (UE) 6*8kB (UME) 9*16kB (UME) 9*32kB (UE) 7*64kB (UE) 21*128kB (UME) 22*256kB (UM) 9*512kB (UM) 11*1024kB (UME) 7*2048kB (UM) 284*4096kB (U) = 1202768kB [ 2863.367139][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2863.376823][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2863.387672][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2863.397363][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2863.408169][ T8250] 7997 total pagecache pages [ 2863.413045][ T8250] 0 pages in swap cache [ 2863.417173][ T8250] Swap cache stats: add 0, delete 0, find 0/0 [ 2863.424884][ T8250] Free swap = 0kB [ 2863.428741][ T8250] Total swap = 0kB [ 2863.432433][ T8250] 1965979 pages RAM [ 2863.436206][ T8250] 0 pages HighMem/MovableOnly [ 2863.442739][ T8250] 83163 pages reserved [ 2863.446779][ T8250] 0 pages cma reserved [ 2863.451205][ T8250] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=4737,uid=0 [ 2863.466520][ T8250] Out of memory: Killed process 4737 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2863.487057][ T1931] oom_reaper: reaped process 4737 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 07:02:15 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vhci\x00', 0x2a402) write$vhci(r1, 0x0, 0x0) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0x0, 0x1}, 0x6) 07:02:16 executing program 5: r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r3 = dup(r2) syz_kvm_setup_cpu$x86(r3, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:16 executing program 3: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:02:16 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) r1 = socket$unix(0x1, 0x2, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 07:02:16 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x109, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:02:16 executing program 1: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) [ 2864.198446][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:02:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r3 = dup3(0xffffffffffffffff, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:16 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:16 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r3 = dup(r2) syz_kvm_setup_cpu$x86(r3, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2864.559446][ T2320] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 2864.568710][T24244] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 2864.798233][ T2320] usb 2-1: Using ep0 maxpacket: 8 [ 2864.808556][T24244] usb 4-1: Using ep0 maxpacket: 8 [ 2864.918235][ T2320] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2864.929223][T24244] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2865.108434][T24244] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2865.117509][ T2320] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2865.127727][ T2320] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2865.135960][T24244] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2865.145338][ T2320] usb 2-1: Product: syz [ 2865.149615][T24244] usb 4-1: Product: syz [ 2865.153917][ T2320] usb 2-1: Manufacturer: syz [ 2865.158704][T24244] usb 4-1: Manufacturer: syz [ 2865.163378][ T2320] usb 2-1: SerialNumber: syz [ 2865.168066][T24244] usb 4-1: SerialNumber: syz [ 2865.238425][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2866.278232][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2866.288442][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2866.308170][ T2320] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2866.314665][T24244] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2866.322291][T24244] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2866.329890][ T2320] cdc_ncm 2-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2866.337509][T24244] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2866.344632][ T2320] cdc_ncm 2-1:1.0: setting rx_max = 2048 [ 2866.530990][T24244] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2866.543200][ T2320] cdc_ncm 2-1:1.0 usb1: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42 [ 2866.587452][T24244] usb 4-1: USB disconnect, device number 66 [ 2866.601738][ T2320] usb 2-1: USB disconnect, device number 112 [ 2866.635270][T24244] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 2866.647840][ T2320] cdc_ncm 2-1:1.0 usb1: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM [ 2866.999252][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:02:19 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x109, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:02:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:19 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r3 = dup(r2) syz_kvm_setup_cpu$x86(r3, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:19 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) [ 2867.320152][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2867.539315][T24244] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 2867.778018][T24244] usb 4-1: Using ep0 maxpacket: 8 [ 2868.278265][T24244] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2868.358050][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2868.403851][ T5029] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2868.415800][ T5029] CPU: 0 PID: 5029 Comm: systemd-journal Not tainted 5.8.0-rc7-syzkaller #0 [ 2868.424444][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2868.434472][ T5029] Call Trace: [ 2868.437740][ T5029] dump_stack+0x10f/0x19d [ 2868.442052][ T5029] dump_header+0x8e/0x400 [ 2868.446367][ T5029] oom_kill_process+0x18d/0x3f0 [ 2868.451191][ T5029] out_of_memory+0x5bd/0x880 [ 2868.455752][ T5029] ? get_page_from_freelist+0x127/0x3c0 [ 2868.461281][ T5029] __alloc_pages_slowpath+0x742/0x970 [ 2868.466661][ T5029] __alloc_pages_nodemask+0x235/0x390 [ 2868.472061][ T5029] alloc_pages_current+0x21d/0x310 [ 2868.477146][ T5029] __page_cache_alloc+0x4f/0x120 [ 2868.482053][ T5029] pagecache_get_page+0x494/0x8b0 [ 2868.487074][ T5029] ? __do_page_cache_readahead+0x96/0xb0 [ 2868.492676][ T5029] filemap_fault+0xba4/0x11e0 [ 2868.497327][ T5029] ext4_filemap_fault+0x4b/0x60 [ 2868.502278][ T5029] do_read_fault+0x41f/0x730 [ 2868.506855][ T5029] handle_mm_fault+0x135d/0x1930 [ 2868.511780][ T5029] do_user_addr_fault+0x393/0x810 [ 2868.516782][ T5029] exc_page_fault+0xb8/0x330 [ 2868.521345][ T5029] ? asm_exc_page_fault+0x8/0x30 [ 2868.526268][ T5029] asm_exc_page_fault+0x1e/0x30 [ 2868.531117][ T5029] RIP: 0033:0x7efc26bc52e3 [ 2868.535511][ T5029] Code: Bad RIP value. [ 2868.539546][ T5029] RSP: 002b:00007fff65439748 EFLAGS: 00010246 [ 2868.545605][ T5029] RAX: 0000000000000001 RBX: 000055eeda6141e0 RCX: 00007efc26bc52e3 [ 2868.553559][ T5029] RDX: 0000000000000013 RSI: 00007fff65439750 RDI: 0000000000000008 [ 2868.561510][ T5029] RBP: 00007fff65439940 R08: 0000000000989680 R09: 00007fff654a0080 [ 2868.569458][ T5029] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff65439750 [ 2868.577396][ T5029] R13: 0000000000000001 R14: ffffffffffffffff R15: 0005ab7b0530384b [ 2868.603484][ T5029] Mem-Info: [ 2868.606588][ T5029] active_anon:220186 inactive_anon:6937 isolated_anon:0 [ 2868.606588][ T5029] active_file:21 inactive_file:0 isolated_file:0 [ 2868.606588][ T5029] unevictable:11 dirty:0 writeback:0 [ 2868.606588][ T5029] slab_reclaimable:7543 slab_unreclaimable:25708 [ 2868.606588][ T5029] mapped:55038 shmem:7146 pagetables:4943 bounce:0 [ 2868.606588][ T5029] free:26593 free_pcp:0 free_cma:0 [ 2868.665748][ T5029] Node 0 active_anon:879940kB inactive_anon:27732kB active_file:56kB inactive_file:28kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220140kB dirty:0kB writeback:0kB shmem:28568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 602112kB writeback_tmp:0kB all_unreclaimable? yes [ 2868.761044][ T5029] Node 1 active_anon:804kB inactive_anon:16kB active_file:28kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:12kB dirty:0kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2868.793465][ T5029] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2868.840011][ T5029] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2868.845826][ T5029] Node 0 DMA32 free:37396kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:562244kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2456kB pagetables:11868kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2868.929259][ T5029] lowmem_reserve[]: 0 0 707 707 707 [ 2868.934517][ T5029] Node 0 Normal free:8632kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:317696kB inactive_anon:27732kB active_file:20kB inactive_file:20kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7688kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2868.979219][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2868.983888][ T5029] Node 1 Normal free:45920kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:804kB inactive_anon:16kB active_file:20kB inactive_file:20kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:56kB pagetables:216kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2869.050990][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2869.055648][ T5029] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2869.082458][ T5029] Node 0 DMA32: 69*4kB (ME) 860*8kB (UME) 434*16kB (UME) 175*32kB (UM) 43*64kB (UM) 5*128kB (UM) 1*256kB (U) 2*512kB (UM) 1*1024kB (U) 2*2048kB (M) 2*4096kB (U) = 37684kB [ 2869.102608][ T5029] Node 0 Normal: 821*4kB (UME) 304*8kB (UME) 104*16kB (UME) 20*32kB (ME) 7*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8468kB [ 2869.117265][ T5029] Node 1 Normal: 89*4kB (UME) 64*8kB (UME) 50*16kB (ME) 47*32kB (ME) 38*64kB (ME) 25*128kB (ME) 10*256kB (M) 0*512kB 8*1024kB (UME) 1*2048kB (M) 6*4096kB (U) = 46180kB [ 2869.135576][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2869.145226][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2869.154525][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2869.164081][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2869.173347][ T5029] 7171 total pagecache pages [ 2869.177908][ T5029] 0 pages in swap cache [ 2869.182030][ T5029] Swap cache stats: add 0, delete 0, find 0/0 [ 2869.188089][ T5029] Free swap = 0kB [ 2869.191780][ T5029] Total swap = 0kB [ 2869.195465][ T5029] 1965979 pages RAM [ 2869.199255][ T5029] 0 pages HighMem/MovableOnly [ 2869.203944][ T5029] 83163 pages reserved [ 2869.207987][ T5029] 0 pages cma reserved [ 2869.212026][ T5029] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=6166,uid=0 [ 2869.226227][ T5029] Out of memory: Killed process 6166 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2869.242684][ T1931] oom_reaper: reaped process 6166 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2869.318709][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2869.398021][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2869.848275][ T8649] syz-executor.0 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2869.899401][ T8649] CPU: 0 PID: 8649 Comm: syz-executor.0 Not tainted 5.8.0-rc7-syzkaller #0 [ 2869.907958][ T8649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2869.917980][ T8649] Call Trace: [ 2869.921245][ T8649] dump_stack+0x10f/0x19d [ 2869.925549][ T8649] dump_header+0x8e/0x400 [ 2869.930015][ T8649] oom_kill_process+0x18d/0x3f0 [ 2869.934839][ T8649] out_of_memory+0x5bd/0x880 [ 2869.939404][ T8649] ? get_page_from_freelist+0x127/0x3c0 [ 2869.944969][ T8649] __alloc_pages_slowpath+0x742/0x970 [ 2869.950326][ T8649] __alloc_pages_nodemask+0x235/0x390 [ 2869.955678][ T8649] alloc_pages_current+0x21d/0x310 [ 2869.960765][ T8649] __page_cache_alloc+0x4f/0x120 [ 2869.965676][ T8649] pagecache_get_page+0x494/0x8b0 [ 2869.970669][ T8649] ? __do_page_cache_readahead+0x96/0xb0 [ 2869.976341][ T8649] filemap_fault+0xba4/0x11e0 [ 2869.980990][ T8649] ext4_filemap_fault+0x4b/0x60 [ 2869.985811][ T8649] do_read_fault+0x41f/0x730 [ 2869.990375][ T8649] handle_mm_fault+0x135d/0x1930 [ 2869.995289][ T8649] do_user_addr_fault+0x393/0x810 [ 2870.000286][ T8649] exc_page_fault+0xb8/0x330 [ 2870.004856][ T8649] ? asm_exc_page_fault+0x8/0x30 [ 2870.009769][ T8649] asm_exc_page_fault+0x1e/0x30 [ 2870.014587][ T8649] RIP: 0033:0x40fe67 [ 2870.018462][ T8649] Code: Bad RIP value. [ 2870.022855][ T8649] RSP: 002b:00007ffea9726100 EFLAGS: 00010202 [ 2870.028892][ T8649] RAX: 00000000002bca0d RBX: 00000000002bc162 RCX: 00000000002bc708 [ 2870.036835][ T8649] RDX: 0000000000000305 RSI: 0000000000000000 RDI: 0000000000000001 [ 2870.044934][ T8649] RBP: 0000000000002465 R08: 0000000000000001 R09: 0000000001e73940 [ 2870.052883][ T8649] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000b [ 2870.060830][ T8649] R13: 00007ffea9726130 R14: 00000000002bc145 R15: 00007ffea9726140 [ 2870.437988][ T2320] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2870.698311][ T8649] Mem-Info: [ 2870.701432][ T8649] active_anon:219651 inactive_anon:6937 isolated_anon:0 [ 2870.701432][ T8649] active_file:13 inactive_file:21 isolated_file:0 [ 2870.701432][ T8649] unevictable:11 dirty:0 writeback:0 [ 2870.701432][ T8649] slab_reclaimable:7543 slab_unreclaimable:25706 [ 2870.701432][ T8649] mapped:55009 shmem:7146 pagetables:4917 bounce:0 [ 2870.701432][ T8649] free:26597 free_pcp:125 free_cma:0 [ 2870.864663][ T8649] Node 0 active_anon:877884kB inactive_anon:27732kB active_file:32kB inactive_file:60kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220036kB dirty:0kB writeback:0kB shmem:28568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 600064kB writeback_tmp:0kB all_unreclaimable? yes [ 2871.042429][ T8649] Node 1 active_anon:720kB inactive_anon:16kB active_file:52kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:100kB dirty:0kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? no [ 2871.184278][ T8649] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2871.232771][ T8649] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2871.267690][ T8649] Node 0 DMA32 free:37708kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:560200kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2456kB pagetables:11868kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2871.381717][ T8649] lowmem_reserve[]: 0 0 707 707 707 [ 2871.386986][ T8649] Node 0 Normal free:8656kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:317684kB inactive_anon:27732kB active_file:56kB inactive_file:24kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7688kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2871.457623][ T8649] lowmem_reserve[]: 0 0 0 0 0 [ 2871.462369][ T8649] Node 1 Normal free:45680kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:720kB inactive_anon:16kB active_file:0kB inactive_file:44kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:112kB bounce:0kB free_pcp:756kB local_pcp:476kB free_cma:0kB [ 2871.493525][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2871.594591][ T8649] lowmem_reserve[]: 0 0 0 0 0 [ 2871.608881][ T8649] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2871.685389][ T8649] Node 0 DMA32: 75*4kB (UME) 858*8kB (ME) 433*16kB (ME) 174*32kB (UM) 42*64kB (M) 4*128kB (M) 0*256kB 1*512kB (M) 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 37708kB [ 2871.766886][ T8649] Node 0 Normal: 828*4kB (ME) 312*8kB (UME) 108*16kB (UME) 22*32kB (UME) 7*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8688kB [ 2871.818175][ T8649] Node 1 Normal: 12*4kB (UE) 6*8kB (UME) 39*16kB (UME) 43*32kB (UME) 33*64kB (ME) 20*128kB (ME) 12*256kB (M) 2*512kB (M) 8*1024kB (UME) 1*2048kB (M) 6*4096kB (U) = 45680kB [ 2871.895087][ T8649] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2871.947096][ T8649] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2871.976626][ T8649] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2872.027662][ T8649] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2872.037007][ T8649] 7176 total pagecache pages [ 2872.042155][ T8649] 0 pages in swap cache [ 2872.046287][ T8649] Swap cache stats: add 0, delete 0, find 0/0 [ 2872.052329][ T8649] Free swap = 0kB [ 2872.056009][ T8649] Total swap = 0kB [ 2872.059722][ T8649] 1965979 pages RAM [ 2872.063542][ T8649] 0 pages HighMem/MovableOnly [ 2872.068194][ T8649] 83163 pages reserved [ 2872.072287][ T8649] 0 pages cma reserved [ 2872.076425][ T8649] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=3604,uid=0 [ 2872.090562][ T8649] Out of memory: Killed process 3604 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2872.107073][ T1931] oom_reaper: reaped process 3604 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2872.377572][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2872.382361][ T8630] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2872.396319][ T8630] CPU: 1 PID: 8630 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2872.404525][ T8630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2872.414563][ T8630] Call Trace: [ 2872.417825][ T8630] dump_stack+0x10f/0x19d [ 2872.422130][ T8630] dump_header+0x8e/0x400 [ 2872.426432][ T8630] oom_kill_process+0x18d/0x3f0 [ 2872.431256][ T8630] out_of_memory+0x5bd/0x880 [ 2872.435829][ T8630] ? get_page_from_freelist+0x127/0x3c0 [ 2872.441393][ T8630] __alloc_pages_slowpath+0x742/0x970 [ 2872.446746][ T8630] __alloc_pages_nodemask+0x235/0x390 [ 2872.452094][ T8630] alloc_pages_current+0x21d/0x310 [ 2872.457186][ T8630] __page_cache_alloc+0x4f/0x120 [ 2872.462105][ T8630] pagecache_get_page+0x494/0x8b0 [ 2872.467142][ T8630] ? __do_page_cache_readahead+0x96/0xb0 [ 2872.472745][ T8630] filemap_fault+0xba4/0x11e0 [ 2872.477395][ T8630] ext4_filemap_fault+0x4b/0x60 [ 2872.482221][ T8630] do_read_fault+0x41f/0x730 [ 2872.486783][ T8630] handle_mm_fault+0x135d/0x1930 [ 2872.491698][ T8630] do_user_addr_fault+0x393/0x810 [ 2872.496695][ T8630] exc_page_fault+0xb8/0x330 [ 2872.501257][ T8630] ? asm_exc_page_fault+0x8/0x30 [ 2872.506173][ T8630] asm_exc_page_fault+0x1e/0x30 [ 2872.511069][ T8630] RIP: 0033:0x440f50 [ 2872.514941][ T8630] Code: Bad RIP value. [ 2872.518978][ T8630] RSP: 002b:000000c00004be48 EFLAGS: 00010206 [ 2872.525013][ T8630] RAX: 000000c00002e800 RBX: 000000c000170380 RCX: 0000000000000000 [ 2872.532955][ T8630] RDX: 00000000017cebd8 RSI: 000000c00004be20 RDI: 000000000f76daf9 [ 2872.540895][ T8630] RBP: 000000c00004bf28 R08: 0000060375eebc36 R09: 00007ffebadc4080 [ 2872.548834][ T8630] R10: 0000000000000010 R11: 00007ffebadc40b8 R12: 0000000000000003 [ 2872.556775][ T8630] R13: 000000c000156300 R14: 0000029c2a1cf1bd R15: ffffffffffffffff [ 2872.577788][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2872.598763][ T8630] Mem-Info: [ 2872.601865][ T8630] active_anon:219128 inactive_anon:6937 isolated_anon:0 [ 2872.601865][ T8630] active_file:20 inactive_file:9 isolated_file:0 [ 2872.601865][ T8630] unevictable:11 dirty:0 writeback:0 [ 2872.601865][ T8630] slab_reclaimable:7541 slab_unreclaimable:25679 [ 2872.601865][ T8630] mapped:55009 shmem:7146 pagetables:4880 bounce:0 [ 2872.601865][ T8630] free:26631 free_pcp:0 free_cma:0 [ 2872.755411][ T8630] Node 0 active_anon:875792kB inactive_anon:27732kB active_file:60kB inactive_file:116kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220036kB dirty:0kB writeback:0kB shmem:28568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 600064kB writeback_tmp:0kB all_unreclaimable? yes [ 2872.874903][ T8630] Node 1 active_anon:720kB inactive_anon:16kB active_file:20kB inactive_file:20kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2872.925414][ T8630] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2872.982371][ T8630] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2872.997277][ T8630] Node 0 DMA32 free:37720kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:558152kB inactive_anon:0kB active_file:64kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2456kB pagetables:11720kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2873.062327][ T8630] lowmem_reserve[]: 0 0 707 707 707 [ 2873.067661][ T8630] Node 0 Normal free:8556kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:317640kB inactive_anon:27732kB active_file:0kB inactive_file:32kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7688kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2873.099236][ T8630] lowmem_reserve[]: 0 0 0 0 0 [ 2873.106874][ T8630] Node 1 Normal free:46224kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:720kB inactive_anon:16kB active_file:8kB inactive_file:8kB unevictable:0kB writepending:8kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:24kB pagetables:112kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2873.137669][ T8630] lowmem_reserve[]: 0 0 0 0 0 [ 2873.148772][ T8630] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2873.175497][ T8630] Node 0 DMA32: 53*4kB (ME) 553*8kB (UME) 434*16kB (UME) 174*32kB (UM) 42*64kB (M) 4*128kB (M) 0*256kB 2*512kB (UM) 0*1024kB 2*2048kB (UM) 3*4096kB (UM) = 37756kB [ 2873.207501][T24244] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2873.235846][T24244] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2873.237942][ T8630] Node 0 Normal: 868*4kB (UME) 322*8kB (UME) 114*16kB (UME) 21*32kB (ME) 7*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8992kB [ 2873.247122][T24244] usb 4-1: Product: syz [ 2873.273592][ T8630] Node 1 Normal: 91*4kB (UME) 64*8kB (UME) 43*16kB (UME) 39*32kB (UME) 28*64kB (ME) 19*128kB (ME) 13*256kB (M) 3*512kB (M) 8*1024kB (UME) 1*2048kB (M) 6*4096kB (U) = 46716kB [ 2873.290918][T24244] usb 4-1: can't set config #1, error -71 [ 2873.297383][ T8630] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2873.307033][T24244] usb 4-1: USB disconnect, device number 67 [ 2873.314093][ T8630] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2873.324869][ T8630] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2873.337447][ T8630] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2873.347145][ T8630] 7392 total pagecache pages [ 2873.352858][ T8630] 0 pages in swap cache [ 2873.357693][ T8630] Swap cache stats: add 0, delete 0, find 0/0 [ 2873.368579][ T8630] Free swap = 0kB [ 2873.372995][ T8630] Total swap = 0kB [ 2873.376704][ T8630] 1965979 pages RAM [ 2873.380968][ T8630] 0 pages HighMem/MovableOnly [ 2873.386105][ T8630] 83163 pages reserved [ 2873.399143][ T8630] 0 pages cma reserved [ 2873.410262][ T8630] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=3594,uid=0 [ 2873.425122][ T8630] Out of memory: Killed process 3594 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2873.589933][ T1931] oom_reaper: reaped process 6058 (syz-executor.4), now anon-rss:0kB, file-rss:34752kB, shmem-rss:0kB [ 2873.637888][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2873.828050][ T5029] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2873.839149][ T5029] CPU: 1 PID: 5029 Comm: systemd-journal Not tainted 5.8.0-rc7-syzkaller #0 [ 2873.847778][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2873.857794][ T5029] Call Trace: [ 2873.861050][ T5029] dump_stack+0x10f/0x19d [ 2873.865353][ T5029] dump_header+0x8e/0x400 [ 2873.869644][ T5029] oom_kill_process+0x18d/0x3f0 [ 2873.874457][ T5029] out_of_memory+0x5bd/0x880 [ 2873.879010][ T5029] ? get_page_from_freelist+0x127/0x3c0 [ 2873.884536][ T5029] __alloc_pages_slowpath+0x742/0x970 [ 2873.889896][ T5029] __alloc_pages_nodemask+0x235/0x390 [ 2873.895238][ T5029] alloc_pages_current+0x21d/0x310 [ 2873.900312][ T5029] __page_cache_alloc+0x4f/0x120 [ 2873.905210][ T5029] pagecache_get_page+0x494/0x8b0 [ 2873.910196][ T5029] ? __do_page_cache_readahead+0x96/0xb0 [ 2873.915815][ T5029] filemap_fault+0xba4/0x11e0 [ 2873.920584][ T5029] ext4_filemap_fault+0x4b/0x60 [ 2873.925428][ T5029] do_read_fault+0x41f/0x730 [ 2873.930037][ T5029] handle_mm_fault+0x135d/0x1930 [ 2873.934938][ T5029] do_user_addr_fault+0x393/0x810 [ 2873.939924][ T5029] exc_page_fault+0xb8/0x330 [ 2873.944475][ T5029] ? asm_exc_page_fault+0x8/0x30 [ 2873.949388][ T5029] asm_exc_page_fault+0x1e/0x30 [ 2873.954198][ T5029] RIP: 0033:0x7efc27532bb0 [ 2873.958580][ T5029] Code: Bad RIP value. [ 2873.962607][ T5029] RSP: 002b:00007fff65436698 EFLAGS: 00010246 [ 2873.968631][ T5029] RAX: 0000000000000009 RBX: 000055eeda61e150 RCX: fffffffffffffe00 [ 2873.976564][ T5029] RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 000055eeda61e150 [ 2873.984496][ T5029] RBP: 000000000000000d R08: 00000000000001c0 R09: 00000000ffffffff [ 2873.992430][ T5029] R10: 0000000000000069 R11: 0000000000000246 R12: 00000000ffffffff [ 2874.000415][ T5029] R13: 00000000fffffffe R14: 00007fff65436990 R15: 000055eeda61e150 [ 2874.008987][ T5029] Mem-Info: [ 2874.012145][ T5029] active_anon:217522 inactive_anon:6937 isolated_anon:0 [ 2874.012145][ T5029] active_file:27 inactive_file:7 isolated_file:24 [ 2874.012145][ T5029] unevictable:11 dirty:0 writeback:9 [ 2874.012145][ T5029] slab_reclaimable:7536 slab_unreclaimable:25652 [ 2874.012145][ T5029] mapped:55011 shmem:7146 pagetables:4890 bounce:0 [ 2874.012145][ T5029] free:15956 free_pcp:0 free_cma:0 [ 2874.048456][ T5029] Node 0 active_anon:869348kB inactive_anon:27732kB active_file:104kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220056kB dirty:0kB writeback:0kB shmem:28568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 591872kB writeback_tmp:0kB all_unreclaimable? yes [ 2874.075953][ T5029] Node 1 active_anon:632kB inactive_anon:16kB active_file:12kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2874.102074][ T5029] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2874.136104][ T5029] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2874.141930][ T5029] Node 0 DMA32 free:22532kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:554056kB inactive_anon:0kB active_file:52kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2424kB pagetables:11660kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2874.175155][ T5029] lowmem_reserve[]: 0 0 707 707 707 [ 2874.180391][ T5029] Node 0 Normal free:3936kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:315292kB inactive_anon:27732kB active_file:32kB inactive_file:0kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7684kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2874.185623][ T6058] warn_alloc: 2 callbacks suppressed [ 2874.185635][ T6058] syz-executor.4: vmalloc: allocation failure, allocated 2446368768 of 3724722176 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 2874.213263][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2874.239971][ T5029] Node 1 Normal free:23000kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:632kB inactive_anon:16kB active_file:8kB inactive_file:44kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2874.267417][ T6058] CPU: 0 PID: 6058 Comm: syz-executor.4 Not tainted 5.8.0-rc7-syzkaller #0 [ 2874.272140][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2874.278947][ T6058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2874.278950][ T6058] Call Trace: [ 2874.278963][ T6058] dump_stack+0x10f/0x19d [ 2874.279006][ T6058] warn_alloc+0x105/0x160 [ 2874.283622][ T5029] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2874.293653][ T6058] __vmalloc_node_range+0x458/0x530 [ 2874.293664][ T6058] vmalloc_user+0x55/0x60 [ 2874.293674][ T6058] ? vb2_vmalloc_alloc+0x8f/0x120 [ 2874.293682][ T6058] vb2_vmalloc_alloc+0x8f/0x120 [ 2874.293766][ T6058] ? tsan.module_ctor+0x10/0x10 [ 2874.298774][ T5029] Node 0 DMA32: 72*4kB (UME) 815*8kB (UME) 420*16kB (UME) 164*32kB (UM) 39*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 21272kB [ 2874.301250][ T6058] __vb2_queue_alloc+0x4fe/0xaf0 [ 2874.305543][ T5029] Node 0 Normal: 564*4kB (ME) 119*8kB (ME) 31*16kB (UME) 7*32kB (UM) 0*64kB 0*128kB 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4184kB [ 2874.320171][ T6058] vb2_core_create_bufs+0x334/0x570 [ 2874.320261][ T6058] vb2_create_bufs+0x419/0x560 [ 2874.326270][ T5029] Node 1 Normal: 67*4kB (ME) 52*8kB (ME) 41*16kB (UME) 36*32kB (UME) 29*64kB (UME) 20*128kB (UME) 13*256kB (M) 3*512kB (M) 7*1024kB (ME) 2*2048kB (UM) 0*4096kB = 23036kB [ 2874.329680][ T6058] vb2_ioctl_create_bufs+0x2b3/0x310 [ 2874.334648][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2874.339574][ T6058] v4l_create_bufs+0x15e/0x1b0 [ 2874.339585][ T6058] __video_do_ioctl+0x65b/0x870 [ 2874.339648][ T6058] ? __video_do_ioctl+0x2e1/0x870 [ 2874.345251][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2874.359174][ T6058] ? __check_object_size+0x253/0x310 [ 2874.359184][ T6058] video_usercopy+0x6da/0xfc0 [ 2874.359193][ T6058] ? video_ioctl2+0x30/0x30 [ 2874.359208][ T6058] ? finish_task_switch+0x8b/0x270 [ 2874.365591][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2874.378406][ T6058] ? __schedule+0x3a6/0x570 [ 2874.378415][ T6058] ? preempt_schedule_irq+0x70/0x90 [ 2874.378426][ T6058] ? idtentry_exit_cond_resched+0x30/0x40 [ 2874.378434][ T6058] ? idtentry_exit_cond_rcu+0x2e/0x30 [ 2874.378441][ T6058] ? sysvec_apic_timer_interrupt+0xc6/0xd0 [ 2874.378451][ T6058] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2874.378464][ T6058] ? v4l2_poll+0x150/0x150 [ 2874.385585][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2874.388360][ T6058] video_ioctl2+0x25/0x30 [ 2874.388368][ T6058] ? video_usercopy+0xfc0/0xfc0 [ 2874.388381][ T6058] v4l2_ioctl+0xc2/0xd0 [ 2874.406990][ T5029] 7180 total pagecache pages [ 2874.410418][ T6058] ? v4l2_poll+0x150/0x150 [ 2874.410427][ T6058] __se_sys_ioctl+0xc9/0x130 [ 2874.410461][ T6058] __x64_sys_ioctl+0x3f/0x50 [ 2874.421895][ T5029] 0 pages in swap cache [ 2874.424694][ T6058] do_syscall_64+0x51/0xb0 [ 2874.429513][ T5029] Swap cache stats: add 0, delete 0, find 0/0 [ 2874.434497][ T6058] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2874.445547][ T5029] Free swap = 0kB [ 2874.448991][ T6058] RIP: 0033:0x45c369 [ 2874.449008][ T6058] Code: Bad RIP value. [ 2874.453743][ T5029] Total swap = 0kB [ 2874.458206][ T6058] RSP: 002b:00007fae9a16dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2874.458214][ T6058] RAX: ffffffffffffffda RBX: 0000000000019f40 RCX: 000000000045c369 [ 2874.458219][ T6058] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 2874.458224][ T6058] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2874.458233][ T6058] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2874.464710][ T5029] 1965979 pages RAM [ 2874.472802][ T6058] R13: 00007ffd6fc37fff R14: 00007fae9a16e9c0 R15: 000000000078bf0c [ 2874.490268][ T6058] Mem-Info: [ 2874.493632][ T5029] 0 pages HighMem/MovableOnly [ 2874.515011][ T6058] active_anon:217495 inactive_anon:6937 isolated_anon:0 [ 2874.515011][ T6058] active_file:19 inactive_file:10 isolated_file:0 [ 2874.515011][ T6058] unevictable:11 dirty:0 writeback:0 [ 2874.515011][ T6058] slab_reclaimable:7536 slab_unreclaimable:25651 [ 2874.515011][ T6058] mapped:55009 shmem:7146 pagetables:4838 bounce:0 [ 2874.515011][ T6058] free:15566 free_pcp:0 free_cma:0 [ 2874.519574][ T5029] 83163 pages reserved [ 2874.531674][ T6058] Node 0 active_anon:869348kB inactive_anon:27732kB active_file:68kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220036kB dirty:0kB writeback:0kB shmem:28568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 591872kB writeback_tmp:0kB all_unreclaimable? yes [ 2874.532474][ T5029] 0 pages cma reserved [ 2874.537046][ T6058] Node 1 active_anon:632kB inactive_anon:16kB active_file:8kB inactive_file:44kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2874.543632][ T5029] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=3460,uid=0 [ 2874.557151][ T6058] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2874.561130][ T5029] Out of memory: Killed process 3460 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2874.810481][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2874.812009][ T6058] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2874.824999][ T6058] Node 0 DMA32 free:21020kB min:39024kB low:47756kB high:56488kB reserved_highatomic:0KB active_anon:554056kB inactive_anon:0kB active_file:52kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2424kB pagetables:11660kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2874.840348][ T5029] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2874.868939][ T6058] lowmem_reserve[]: 0 0 707 707 707 [ 2874.874115][ T6058] Node 0 Normal free:4256kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:315224kB inactive_anon:27732kB active_file:32kB inactive_file:0kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7684kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2874.886907][ T5029] CPU: 0 PID: 5029 Comm: systemd-journal Not tainted 5.8.0-rc7-syzkaller #0 [ 2874.913921][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2874.915504][ T6058] lowmem_reserve[]: 0 0 0 0 0 [ 2874.923941][ T5029] Call Trace: [ 2874.923955][ T5029] dump_stack+0x10f/0x19d [ 2874.924018][ T5029] dump_header+0x8e/0x400 [ 2874.924063][ T5029] oom_kill_process+0x18d/0x3f0 [ 2874.938754][ T6058] Node 1 Normal free:23000kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:632kB inactive_anon:16kB active_file:8kB inactive_file:44kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2874.940589][ T5029] out_of_memory+0x5bd/0x880 [ 2874.940602][ T5029] ? get_page_from_freelist+0x127/0x3c0 [ 2874.945411][ T6058] lowmem_reserve[]: 0 0 0 0 0 [ 2874.975741][ T5029] __alloc_pages_slowpath+0x742/0x970 [ 2874.975753][ T5029] __alloc_pages_nodemask+0x235/0x390 [ 2874.975765][ T5029] alloc_pages_current+0x21d/0x310 [ 2874.975774][ T5029] __page_cache_alloc+0x4f/0x120 [ 2874.975781][ T5029] pagecache_get_page+0x494/0x8b0 [ 2874.975793][ T5029] ? __do_page_cache_readahead+0x96/0xb0 [ 2874.990511][ T6058] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2874.990843][ T5029] filemap_fault+0xba4/0x11e0 [ 2874.996168][ T6058] Node 0 DMA32: 63*4kB (UME) 795*8kB (UME) 422*16kB (UME) 163*32kB (UM) 39*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 23124kB [ 2875.001510][ T5029] ext4_filemap_fault+0x4b/0x60 [ 2875.001520][ T5029] do_read_fault+0x41f/0x730 [ 2875.001565][ T5029] handle_mm_fault+0x135d/0x1930 [ 2875.017231][ T6058] Node 0 Normal: 597*4kB (UME) 119*8kB (ME) 31*16kB (UME) 6*32kB (UM) 1*64kB (M) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4348kB [ 2875.022190][ T5029] do_user_addr_fault+0x393/0x810 [ 2875.022201][ T5029] exc_page_fault+0xb8/0x330 [ 2875.022249][ T5029] ? asm_exc_page_fault+0x8/0x30 [ 2875.046393][ T6058] Node 1 Normal: 67*4kB (ME) 52*8kB (ME) 41*16kB (UME) 36*32kB (UME) 29*64kB (UME) 20*128kB (UME) 13*256kB (M) 3*512kB (M) 7*1024kB (ME) 2*2048kB (UM) 0*4096kB = 23036kB [ 2875.056535][ T5029] asm_exc_page_fault+0x1e/0x30 [ 2875.056543][ T5029] RIP: 0033:0x7efc27532bb0 [ 2875.056558][ T5029] Code: Bad RIP value. [ 2875.071741][ T6058] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2875.085455][ T5029] RSP: 002b:00007fff65436698 EFLAGS: 00010246 [ 2875.085462][ T5029] RAX: 0000000000000009 RBX: 000055eeda61e150 RCX: fffffffffffffe00 [ 2875.085467][ T5029] RDX: 00000000000001a0 RSI: 0000000000080042 RDI: 000055eeda61e150 [ 2875.085471][ T5029] RBP: 000000000000000d R08: 00000000000001c0 R09: 00000000ffffffff [ 2875.085476][ T5029] R10: 0000000000000069 R11: 0000000000000246 R12: 00000000ffffffff [ 2875.085485][ T5029] R13: 00000000fffffffe R14: 00007fff65436990 R15: 000055eeda61e150 [ 2875.099694][ T6058] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2875.120569][ T5029] Mem-Info: [ 2875.134707][ T6058] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2875.144932][ T5029] active_anon:216952 inactive_anon:6937 isolated_anon:0 [ 2875.144932][ T5029] active_file:16 inactive_file:16 isolated_file:0 [ 2875.144932][ T5029] unevictable:11 dirty:6 writeback:0 [ 2875.144932][ T5029] slab_reclaimable:7535 slab_unreclaimable:25651 [ 2875.144932][ T5029] mapped:55009 shmem:7146 pagetables:4812 bounce:0 [ 2875.144932][ T5029] free:16267 free_pcp:0 free_cma:0 [ 2875.146922][ T6058] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2875.153573][ T5029] Node 0 active_anon:867176kB inactive_anon:27732kB active_file:56kB inactive_file:56kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220036kB dirty:16kB writeback:0kB shmem:28568kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 589824kB writeback_tmp:0kB all_unreclaimable? no [ 2875.153594][ T5029] Node 1 active_anon:632kB inactive_anon:16kB active_file:8kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:8kB writeback:0kB shmem:16kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2875.312545][ T6058] 7178 total pagecache pages [ 2875.317114][ T6058] 0 pages in swap cache [ 2875.321456][ T6058] Swap cache stats: add 0, delete 0, find 0/0 [ 2875.329286][ T6058] Free swap = 0kB [ 2875.332980][ T6058] Total swap = 0kB [ 2875.335675][ T5029] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2875.336676][ T6058] 1965979 pages RAM [ 2875.371118][ T6058] 0 pages HighMem/MovableOnly [ 2875.375761][ T6058] 83163 pages reserved [ 2875.380144][ T6058] 0 pages cma reserved [ 2875.387285][ T5029] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2875.393112][ T5029] Node 0 DMA32 free:23376kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:552008kB inactive_anon:0kB active_file:44kB inactive_file:36kB unevictable:0kB writepending:12kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2408kB pagetables:11564kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2875.429004][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2875.437285][ T5029] lowmem_reserve[]: 0 0 707 707 707 [ 2875.442507][ T5029] Node 0 Normal free:4348kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:315168kB inactive_anon:27732kB active_file:12kB inactive_file:20kB unevictable:44kB writepending:4kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7676kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2875.476285][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2875.485978][ T5029] Node 1 Normal free:115744kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:632kB inactive_anon:16kB active_file:108kB inactive_file:3908kB unevictable:0kB writepending:8kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:1392kB local_pcp:56kB free_cma:0kB [ 2875.520981][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2875.526345][ T5029] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2875.543224][ T5029] Node 0 DMA32: 79*4kB (UME) 818*8kB (UME) 421*16kB (UME) 164*32kB (UM) 39*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 23388kB [ 2875.560880][ T5029] Node 0 Normal: 597*4kB (UME) 119*8kB (ME) 31*16kB (UME) 6*32kB (UM) 1*64kB (M) 0*128kB 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4348kB [ 2875.578051][ T5029] Node 1 Normal: 7*4kB (UME) 5*8kB (UE) 5*16kB (UME) 6*32kB (UME) 7*64kB (UME) 6*128kB (UME) 17*256kB (UM) 8*512kB (UM) 11*1024kB (UME) 6*2048kB (UM) 127*4096kB (U) = 553748kB [ 2875.596742][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2875.609265][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2875.619138][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2875.629256][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2875.638632][ T5029] 9153 total pagecache pages [ 2875.643685][ T5029] 0 pages in swap cache [ 2875.649502][ T5029] Swap cache stats: add 0, delete 0, find 0/0 [ 2875.655898][ T5029] Free swap = 0kB [ 2875.660154][ T5029] Total swap = 0kB [ 2875.663844][ T5029] 1965979 pages RAM [ 2875.667980][ T5029] 0 pages HighMem/MovableOnly [ 2875.672716][ T5029] 83163 pages reserved [ 2875.676748][ T5029] 0 pages cma reserved [ 2875.680903][ T5029] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=3388,uid=0 [ 2875.695667][ T5029] Out of memory: Killed process 3388 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2875.712803][ T1931] oom_reaper: reaped process 3388 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2875.880831][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:02:28 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) r1 = socket$unix(0x1, 0x2, 0x0) fcntl$dupfd(r1, 0x0, r1) 07:02:28 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x135, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:02:28 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r3 = dup(r2) syz_kvm_setup_cpu$x86(r3, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:28 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$vhci(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vhci\x00', 0x2a402) write$vhci(0xffffffffffffffff, &(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0x0, 0x1}, 0x6) 07:02:28 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x135, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:02:28 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:28 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) [ 2876.599883][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:02:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x81) sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)={0x34, 0x2, 0x1, 0x0, 0x0, 0x0, {}, [@CTA_MARK={0x8}, @CTA_NAT_SRC={0x18, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @private2}]}]}, 0x34}}, 0x0) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000580)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b75fb3488fd8015bba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377aba09e7b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d41f6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28b774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$DRM_IOCTL_RM_MAP(0xffffffffffffffff, 0x4028641b, &(0x7f0000000080)={&(0x7f0000ffd000/0x3000)=nil, 0x0, 0x0, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0xfffffffa}) ioctl$KVM_TPR_ACCESS_REPORTING(r2, 0x4400ae8f, &(0x7f0000000000)) 07:02:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r3 = dup(r2) syz_kvm_setup_cpu$x86(r3, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2876.719153][ T6195] kvm: vcpu 129: requested lapic timer restore with starting count register 0x390=4241646265 (4241646265 ns) > initial count (296265111 ns). Using initial count to start timer. 07:02:28 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:28 executing program 1: openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r3 = dup(r2) syz_kvm_setup_cpu$x86(r3, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r3 = dup(r2) syz_kvm_setup_cpu$x86(r3, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:28 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2876.917285][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2876.980649][T24244] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 2877.237164][T24244] usb 4-1: Using ep0 maxpacket: 8 [ 2877.357362][T24244] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2877.527470][T24244] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2877.537712][T24244] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2877.545745][T24244] usb 4-1: Product: syz [ 2877.551492][T24244] usb 4-1: Manufacturer: syz [ 2877.556174][T24244] usb 4-1: SerialNumber: syz [ 2877.957471][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2878.447125][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2878.697083][T24244] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2878.703850][T24244] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2878.719512][T24244] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2878.909222][T24244] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2878.940954][T24244] usb 4-1: USB disconnect, device number 68 [ 2878.948861][T24244] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 2878.997359][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2880.039056][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2880.462344][ T1] systemd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2880.472748][ T1] CPU: 0 PID: 1 Comm: systemd Not tainted 5.8.0-rc7-syzkaller #0 [ 2880.480427][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2880.490463][ T1] Call Trace: [ 2880.493743][ T1] dump_stack+0x10f/0x19d [ 2880.498062][ T1] dump_header+0x8e/0x400 [ 2880.502366][ T1] oom_kill_process+0x18d/0x3f0 [ 2880.507268][ T1] out_of_memory+0x5bd/0x880 [ 2880.511854][ T1] ? get_page_from_freelist+0x127/0x3c0 [ 2880.517439][ T1] __alloc_pages_slowpath+0x742/0x970 [ 2880.522784][ T1] __alloc_pages_nodemask+0x235/0x390 [ 2880.528133][ T1] alloc_pages_current+0x21d/0x310 [ 2880.533261][ T1] __page_cache_alloc+0x4f/0x120 [ 2880.538171][ T1] pagecache_get_page+0x494/0x8b0 [ 2880.543167][ T1] ? __do_page_cache_readahead+0x96/0xb0 [ 2880.548770][ T1] filemap_fault+0xba4/0x11e0 [ 2880.553426][ T1] ext4_filemap_fault+0x4b/0x60 [ 2880.558248][ T1] do_read_fault+0x41f/0x730 [ 2880.562806][ T1] handle_mm_fault+0x135d/0x1930 [ 2880.567722][ T1] do_user_addr_fault+0x393/0x810 [ 2880.572723][ T1] exc_page_fault+0xb8/0x330 [ 2880.577341][ T1] ? asm_exc_page_fault+0x8/0x30 [ 2880.582274][ T1] asm_exc_page_fault+0x1e/0x30 [ 2880.587093][ T1] RIP: 0033:0x7f9f788589c0 [ 2880.591497][ T1] Code: Bad RIP value. [ 2880.595532][ T1] RSP: 002b:00007ffde329fbd8 EFLAGS: 00010246 [ 2880.601632][ T1] RAX: 00007f9f78a37570 RBX: 0000563f5c91fbd0 RCX: 000000000009ee1a [ 2880.609648][ T1] RDX: 0000000000000000 RSI: 00007f9f78a37570 RDI: 00007ffde329fbe0 [ 2880.617594][ T1] RBP: 0000563f5c985210 R08: 000006087d49481a R09: 00007ffde33e2080 [ 2880.625547][ T1] R10: 0000000000000010 R11: 00007ffde33e20b8 R12: 0000563f5c985210 [ 2880.633484][ T1] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000002 [ 2880.648657][ T1] Mem-Info: [ 2880.660688][ T1] active_anon:217054 inactive_anon:6938 isolated_anon:0 [ 2880.660688][ T1] active_file:23 inactive_file:18 isolated_file:0 [ 2880.660688][ T1] unevictable:11 dirty:0 writeback:0 [ 2880.660688][ T1] slab_reclaimable:7535 slab_unreclaimable:25684 [ 2880.660688][ T1] mapped:55092 shmem:7149 pagetables:4829 bounce:0 [ 2880.660688][ T1] free:26608 free_pcp:0 free_cma:0 [ 2880.751413][ T1] Node 0 active_anon:867436kB inactive_anon:27740kB active_file:172kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220296kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 589824kB writeback_tmp:0kB all_unreclaimable? yes [ 2880.784370][ T1] Node 1 active_anon:780kB inactive_anon:12kB active_file:68kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:72kB dirty:0kB writeback:0kB shmem:12kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2880.818009][ T1] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2880.880004][ T1] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2880.885788][ T1] Node 0 DMA32 free:37376kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:549960kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2408kB pagetables:11460kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2880.940225][ T1] lowmem_reserve[]: 0 0 707 707 707 [ 2880.945406][ T1] Node 0 Normal free:8504kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:317476kB inactive_anon:27740kB active_file:164kB inactive_file:36kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7680kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2880.989396][ T1] lowmem_reserve[]: 0 0 0 0 0 [ 2880.994051][ T1] Node 1 Normal free:46148kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:780kB inactive_anon:12kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:24kB pagetables:176kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2881.079027][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2881.109947][ T1] lowmem_reserve[]: 0 0 0 0 0 [ 2881.114616][ T1] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2881.180952][ T1] Node 0 DMA32: 73*4kB (UME) 853*8kB (UME) 424*16kB (ME) 165*32kB (M) 39*64kB (UM) 5*128kB (M) 1*256kB (U) 2*512kB (UM) 0*1024kB 3*2048kB (UM) 2*4096kB (UM) = 37932kB [ 2881.247185][ T1] Node 0 Normal: 896*4kB (UME) 288*8kB (UME) 111*16kB (UME) 26*32kB (UME) 7*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8944kB [ 2881.307755][ T1] Node 1 Normal: 81*4kB (UME) 60*8kB (UME) 47*16kB (ME) 44*32kB (UME) 31*64kB (ME) 22*128kB (UME) 15*256kB (M) 2*512kB (M) 7*1024kB (UME) 1*2048kB (M) 6*4096kB (U) = 46420kB [ 2881.353369][ T1] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2881.389495][ T1] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2881.419949][ T1] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2881.460205][ T1] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2881.478266][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2881.530215][ T1] 7193 total pagecache pages [ 2881.534789][ T1] 0 pages in swap cache [ 2881.563146][ T1] Swap cache stats: add 0, delete 0, find 0/0 [ 2881.574735][ T1] Free swap = 0kB [ 2881.598963][ T1] Total swap = 0kB [ 2881.602822][ T1] 1965979 pages RAM [ 2881.606592][ T1] 0 pages HighMem/MovableOnly [ 2881.626751][ T1] 83163 pages reserved [ 2881.630789][ T1] 0 pages cma reserved [ 2881.634824][ T1] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=3366,uid=0 [ 2881.667779][ T1] Out of memory: Killed process 3366 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2882.117066][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2882.305614][ T5029] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2882.349680][ T5029] CPU: 1 PID: 5029 Comm: systemd-journal Not tainted 5.8.0-rc7-syzkaller #0 [ 2882.358333][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2882.368366][ T5029] Call Trace: [ 2882.371629][ T5029] dump_stack+0x10f/0x19d [ 2882.375932][ T5029] dump_header+0x8e/0x400 [ 2882.380234][ T5029] oom_kill_process+0x18d/0x3f0 [ 2882.385052][ T5029] out_of_memory+0x5bd/0x880 [ 2882.389681][ T5029] ? get_page_from_freelist+0x127/0x3c0 [ 2882.395205][ T5029] __alloc_pages_slowpath+0x742/0x970 [ 2882.400619][ T5029] __alloc_pages_nodemask+0x235/0x390 [ 2882.405954][ T5029] alloc_pages_current+0x21d/0x310 [ 2882.411026][ T5029] __page_cache_alloc+0x4f/0x120 [ 2882.415933][ T5029] pagecache_get_page+0x494/0x8b0 [ 2882.420917][ T5029] ? __do_page_cache_readahead+0x96/0xb0 [ 2882.426540][ T5029] filemap_fault+0xba4/0x11e0 [ 2882.431202][ T5029] ext4_filemap_fault+0x4b/0x60 [ 2882.436015][ T5029] do_read_fault+0x41f/0x730 [ 2882.440604][ T5029] handle_mm_fault+0x135d/0x1930 [ 2882.445505][ T5029] do_user_addr_fault+0x393/0x810 [ 2882.450492][ T5029] exc_page_fault+0xb8/0x330 [ 2882.455109][ T5029] ? asm_exc_page_fault+0x8/0x30 [ 2882.460009][ T5029] asm_exc_page_fault+0x1e/0x30 [ 2882.465094][ T5029] RIP: 0033:0x7efc27503940 [ 2882.469482][ T5029] Code: Bad RIP value. [ 2882.473512][ T5029] RSP: 002b:00007fff65436fd8 EFLAGS: 00010202 [ 2882.479537][ T5029] RAX: 0000000000000000 RBX: 00007fff65437882 RCX: 0000000000000002 [ 2882.487470][ T5029] RDX: 0000000000000076 RSI: 00007efc275fed44 RDI: 00007fff65437882 [ 2882.495404][ T5029] RBP: 00007fff65437882 R08: 00007fff65437881 R09: 0000000000000000 [ 2882.503346][ T5029] R10: 0000000000000000 R11: 00007efc26c28040 R12: 00007fff65437080 [ 2882.511414][ T5029] R13: 000000000000007b R14: 000055eed9ea8958 R15: 0005ab7b06016acf [ 2882.548803][ T5029] Mem-Info: [ 2882.562594][ T5029] active_anon:216538 inactive_anon:6937 isolated_anon:0 [ 2882.562594][ T5029] active_file:54 inactive_file:19 isolated_file:0 [ 2882.562594][ T5029] unevictable:11 dirty:0 writeback:0 [ 2882.562594][ T5029] slab_reclaimable:7533 slab_unreclaimable:25680 [ 2882.562594][ T5029] mapped:55105 shmem:7148 pagetables:4810 bounce:0 [ 2882.562594][ T5029] free:26585 free_pcp:0 free_cma:0 [ 2882.613475][ T5029] Node 0 active_anon:865376kB inactive_anon:27740kB active_file:100kB inactive_file:12kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220320kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 587776kB writeback_tmp:0kB all_unreclaimable? yes [ 2882.641377][ T5029] Node 1 active_anon:776kB inactive_anon:8kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:100kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2882.723574][ T5029] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2882.778251][ T5029] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2882.784149][ T5029] Node 0 DMA32 free:37664kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:547912kB inactive_anon:0kB active_file:24kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2392kB pagetables:11360kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2882.866192][ T5029] lowmem_reserve[]: 0 0 707 707 707 [ 2882.872497][ T5029] Node 0 Normal free:8356kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:317464kB inactive_anon:27740kB active_file:104kB inactive_file:0kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7704kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2882.921860][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2882.926517][ T5029] Node 1 Normal free:45916kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:776kB inactive_anon:8kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:176kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2883.089740][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2883.094413][ T5029] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2883.137470][ T5029] Node 0 DMA32: 75*4kB (UME) 851*8kB (UME) 425*16kB (UME) 166*32kB (UM) 38*64kB (M) 6*128kB (UM) 0*256kB 2*512kB (UM) 0*1024kB 3*2048kB (M) 2*4096kB (UM) = 37780kB [ 2883.153811][ T5029] Node 0 Normal: 922*4kB (UME) 288*8kB (UME) 111*16kB (UME) 28*32kB (UME) 7*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9112kB [ 2883.168775][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2883.176945][ T5029] Node 1 Normal: 80*4kB (ME) 60*8kB (UME) 47*16kB (ME) 44*32kB (UME) 31*64kB (ME) 22*128kB (UME) 15*256kB (M) 2*512kB (M) 7*1024kB (UME) 1*2048kB (M) 6*4096kB (U) = 46416kB [ 2883.194192][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2883.226688][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2883.236161][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2883.305012][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2883.331214][ T5029] 7206 total pagecache pages [ 2883.335918][ T5029] 0 pages in swap cache [ 2883.397914][ T5029] Swap cache stats: add 0, delete 0, find 0/0 [ 2883.403962][ T5029] Free swap = 0kB [ 2883.424750][ T5029] Total swap = 0kB [ 2883.428475][ T5029] 1965979 pages RAM [ 2883.432275][ T5029] 0 pages HighMem/MovableOnly [ 2883.474281][ T5029] 83163 pages reserved [ 2883.491203][ T5029] 0 pages cma reserved [ 2883.495250][ T5029] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=3358,uid=0 [ 2883.541065][ T5029] Out of memory: Killed process 3358 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2883.582957][ T1931] oom_reaper: reaped process 3358 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2884.032309][ T5029] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2884.053479][ T5029] CPU: 1 PID: 5029 Comm: systemd-journal Not tainted 5.8.0-rc7-syzkaller #0 [ 2884.062147][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2884.072173][ T5029] Call Trace: [ 2884.075433][ T5029] dump_stack+0x10f/0x19d [ 2884.079733][ T5029] dump_header+0x8e/0x400 [ 2884.084087][ T5029] oom_kill_process+0x18d/0x3f0 [ 2884.088912][ T5029] out_of_memory+0x5bd/0x880 [ 2884.093506][ T5029] ? get_page_from_freelist+0x127/0x3c0 [ 2884.099072][ T5029] __alloc_pages_slowpath+0x742/0x970 [ 2884.104406][ T5029] __alloc_pages_nodemask+0x235/0x390 [ 2884.109754][ T5029] alloc_pages_current+0x21d/0x310 [ 2884.114838][ T5029] __page_cache_alloc+0x4f/0x120 [ 2884.119742][ T5029] pagecache_get_page+0x494/0x8b0 [ 2884.124731][ T5029] ? __do_page_cache_readahead+0x96/0xb0 [ 2884.130408][ T5029] filemap_fault+0xba4/0x11e0 [ 2884.135054][ T5029] ext4_filemap_fault+0x4b/0x60 [ 2884.140006][ T5029] do_read_fault+0x41f/0x730 [ 2884.144561][ T5029] handle_mm_fault+0x135d/0x1930 [ 2884.149502][ T5029] do_user_addr_fault+0x393/0x810 [ 2884.154497][ T5029] exc_page_fault+0xb8/0x330 [ 2884.159126][ T5029] ? asm_exc_page_fault+0x8/0x30 [ 2884.164048][ T5029] asm_exc_page_fault+0x1e/0x30 [ 2884.168863][ T5029] RIP: 0033:0x7efc276fe100 [ 2884.173273][ T5029] Code: Bad RIP value. [ 2884.177338][ T5029] RSP: 002b:00007fff654367c8 EFLAGS: 00010202 [ 2884.183469][ T5029] RAX: 000055eeda61e100 RBX: 00007fff65436b20 RCX: 00007efc26e75b00 [ 2884.191419][ T5029] RDX: 0000000000000041 RSI: 0000000000000001 RDI: 00007efc276e1758 [ 2884.199358][ T5029] RBP: 0000000000000001 R08: 000000000000c0ff R09: 0000000000000050 [ 2884.207375][ T5029] R10: 0000000000000069 R11: 00007efc26c46060 R12: 00007efc276e13a0 [ 2884.215314][ T5029] R13: 000055eeda612040 R14: 00007fff65436ae0 R15: 000055eeda61e150 [ 2884.224345][ T5029] Mem-Info: [ 2884.236801][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2884.269540][ T5029] active_anon:215976 inactive_anon:6937 isolated_anon:0 [ 2884.269540][ T5029] active_file:49 inactive_file:0 isolated_file:0 [ 2884.269540][ T5029] unevictable:11 dirty:0 writeback:0 [ 2884.269540][ T5029] slab_reclaimable:7533 slab_unreclaimable:25655 [ 2884.269540][ T5029] mapped:55061 shmem:7148 pagetables:4777 bounce:0 [ 2884.269540][ T5029] free:26671 free_pcp:0 free_cma:0 [ 2884.401157][ T5029] Node 0 active_anon:863128kB inactive_anon:27740kB active_file:136kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220244kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 585728kB writeback_tmp:0kB all_unreclaimable? yes [ 2884.526591][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2884.534924][T26277] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2884.544655][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2884.547142][ T5029] Node 1 active_anon:776kB inactive_anon:8kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2884.553001][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2884.621368][ T5029] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2884.744838][ T5029] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2884.758682][ T5029] Node 0 DMA32 free:37612kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:545864kB inactive_anon:0kB active_file:36kB inactive_file:44kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2376kB pagetables:11264kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2884.817575][ T5029] lowmem_reserve[]: 0 0 707 707 707 [ 2884.822752][ T5029] Node 0 Normal free:8500kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:317264kB inactive_anon:27740kB active_file:12kB inactive_file:8kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7668kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2884.924741][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2884.947549][ T5029] Node 1 Normal free:46168kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:776kB inactive_anon:8kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:24kB pagetables:176kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2885.034030][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2885.054297][ T5029] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2885.095749][ T5029] Node 0 DMA32: 83*4kB (UME) 846*8kB (ME) 424*16kB (ME) 166*32kB (UM) 38*64kB (M) 5*128kB (M) 0*256kB 2*512kB (UM) 0*1024kB 3*2048kB (UM) 2*4096kB (M) = 37628kB [ 2885.174590][ T5029] Node 0 Normal: 918*4kB (UME) 285*8kB (UME) 106*16kB (UME) 26*32kB (UME) 5*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8800kB [ 2885.226416][ T5029] Node 1 Normal: 79*4kB (ME) 61*8kB (UME) 47*16kB (ME) 44*32kB (UME) 31*64kB (ME) 22*128kB (UME) 15*256kB (M) 2*512kB (M) 7*1024kB (UME) 1*2048kB (M) 6*4096kB (U) = 46420kB [ 2885.278672][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2885.306138][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2885.316642][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2885.366446][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2885.376073][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2885.390468][ T5029] 7182 total pagecache pages [ 2885.395126][ T5029] 0 pages in swap cache [ 2885.408649][ T5029] Swap cache stats: add 0, delete 0, find 0/0 [ 2885.414690][ T5029] Free swap = 0kB [ 2885.418405][ T5029] Total swap = 0kB [ 2885.422092][ T5029] 1965979 pages RAM [ 2885.425862][ T5029] 0 pages HighMem/MovableOnly [ 2885.432186][ T5029] 83163 pages reserved [ 2885.436219][ T5029] 0 pages cma reserved [ 2885.440265][ T5029] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=3352,uid=0 [ 2885.455727][ T5029] Out of memory: Killed process 3352 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2885.473535][ T1931] oom_reaper: reaped process 3352 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2885.765911][ T1931] oom_reaper: reaped process 6181 (syz-executor.4), now anon-rss:0kB, file-rss:34752kB, shmem-rss:0kB [ 2885.838246][ T8626] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2885.851449][ T8626] CPU: 1 PID: 8626 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2885.859791][ T8626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2885.866496][ T6181] syz-executor.4: vmalloc: allocation failure, allocated 2456014848 of 3724722176 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 2885.869818][ T8626] Call Trace: [ 2885.889532][ T8626] dump_stack+0x10f/0x19d [ 2885.893836][ T8626] dump_header+0x8e/0x400 [ 2885.898134][ T8626] oom_kill_process+0x18d/0x3f0 [ 2885.902948][ T8626] out_of_memory+0x5bd/0x880 [ 2885.907512][ T8626] ? get_page_from_freelist+0x127/0x3c0 [ 2885.913027][ T8626] __alloc_pages_slowpath+0x742/0x970 [ 2885.918369][ T8626] __alloc_pages_nodemask+0x235/0x390 [ 2885.923710][ T8626] alloc_pages_current+0x21d/0x310 [ 2885.928840][ T8626] __page_cache_alloc+0x4f/0x120 [ 2885.933751][ T8626] pagecache_get_page+0x494/0x8b0 [ 2885.938746][ T8626] ? __do_page_cache_readahead+0x96/0xb0 [ 2885.944370][ T8626] filemap_fault+0xba4/0x11e0 [ 2885.949068][ T8626] ext4_filemap_fault+0x4b/0x60 [ 2885.953894][ T8626] do_read_fault+0x41f/0x730 [ 2885.958451][ T8626] handle_mm_fault+0x135d/0x1930 [ 2885.963361][ T8626] do_user_addr_fault+0x393/0x810 [ 2885.968358][ T8626] exc_page_fault+0xb8/0x330 [ 2885.972918][ T8626] ? asm_exc_page_fault+0x8/0x30 [ 2885.977899][ T8626] asm_exc_page_fault+0x1e/0x30 [ 2885.982718][ T8626] RIP: 0033:0x468a8d [ 2885.986586][ T8626] Code: Bad RIP value. [ 2885.990621][ T8626] RSP: 002b:000000c00004df18 EFLAGS: 00010206 [ 2885.996685][ T8626] RAX: 0000000000000000 RBX: 0000000000000a00 RCX: 0000000000468a8d [ 2886.004637][ T8626] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000c00004df18 [ 2886.012573][ T8626] RBP: 000000c00004df28 R08: 00000000003c82a0 R09: 0000000000000000 [ 2886.020569][ T8626] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000439470 [ 2886.028509][ T8626] R13: 0000000000000000 R14: 0000000000accd54 R15: 0000000000000000 [ 2886.040427][ T6181] CPU: 0 PID: 6181 Comm: syz-executor.4 Not tainted 5.8.0-rc7-syzkaller #0 [ 2886.045610][ T8626] Mem-Info: [ 2886.048986][ T6181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2886.048989][ T6181] Call Trace: [ 2886.049001][ T6181] dump_stack+0x10f/0x19d [ 2886.049015][ T6181] warn_alloc+0x105/0x160 [ 2886.052108][ T8626] active_anon:214897 inactive_anon:6937 isolated_anon:0 [ 2886.052108][ T8626] active_file:17 inactive_file:16 isolated_file:0 [ 2886.052108][ T8626] unevictable:11 dirty:0 writeback:0 [ 2886.052108][ T8626] slab_reclaimable:7532 slab_unreclaimable:25638 [ 2886.052108][ T8626] mapped:55061 shmem:7148 pagetables:4750 bounce:0 [ 2886.052108][ T8626] free:15897 free_pcp:187 free_cma:0 [ 2886.062172][ T6181] __vmalloc_node_range+0x458/0x530 [ 2886.062185][ T6181] vmalloc_user+0x55/0x60 [ 2886.065521][ T8626] Node 0 active_anon:858816kB inactive_anon:27740kB active_file:64kB inactive_file:60kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220244kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 581632kB writeback_tmp:0kB all_unreclaimable? no [ 2886.069737][ T6181] ? vb2_vmalloc_alloc+0x8f/0x120 [ 2886.069811][ T6181] vb2_vmalloc_alloc+0x8f/0x120 [ 2886.074053][ T8626] Node 1 active_anon:772kB inactive_anon:8kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2886.110450][ T6181] ? tsan.module_ctor+0x10/0x10 [ 2886.110463][ T6181] __vb2_queue_alloc+0x4fe/0xaf0 [ 2886.115616][ T8626] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2886.119914][ T6181] vb2_core_create_bufs+0x334/0x570 [ 2886.119930][ T6181] vb2_create_bufs+0x419/0x560 [ 2886.147305][ T8626] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2886.152345][ T6181] vb2_ioctl_create_bufs+0x2b3/0x310 [ 2886.157152][ T8626] Node 0 DMA32 free:21892kB min:39024kB low:47756kB high:56488kB reserved_highatomic:0KB active_anon:543816kB inactive_anon:0kB active_file:32kB inactive_file:40kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2360kB pagetables:11160kB bounce:0kB free_pcp:252kB local_pcp:0kB free_cma:0kB [ 2886.182588][ T6181] v4l_create_bufs+0x15e/0x1b0 [ 2886.182601][ T6181] __video_do_ioctl+0x65b/0x870 [ 2886.187412][ T8626] lowmem_reserve[]: 0 0 707 707 707 [ 2886.192320][ T6181] ? __video_do_ioctl+0x2e1/0x870 [ 2886.221176][ T8626] Node 0 Normal free:4400kB min:10716kB low:12880kB high:15044kB reserved_highatomic:0KB active_anon:315000kB inactive_anon:27740kB active_file:32kB inactive_file:20kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7664kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2886.226337][ T6181] ? __check_object_size+0x253/0x310 [ 2886.231062][ T8626] lowmem_reserve[]: 0 0 0 0 0 [ 2886.236743][ T6181] video_usercopy+0x6da/0xfc0 [ 2886.236829][ T6181] ? video_ioctl2+0x30/0x30 [ 2886.241997][ T8626] Node 1 Normal free:22988kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:772kB inactive_anon:8kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:24kB pagetables:176kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2886.273309][ T6181] ? putname+0xa5/0xc0 [ 2886.273393][ T6181] ? do_vfs_ioctl+0x4f1/0xec0 [ 2886.278128][ T8626] lowmem_reserve[]: 0 0 0 0 0 [ 2886.282943][ T6181] video_ioctl2+0x25/0x30 [ 2886.288177][ T8626] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2886.293275][ T6181] ? video_usercopy+0xfc0/0xfc0 [ 2886.324743][ T8626] Node 0 DMA32: 77*4kB (UME) 846*8kB (ME) 422*16kB (ME) 164*32kB (UM) 38*64kB (M) 3*128kB (M) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 21892kB [ 2886.329989][ T6181] v4l2_ioctl+0xc2/0xd0 [ 2886.330001][ T6181] ? v4l2_poll+0x150/0x150 [ 2886.334710][ T8626] Node 0 Normal: 640*4kB (UME) 132*8kB (UME) 35*16kB (UME) 7*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4400kB [ 2886.339350][ T6181] __se_sys_ioctl+0xc9/0x130 [ 2886.339460][ T6181] __x64_sys_ioctl+0x3f/0x50 [ 2886.343820][ T8626] Node 1 Normal: 79*4kB (ME) 58*8kB (ME) 48*16kB (ME) 42*32kB (ME) 32*64kB (UME) 21*128kB (ME) 16*256kB (UM) 2*512kB (M) 6*1024kB (ME) 2*2048kB (UM) 0*4096kB = 22988kB [ 2886.374421][ T6181] do_syscall_64+0x51/0xb0 [ 2886.374435][ T6181] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2886.378468][ T8626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2886.383130][ T6181] RIP: 0033:0x45c369 [ 2886.387775][ T8626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2886.392082][ T6181] Code: Bad RIP value. [ 2886.406703][ T8626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2886.411510][ T6181] RSP: 002b:00007fae9a16dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2886.426445][ T8626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2886.430557][ T6181] RAX: ffffffffffffffda RBX: 0000000000019f40 RCX: 000000000045c369 [ 2886.434930][ T8626] 7181 total pagecache pages [ 2886.448950][ T6181] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 2886.448956][ T6181] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2886.448962][ T6181] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2886.448978][ T6181] R13: 00007ffd6fc37fff R14: 00007fae9a16e9c0 R15: 000000000078bf0c [ 2886.453533][ T8626] 0 pages in swap cache [ 2886.459676][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2886.595392][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2886.614779][ T8626] Swap cache stats: add 0, delete 0, find 0/0 [ 2886.619442][ T6181] Mem-Info: [ 2886.620836][ T8626] Free swap = 0kB [ 2886.623990][ T6181] active_anon:214897 inactive_anon:6937 isolated_anon:0 [ 2886.623990][ T6181] active_file:17 inactive_file:16 isolated_file:0 [ 2886.623990][ T6181] unevictable:11 dirty:0 writeback:0 [ 2886.623990][ T6181] slab_reclaimable:7532 slab_unreclaimable:25638 [ 2886.623990][ T6181] mapped:55061 shmem:7148 pagetables:4750 bounce:0 [ 2886.623990][ T6181] free:16048 free_pcp:0 free_cma:0 [ 2886.631234][ T8626] Total swap = 0kB [ 2886.671185][ T6181] Node 0 active_anon:858816kB inactive_anon:27740kB active_file:64kB inactive_file:60kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220244kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 581632kB writeback_tmp:0kB all_unreclaimable? yes [ 2886.680281][ T8626] 1965979 pages RAM [ 2886.710603][ T8626] 0 pages HighMem/MovableOnly [ 2886.715248][ T8626] 83163 pages reserved [ 2886.716637][ T6181] Node 1 active_anon:772kB inactive_anon:8kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2886.720383][ T8626] 0 pages cma reserved [ 2886.753647][ T8626] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=3344,uid=0 [ 2886.758938][ T6181] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2886.772575][ T8626] Out of memory: Killed process 3344 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2886.814941][ T6181] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2886.827981][ T6181] Node 0 DMA32 free:24200kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:541768kB inactive_anon:0kB active_file:132kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2360kB pagetables:11012kB bounce:0kB free_pcp:132kB local_pcp:0kB free_cma:0kB [ 2886.832342][ T8626] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2886.872421][ T6181] lowmem_reserve[]: 0 0 707 707 707 [ 2886.881243][ T6181] Node 0 Normal free:4700kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:314932kB inactive_anon:27740kB active_file:24kB inactive_file:20kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7664kB bounce:0kB free_pcp:32kB local_pcp:0kB free_cma:0kB [ 2886.889041][ T8626] CPU: 0 PID: 8626 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2886.915845][ T6181] lowmem_reserve[]: 0 0 0 0 0 [ 2886.920758][ T8626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2886.920761][ T8626] Call Trace: [ 2886.920773][ T8626] dump_stack+0x10f/0x19d [ 2886.920787][ T8626] dump_header+0x8e/0x400 [ 2886.925421][ T6181] Node 1 Normal free:23188kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:772kB inactive_anon:8kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:24kB pagetables:176kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2886.935468][ T8626] oom_kill_process+0x18d/0x3f0 [ 2886.935481][ T8626] out_of_memory+0x5bd/0x880 [ 2886.938735][ T6181] lowmem_reserve[]: 0 0 0 0 0 [ 2886.943022][ T8626] ? get_page_from_freelist+0x127/0x3c0 [ 2886.947312][ T6181] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2886.977776][ T8626] __alloc_pages_slowpath+0x742/0x970 [ 2886.977837][ T8626] __alloc_pages_nodemask+0x235/0x390 [ 2886.982723][ T6181] Node 0 DMA32: 107*4kB (UME) 851*8kB (UME) 423*16kB (UME) 165*32kB (UM) 39*64kB (UM) 4*128kB (UM) 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 24340kB [ 2886.987207][ T8626] alloc_pages_current+0x21d/0x310 [ 2886.987219][ T8626] __page_cache_alloc+0x4f/0x120 [ 2886.991852][ T6181] Node 0 Normal: 712*4kB (UME) 133*8kB (UME) 36*16kB (UME) 9*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4776kB [ 2886.997364][ T8626] pagecache_get_page+0x494/0x8b0 [ 2886.997437][ T8626] ? __do_page_cache_readahead+0x96/0xb0 [ 2887.011993][ T6181] Node 1 Normal: 79*4kB (ME) 59*8kB (UME) 49*16kB (UME) 43*32kB (UME) 31*64kB (ME) 21*128kB (ME) 15*256kB (M) 3*512kB (UM) 6*1024kB (ME) 2*2048kB (UM) 0*4096kB = 23236kB [ 2887.017327][ T8626] filemap_fault+0xba4/0x11e0 [ 2887.017374][ T8626] ext4_filemap_fault+0x4b/0x60 [ 2887.022681][ T6181] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2887.038253][ T8626] do_read_fault+0x41f/0x730 [ 2887.038267][ T8626] handle_mm_fault+0x135d/0x1930 [ 2887.043341][ T6181] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2887.048243][ T8626] do_user_addr_fault+0x393/0x810 [ 2887.048257][ T8626] exc_page_fault+0xb8/0x330 [ 2887.062272][ T6181] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2887.067255][ T8626] ? asm_exc_page_fault+0x8/0x30 [ 2887.067308][ T8626] asm_exc_page_fault+0x1e/0x30 [ 2887.072900][ T6181] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2887.089687][ T8626] RIP: 0033:0x468a8d [ 2887.089705][ T8626] Code: Bad RIP value. [ 2887.094347][ T6181] 7206 total pagecache pages [ 2887.099154][ T8626] RSP: 002b:000000c00004df18 EFLAGS: 00010206 [ 2887.099160][ T8626] RAX: 0000000000000000 RBX: 0000000000000a00 RCX: 0000000000468a8d [ 2887.099169][ T8626] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000c00004df18 [ 2887.108690][ T6181] 0 pages in swap cache [ 2887.113274][ T8626] RBP: 000000c00004df28 R08: 00000000003c82a0 R09: 0000000000000000 [ 2887.118175][ T6181] Swap cache stats: add 0, delete 0, find 0/0 [ 2887.127410][ T8626] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000439470 [ 2887.127414][ T8626] R13: 0000000000000000 R14: 0000000000accd54 R15: 0000000000000000 [ 2887.235518][ T6181] Free swap = 0kB [ 2887.239240][ T6181] Total swap = 0kB [ 2887.242960][ T6181] 1965979 pages RAM [ 2887.246796][ T6181] 0 pages HighMem/MovableOnly [ 2887.251496][ T6181] 83163 pages reserved [ 2887.255548][ T6181] 0 pages cma reserved [ 2887.255610][ T8626] Mem-Info: [ 2887.265923][ T8626] active_anon:214358 inactive_anon:6937 isolated_anon:0 [ 2887.265923][ T8626] active_file:48 inactive_file:2 isolated_file:0 [ 2887.265923][ T8626] unevictable:11 dirty:2 writeback:0 [ 2887.265923][ T8626] slab_reclaimable:7531 slab_unreclaimable:25636 [ 2887.265923][ T8626] mapped:55061 shmem:7148 pagetables:4724 bounce:0 [ 2887.265923][ T8626] free:16412 free_pcp:0 free_cma:0 [ 2887.314561][ T8626] Node 0 active_anon:856660kB inactive_anon:27740kB active_file:184kB inactive_file:8kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220244kB dirty:8kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 579584kB writeback_tmp:0kB all_unreclaimable? no [ 2887.343789][ T8626] Node 1 active_anon:772kB inactive_anon:8kB active_file:108kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2887.416308][ T8626] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2887.468002][ T8626] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2887.475141][ T8626] Node 0 DMA32 free:23832kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:541768kB inactive_anon:0kB active_file:4kB inactive_file:60kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2360kB pagetables:11056kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 2887.511925][ T8626] lowmem_reserve[]: 0 0 707 707 707 [ 2887.518049][ T8626] Node 0 Normal free:4272kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:314892kB inactive_anon:27740kB active_file:80kB inactive_file:60kB unevictable:44kB writepending:8kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7664kB bounce:0kB free_pcp:56kB local_pcp:56kB free_cma:0kB [ 2887.552664][ T8626] lowmem_reserve[]: 0 0 0 0 0 [ 2887.557953][ T8626] Node 1 Normal free:1058324kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:772kB inactive_anon:8kB active_file:216kB inactive_file:6700kB unevictable:0kB writepending:148kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:24kB pagetables:176kB bounce:0kB free_pcp:1704kB local_pcp:444kB free_cma:0kB [ 2887.590181][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2887.593081][ T8626] lowmem_reserve[]: 0 0 0 0 0 [ 2887.603618][ T8626] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2887.622245][ T8626] Node 0 DMA32: 109*4kB (UME) 851*8kB (UME) 423*16kB (UME) 165*32kB (UM) 39*64kB (UM) 4*128kB (UM) 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 24348kB [ 2887.639611][ T8626] Node 0 Normal: 711*4kB (UME) 134*8kB (UME) 36*16kB (UME) 9*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4780kB [ 2887.654151][ T8626] Node 1 Normal: 14*4kB (UME) 11*8kB (UME) 9*16kB (UME) 10*32kB (UME) 8*64kB (UE) 8*128kB (UME) 19*256kB (UM) 13*512kB (UM) 13*1024kB (UME) 10*2048kB (UM) 354*4096kB (U) = 1497440kB [ 2887.676017][ T8626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2887.685904][ T8626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2887.696646][ T8626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2887.707245][ T8626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2887.719844][ T8626] 9426 total pagecache pages [ 2887.724414][ T8626] 0 pages in swap cache [ 2887.730952][ T8626] Swap cache stats: add 0, delete 0, find 0/0 [ 2887.737678][ T8626] Free swap = 0kB [ 2887.741380][ T8626] Total swap = 0kB [ 2887.745067][ T8626] 1965979 pages RAM [ 2887.750561][ T8626] 0 pages HighMem/MovableOnly [ 2887.755209][ T8626] 83163 pages reserved [ 2887.760568][ T8626] 0 pages cma reserved [ 2887.764641][ T8626] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=3335,uid=0 [ 2887.780484][ T8626] Out of memory: Killed process 3335 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2887.798999][ T1931] oom_reaper: reaped process 3335 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 07:02:40 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vhci\x00', 0x2a402) write$vhci(r1, &(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0x3}, 0x6) 07:02:40 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x135, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:02:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:40 executing program 3: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:02:40 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) r1 = socket$unix(0x1, 0x2, 0x0) fcntl$dupfd(r1, 0x0, r1) 07:02:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r3 = dup(r2) syz_kvm_setup_cpu$x86(r3, r1, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2888.596271][T24244] net_ratelimit: 1 callbacks suppressed [ 2888.596276][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:02:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:40 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:40 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2888.936204][T19476] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 2889.186221][T19476] usb 4-1: Using ep0 maxpacket: 8 [ 2889.306177][T19476] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2889.496410][T19476] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2889.507032][T19476] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2889.515130][T19476] usb 4-1: Product: syz [ 2889.520904][T19476] usb 4-1: Manufacturer: syz [ 2889.525566][T19476] usb 4-1: SerialNumber: syz [ 2889.636249][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2890.036607][T26277] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2890.045345][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2890.054356][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2890.676216][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2890.686434][T19476] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2890.693479][T19476] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2890.708275][T19476] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2890.919204][T19476] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2890.939910][T19476] usb 4-1: USB disconnect, device number 69 [ 2890.960622][T19476] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 2891.716064][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2892.756005][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2893.075928][T19476] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2893.229331][ T1931] oom_reaper: reaped process 6276 (syz-executor.4), now anon-rss:0kB, file-rss:34752kB, shmem-rss:0kB [ 2893.315983][ T6276] syz-executor.4 invoked oom-killer: gfp_mask=0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_NOWARN|__GFP_ZERO), order=0, oom_score_adj=1000 [ 2893.330305][ T6276] CPU: 0 PID: 6276 Comm: syz-executor.4 Not tainted 5.8.0-rc7-syzkaller #0 [ 2893.338849][ T6276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2893.348863][ T6276] Call Trace: [ 2893.352116][ T6276] dump_stack+0x10f/0x19d [ 2893.356410][ T6276] dump_header+0x8e/0x400 [ 2893.360702][ T6276] oom_kill_process+0x18d/0x3f0 [ 2893.365516][ T6276] out_of_memory+0x5bd/0x880 [ 2893.370070][ T6276] ? get_page_from_freelist+0x127/0x3c0 [ 2893.375657][ T6276] __alloc_pages_slowpath+0x742/0x970 [ 2893.381108][ T6276] __alloc_pages_nodemask+0x235/0x390 [ 2893.386443][ T6276] alloc_pages_current+0x21d/0x310 [ 2893.391520][ T6276] __vmalloc_node_range+0x2bf/0x530 [ 2893.396692][ T6276] vmalloc_user+0x55/0x60 [ 2893.401059][ T6276] ? vb2_vmalloc_alloc+0x8f/0x120 [ 2893.406046][ T6276] vb2_vmalloc_alloc+0x8f/0x120 [ 2893.410862][ T6276] ? tsan.module_ctor+0x10/0x10 [ 2893.415674][ T6276] __vb2_queue_alloc+0x4fe/0xaf0 [ 2893.420575][ T6276] vb2_core_create_bufs+0x334/0x570 [ 2893.425775][ T6276] vb2_create_bufs+0x419/0x560 [ 2893.430607][ T6276] vb2_ioctl_create_bufs+0x2b3/0x310 [ 2893.435856][ T6276] v4l_create_bufs+0x15e/0x1b0 [ 2893.440580][ T6276] __video_do_ioctl+0x65b/0x870 [ 2893.445396][ T6276] ? __video_do_ioctl+0x2e1/0x870 [ 2893.450383][ T6276] ? __check_object_size+0x253/0x310 [ 2893.455629][ T6276] video_usercopy+0x6da/0xfc0 [ 2893.460268][ T6276] ? video_ioctl2+0x30/0x30 [ 2893.464732][ T6276] ? putname+0xa5/0xc0 [ 2893.468881][ T6276] ? do_vfs_ioctl+0x4f1/0xec0 [ 2893.473519][ T6276] video_ioctl2+0x25/0x30 [ 2893.477808][ T6276] ? video_usercopy+0xfc0/0xfc0 [ 2893.482618][ T6276] v4l2_ioctl+0xc2/0xd0 [ 2893.486798][ T6276] ? v4l2_poll+0x150/0x150 [ 2893.491204][ T6276] __se_sys_ioctl+0xc9/0x130 [ 2893.495766][ T6276] __x64_sys_ioctl+0x3f/0x50 [ 2893.500327][ T6276] do_syscall_64+0x51/0xb0 [ 2893.504707][ T6276] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2893.510559][ T6276] RIP: 0033:0x45c369 [ 2893.514425][ T6276] Code: Bad RIP value. [ 2893.518465][ T6276] RSP: 002b:00007fae9a16dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2893.526909][ T6276] RAX: ffffffffffffffda RBX: 0000000000019f40 RCX: 000000000045c369 [ 2893.534921][ T6276] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 2893.542864][ T6276] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2893.550797][ T6276] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2893.558803][ T6276] R13: 00007ffd6fc37fff R14: 00007fae9a16e9c0 R15: 000000000078bf0c [ 2893.578915][ T6276] Mem-Info: [ 2893.582073][ T6276] active_anon:214373 inactive_anon:6938 isolated_anon:0 [ 2893.582073][ T6276] active_file:48 inactive_file:0 isolated_file:0 [ 2893.582073][ T6276] unevictable:11 dirty:0 writeback:0 [ 2893.582073][ T6276] slab_reclaimable:7534 slab_unreclaimable:25669 [ 2893.582073][ T6276] mapped:55117 shmem:7149 pagetables:4705 bounce:0 [ 2893.582073][ T6276] free:16042 free_pcp:0 free_cma:0 [ 2893.618293][ T6276] Node 0 active_anon:856972kB inactive_anon:27744kB active_file:152kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220468kB dirty:0kB writeback:0kB shmem:28588kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 581632kB writeback_tmp:0kB all_unreclaimable? yes [ 2893.645877][ T6276] Node 1 active_anon:520kB inactive_anon:8kB active_file:40kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2893.671452][ T6276] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2893.701027][ T6276] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2893.706733][ T6276] Node 0 DMA32 free:21252kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:539856kB inactive_anon:8kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2328kB pagetables:10956kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2893.737742][ T6276] lowmem_reserve[]: 0 0 707 707 707 [ 2893.742966][ T6276] Node 0 Normal free:5512kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:317116kB inactive_anon:27736kB active_file:504kB inactive_file:164kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4288kB pagetables:7856kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2893.774366][ T6276] lowmem_reserve[]: 0 0 0 0 0 [ 2893.779161][ T6276] Node 1 Normal free:23096kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:520kB inactive_anon:8kB active_file:40kB inactive_file:40kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2893.810550][ T6276] lowmem_reserve[]: 0 0 0 0 0 [ 2893.815248][ T6276] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2893.829971][ T6276] Node 0 DMA32: 65*4kB (ME) 839*8kB (ME) 420*16kB (UME) 166*32kB (UM) 39*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 21500kB [ 2893.830021][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2893.844554][ T6276] Node 0 Normal: 728*4kB (UME) 192*8kB (UME) 63*16kB (UME) 12*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5840kB [ 2893.866715][ T6276] Node 1 Normal: 46*4kB (ME) 39*8kB (ME) 42*16kB (ME) 37*32kB (ME) 24*64kB (UME) 20*128kB (UME) 18*256kB (UM) 2*512kB (M) 5*1024kB (ME) 1*2048kB (U) 1*4096kB (M) = 23344kB [ 2893.884619][ T6276] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2893.894166][ T6276] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2893.903481][ T6276] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2893.913089][ T6276] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2893.923237][ T6276] 7210 total pagecache pages [ 2893.927867][ T6276] 0 pages in swap cache [ 2893.931985][ T6276] Swap cache stats: add 0, delete 0, find 0/0 [ 2893.938027][ T6276] Free swap = 0kB [ 2893.941715][ T6276] Total swap = 0kB [ 2893.945400][ T6276] 1965979 pages RAM [ 2893.949179][ T6276] 0 pages HighMem/MovableOnly [ 2893.953819][ T6276] 83163 pages reserved [ 2893.957965][ T6276] 0 pages cma reserved [ 2893.962068][ T6276] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=2973,uid=0 [ 2893.976232][ T6276] Out of memory: Killed process 2973 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2893.992773][ T1931] oom_reaper: reaped process 2973 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2894.012220][ T5029] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2894.035452][ T5029] CPU: 1 PID: 5029 Comm: systemd-journal Not tainted 5.8.0-rc7-syzkaller #0 [ 2894.044102][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2894.054172][ T5029] Call Trace: [ 2894.057439][ T5029] dump_stack+0x10f/0x19d [ 2894.061740][ T5029] dump_header+0x8e/0x400 [ 2894.066044][ T5029] oom_kill_process+0x18d/0x3f0 [ 2894.070870][ T5029] out_of_memory+0x5bd/0x880 [ 2894.075432][ T5029] ? get_page_from_freelist+0x127/0x3c0 [ 2894.080954][ T5029] __alloc_pages_slowpath+0x742/0x970 [ 2894.086302][ T5029] __alloc_pages_nodemask+0x235/0x390 [ 2894.091647][ T5029] alloc_pages_current+0x21d/0x310 [ 2894.096744][ T5029] __page_cache_alloc+0x4f/0x120 [ 2894.101698][ T5029] pagecache_get_page+0x494/0x8b0 [ 2894.106698][ T5029] ? __do_page_cache_readahead+0x96/0xb0 [ 2894.112300][ T5029] filemap_fault+0xba4/0x11e0 [ 2894.116975][ T5029] ext4_filemap_fault+0x4b/0x60 [ 2894.121807][ T5029] do_read_fault+0x41f/0x730 [ 2894.126370][ T5029] handle_mm_fault+0x135d/0x1930 [ 2894.131286][ T5029] do_user_addr_fault+0x393/0x810 [ 2894.136289][ T5029] exc_page_fault+0xb8/0x330 [ 2894.140854][ T5029] ? asm_exc_page_fault+0x8/0x30 [ 2894.145766][ T5029] asm_exc_page_fault+0x1e/0x30 [ 2894.150586][ T5029] RIP: 0033:0x7efc26bc52e3 [ 2894.154982][ T5029] Code: Bad RIP value. [ 2894.159020][ T5029] RSP: 002b:00007fff65439748 EFLAGS: 00010246 [ 2894.165052][ T5029] RAX: 0000000000000001 RBX: 000055eeda6141e0 RCX: 00007efc26bc52e3 [ 2894.172995][ T5029] RDX: 0000000000000014 RSI: 00007fff65439750 RDI: 0000000000000008 [ 2894.180938][ T5029] RBP: 00007fff65439940 R08: 431bde82d7b634db R09: 00007fff654a0080 [ 2894.188883][ T5029] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff65439750 [ 2894.196825][ T5029] R13: 0000000000000001 R14: ffffffffffffffff R15: 0005ab7b069824d3 [ 2894.207772][ T5029] Mem-Info: [ 2894.214082][ T5029] active_anon:213828 inactive_anon:6938 isolated_anon:0 [ 2894.214082][ T5029] active_file:39 inactive_file:167 isolated_file:0 [ 2894.214082][ T5029] unevictable:11 dirty:1 writeback:0 [ 2894.214082][ T5029] slab_reclaimable:7534 slab_unreclaimable:25669 [ 2894.214082][ T5029] mapped:55130 shmem:7149 pagetables:4678 bounce:0 [ 2894.214082][ T5029] free:274862 free_pcp:539 free_cma:0 [ 2894.254376][ T5029] Node 0 active_anon:854792kB inactive_anon:27744kB active_file:12kB inactive_file:12kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220420kB dirty:0kB writeback:0kB shmem:28588kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 577536kB writeback_tmp:0kB all_unreclaimable? yes [ 2894.287849][ T5029] Node 1 active_anon:520kB inactive_anon:8kB active_file:144kB inactive_file:2256kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1200kB dirty:4kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2894.317987][ T5029] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2894.351045][ T5029] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2894.359345][ T5029] Node 0 DMA32 free:23548kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:537808kB inactive_anon:8kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2328kB pagetables:10852kB bounce:0kB free_pcp:152kB local_pcp:144kB free_cma:0kB [ 2894.393649][ T5029] lowmem_reserve[]: 0 0 707 707 707 [ 2894.399425][ T5029] Node 0 Normal free:6336kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:316984kB inactive_anon:27736kB active_file:8kB inactive_file:12kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4288kB pagetables:7852kB bounce:0kB free_pcp:1640kB local_pcp:252kB free_cma:0kB [ 2894.433133][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2894.438280][ T5029] Node 1 Normal free:2279224kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:520kB inactive_anon:8kB active_file:144kB inactive_file:4156kB unevictable:0kB writepending:4kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:1572kB local_pcp:184kB free_cma:0kB [ 2894.471866][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2894.477185][ T5029] Node 0 DMA: 1*4kB (U) 1*8kB (U) 0*16kB 1*32kB (U) 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14444kB [ 2894.493056][ T5029] Node 0 DMA32: 110*4kB (UME) 856*8kB (UME) 432*16kB (UME) 184*32kB (UM) 49*64kB (UM) 9*128kB (UM) 4*256kB (U) 2*512kB (UM) 1*1024kB (U) 2*2048kB (UM) 5*4096kB (UM) = 52024kB [ 2894.511627][ T5029] Node 0 Normal: 3373*4kB (UME) 3295*8kB (UME) 1496*16kB (UME) 565*32kB (UME) 509*64kB (UME) 85*128kB (UM) 6*256kB (UM) 4*512kB (UM) 0*1024kB 5*2048kB (UM) 0*4096kB = 139148kB [ 2894.531761][ T5029] Node 1 Normal: 28*4kB (UME) 25*8kB (UME) 17*16kB (UE) 10*32kB (UE) 10*64kB (UE) 21*128kB (UME) 23*256kB (UM) 10*512kB (UM) 14*1024kB (UME) 7*2048kB (U) 569*4096kB (UM) = 2374536kB [ 2894.551331][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2894.561230][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2894.572545][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2894.582577][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2894.594053][ T5029] 8459 total pagecache pages [ 2894.599205][ T5029] 0 pages in swap cache [ 2894.603337][ T5029] Swap cache stats: add 0, delete 0, find 0/0 [ 2894.610988][ T5029] Free swap = 0kB [ 2894.614679][ T5029] Total swap = 0kB [ 2894.618565][ T5029] 1965979 pages RAM [ 2894.622347][ T5029] 0 pages HighMem/MovableOnly [ 2894.628599][ T5029] 83163 pages reserved [ 2894.632974][ T5029] 0 pages cma reserved [ 2894.637492][ T5029] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=2962,uid=0 [ 2894.653937][ T5029] Out of memory: Killed process 2962 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2894.674318][ T1931] oom_reaper: reaped process 2962 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2894.845811][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:02:46 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:46 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) r1 = socket$unix(0x1, 0x2, 0x0) fcntl$dupfd(r1, 0x0, r1) [ 2895.795909][ T3323] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2895.804434][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2895.812501][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2895.820569][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2895.886659][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2896.925593][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2897.955447][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2898.371893][ T1931] oom_reaper: reaped process 6366 (syz-executor.4), now anon-rss:0kB, file-rss:34752kB, shmem-rss:0kB [ 2898.389318][ T8250] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2898.403625][ T8250] CPU: 0 PID: 8250 Comm: in:imklog Not tainted 5.8.0-rc7-syzkaller #0 [ 2898.411755][ T8250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2898.421772][ T8250] Call Trace: [ 2898.425025][ T8250] dump_stack+0x10f/0x19d [ 2898.429374][ T8250] dump_header+0x8e/0x400 [ 2898.433665][ T8250] oom_kill_process+0x18d/0x3f0 [ 2898.438479][ T8250] out_of_memory+0x5bd/0x880 [ 2898.443031][ T8250] ? get_page_from_freelist+0x127/0x3c0 [ 2898.448701][ T8250] __alloc_pages_slowpath+0x742/0x970 [ 2898.454035][ T8250] __alloc_pages_nodemask+0x235/0x390 [ 2898.459519][ T8250] alloc_pages_current+0x21d/0x310 [ 2898.464622][ T8250] __page_cache_alloc+0x4f/0x120 [ 2898.469527][ T8250] pagecache_get_page+0x494/0x8b0 [ 2898.474512][ T8250] ? __do_page_cache_readahead+0x96/0xb0 [ 2898.480107][ T8250] filemap_fault+0xba4/0x11e0 [ 2898.484751][ T8250] ext4_filemap_fault+0x4b/0x60 [ 2898.489564][ T8250] do_read_fault+0x41f/0x730 [ 2898.494241][ T8250] handle_mm_fault+0x135d/0x1930 [ 2898.499144][ T8250] do_user_addr_fault+0x393/0x810 [ 2898.504155][ T8250] exc_page_fault+0xb8/0x330 [ 2898.508717][ T8250] ? asm_exc_page_fault+0x8/0x30 [ 2898.513618][ T8250] asm_exc_page_fault+0x1e/0x30 [ 2898.518430][ T8250] RIP: 0033:0x7f2a5ebe922d [ 2898.522816][ T8250] Code: Bad RIP value. [ 2898.526844][ T8250] RSP: 002b:00007f2a5c585580 EFLAGS: 00010293 [ 2898.532881][ T8250] RAX: 000000000000007e RBX: 0000000000000000 RCX: 00007f2a5ebe922d [ 2898.540846][ T8250] RDX: 0000000000001fa0 RSI: 00007f2a5c585da0 RDI: 0000000000000004 [ 2898.548781][ T8250] RBP: 000055653d0f99d0 R08: 0000000000000000 R09: 0000000004000001 [ 2898.556889][ T8250] R10: 0000000000000001 R11: 0000000000000293 R12: 00007f2a5c585da0 [ 2898.564867][ T8250] R13: 0000000000001fa0 R14: 0000000000001f9f R15: 00007f2a5c585dfd [ 2898.575367][ T8250] Mem-Info: [ 2898.576735][ T6366] warn_alloc: 1 callbacks suppressed [ 2898.576748][ T6366] syz-executor.4: vmalloc: allocation failure, allocated 2459983872 of 3724722176 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 2898.578476][ T8250] active_anon:213190 inactive_anon:6937 isolated_anon:0 [ 2898.578476][ T8250] active_file:8 inactive_file:0 isolated_file:0 [ 2898.578476][ T8250] unevictable:11 dirty:16 writeback:0 [ 2898.578476][ T8250] slab_reclaimable:7532 slab_unreclaimable:25643 [ 2898.578476][ T8250] mapped:55152 shmem:7148 pagetables:4631 bounce:0 [ 2898.578476][ T8250] free:16663 free_pcp:976 free_cma:0 [ 2898.583721][ T6366] CPU: 1 PID: 6366 Comm: syz-executor.4 Not tainted 5.8.0-rc7-syzkaller #0 [ 2898.601907][ T8250] Node 0 active_anon:852356kB inactive_anon:27740kB active_file:0kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220592kB dirty:16kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 577536kB writeback_tmp:0kB all_unreclaimable? yes [ 2898.636563][ T6366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2898.636566][ T6366] Call Trace: [ 2898.647110][ T8250] Node 1 active_anon:404kB inactive_anon:8kB active_file:44kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:48kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2898.672678][ T6366] dump_stack+0x10f/0x19d [ 2898.672687][ T6366] warn_alloc+0x105/0x160 [ 2898.672698][ T6366] __vmalloc_node_range+0x458/0x530 [ 2898.672712][ T6366] vmalloc_user+0x55/0x60 [ 2898.685073][ T8250] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2898.685991][ T6366] ? vb2_vmalloc_alloc+0x8f/0x120 [ 2898.686000][ T6366] vb2_vmalloc_alloc+0x8f/0x120 [ 2898.686014][ T6366] ? tsan.module_ctor+0x10/0x10 [ 2898.713780][ T8250] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2898.715986][ T6366] __vb2_queue_alloc+0x4fe/0xaf0 [ 2898.716003][ T6366] vb2_core_create_bufs+0x334/0x570 [ 2898.720289][ T8250] Node 0 DMA32 free:22324kB min:39024kB low:47756kB high:56488kB reserved_highatomic:0KB active_anon:535636kB inactive_anon:12kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2296kB pagetables:10752kB bounce:0kB free_pcp:260kB local_pcp:4kB free_cma:0kB [ 2898.725456][ T6366] vb2_create_bufs+0x419/0x560 [ 2898.725467][ T6366] vb2_ioctl_create_bufs+0x2b3/0x310 [ 2898.725482][ T6366] v4l_create_bufs+0x15e/0x1b0 [ 2898.731328][ T8250] lowmem_reserve[]: 0 0 707 707 707 [ 2898.758626][ T6366] __video_do_ioctl+0x65b/0x870 [ 2898.758635][ T6366] ? __video_do_ioctl+0x2e1/0x870 [ 2898.758645][ T6366] ? __check_object_size+0x253/0x310 [ 2898.758709][ T6366] video_usercopy+0x6da/0xfc0 [ 2898.758721][ T6366] ? video_ioctl2+0x30/0x30 [ 2898.766877][ T8250] Node 0 Normal free:7304kB min:14812kB low:16976kB high:19140kB reserved_highatomic:0KB active_anon:316724kB inactive_anon:27728kB active_file:0kB inactive_file:328kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4272kB pagetables:7764kB bounce:0kB free_pcp:2244kB local_pcp:624kB free_cma:0kB [ 2898.768522][ T6366] ? putname+0xa5/0xc0 [ 2898.773335][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2898.779030][ T6366] ? do_vfs_ioctl+0x4f1/0xec0 [ 2898.779091][ T6366] video_ioctl2+0x25/0x30 [ 2898.779103][ T6366] ? video_usercopy+0xfc0/0xfc0 [ 2898.784451][ T8250] Node 1 Normal free:22716kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:404kB inactive_anon:8kB active_file:24kB inactive_file:4kB unevictable:0kB writepending:40kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:1400kB local_pcp:996kB free_cma:0kB [ 2898.789159][ T6366] v4l2_ioctl+0xc2/0xd0 [ 2898.789168][ T6366] ? v4l2_poll+0x150/0x150 [ 2898.789175][ T6366] __se_sys_ioctl+0xc9/0x130 [ 2898.789189][ T6366] __x64_sys_ioctl+0x3f/0x50 [ 2898.822978][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2898.825202][ T6366] do_syscall_64+0x51/0xb0 [ 2898.830454][ T8250] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2898.835179][ T6366] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2898.842180][ T8250] Node 0 DMA32: 68*4kB (UME) 854*8kB (UME) 433*16kB (ME) 165*32kB (M) 39*64kB (M) 4*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22320kB [ 2898.845146][ T6366] RIP: 0033:0x45c369 [ 2898.850144][ T8250] Node 0 Normal: 572*4kB (UME) 349*8kB (UME) 101*16kB (UME) 19*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7304kB [ 2898.855445][ T6366] Code: Bad RIP value. [ 2898.861634][ T8250] Node 1 Normal: 3*4kB (ME) 2*8kB (UE) 12*16kB (UME) 37*32kB (ME) 23*64kB (UME) 15*128kB (ME) 16*256kB (M) 3*512kB (UM) 6*1024kB (ME) 1*2048kB (U) 1*4096kB (M) = 22716kB [ 2898.864503][ T6366] RSP: 002b:00007fae9a16dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2898.896742][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2898.900274][ T6366] RAX: ffffffffffffffda RBX: 0000000000019f40 RCX: 000000000045c369 [ 2898.904912][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2898.909544][ T6366] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 2898.909549][ T6366] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2898.909554][ T6366] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2898.909558][ T6366] R13: 00007ffd6fc37fff R14: 00007fae9a16e9c0 R15: 000000000078bf0c [ 2898.911127][ T6366] Mem-Info: [ 2898.913862][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2898.919422][ T6366] active_anon:213190 inactive_anon:6937 isolated_anon:0 [ 2898.919422][ T6366] active_file:8 inactive_file:0 isolated_file:0 [ 2898.919422][ T6366] unevictable:11 dirty:16 writeback:0 [ 2898.919422][ T6366] slab_reclaimable:7532 slab_unreclaimable:25643 [ 2898.919422][ T6366] mapped:55152 shmem:7148 pagetables:4631 bounce:0 [ 2898.919422][ T6366] free:16663 free_pcp:976 free_cma:0 [ 2898.951884][T26593] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2898.955015][ T6366] Node 0 active_anon:852356kB inactive_anon:27740kB active_file:0kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220592kB dirty:16kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 577536kB writeback_tmp:0kB all_unreclaimable? yes [ 2898.959306][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2898.962790][ T6366] Node 1 active_anon:404kB inactive_anon:8kB active_file:44kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:48kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2898.969165][ T8250] 7222 total pagecache pages [ 2898.973102][ T6366] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2898.976412][ T8250] 0 pages in swap cache [ 2898.992395][ T6366] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2898.998610][ T8250] Swap cache stats: add 0, delete 0, find 0/0 [ 2899.014458][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2899.017408][ T8250] Free swap = 0kB [ 2899.051259][ T6366] Node 0 DMA32 free:22072kB min:39024kB low:47756kB high:56488kB reserved_highatomic:0KB active_anon:535636kB inactive_anon:12kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2296kB pagetables:10752kB bounce:0kB free_pcp:260kB local_pcp:256kB free_cma:0kB [ 2899.081997][ T8250] Total swap = 0kB [ 2899.089600][ T6366] lowmem_reserve[]: 0 0 707 707 707 [ 2899.103734][ T8250] 1965979 pages RAM [ 2899.115020][ T6366] Node 0 Normal free:9808kB min:14812kB low:16976kB high:19140kB reserved_highatomic:0KB active_anon:314568kB inactive_anon:27728kB active_file:24kB inactive_file:32kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4272kB pagetables:7660kB bounce:0kB free_pcp:1968kB local_pcp:1344kB free_cma:0kB [ 2899.128322][ T8250] 0 pages HighMem/MovableOnly [ 2899.133815][ T6366] lowmem_reserve[]: 0 0 0 0 0 [ 2899.176777][ T8250] 83163 pages reserved [ 2899.205520][ T6366] Node 1 Normal free:22716kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:404kB inactive_anon:8kB active_file:24kB inactive_file:24kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:1400kB local_pcp:404kB free_cma:0kB [ 2899.230037][ T8250] 0 pages cma reserved [ 2899.243774][ T6366] lowmem_reserve[]: 0 0 0 0 0 [ 2899.277614][ T8250] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=2956,uid=0 [ 2899.287405][ T6366] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2899.302079][ T8250] Out of memory: Killed process 2956 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2899.479298][ T6366] Node 0 DMA32: 68*4kB (UME) 854*8kB (UME) 433*16kB (ME) 165*32kB (M) 39*64kB (M) 4*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22320kB [ 2899.480464][ T1931] oom_reaper: reaped process 2956 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2899.495181][ T6366] Node 0 Normal: 648*4kB (UME) 360*8kB (UME) 102*16kB (UME) 19*32kB (UM) 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 9824kB [ 2899.524108][ T8626] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2899.539634][ T6366] Node 1 Normal: 28*4kB (ME) 31*8kB (UME) 31*16kB (UME) 32*32kB (UME) 22*64kB (UME) 17*128kB (UME) 17*256kB (UM) 4*512kB (UM) 6*1024kB (ME) 1*2048kB (U) 1*4096kB (M) = 24152kB [ 2899.550006][ T8626] CPU: 1 PID: 8626 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2899.565202][ T8626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2899.568115][ T6366] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2899.575230][ T8626] Call Trace: [ 2899.575244][ T8626] dump_stack+0x10f/0x19d [ 2899.575258][ T8626] dump_header+0x8e/0x400 [ 2899.594459][ T6366] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2899.596634][ T8626] oom_kill_process+0x18d/0x3f0 [ 2899.596644][ T8626] out_of_memory+0x5bd/0x880 [ 2899.596652][ T8626] ? get_page_from_freelist+0x127/0x3c0 [ 2899.596664][ T8626] __alloc_pages_slowpath+0x742/0x970 [ 2899.617192][ T6366] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2899.620961][ T8626] __alloc_pages_nodemask+0x235/0x390 [ 2899.635457][ T6366] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2899.635803][ T8626] alloc_pages_current+0x21d/0x310 [ 2899.641154][ T6366] 7175 total pagecache pages [ 2899.650397][ T8626] __page_cache_alloc+0x4f/0x120 [ 2899.650473][ T8626] pagecache_get_page+0x494/0x8b0 [ 2899.650485][ T8626] ? __do_page_cache_readahead+0x96/0xb0 [ 2899.666549][ T6366] 0 pages in swap cache [ 2899.670001][ T8626] filemap_fault+0xba4/0x11e0 [ 2899.682568][ T6366] Swap cache stats: add 0, delete 0, find 0/0 [ 2899.684485][ T8626] ext4_filemap_fault+0x4b/0x60 [ 2899.692324][ T6366] Free swap = 0kB [ 2899.695484][ T8626] do_read_fault+0x41f/0x730 [ 2899.695505][ T8626] handle_mm_fault+0x135d/0x1930 [ 2899.708694][ T8626] do_user_addr_fault+0x393/0x810 [ 2899.710932][ T6366] Total swap = 0kB [ 2899.713824][ T8626] exc_page_fault+0xb8/0x330 [ 2899.722058][ T8626] ? asm_exc_page_fault+0x8/0x30 [ 2899.722937][ T6366] 1965979 pages RAM [ 2899.726963][ T8626] asm_exc_page_fault+0x1e/0x30 [ 2899.726970][ T8626] RIP: 0033:0x469093 [ 2899.727030][ T8626] Code: Bad RIP value. [ 2899.734806][ T6366] 0 pages HighMem/MovableOnly [ 2899.735706][ T8626] RSP: 002b:000000c00004de80 EFLAGS: 00010206 [ 2899.735746][ T8626] RAX: ffffffffffffff92 RBX: 000000003aea2aa0 RCX: 0000000000469093 [ 2899.735755][ T8626] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000017cec98 [ 2899.745099][ T6366] 83163 pages reserved [ 2899.748282][ T8626] RBP: 000000c00004dec8 R08: 0000000000000000 R09: 0000000000000000 [ 2899.748287][ T8626] R10: 000000c00004deb8 R11: 0000000000000206 R12: 0000000000439470 [ 2899.748291][ T8626] R13: 0000000000000000 R14: 0000000000accd54 R15: 0000000000000000 [ 2899.789945][ T8626] Mem-Info: [ 2899.790936][ T6366] 0 pages cma reserved [ 2899.808850][ T8626] active_anon:212114 inactive_anon:6937 isolated_anon:0 [ 2899.808850][ T8626] active_file:13 inactive_file:567 isolated_file:0 [ 2899.808850][ T8626] unevictable:11 dirty:0 writeback:0 [ 2899.808850][ T8626] slab_reclaimable:7532 slab_unreclaimable:25643 [ 2899.808850][ T8626] mapped:55476 shmem:7148 pagetables:4568 bounce:0 [ 2899.808850][ T8626] free:18177 free_pcp:167 free_cma:0 [ 2899.965798][ T8626] Node 0 active_anon:847952kB inactive_anon:27740kB active_file:68kB inactive_file:52kB unevictable:44kB isolated(anon):0kB isolated(file):68kB mapped:220604kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 575488kB writeback_tmp:0kB all_unreclaimable? no 07:02:51 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vhci\x00', 0x2a402) write$vhci(r1, &(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0x3}, 0x6) [ 2899.999565][ T8626] Node 1 active_anon:504kB inactive_anon:8kB active_file:2320kB inactive_file:7012kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:6700kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? no [ 2900.035835][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:02:51 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x14b, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd0"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2900.051129][ T8626] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2900.091167][ T8626] lowmem_reserve[]: 0 2850 3557 3557 3557 07:02:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r3 = dup(0xffffffffffffffff) syz_kvm_setup_cpu$x86(r3, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2900.099679][ T8626] Node 0 DMA32 free:24772kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:533580kB inactive_anon:12kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2280kB pagetables:10652kB bounce:0kB free_pcp:48kB local_pcp:48kB free_cma:0kB [ 2900.138329][ T8626] lowmem_reserve[]: 0 0 707 707 707 07:02:51 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:51 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) [ 2900.143952][ T8626] Node 0 Normal free:10276kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:314068kB inactive_anon:27728kB active_file:20kB inactive_file:24kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4272kB pagetables:7652kB bounce:0kB free_pcp:2128kB local_pcp:1300kB free_cma:0kB [ 2900.200450][ T8626] lowmem_reserve[]: 0 0 0 0 0 [ 2900.206826][ T8626] Node 1 Normal free:1077216kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:1196kB inactive_anon:8kB active_file:3136kB inactive_file:11852kB unevictable:0kB writepending:172kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:92kB pagetables:432kB bounce:0kB free_pcp:1452kB local_pcp:192kB free_cma:0kB 07:02:52 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x14b, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd0"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2900.257533][ T8626] lowmem_reserve[]: 0 0 0 0 0 [ 2900.291562][ T8626] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2900.308701][ T8626] Node 0 DMA32: 105*4kB (UME) 858*8kB (UME) 434*16kB (UME) 166*32kB (UM) 40*64kB (UM) 5*128kB (UM) 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 24788kB 07:02:52 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r3 = dup(0xffffffffffffffff) syz_kvm_setup_cpu$x86(r3, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2900.335456][ T8626] Node 0 Normal: 702*4kB (UME) 376*8kB (UME) 112*16kB (UME) 19*32kB (UM) 4*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 10520kB [ 2900.351411][ T8626] Node 1 Normal: 16*4kB (UE) 17*8kB (UME) 18*16kB (UME) 28*32kB (UME) 29*64kB (UE) 31*128kB (UME) 32*256kB (U) 30*512kB (U) 31*1024kB (UE) 31*2048kB (UM) 286*4096kB (U) = 1297448kB 07:02:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r3 = dup(0xffffffffffffffff) syz_kvm_setup_cpu$x86(r3, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:02:52 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2900.410789][ T8626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2900.448852][ T8626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB 07:02:52 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) dup(r3) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2900.473710][ T8626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2900.494363][ T8626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2900.523812][ T8626] 11437 total pagecache pages [ 2900.545902][ T8626] 0 pages in swap cache [ 2900.558877][ T8626] Swap cache stats: add 0, delete 0, find 0/0 [ 2900.567500][ T8626] Free swap = 0kB [ 2900.575986][ T9218] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 2900.584027][ T8626] Total swap = 0kB [ 2900.590494][ T8626] 1965979 pages RAM [ 2900.594350][ T8626] 0 pages HighMem/MovableOnly [ 2900.599638][ T8626] 83163 pages reserved [ 2900.603714][ T8626] 0 pages cma reserved [ 2900.609402][ T8626] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=30944,uid=0 [ 2900.629400][ T8626] Out of memory: Killed process 30944 (syz-executor.3) total-vm:75108kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2900.825168][ T9218] usb 4-1: Using ep0 maxpacket: 8 [ 2900.945294][ T9218] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2901.075482][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2901.115325][ T9218] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2901.125923][ T9218] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2901.133925][ T9218] usb 4-1: Product: syz [ 2901.139238][ T9218] usb 4-1: Manufacturer: syz [ 2901.143866][ T9218] usb 4-1: SerialNumber: syz 07:02:53 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2901.556027][T26277] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2901.564494][T26593] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2901.572861][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2902.115108][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2902.275028][ T9218] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2902.281563][ T9218] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2902.294998][ T9218] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2902.506555][ T9218] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2902.524061][ T9218] usb 4-1: USB disconnect, device number 70 [ 2902.539754][ T9218] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 2903.155058][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2904.195029][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2904.594992][T26593] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2905.235041][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2905.396053][T26593] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2906.275011][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2907.314876][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2907.634783][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2908.354719][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2909.394644][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2910.444515][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:03:02 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r1 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vhci\x00', 0x2a402) write$vhci(r1, &(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0x3}, 0x6) 07:03:02 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) socket$unix(0x1, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 07:03:02 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:03:02 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) dup(r3) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:03:02 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:03:02 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x14b, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd0"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:03:02 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(0xffffffffffffffff) syz_kvm_setup_cpu$x86(r6, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:03:02 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) dup(r3) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:03:02 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(0xffffffffffffffff) syz_kvm_setup_cpu$x86(r6, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2910.674398][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:03:02 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r3 = dup(r2) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:03:02 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(0xffffffffffffffff) syz_kvm_setup_cpu$x86(r6, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:03:02 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) dup(r6) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) [ 2910.854300][T24244] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 2911.124279][T24244] usb 4-1: Using ep0 maxpacket: 8 [ 2911.254543][T24244] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2911.444447][T24244] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2911.456936][T24244] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2911.466082][T24244] usb 4-1: Product: syz [ 2911.470381][T24244] usb 4-1: Manufacturer: syz [ 2911.478296][T24244] usb 4-1: SerialNumber: syz [ 2911.488532][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2912.514288][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2912.624179][T24244] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2912.631759][T24244] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2912.649086][T24244] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2912.836346][T24244] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2912.867579][T24244] usb 4-1: USB disconnect, device number 71 [ 2912.880524][T24244] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 2913.554150][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2913.714251][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2914.470488][ T1931] oom_reaper: reaped process 6508 (syz-executor.4), now anon-rss:0kB, file-rss:34756kB, shmem-rss:0kB [ 2914.495427][ T8630] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2914.513398][ T8630] CPU: 1 PID: 8630 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2914.521618][ T8630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2914.531728][ T8630] Call Trace: [ 2914.534990][ T8630] dump_stack+0x10f/0x19d [ 2914.539290][ T8630] dump_header+0x8e/0x400 [ 2914.543603][ T8630] oom_kill_process+0x18d/0x3f0 [ 2914.548416][ T8630] out_of_memory+0x5bd/0x880 [ 2914.552968][ T8630] ? get_page_from_freelist+0x127/0x3c0 [ 2914.558473][ T8630] __alloc_pages_slowpath+0x742/0x970 [ 2914.563809][ T8630] __alloc_pages_nodemask+0x235/0x390 [ 2914.569159][ T8630] alloc_pages_current+0x21d/0x310 [ 2914.574261][ T8630] __page_cache_alloc+0x4f/0x120 [ 2914.579164][ T8630] pagecache_get_page+0x494/0x8b0 [ 2914.584155][ T8630] ? __do_page_cache_readahead+0x96/0xb0 [ 2914.589752][ T8630] filemap_fault+0xba4/0x11e0 [ 2914.594480][ T8630] ext4_filemap_fault+0x4b/0x60 [ 2914.599294][ T8630] do_read_fault+0x41f/0x730 [ 2914.603846][ T8630] handle_mm_fault+0x135d/0x1930 [ 2914.608748][ T8630] do_user_addr_fault+0x393/0x810 [ 2914.613973][ T8630] exc_page_fault+0xb8/0x330 [ 2914.618527][ T8630] ? asm_exc_page_fault+0x8/0x30 [ 2914.623442][ T8630] asm_exc_page_fault+0x1e/0x30 [ 2914.628259][ T8630] RIP: 0033:0x469240 [ 2914.632132][ T8630] Code: Bad RIP value. [ 2914.636166][ T8630] RSP: 002b:000000c00004b7f0 EFLAGS: 00010246 [ 2914.642195][ T8630] RAX: 0000000000000000 RBX: 0000000000000180 RCX: 0000000000469240 [ 2914.650133][ T8630] RDX: 0000000000000080 RSI: 000000c00004b840 RDI: 0000000000000003 [ 2914.658181][ T8630] RBP: 000000c00004be40 R08: 0000000000000000 R09: 0000000000000000 [ 2914.666113][ T8630] R10: 0000000000000180 R11: 0000000000000246 R12: 0000000000000003 [ 2914.674048][ T8630] R13: 000000c000156300 R14: 000002a6a45273bd R15: 0000000000000000 [ 2914.682346][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2914.690619][ T8630] Mem-Info: [ 2914.692165][ T6508] syz-executor.4: vmalloc: allocation failure, allocated 2465996800 of 3724722176 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 2914.693720][ T8630] active_anon:212210 inactive_anon:6939 isolated_anon:0 [ 2914.693720][ T8630] active_file:26 inactive_file:0 isolated_file:0 [ 2914.693720][ T8630] unevictable:11 dirty:0 writeback:0 [ 2914.693720][ T8630] slab_reclaimable:7532 slab_unreclaimable:25618 [ 2914.693720][ T8630] mapped:55182 shmem:7149 pagetables:4601 bounce:0 [ 2914.693720][ T8630] free:16901 free_pcp:215 free_cma:0 [ 2914.716786][ T6508] CPU: 0 PID: 6508 Comm: syz-executor.4 Not tainted 5.8.0-rc7-syzkaller #0 [ 2914.746459][ T8630] Node 0 active_anon:848276kB inactive_anon:27748kB active_file:20kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220688kB dirty:0kB writeback:0kB shmem:28588kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 573440kB writeback_tmp:0kB all_unreclaimable? yes [ 2914.754964][ T6508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2914.754967][ T6508] Call Trace: [ 2914.754980][ T6508] dump_stack+0x10f/0x19d [ 2914.754988][ T6508] warn_alloc+0x105/0x160 [ 2914.755005][ T6508] __vmalloc_node_range+0x458/0x530 [ 2914.782431][ T8630] Node 1 active_anon:564kB inactive_anon:8kB active_file:84kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:40kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2914.792407][ T6508] vmalloc_user+0x55/0x60 [ 2914.792417][ T6508] ? vb2_vmalloc_alloc+0x8f/0x120 [ 2914.792431][ T6508] vb2_vmalloc_alloc+0x8f/0x120 [ 2914.795703][ T8630] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2914.800046][ T6508] ? tsan.module_ctor+0x10/0x10 [ 2914.804391][ T8630] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2914.809423][ T6508] __vb2_queue_alloc+0x4fe/0xaf0 [ 2914.835003][ T8630] Node 0 DMA32 free:22252kB min:39024kB low:47756kB high:56488kB reserved_highatomic:0KB active_anon:531524kB inactive_anon:0kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2248kB pagetables:10548kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2914.839395][ T6508] vb2_core_create_bufs+0x334/0x570 [ 2914.844358][ T8630] lowmem_reserve[]: 0 0 707 707 707 [ 2914.849250][ T6508] vb2_create_bufs+0x419/0x560 [ 2914.878077][ T8630] Node 0 Normal free:8140kB min:16860kB low:19024kB high:21188kB reserved_highatomic:0KB active_anon:316752kB inactive_anon:27748kB active_file:0kB inactive_file:32kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4288kB pagetables:7848kB bounce:0kB free_pcp:364kB local_pcp:116kB free_cma:0kB [ 2914.882877][ T6508] vb2_ioctl_create_bufs+0x2b3/0x310 [ 2914.888557][ T8630] lowmem_reserve[]: 0 0 0 0 0 [ 2914.893470][ T6508] v4l_create_bufs+0x15e/0x1b0 [ 2914.924600][ T8630] Node 1 Normal free:22904kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:564kB inactive_anon:8kB active_file:24kB inactive_file:84kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:24kB pagetables:8kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2914.929732][ T6508] __video_do_ioctl+0x65b/0x870 [ 2914.934993][ T8630] lowmem_reserve[]: 0 0 0 0 0 [ 2914.939626][ T6508] ? __video_do_ioctl+0x2e1/0x870 [ 2914.973278][ T8630] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2914.976513][ T6508] ? __check_object_size+0x253/0x310 [ 2914.976521][ T6508] video_usercopy+0x6da/0xfc0 [ 2914.976530][ T6508] ? video_ioctl2+0x30/0x30 [ 2914.976584][ T6508] ? putname+0xa5/0xc0 [ 2914.976597][ T6508] ? do_vfs_ioctl+0x4f1/0xec0 [ 2914.981230][ T8630] Node 0 DMA32: 67*4kB (ME) 855*8kB (UME) 430*16kB (ME) 171*32kB (UM) 42*64kB (UM) 3*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22532kB [ 2914.986071][ T6508] video_ioctl2+0x25/0x30 [ 2914.986079][ T6508] ? video_usercopy+0xfc0/0xfc0 [ 2914.986129][ T6508] v4l2_ioctl+0xc2/0xd0 [ 2915.016750][ T8630] Node 0 Normal: 707*4kB (UME) 316*8kB (ME) 102*16kB (UME) 22*32kB (ME) 7*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8140kB [ 2915.021538][ T6508] ? v4l2_poll+0x150/0x150 [ 2915.026196][ T8630] Node 1 Normal: 66*4kB (ME) 61*8kB (ME) 56*16kB (UME) 50*32kB (UME) 39*64kB (ME) 33*128kB (UME) 19*256kB (M) 6*512kB (M) 1*1024kB (E) 2*2048kB (UM) 0*4096kB = 23024kB [ 2915.031166][ T6508] __se_sys_ioctl+0xc9/0x130 [ 2915.045873][ T8630] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2915.051035][ T6508] __x64_sys_ioctl+0x3f/0x50 [ 2915.055743][ T8630] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2915.060207][ T6508] do_syscall_64+0x51/0xb0 [ 2915.064351][ T8630] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2915.068883][ T6508] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2915.084077][ T8630] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2915.088048][ T6508] RIP: 0033:0x45c369 [ 2915.092854][ T8630] 7194 total pagecache pages [ 2915.096982][ T6508] Code: Bad RIP value. [ 2915.096986][ T6508] RSP: 002b:00007fae9a16dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2915.096999][ T6508] RAX: ffffffffffffffda RBX: 0000000000019f40 RCX: 000000000045c369 [ 2915.111523][ T8630] 0 pages in swap cache [ 2915.115925][ T6508] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 2915.115930][ T6508] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2915.115934][ T6508] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2915.115944][ T6508] R13: 00007ffd6fc37fff R14: 00007fae9a16e9c0 R15: 000000000078bf0c [ 2915.132583][ T8630] Swap cache stats: add 0, delete 0, find 0/0 [ 2915.144036][ T6508] Mem-Info: [ 2915.148036][ T8630] Free swap = 0kB [ 2915.151227][T26593] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2915.160460][ T8630] Total swap = 0kB [ 2915.170521][ T6508] active_anon:212204 inactive_anon:6939 isolated_anon:0 [ 2915.170521][ T6508] active_file:12 inactive_file:14 isolated_file:0 [ 2915.170521][ T6508] unevictable:11 dirty:0 writeback:0 [ 2915.170521][ T6508] slab_reclaimable:7532 slab_unreclaimable:25618 [ 2915.170521][ T6508] mapped:55154 shmem:7149 pagetables:4600 bounce:0 [ 2915.170521][ T6508] free:17001 free_pcp:215 free_cma:0 [ 2915.176463][ T8630] 1965979 pages RAM [ 2915.180319][ T6508] Node 0 active_anon:848252kB inactive_anon:27748kB active_file:16kB inactive_file:20kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220616kB dirty:0kB writeback:0kB shmem:28588kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 571392kB writeback_tmp:0kB all_unreclaimable? yes [ 2915.189596][ T8630] 0 pages HighMem/MovableOnly [ 2915.189599][ T8630] 83163 pages reserved [ 2915.189601][ T8630] 0 pages cma reserved [ 2915.189610][ T8630] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.4,pid=28903,uid=0 [ 2915.198647][ T6508] Node 1 active_anon:564kB inactive_anon:8kB active_file:32kB inactive_file:36kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2915.203380][ T8630] Out of memory: Killed process 28903 (syz-executor.4) total-vm:75108kB, anon-rss:2220kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2915.420229][ T6508] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2915.420978][ T1931] oom_reaper: reaped process 28903 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2915.451148][ T6508] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2915.467806][ T6508] Node 0 DMA32 free:24580kB min:39024kB low:47756kB high:56488kB reserved_highatomic:0KB active_anon:529476kB inactive_anon:0kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2248kB pagetables:10548kB bounce:0kB free_pcp:284kB local_pcp:264kB free_cma:0kB [ 2915.503076][ T6508] lowmem_reserve[]: 0 0 707 707 707 [ 2915.508340][ T6508] Node 0 Normal free:8140kB min:16860kB low:19024kB high:21188kB reserved_highatomic:0KB active_anon:316592kB inactive_anon:27748kB active_file:12kB inactive_file:20kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4288kB pagetables:7844kB bounce:0kB free_pcp:508kB local_pcp:248kB free_cma:0kB [ 2915.547063][ T6508] lowmem_reserve[]: 0 0 0 0 0 [ 2915.551728][ T6508] Node 1 Normal free:23024kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:564kB inactive_anon:8kB active_file:132kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:24kB pagetables:8kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 2915.586138][ T6508] lowmem_reserve[]: 0 0 0 0 0 [ 2915.586243][ T8626] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2915.590797][ T6508] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2915.601854][ T8626] CPU: 1 PID: 8626 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2915.616094][ T6508] Node 0 DMA32: 67*4kB (ME) 855*8kB (UME) 430*16kB (ME) 171*32kB (UM) 42*64kB (UM) 3*128kB (U) 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 24580kB [ 2915.624291][ T8626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2915.624294][ T8626] Call Trace: [ 2915.624308][ T8626] dump_stack+0x10f/0x19d [ 2915.624324][ T8626] dump_header+0x8e/0x400 [ 2915.650260][ T6508] Node 0 Normal: 707*4kB (UME) 316*8kB (ME) 102*16kB (UME) 22*32kB (ME) 7*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8140kB [ 2915.652833][ T8626] oom_kill_process+0x18d/0x3f0 [ 2915.657126][ T6508] Node 1 Normal: 66*4kB (ME) 61*8kB (ME) 56*16kB (UME) 50*32kB (UME) 39*64kB (ME) 33*128kB (UME) 19*256kB (M) 6*512kB (M) 1*1024kB (E) 2*2048kB (UM) 0*4096kB = 23024kB [ 2915.661419][ T8626] out_of_memory+0x5bd/0x880 [ 2915.675875][ T6508] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2915.680687][ T8626] ? get_page_from_freelist+0x127/0x3c0 [ 2915.697307][ T6508] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2915.701929][ T8626] __alloc_pages_slowpath+0x742/0x970 [ 2915.711375][ T6508] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2915.716894][ T8626] __alloc_pages_nodemask+0x235/0x390 [ 2915.716908][ T8626] alloc_pages_current+0x21d/0x310 [ 2915.726149][ T6508] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2915.731481][ T8626] __page_cache_alloc+0x4f/0x120 [ 2915.740983][ T6508] 7200 total pagecache pages [ 2915.746313][ T8626] pagecache_get_page+0x494/0x8b0 [ 2915.746325][ T8626] ? __do_page_cache_readahead+0x96/0xb0 [ 2915.751398][ T6508] 0 pages in swap cache [ 2915.760643][ T8626] filemap_fault+0xba4/0x11e0 [ 2915.760675][ T8626] ext4_filemap_fault+0x4b/0x60 [ 2915.765572][ T6508] Swap cache stats: add 0, delete 0, find 0/0 [ 2915.770138][ T8626] do_read_fault+0x41f/0x730 [ 2915.775121][ T6508] Free swap = 0kB [ 2915.780715][ T8626] handle_mm_fault+0x135d/0x1930 [ 2915.784829][ T6508] Total swap = 0kB [ 2915.789493][ T8626] do_user_addr_fault+0x393/0x810 [ 2915.794302][ T6508] 1965979 pages RAM [ 2915.800383][ T8626] exc_page_fault+0xb8/0x330 [ 2915.805023][ T6508] 0 pages HighMem/MovableOnly [ 2915.808692][ T8626] ? asm_exc_page_fault+0x8/0x30 [ 2915.813529][ T6508] 83163 pages reserved [ 2915.817228][ T8626] asm_exc_page_fault+0x1e/0x30 [ 2915.817309][ T8626] RIP: 0033:0x469093 [ 2915.822218][ T6508] 0 pages cma reserved [ 2915.825996][ T8626] Code: Bad RIP value. [ 2915.860864][ T8626] RSP: 002b:000000c00004de80 EFLAGS: 00010202 [ 2915.866893][ T8626] RAX: ffffffffffffff92 RBX: 0000000013890e7f RCX: 0000000000469093 [ 2915.874833][ T8626] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00000000017cec98 [ 2915.882779][ T8626] RBP: 000000c00004dec8 R08: 0000000000000000 R09: 0000000000000000 [ 2915.890718][ T8626] R10: 000000c00004deb8 R11: 0000000000000202 R12: 0000000000439470 [ 2915.898655][ T8626] R13: 0000000000000000 R14: 0000000000accd54 R15: 0000000000000000 [ 2915.920418][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2915.975745][ T8626] Mem-Info: [ 2915.979366][ T8626] active_anon:211665 inactive_anon:6939 isolated_anon:0 [ 2915.979366][ T8626] active_file:46 inactive_file:304 isolated_file:0 [ 2915.979366][ T8626] unevictable:11 dirty:0 writeback:0 [ 2915.979366][ T8626] slab_reclaimable:7532 slab_unreclaimable:25618 [ 2915.979366][ T8626] mapped:55329 shmem:7149 pagetables:4600 bounce:0 [ 2915.979366][ T8626] free:47324 free_pcp:383 free_cma:0 [ 2916.020292][ T8626] Node 0 active_anon:846096kB inactive_anon:27748kB active_file:96kB inactive_file:12kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220616kB dirty:0kB writeback:0kB shmem:28588kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 571392kB writeback_tmp:0kB all_unreclaimable? yes [ 2916.053770][ T8626] Node 1 active_anon:564kB inactive_anon:8kB active_file:104kB inactive_file:2304kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:1464kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? no [ 2916.084424][ T8626] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2916.117913][ T8626] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2916.124601][ T8626] Node 0 DMA32 free:24932kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:529476kB inactive_anon:0kB active_file:32kB inactive_file:28kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2200kB pagetables:10452kB bounce:0kB free_pcp:24kB local_pcp:16kB free_cma:0kB [ 2916.171898][ T8626] lowmem_reserve[]: 0 0 707 707 707 [ 2916.193932][ T8626] Node 0 Normal free:8668kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:316584kB inactive_anon:27748kB active_file:12kB inactive_file:16kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4288kB pagetables:7836kB bounce:0kB free_pcp:60kB local_pcp:0kB free_cma:0kB [ 2916.225371][ T8626] lowmem_reserve[]: 0 0 0 0 0 [ 2916.230022][ T8626] Node 1 Normal free:1357000kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:564kB inactive_anon:8kB active_file:308kB inactive_file:4928kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:24kB pagetables:8kB bounce:0kB free_pcp:2568kB local_pcp:1260kB free_cma:0kB [ 2916.261515][ T8626] lowmem_reserve[]: 0 0 0 0 0 [ 2916.266222][ T8626] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2916.282365][ T8626] Node 0 DMA32: 93*4kB (UME) 860*8kB (UME) 435*16kB (UME) 173*32kB (UM) 43*64kB (UM) 3*128kB (U) 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 24932kB [ 2916.297998][ T8626] Node 0 Normal: 765*4kB (UME) 324*8kB (UME) 104*16kB (UME) 22*32kB (ME) 11*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8724kB [ 2916.313161][ T8626] Node 1 Normal: 42*4kB (UE) 21*8kB (UME) 20*16kB (UME) 17*32kB (UE) 14*64kB (UME) 32*128kB (UME) 32*256kB (UM) 14*512kB (UM) 9*1024kB (UE) 11*2048kB (UM) 416*4096kB (U) = 1757232kB [ 2916.331928][ T8626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2916.341866][ T8626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2916.351367][ T8626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2916.361964][ T8626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2916.371519][ T8626] 9274 total pagecache pages [ 2916.376228][ T8626] 0 pages in swap cache [ 2916.380356][ T8626] Swap cache stats: add 0, delete 0, find 0/0 [ 2916.387805][ T8626] Free swap = 0kB [ 2916.391505][ T8626] Total swap = 0kB [ 2916.395526][ T8626] 1965979 pages RAM [ 2916.399307][ T8626] 0 pages HighMem/MovableOnly [ 2916.404404][ T8626] 83163 pages reserved [ 2916.408463][ T8626] 0 pages cma reserved [ 2916.412862][ T8626] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=20256,uid=0 [ 2916.427637][ T8626] Out of memory: Killed process 20256 (syz-executor.1) total-vm:74976kB, anon-rss:2220kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2916.446946][ T1931] oom_reaper: reaped process 20256 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2916.753860][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2916.994053][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2918.034177][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2919.073758][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2919.793735][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2920.113871][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:03:12 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$vhci(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vhci\x00', 0x2a402) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0x3}, 0x6) 07:03:12 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) dup(r6) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:03:12 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r3 = dup(r2) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:03:12 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) socket$unix(0x1, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 07:03:12 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:03:12 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x156, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc1"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:03:12 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$vhci(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vhci\x00', 0x2a402) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0x3}, 0x6) 07:03:12 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r3 = dup(r2) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:03:12 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$vhci(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vhci\x00', 0x2a402) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0x3}, 0x6) 07:03:12 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) dup(r6) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:03:12 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$vhci(0xffffffffffffffff, &(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0x3}, 0x6) 07:03:12 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 07:03:12 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:03:12 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$vhci(0xffffffffffffffff, &(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0x3}, 0x6) [ 2921.153584][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2921.203453][ T2853] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 2921.463400][ T2853] usb 4-1: Using ep0 maxpacket: 8 [ 2921.613673][ T2853] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2921.803655][ T2853] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2921.814114][ T2853] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2921.822140][ T2853] usb 4-1: Product: syz [ 2921.827698][ T2853] usb 4-1: Manufacturer: syz [ 2921.832329][ T2853] usb 4-1: SerialNumber: syz [ 2922.193508][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2922.833339][T26593] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2922.953308][ T2853] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2922.961040][ T2853] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2922.979296][ T2853] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2923.176090][ T2853] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2923.196976][ T2853] usb 4-1: USB disconnect, device number 72 [ 2923.209655][ T2853] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 2923.233653][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2924.273360][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2924.288327][ T5029] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2924.304457][ T5029] CPU: 1 PID: 5029 Comm: systemd-journal Not tainted 5.8.0-rc7-syzkaller #0 [ 2924.313103][ T5029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2924.323132][ T5029] Call Trace: [ 2924.326389][ T5029] dump_stack+0x10f/0x19d [ 2924.330695][ T5029] dump_header+0x8e/0x400 [ 2924.335186][ T5029] oom_kill_process+0x18d/0x3f0 [ 2924.340138][ T5029] out_of_memory+0x5bd/0x880 [ 2924.344692][ T5029] ? get_page_from_freelist+0x127/0x3c0 [ 2924.350200][ T5029] __alloc_pages_slowpath+0x742/0x970 [ 2924.355543][ T5029] __alloc_pages_nodemask+0x235/0x390 [ 2924.360877][ T5029] alloc_pages_current+0x21d/0x310 [ 2924.365991][ T5029] __page_cache_alloc+0x4f/0x120 [ 2924.370952][ T5029] pagecache_get_page+0x494/0x8b0 [ 2924.375936][ T5029] ? __do_page_cache_readahead+0x96/0xb0 [ 2924.381531][ T5029] filemap_fault+0xba4/0x11e0 [ 2924.386176][ T5029] ext4_filemap_fault+0x4b/0x60 [ 2924.390988][ T5029] do_read_fault+0x41f/0x730 [ 2924.395615][ T5029] handle_mm_fault+0x135d/0x1930 [ 2924.400569][ T5029] do_user_addr_fault+0x393/0x810 [ 2924.405569][ T5029] exc_page_fault+0xb8/0x330 [ 2924.410130][ T5029] ? asm_exc_page_fault+0x8/0x30 [ 2924.415105][ T5029] asm_exc_page_fault+0x1e/0x30 [ 2924.419920][ T5029] RIP: 0033:0x7efc26bc52e3 [ 2924.424308][ T5029] Code: Bad RIP value. [ 2924.428336][ T5029] RSP: 002b:00007fff65439748 EFLAGS: 00010246 [ 2924.434361][ T5029] RAX: 0000000000000001 RBX: 000055eeda6141e0 RCX: 00007efc26bc52e3 [ 2924.442294][ T5029] RDX: 0000000000000014 RSI: 00007fff65439750 RDI: 0000000000000008 [ 2924.450231][ T5029] RBP: 00007fff65439940 R08: 0000061facc16648 R09: 00007fff654a0080 [ 2924.458164][ T5029] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff65439750 [ 2924.466145][ T5029] R13: 0000000000000001 R14: ffffffffffffffff R15: 0005ab7b087fda9b [ 2924.474357][ T5029] Mem-Info: [ 2924.477455][ T5029] active_anon:211108 inactive_anon:6938 isolated_anon:0 [ 2924.477455][ T5029] active_file:48 inactive_file:32 isolated_file:0 [ 2924.477455][ T5029] unevictable:11 dirty:0 writeback:0 [ 2924.477455][ T5029] slab_reclaimable:7530 slab_unreclaimable:25655 [ 2924.477455][ T5029] mapped:55199 shmem:7147 pagetables:4524 bounce:0 [ 2924.477455][ T5029] free:26569 free_pcp:1356 free_cma:0 [ 2924.514126][ T5029] Node 0 active_anon:843896kB inactive_anon:27744kB active_file:80kB inactive_file:48kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220756kB dirty:0kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 567296kB writeback_tmp:0kB all_unreclaimable? yes [ 2924.541628][ T5029] Node 1 active_anon:536kB inactive_anon:8kB active_file:112kB inactive_file:80kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:40kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2924.567373][ T5029] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2924.596302][ T5029] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2924.601992][ T5029] Node 0 DMA32 free:37356kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:527428kB inactive_anon:8kB active_file:164kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2200kB pagetables:10360kB bounce:0kB free_pcp:760kB local_pcp:288kB free_cma:0kB [ 2924.603249][T26593] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2924.633676][ T5029] lowmem_reserve[]: 0 0 707 707 707 [ 2924.646726][ T5029] Node 0 Normal free:8496kB min:10716kB low:12880kB high:15044kB reserved_highatomic:0KB active_anon:316468kB inactive_anon:27736kB active_file:460kB inactive_file:340kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4272kB pagetables:7728kB bounce:0kB free_pcp:2624kB local_pcp:1300kB free_cma:0kB [ 2924.647046][ T3323] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2924.678845][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2924.691522][ T5029] Node 1 Normal free:46020kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:536kB inactive_anon:8kB active_file:12kB inactive_file:64kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:2040kB local_pcp:1288kB free_cma:0kB [ 2924.692492][T26593] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2924.722439][ T5029] lowmem_reserve[]: 0 0 0 0 0 [ 2924.735369][ T5029] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2924.748363][ T5029] Node 0 DMA32: 52*4kB (UE) 800*8kB (ME) 434*16kB (UME) 172*32kB (UM) 40*64kB (UM) 3*128kB (M) 1*256kB (M) 1*512kB (U) 0*1024kB 3*2048kB (UM) 2*4096kB (U) = 37104kB [ 2924.764913][ T5029] Node 0 Normal: 425*4kB (UME) 411*8kB (UME) 123*16kB (UME) 29*32kB (ME) 13*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8716kB [ 2924.779696][ T5029] Node 1 Normal: 127*4kB (ME) 145*8kB (UME) 120*16kB (ME) 64*32kB (UME) 35*64kB (UME) 14*128kB (ME) 14*256kB (UM) 6*512kB (M) 1*1024kB (E) 2*2048kB (UM) 6*4096kB (U) = 46020kB [ 2924.797262][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2924.806799][ T5029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2924.816060][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2924.825594][ T5029] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2924.834943][ T5029] 7223 total pagecache pages [ 2924.839492][ T5029] 0 pages in swap cache [ 2924.843624][ T5029] Swap cache stats: add 0, delete 0, find 0/0 [ 2924.849660][ T5029] Free swap = 0kB [ 2924.853359][ T5029] Total swap = 0kB [ 2924.857044][ T5029] 1965979 pages RAM [ 2924.860809][ T5029] 0 pages HighMem/MovableOnly [ 2924.865469][ T5029] 83163 pages reserved [ 2924.869496][ T5029] 0 pages cma reserved [ 2924.873544][ T5029] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=19333,uid=0 [ 2924.887778][ T5029] Out of memory: Killed process 19333 (syz-executor.1) total-vm:74976kB, anon-rss:2220kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2924.904560][ T1931] oom_reaper: reaped process 19333 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2925.134480][ T1931] oom_reaper: reaped process 6581 (syz-executor.4), now anon-rss:0kB, file-rss:34752kB, shmem-rss:0kB [ 2925.167200][ T8250] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2925.184397][ T8250] CPU: 1 PID: 8250 Comm: in:imklog Not tainted 5.8.0-rc7-syzkaller #0 [ 2925.192517][ T8250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2925.202542][ T8250] Call Trace: [ 2925.205811][ T8250] dump_stack+0x10f/0x19d [ 2925.210114][ T8250] dump_header+0x8e/0x400 [ 2925.214418][ T8250] oom_kill_process+0x18d/0x3f0 [ 2925.219232][ T8250] out_of_memory+0x5bd/0x880 [ 2925.223783][ T8250] ? get_page_from_freelist+0x127/0x3c0 [ 2925.229293][ T8250] __alloc_pages_slowpath+0x742/0x970 [ 2925.234655][ T8250] __alloc_pages_nodemask+0x235/0x390 [ 2925.240044][ T8250] alloc_pages_current+0x21d/0x310 [ 2925.245117][ T8250] __page_cache_alloc+0x4f/0x120 [ 2925.250016][ T8250] pagecache_get_page+0x494/0x8b0 [ 2925.255001][ T8250] ? __do_page_cache_readahead+0x96/0xb0 [ 2925.260593][ T8250] filemap_fault+0xba4/0x11e0 [ 2925.265235][ T8250] ext4_filemap_fault+0x4b/0x60 [ 2925.270046][ T8250] do_read_fault+0x41f/0x730 [ 2925.274599][ T8250] handle_mm_fault+0x135d/0x1930 [ 2925.279500][ T8250] do_user_addr_fault+0x393/0x810 [ 2925.284531][ T8250] exc_page_fault+0xb8/0x330 [ 2925.289148][ T8250] ? asm_exc_page_fault+0x8/0x30 [ 2925.294048][ T8250] asm_exc_page_fault+0x1e/0x30 [ 2925.298861][ T8250] RIP: 0033:0x7f2a5dc6afd0 [ 2925.303251][ T8250] Code: Bad RIP value. [ 2925.307278][ T8250] RSP: 002b:00007f2a5c5849c0 EFLAGS: 00010202 [ 2925.313302][ T8250] RAX: 00000000fbad8001 RBX: 00007f2a5dd78fe6 RCX: 0000000000000000 [ 2925.321249][ T8250] RDX: 0000000000000000 RSI: 00007f2a5dd77a25 RDI: 0000000000000001 [ 2925.329184][ T8250] RBP: 00007f2a5c5850a0 R08: 0000000000000000 R09: 00007f2a5c5852cc [ 2925.337118][ T8250] R10: 0000000000000000 R11: 0036a3f383111dd1 R12: 00007f2a5c5851d8 [ 2925.345059][ T8250] R13: 00007f2a5c5850b0 R14: 0000000000001f9f R15: 00007f2a5c5853d0 [ 2925.353463][ T8250] Mem-Info: [ 2925.356601][T24244] net_ratelimit: 1 callbacks suppressed [ 2925.356605][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2925.361010][ T6581] syz-executor.4: vmalloc: allocation failure, allocated 2481614848 of 3724722176 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 2925.362245][ T8250] active_anon:210030 inactive_anon:6938 isolated_anon:0 [ 2925.362245][ T8250] active_file:46 inactive_file:0 isolated_file:0 [ 2925.362245][ T8250] unevictable:11 dirty:0 writeback:0 [ 2925.362245][ T8250] slab_reclaimable:7530 slab_unreclaimable:25655 [ 2925.362245][ T8250] mapped:55216 shmem:7147 pagetables:4498 bounce:0 [ 2925.362245][ T8250] free:15380 free_pcp:270 free_cma:0 [ 2925.372964][ T6581] CPU: 0 PID: 6581 Comm: syz-executor.4 Not tainted 5.8.0-rc7-syzkaller #0 [ 2925.386650][ T8250] Node 0 active_anon:839584kB inactive_anon:27744kB active_file:56kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220864kB dirty:0kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 565248kB writeback_tmp:0kB all_unreclaimable? yes [ 2925.422854][ T6581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2925.422856][ T6581] Call Trace: [ 2925.431472][ T8250] Node 1 active_anon:536kB inactive_anon:8kB active_file:128kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2925.458889][ T6581] dump_stack+0x10f/0x19d [ 2925.458902][ T6581] warn_alloc+0x105/0x160 [ 2925.468941][ T8250] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2925.472179][ T6581] __vmalloc_node_range+0x458/0x530 [ 2925.497796][ T8250] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2925.502060][ T6581] vmalloc_user+0x55/0x60 [ 2925.506395][ T8250] Node 0 DMA32 free:20052kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:525380kB inactive_anon:8kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2184kB pagetables:10256kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2925.535366][ T6581] ? vb2_vmalloc_alloc+0x8f/0x120 [ 2925.535388][ T6581] vb2_vmalloc_alloc+0x8f/0x120 [ 2925.535396][ T6581] ? tsan.module_ctor+0x10/0x10 [ 2925.535403][ T6581] __vb2_queue_alloc+0x4fe/0xaf0 [ 2925.535434][ T6581] vb2_core_create_bufs+0x334/0x570 [ 2925.535447][ T6581] vb2_create_bufs+0x419/0x560 [ 2925.540601][ T8250] lowmem_reserve[]: 0 0 707 707 707 [ 2925.546341][ T6581] vb2_ioctl_create_bufs+0x2b3/0x310 [ 2925.546356][ T6581] v4l_create_bufs+0x15e/0x1b0 [ 2925.550642][ T8250] Node 0 Normal free:4284kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:314204kB inactive_anon:27736kB active_file:316kB inactive_file:152kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4272kB pagetables:7728kB bounce:0kB free_pcp:584kB local_pcp:336kB free_cma:0kB [ 2925.581760][ T6581] __video_do_ioctl+0x65b/0x870 [ 2925.581770][ T6581] ? __video_do_ioctl+0x2e1/0x870 [ 2925.581779][ T6581] ? __check_object_size+0x253/0x310 [ 2925.581792][ T6581] video_usercopy+0x6da/0xfc0 [ 2925.586791][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2925.591594][ T6581] ? video_ioctl2+0x30/0x30 [ 2925.596411][ T8250] Node 1 Normal free:22876kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:536kB inactive_anon:8kB active_file:52kB inactive_file:48kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2925.601355][ T6581] ? putname+0xa5/0xc0 [ 2925.606556][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2925.611291][ T6581] ? do_vfs_ioctl+0x4f1/0xec0 [ 2925.616453][ T8250] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2925.621701][ T6581] video_ioctl2+0x25/0x30 [ 2925.626480][ T8250] Node 0 DMA32: 61*4kB (UME) 766*8kB (UME) 407*16kB (UME) 154*32kB (UM) 35*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 20052kB [ 2925.658142][ T6581] ? video_usercopy+0xfc0/0xfc0 [ 2925.658150][ T6581] v4l2_ioctl+0xc2/0xd0 [ 2925.658159][ T6581] ? v4l2_poll+0x150/0x150 [ 2925.658167][ T6581] __se_sys_ioctl+0xc9/0x130 [ 2925.658209][ T6581] __x64_sys_ioctl+0x3f/0x50 [ 2925.662985][ T8250] Node 0 Normal: 492*4kB (UME) 161*8kB (ME) 55*16kB (UME) 9*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4424kB [ 2925.667979][ T6581] do_syscall_64+0x51/0xb0 [ 2925.673230][ T8250] Node 1 Normal: 45*4kB (UME) 45*8kB (UME) 40*16kB (UME) 44*32kB (UME) 30*64kB (UME) 22*128kB (UME) 15*256kB (UM) 7*512kB (UM) 4*1024kB (UME) 2*2048kB (M) 0*4096kB = 22940kB [ 2925.677868][ T6581] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2925.682503][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2925.686968][ T6581] RIP: 0033:0x45c369 [ 2925.686989][ T6581] Code: Bad RIP value. [ 2925.717531][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2925.721563][ T6581] RSP: 002b:00007fae9a16dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2925.726276][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2925.730906][ T6581] RAX: ffffffffffffffda RBX: 0000000000019f40 RCX: 000000000045c369 [ 2925.745537][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2925.749816][ T6581] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 2925.764601][ T8250] 7199 total pagecache pages [ 2925.769339][ T6581] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2925.773468][ T8250] 0 pages in swap cache [ 2925.777855][ T6581] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2925.782476][ T8250] Swap cache stats: add 0, delete 0, find 0/0 [ 2925.786957][ T6581] R13: 00007ffd6fc37fff R14: 00007fae9a16e9c0 R15: 000000000078bf0c [ 2925.793596][ T6581] Mem-Info: [ 2925.800916][ T8250] Free swap = 0kB [ 2925.810113][ T6581] active_anon:210030 inactive_anon:6938 isolated_anon:0 [ 2925.810113][ T6581] active_file:46 inactive_file:0 isolated_file:0 [ 2925.810113][ T6581] unevictable:11 dirty:0 writeback:0 [ 2925.810113][ T6581] slab_reclaimable:7530 slab_unreclaimable:25655 [ 2925.810113][ T6581] mapped:55216 shmem:7147 pagetables:4498 bounce:0 [ 2925.810113][ T6581] free:15380 free_pcp:270 free_cma:0 [ 2925.822502][ T8250] Total swap = 0kB [ 2925.835298][ T6581] Node 0 active_anon:839584kB inactive_anon:27744kB active_file:56kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220864kB dirty:0kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 565248kB writeback_tmp:0kB all_unreclaimable? yes [ 2925.837897][ T8250] 1965979 pages RAM [ 2925.841760][ T6581] Node 1 active_anon:536kB inactive_anon:8kB active_file:128kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2925.845836][ T8250] 0 pages HighMem/MovableOnly [ 2925.845842][ T8250] 83163 pages reserved [ 2925.845844][ T8250] 0 pages cma reserved [ 2925.845854][ T8250] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=18544,uid=0 [ 2925.859877][ T6581] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2925.863510][ T8250] Out of memory: Killed process 18544 (syz-executor.1) total-vm:74976kB, anon-rss:2220kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2926.114176][T26593] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2926.120561][ T6581] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2926.127925][ T6581] Node 0 DMA32 free:20052kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:525380kB inactive_anon:8kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2184kB pagetables:10256kB bounce:0kB free_pcp:264kB local_pcp:16kB free_cma:0kB [ 2926.161215][ T6577] systemd-rfkill invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2926.173626][ T6577] CPU: 1 PID: 6577 Comm: systemd-rfkill Not tainted 5.8.0-rc7-syzkaller #0 [ 2926.182182][ T6577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2926.192213][ T6577] Call Trace: [ 2926.195481][ T6577] dump_stack+0x10f/0x19d [ 2926.199866][ T6577] dump_header+0x8e/0x400 [ 2926.200994][ T6581] lowmem_reserve[]: 0 0 707 707 707 [ 2926.204168][ T6577] oom_kill_process+0x18d/0x3f0 [ 2926.204176][ T6577] out_of_memory+0x5bd/0x880 [ 2926.204188][ T6577] ? get_page_from_freelist+0x127/0x3c0 [ 2926.209345][ T6581] Node 0 Normal free:5176kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:314112kB inactive_anon:27736kB active_file:76kB inactive_file:20kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4272kB pagetables:7724kB bounce:0kB free_pcp:320kB local_pcp:320kB free_cma:0kB [ 2926.214160][ T6577] __alloc_pages_slowpath+0x742/0x970 [ 2926.214172][ T6577] __alloc_pages_nodemask+0x235/0x390 [ 2926.218727][ T6581] lowmem_reserve[]: 0 0 0 0 0 [ 2926.224239][ T6577] alloc_pages_current+0x21d/0x310 [ 2926.224253][ T6577] __page_cache_alloc+0x4f/0x120 [ 2926.255795][ T6581] Node 1 Normal free:23140kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:532kB inactive_anon:8kB active_file:52kB inactive_file:48kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2926.261130][ T6577] pagecache_get_page+0x494/0x8b0 [ 2926.266512][ T6581] lowmem_reserve[]: 0 0 0 0 0 [ 2926.271156][ T6577] ? __do_page_cache_readahead+0x96/0xb0 [ 2926.276228][ T6581] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2926.281132][ T6577] filemap_fault+0xba4/0x11e0 [ 2926.311482][ T6581] Node 0 DMA32: 85*4kB (UME) 797*8kB (UME) 408*16kB (UME) 155*32kB (UM) 35*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 22492kB [ 2926.316457][ T6577] ext4_filemap_fault+0x4b/0x60 [ 2926.316604][ T6577] do_read_fault+0x41f/0x730 [ 2926.321100][ T6581] Node 0 Normal: 530*4kB (UME) 177*8kB (UME) 71*16kB (UME) 9*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4960kB [ 2926.326775][ T6577] handle_mm_fault+0x135d/0x1930 [ 2926.326838][ T6577] do_user_addr_fault+0x393/0x810 [ 2926.341573][ T6581] Node 1 Normal: 42*4kB (UME) 41*8kB (ME) 39*16kB (UME) 42*32kB (UME) 28*64kB (UME) 22*128kB (UME) 15*256kB (M) 6*512kB (M) 3*1024kB (ME) 3*2048kB (UM) 0*4096kB = 23200kB [ 2926.346297][ T6577] exc_page_fault+0xb8/0x330 [ 2926.346313][ T6577] ? asm_exc_page_fault+0x8/0x30 [ 2926.361375][ T6581] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2926.366181][ T6577] asm_exc_page_fault+0x1e/0x30 [ 2926.366191][ T6577] RIP: 0033:0x7fa66c8a292d [ 2926.370743][ T6581] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2926.384778][ T6577] Code: Bad RIP value. [ 2926.389710][ T6581] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2926.394660][ T6577] RSP: 002b:00007ffc3f1da3c0 EFLAGS: 00010246 [ 2926.394723][ T6577] RAX: 0000000000000000 RBX: 000055f0b9446040 RCX: 00007fa66c8a292d [ 2926.394733][ T6577] RDX: 00007ffc3f1da3d0 RSI: 0000000000000001 RDI: 00007ffc3f1da408 [ 2926.411617][ T6581] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2926.416158][ T6577] RBP: 00007ffc3f1da478 R08: 0000000000000008 R09: 0000000000000005 [ 2926.416163][ T6577] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000000000b [ 2926.416171][ T6577] R13: 00007ffc3f1da470 R14: 0000000000000001 R15: 0000000000000003 [ 2926.421066][ T6581] 7205 total pagecache pages [ 2926.432131][ T6577] Mem-Info: [ 2926.446225][ T6581] 0 pages in swap cache [ 2926.449390][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2926.460197][ T6581] Swap cache stats: add 0, delete 0, find 0/0 [ 2926.466915][ T6577] active_anon:209488 inactive_anon:6938 isolated_anon:0 [ 2926.466915][ T6577] active_file:42 inactive_file:16 isolated_file:0 [ 2926.466915][ T6577] unevictable:11 dirty:0 writeback:0 [ 2926.466915][ T6577] slab_reclaimable:7530 slab_unreclaimable:25630 [ 2926.466915][ T6577] mapped:55183 shmem:7147 pagetables:4460 bounce:0 [ 2926.466915][ T6577] free:16256 free_pcp:4 free_cma:0 [ 2926.468870][ T6581] Free swap = 0kB [ 2926.476771][ T6577] Node 0 active_anon:837420kB inactive_anon:27744kB active_file:116kB inactive_file:16kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220732kB dirty:0kB writeback:0kB shmem:28580kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 563200kB writeback_tmp:0kB all_unreclaimable? no [ 2926.476793][ T6577] Node 1 active_anon:532kB inactive_anon:8kB active_file:52kB inactive_file:48kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2926.493103][ T6581] Total swap = 0kB [ 2926.494043][ T6577] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2926.501971][ T6581] 1965979 pages RAM [ 2926.509919][ T6577] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2926.509930][ T6577] Node 0 DMA32 free:22400kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:523332kB inactive_anon:8kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2184kB pagetables:10108kB bounce:0kB free_pcp:16kB local_pcp:0kB free_cma:0kB [ 2926.509992][ T6577] lowmem_reserve[]: 0 0 707 707 707 [ 2926.550094][ T6581] 0 pages HighMem/MovableOnly [ 2926.580090][ T6577] Node 0 Normal free:5176kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:314112kB inactive_anon:27736kB active_file:76kB inactive_file:20kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4272kB pagetables:7724kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2926.602532][ T6581] 83163 pages reserved [ 2926.611202][ T6577] lowmem_reserve[]: 0 0 0 0 0 [ 2926.611213][ T6577] Node 1 Normal free:23140kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:532kB inactive_anon:8kB active_file:52kB inactive_file:48kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:8kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2926.611299][ T6577] lowmem_reserve[]: 0 0 0 0 0 [ 2926.645870][ T6581] 0 pages cma reserved [ 2926.669475][ T6577] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2926.813854][ T6577] Node 0 DMA32: 85*4kB (UME) 797*8kB (UME) 408*16kB (UME) 155*32kB (UM) 35*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 22492kB [ 2926.829078][ T6577] Node 0 Normal: 610*4kB (UME) 177*8kB (UME) 71*16kB (UME) 9*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5280kB [ 2926.843365][ T6577] Node 1 Normal: 5*4kB (UE) 4*8kB (UME) 5*16kB (UME) 39*32kB (UME) 30*64kB (UME) 23*128kB (UME) 16*256kB (UM) 7*512kB (UM) 3*1024kB (ME) 4*2048kB (UM) 154*4096kB (U) = 655972kB [ 2926.860950][ T6577] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2926.870633][ T6577] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2926.880588][ T6577] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2926.890819][ T6577] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2926.900526][ T6577] 7780 total pagecache pages [ 2926.905516][ T6577] 0 pages in swap cache [ 2926.910120][ T6577] Swap cache stats: add 0, delete 0, find 0/0 [ 2926.916640][ T6577] Free swap = 0kB [ 2926.920766][ T6577] Total swap = 0kB [ 2926.924889][ T6577] 1965979 pages RAM [ 2926.929061][ T6577] 0 pages HighMem/MovableOnly [ 2926.934396][ T6577] 83163 pages reserved [ 2926.939630][ T6577] 0 pages cma reserved [ 2926.944566][ T6577] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=18469,uid=0 [ 2926.959575][ T6577] Out of memory: Killed process 18469 (syz-executor.1) total-vm:74976kB, anon-rss:2220kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2927.473292][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:03:19 executing program 1: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) write$vhci(0xffffffffffffffff, &(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) bind$bt_hci(r0, &(0x7f00000000c0)={0x1f, 0x3}, 0x6) 07:03:19 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) socket$unix(0x1, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 07:03:19 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x156, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc1"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:03:19 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 07:03:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:03:19 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:03:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r6 = dup(r5) syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) 07:03:19 executing program 1: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vhci\x00', 0x2a402) write$vhci(r0, &(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) bind$bt_hci(0xffffffffffffffff, &(0x7f00000000c0)={0x1f, 0x3}, 0x6) 07:03:19 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r4 = dup(r3) syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 07:03:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 07:03:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 07:03:19 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x14b, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd0"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:03:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r6 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/seq\x00', 0x0) r7 = dup(r6) syz_kvm_setup_cpu$x86(r7, r5, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) [ 2928.242816][ T9218] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 2928.512904][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2928.512924][ T9218] usb 4-1: Using ep0 maxpacket: 8 [ 2928.662831][ T9218] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2928.843702][ T9218] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2928.854242][ T9218] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2928.862306][ T9218] usb 4-1: Product: syz [ 2928.867658][ T9218] usb 4-1: Manufacturer: syz [ 2928.872362][ T9218] usb 4-1: SerialNumber: syz [ 2929.152833][T26593] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2929.553045][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2929.793126][T21547] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2929.801755][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2929.810160][T26593] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2930.002719][ T9218] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2930.010338][ T9218] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2930.027027][ T9218] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2930.214921][ T9218] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2930.244754][ T9218] usb 4-1: USB disconnect, device number 73 [ 2930.258522][ T9218] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 2930.592745][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2931.632946][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2932.046967][ T1931] oom_reaper: reaped process 6671 (syz-executor.4), now anon-rss:0kB, file-rss:34752kB, shmem-rss:0kB [ 2932.069959][ T8250] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2932.090129][ T8250] CPU: 1 PID: 8250 Comm: in:imklog Not tainted 5.8.0-rc7-syzkaller #0 [ 2932.098263][ T8250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2932.108288][ T8250] Call Trace: [ 2932.111572][ T8250] dump_stack+0x10f/0x19d [ 2932.115883][ T8250] dump_header+0x8e/0x400 [ 2932.120176][ T8250] oom_kill_process+0x18d/0x3f0 [ 2932.124990][ T8250] out_of_memory+0x5bd/0x880 [ 2932.129541][ T8250] ? get_page_from_freelist+0x127/0x3c0 [ 2932.135047][ T8250] __alloc_pages_slowpath+0x742/0x970 [ 2932.140380][ T8250] __alloc_pages_nodemask+0x235/0x390 [ 2932.145774][ T8250] alloc_pages_current+0x21d/0x310 [ 2932.150876][ T8250] __page_cache_alloc+0x4f/0x120 [ 2932.155787][ T8250] pagecache_get_page+0x494/0x8b0 [ 2932.160859][ T8250] ? __do_page_cache_readahead+0x96/0xb0 [ 2932.166452][ T8250] filemap_fault+0xba4/0x11e0 [ 2932.171103][ T8250] ext4_filemap_fault+0x4b/0x60 [ 2932.175915][ T8250] do_read_fault+0x41f/0x730 [ 2932.180467][ T8250] handle_mm_fault+0x135d/0x1930 [ 2932.185371][ T8250] do_user_addr_fault+0x393/0x810 [ 2932.190358][ T8250] exc_page_fault+0xb8/0x330 [ 2932.194910][ T8250] ? asm_exc_page_fault+0x8/0x30 [ 2932.199808][ T8250] asm_exc_page_fault+0x1e/0x30 [ 2932.204618][ T8250] RIP: 0033:0x7f2a5ebe922d [ 2932.209015][ T8250] Code: Bad RIP value. [ 2932.213052][ T8250] RSP: 002b:00007f2a5c585580 EFLAGS: 00010293 [ 2932.219077][ T8250] RAX: 000000000000007e RBX: 0000000000000000 RCX: 00007f2a5ebe922d [ 2932.227107][ T8250] RDX: 0000000000001fa0 RSI: 00007f2a5c585da0 RDI: 0000000000000004 [ 2932.235039][ T8250] RBP: 000055653d0f99d0 R08: 0000000000000000 R09: 0000000004000001 [ 2932.242975][ T8250] R10: 0000000000000001 R11: 0000000000000293 R12: 00007f2a5c585da0 [ 2932.250911][ T8250] R13: 0000000000001fa0 R14: 0000000000001f9f R15: 00007f2a5c585dfd [ 2932.272598][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2932.289595][ T8250] Mem-Info: [ 2932.296208][ T8250] active_anon:209491 inactive_anon:6939 isolated_anon:0 [ 2932.296208][ T8250] active_file:8 inactive_file:27 isolated_file:0 [ 2932.296208][ T8250] unevictable:11 dirty:0 writeback:0 [ 2932.296208][ T8250] slab_reclaimable:7530 slab_unreclaimable:25668 [ 2932.296208][ T8250] mapped:55211 shmem:7149 pagetables:4474 bounce:0 [ 2932.296208][ T8250] free:19829 free_pcp:321 free_cma:0 [ 2932.332790][ T8250] Node 0 active_anon:837416kB inactive_anon:27748kB active_file:12kB inactive_file:80kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220844kB dirty:0kB writeback:0kB shmem:28588kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 563200kB writeback_tmp:0kB all_unreclaimable? yes [ 2932.361647][ T8250] Node 1 active_anon:548kB inactive_anon:8kB active_file:20kB inactive_file:328kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2932.391063][ T8250] Node 0 DMA free:14308kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2932.421010][ T8250] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2932.427285][ T8250] Node 0 DMA32 free:22044kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:521352kB inactive_anon:12kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2168kB pagetables:10052kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2932.459722][ T8250] lowmem_reserve[]: 0 0 707 707 707 [ 2932.466000][ T8250] Node 0 Normal free:6900kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:316064kB inactive_anon:27736kB active_file:12kB inactive_file:76kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4272kB pagetables:7824kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2932.498373][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2932.503057][ T8250] Node 1 Normal free:1010292kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:548kB inactive_anon:8kB active_file:20kB inactive_file:3728kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:8kB pagetables:20kB bounce:0kB free_pcp:1792kB local_pcp:296kB free_cma:0kB [ 2932.534413][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2932.539233][ T8250] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14308kB [ 2932.554905][ T8250] Node 0 DMA32: 64*4kB (UME) 819*8kB (ME) 418*16kB (UME) 167*32kB (UM) 40*64kB (UM) 5*128kB (UM) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 22040kB [ 2932.570121][ T8250] Node 0 Normal: 793*4kB (UME) 286*8kB (UME) 72*16kB (ME) 18*32kB (UME) 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7252kB [ 2932.584623][ T8250] Node 1 Normal: 10*4kB (UE) 12*8kB (UE) 18*16kB (UE) 7*32kB (UE) 14*64kB (UME) 21*128kB (UME) 23*256kB (UM) 17*512kB (UM) 10*1024kB (UME) 10*2048kB (UM) 338*4096kB (U) = 1433992kB [ 2932.603689][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2932.613387][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2932.622731][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2932.632453][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2932.641705][ T8250] 8184 total pagecache pages [ 2932.647386][ T8250] 0 pages in swap cache [ 2932.651516][ T8250] Swap cache stats: add 0, delete 0, find 0/0 [ 2932.657567][ T8250] Free swap = 0kB [ 2932.661405][ T8250] Total swap = 0kB [ 2932.665206][ T8250] 1965979 pages RAM [ 2932.669291][ T8250] 0 pages HighMem/MovableOnly [ 2932.674313][ T8250] 83163 pages reserved [ 2932.675143][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2932.678479][ T8250] 0 pages cma reserved [ 2932.690456][ T8250] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=17698,uid=0 [ 2932.705753][ T8250] Out of memory: Killed process 17698 (syz-executor.1) total-vm:74976kB, anon-rss:2220kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2932.726165][ T1931] oom_reaper: reaped process 17698 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 07:03:25 executing program 2: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) r1 = socket$unix(0x1, 0x2, 0x0) fcntl$dupfd(r1, 0x0, r1) 07:03:25 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 07:03:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x156, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc1"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:03:25 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x14b, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd0"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:03:25 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) [ 2933.712810][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2933.743321][T26593] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 2934.012370][T26593] usb 4-1: Using ep0 maxpacket: 8 [ 2934.152446][T26593] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2934.332320][T26593] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2934.341534][T26593] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2934.362314][T26593] usb 4-1: Product: syz [ 2934.366463][T26593] usb 4-1: Manufacturer: syz [ 2934.371060][T26593] usb 4-1: SerialNumber: syz [ 2934.753147][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2935.312301][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2935.472247][T26593] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 2935.481571][T26593] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 2935.496608][T26593] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 2935.684132][T26593] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM, 42:42:42:42:42:42 [ 2935.714863][T26593] usb 4-1: USB disconnect, device number 74 [ 2935.729574][T26593] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM [ 2935.794689][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:03:27 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) [ 2936.473244][T26593] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 2936.723311][T26593] usb 4-1: Using ep0 maxpacket: 8 [ 2936.832363][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2936.853225][T26593] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2937.043332][T26593] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2937.063042][T26593] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2937.071038][T26593] usb 4-1: Product: syz [ 2937.076145][T26593] usb 4-1: Manufacturer: syz [ 2937.081669][T26593] usb 4-1: SerialNumber: syz [ 2937.512353][ T8250] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2937.523121][ T8250] CPU: 0 PID: 8250 Comm: in:imklog Not tainted 5.8.0-rc7-syzkaller #0 [ 2937.531249][ T8250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2937.541273][ T8250] Call Trace: [ 2937.544579][ T8250] dump_stack+0x10f/0x19d [ 2937.548881][ T8250] dump_header+0x8e/0x400 [ 2937.553220][ T8250] oom_kill_process+0x18d/0x3f0 [ 2937.558045][ T8250] out_of_memory+0x5bd/0x880 [ 2937.562612][ T8250] ? get_page_from_freelist+0x127/0x3c0 [ 2937.568127][ T8250] __alloc_pages_slowpath+0x742/0x970 [ 2937.573489][ T8250] __alloc_pages_nodemask+0x235/0x390 [ 2937.578838][ T8250] alloc_pages_current+0x21d/0x310 [ 2937.583916][ T8250] __page_cache_alloc+0x4f/0x120 [ 2937.588823][ T8250] pagecache_get_page+0x494/0x8b0 [ 2937.593816][ T8250] ? __do_page_cache_readahead+0x96/0xb0 [ 2937.599420][ T8250] filemap_fault+0xba4/0x11e0 [ 2937.604071][ T8250] ext4_filemap_fault+0x4b/0x60 [ 2937.608894][ T8250] do_read_fault+0x41f/0x730 [ 2937.613462][ T8250] handle_mm_fault+0x135d/0x1930 [ 2937.618375][ T8250] do_user_addr_fault+0x393/0x810 [ 2937.623373][ T8250] exc_page_fault+0xb8/0x330 [ 2937.627939][ T8250] ? asm_exc_page_fault+0x8/0x30 [ 2937.632938][ T8250] asm_exc_page_fault+0x1e/0x30 [ 2937.637760][ T8250] RIP: 0033:0x7f2a5ebe8ae0 [ 2937.642154][ T8250] Code: Bad RIP value. [ 2937.646194][ T8250] RSP: 002b:00007f2a5c5849b8 EFLAGS: 00010202 [ 2937.652229][ T8250] RAX: 00007f2a5ebe8ae0 RBX: 00007f2a5dd78fe6 RCX: 0000000000000000 [ 2937.660172][ T8250] RDX: 00007f2a5c5850b0 RSI: 00007f2a5ebea090 RDI: 00007f2a5c584b10 [ 2937.668113][ T8250] RBP: 00007f2a5c5850a0 R08: 0000000000000000 R09: 00007f2a5c5852cc [ 2937.676068][ T8250] R10: 0000000000000000 R11: 0004099ab41b7065 R12: 00007f2a5c5851d8 [ 2937.684039][ T8250] R13: 00007f2a5c5850b0 R14: 0000000000001f9f R15: 00007f2a5c5853d0 [ 2937.732001][ T8250] Mem-Info: [ 2937.735147][ T8250] active_anon:210449 inactive_anon:6938 isolated_anon:0 [ 2937.735147][ T8250] active_file:21 inactive_file:0 isolated_file:0 [ 2937.735147][ T8250] unevictable:11 dirty:0 writeback:0 [ 2937.735147][ T8250] slab_reclaimable:7529 slab_unreclaimable:25640 [ 2937.735147][ T8250] mapped:55275 shmem:7148 pagetables:4478 bounce:0 [ 2937.735147][ T8250] free:26652 free_pcp:0 free_cma:0 [ 2937.869711][ T8250] Node 0 active_anon:841192kB inactive_anon:27744kB active_file:0kB inactive_file:36kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220980kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 565248kB writeback_tmp:0kB all_unreclaimable? yes [ 2937.897404][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2937.981569][ T8250] Node 1 active_anon:604kB inactive_anon:8kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:120kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2938.065006][ T8250] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2938.103476][ T8250] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2938.109758][ T8250] Node 0 DMA32 free:37680kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:519300kB inactive_anon:8kB active_file:8kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2152kB pagetables:10000kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2938.149430][ T8250] lowmem_reserve[]: 0 0 707 707 707 [ 2938.156339][ T8250] Node 0 Normal free:8788kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:319764kB inactive_anon:27736kB active_file:1052kB inactive_file:1052kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4256kB pagetables:7688kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2938.211208][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2938.215996][ T8250] Node 1 Normal free:46104kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:604kB inactive_anon:8kB active_file:16kB inactive_file:192kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:56kB pagetables:124kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2938.246860][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2938.251570][ T8250] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2938.265681][ T8250] Node 0 DMA32: 64*4kB (ME) 850*8kB (ME) 432*16kB (ME) 171*32kB (M) 39*64kB (M) 3*128kB (UM) 0*256kB 2*512kB (UM) 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 37680kB [ 2938.291466][ T8250] Node 0 Normal: 734*4kB (UME) 315*8kB (UME) 88*16kB (ME) 17*32kB (UME) 6*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7792kB [ 2938.307167][ T8250] Node 1 Normal: 52*4kB (UME) 46*8kB (UME) 44*16kB (ME) 33*32kB (UME) 28*64kB (UME) 20*128kB (UME) 9*256kB (UM) 7*512kB (UM) 5*1024kB (ME) 2*2048kB (M) 6*4096kB (U) = 46368kB [ 2938.324491][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2938.334007][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2938.343484][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2938.353012][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2938.362330][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2938.370416][ T8250] 7242 total pagecache pages [ 2938.375825][ T8250] 0 pages in swap cache [ 2938.379942][ T8250] Swap cache stats: add 0, delete 0, find 0/0 [ 2938.385975][ T8250] Free swap = 0kB [ 2938.389678][ T8250] Total swap = 0kB [ 2938.393368][ T8250] 1965979 pages RAM [ 2938.397134][ T8250] 0 pages HighMem/MovableOnly [ 2938.401766][ T8250] 83163 pages reserved [ 2938.406364][ T8250] 0 pages cma reserved [ 2938.410405][ T8250] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=16960,uid=0 [ 2938.424688][ T8250] Out of memory: Killed process 16960 (syz-executor.1) total-vm:74976kB, anon-rss:2220kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2938.441374][ T1931] oom_reaper: reaped process 16960 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2938.912762][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2939.313671][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2939.676511][T21814] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2939.736577][T21814] CPU: 0 PID: 21814 Comm: syz-executor.3 Not tainted 5.8.0-rc7-syzkaller #0 [ 2939.745312][T21814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2939.755334][T21814] Call Trace: [ 2939.758674][T21814] dump_stack+0x10f/0x19d [ 2939.762992][T21814] dump_header+0x8e/0x400 [ 2939.767331][T21814] oom_kill_process+0x18d/0x3f0 [ 2939.772166][T21814] out_of_memory+0x5bd/0x880 [ 2939.776781][T21814] ? get_page_from_freelist+0x127/0x3c0 [ 2939.782296][T21814] __alloc_pages_slowpath+0x742/0x970 [ 2939.787640][T21814] __alloc_pages_nodemask+0x235/0x390 [ 2939.792983][T21814] alloc_pages_current+0x21d/0x310 [ 2939.798138][T21814] __page_cache_alloc+0x4f/0x120 [ 2939.803053][T21814] pagecache_get_page+0x494/0x8b0 [ 2939.808061][T21814] ? __do_page_cache_readahead+0x96/0xb0 [ 2939.813733][T21814] filemap_fault+0xba4/0x11e0 [ 2939.818412][T21814] ext4_filemap_fault+0x4b/0x60 [ 2939.823238][T21814] do_read_fault+0x41f/0x730 [ 2939.827826][T21814] handle_mm_fault+0x135d/0x1930 [ 2939.832739][T21814] do_user_addr_fault+0x393/0x810 [ 2939.837737][T21814] exc_page_fault+0xb8/0x330 [ 2939.842295][T21814] ? asm_exc_page_fault+0x8/0x30 [ 2939.847218][T21814] asm_exc_page_fault+0x1e/0x30 [ 2939.852039][T21814] RIP: 0033:0x45c2f0 [ 2939.855911][T21814] Code: Bad RIP value. [ 2939.859945][T21814] RSP: 002b:00007ffc1631cd28 EFLAGS: 00010202 [ 2939.865977][T21814] RAX: 0000000000000000 RBX: 00000000002cd30b RCX: 000000000041618a [ 2939.873930][T21814] RDX: 0000000040000001 RSI: 00007ffc1631cd60 RDI: 00000000000003e8 [ 2939.881870][T21814] RBP: 000000000000067c R08: 0000000000000001 R09: 0000000001c70940 [ 2939.889817][T21814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 2939.897759][T21814] R13: 00007ffc1631cd60 R14: 00000000002cce95 R15: 00007ffc1631cd70 [ 2939.939233][T21814] Mem-Info: [ 2939.942458][T21814] active_anon:209399 inactive_anon:6938 isolated_anon:0 [ 2939.942458][T21814] active_file:17 inactive_file:7 isolated_file:0 [ 2939.942458][T21814] unevictable:11 dirty:0 writeback:0 [ 2939.942458][T21814] slab_reclaimable:7529 slab_unreclaimable:25641 [ 2939.942458][T21814] mapped:55222 shmem:7148 pagetables:4446 bounce:0 [ 2939.942458][T21814] free:26717 free_pcp:62 free_cma:0 [ 2939.982031][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2939.991932][T21814] Node 0 active_anon:836996kB inactive_anon:27744kB active_file:60kB inactive_file:20kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220888kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 561152kB writeback_tmp:0kB all_unreclaimable? yes [ 2940.169264][T21814] Node 1 active_anon:600kB inactive_anon:8kB active_file:8kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2940.326467][T21814] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2940.453056][T21814] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2940.458765][T21814] Node 0 DMA32 free:37748kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:517364kB inactive_anon:8kB active_file:16kB inactive_file:12kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2136kB pagetables:10020kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2940.668346][T21814] lowmem_reserve[]: 0 0 707 707 707 [ 2940.699627][T21814] Node 0 Normal free:8568kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:319632kB inactive_anon:27736kB active_file:44kB inactive_file:0kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4240kB pagetables:7640kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2940.864421][T21814] lowmem_reserve[]: 0 0 0 0 0 [ 2940.869085][T21814] Node 1 Normal free:46316kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:600kB inactive_anon:8kB active_file:8kB inactive_file:8kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:72kB pagetables:124kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2940.991834][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2941.095921][T21814] lowmem_reserve[]: 0 0 0 0 0 [ 2941.100687][T21814] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2941.206512][T21814] Node 0 DMA32: 75*4kB (UME) 833*8kB (UME) 433*16kB (UME) 172*32kB (UM) 39*64kB (M) 2*128kB (M) 1*256kB (U) 2*512kB (UM) 0*1024kB 3*2048kB (UM) 2*4096kB (UM) = 37764kB [ 2941.310768][T21814] Node 0 Normal: 886*4kB (UME) 315*8kB (UME) 92*16kB (UME) 17*32kB (ME) 7*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8656kB [ 2941.393754][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2941.419227][T21814] Node 1 Normal: 52*4kB (UME) 45*8kB (ME) 44*16kB (ME) 33*32kB (UME) 28*64kB (UME) 20*128kB (UME) 9*256kB (UM) 7*512kB (UM) 5*1024kB (ME) 2*2048kB (M) 6*4096kB (U) = 46360kB [ 2941.518530][T21814] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2941.528155][T21814] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2941.538699][T21814] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2941.548256][T21814] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2941.558702][T21814] 7180 total pagecache pages [ 2941.563276][T21814] 0 pages in swap cache [ 2941.567443][T21814] Swap cache stats: add 0, delete 0, find 0/0 [ 2941.573581][T21814] Free swap = 0kB [ 2941.577267][T21814] Total swap = 0kB [ 2941.580962][T21814] 1965979 pages RAM [ 2941.584756][T21814] 0 pages HighMem/MovableOnly [ 2941.589398][T21814] 83163 pages reserved [ 2941.593516][T21814] 0 pages cma reserved [ 2941.597556][T21814] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=16949,uid=0 [ 2941.611866][T21814] Out of memory: Killed process 16949 (syz-executor.1) total-vm:74976kB, anon-rss:2220kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2941.919591][ T8626] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2941.998669][ T8626] CPU: 1 PID: 8626 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2942.006984][ T8626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2942.017012][ T8626] Call Trace: [ 2942.020278][ T8626] dump_stack+0x10f/0x19d [ 2942.024578][ T8626] dump_header+0x8e/0x400 [ 2942.028900][ T8626] oom_kill_process+0x18d/0x3f0 [ 2942.033822][ T8626] out_of_memory+0x5bd/0x880 [ 2942.038461][ T8626] ? get_page_from_freelist+0x127/0x3c0 [ 2942.043981][ T8626] __alloc_pages_slowpath+0x742/0x970 [ 2942.049330][ T8626] __alloc_pages_nodemask+0x235/0x390 [ 2942.054682][ T8626] alloc_pages_current+0x21d/0x310 [ 2942.059805][ T8626] __page_cache_alloc+0x4f/0x120 [ 2942.064718][ T8626] pagecache_get_page+0x494/0x8b0 [ 2942.069713][ T8626] ? __do_page_cache_readahead+0x96/0xb0 [ 2942.075314][ T8626] filemap_fault+0xba4/0x11e0 [ 2942.079968][ T8626] ext4_filemap_fault+0x4b/0x60 [ 2942.084793][ T8626] do_read_fault+0x41f/0x730 [ 2942.089359][ T8626] handle_mm_fault+0x135d/0x1930 [ 2942.094276][ T8626] do_user_addr_fault+0x393/0x810 [ 2942.099270][ T8626] exc_page_fault+0xb8/0x330 [ 2942.103834][ T8626] ? asm_exc_page_fault+0x8/0x30 [ 2942.108796][ T8626] asm_exc_page_fault+0x1e/0x30 [ 2942.113619][ T8626] RIP: 0033:0x468c50 [ 2942.117496][ T8626] Code: Bad RIP value. [ 2942.121587][ T8626] RSP: 002b:000000c00004df30 EFLAGS: 00010206 [ 2942.127620][ T8626] RAX: 0000000000000000 RBX: 000000c00003e000 RCX: 000002ac20073108 [ 2942.135571][ T8626] RDX: 0000000015f99164 RSI: 000000c00004deb0 RDI: 0000000015f99164 [ 2942.143517][ T8626] RBP: 000000c00004dfa0 R08: 00000627653384c5 R09: 00007ffebadc4080 [ 2942.151465][ T8626] R10: 0000000000000010 R11: 00007ffebadc40b8 R12: 0000000000439470 [ 2942.159424][ T8626] R13: 0000000000000000 R14: 0000000000accd54 R15: 0000000000000000 [ 2942.167845][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2942.184073][ T8626] Mem-Info: [ 2942.202802][ T8626] active_anon:208857 inactive_anon:6938 isolated_anon:0 [ 2942.202802][ T8626] active_file:18 inactive_file:14 isolated_file:0 [ 2942.202802][ T8626] unevictable:11 dirty:0 writeback:0 [ 2942.202802][ T8626] slab_reclaimable:7526 slab_unreclaimable:25626 [ 2942.202802][ T8626] mapped:55222 shmem:7148 pagetables:4420 bounce:0 [ 2942.202802][ T8626] free:26698 free_pcp:1 free_cma:0 [ 2942.231635][T26593] cdc_ncm 4-1:1.0: bind() failure [ 2942.304270][T26593] cdc_ncm 4-1:1.1: bind() failure [ 2942.471384][ T8626] Node 0 active_anon:834828kB inactive_anon:27744kB active_file:76kB inactive_file:12kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220888kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 559104kB writeback_tmp:0kB all_unreclaimable? yes [ 2942.708014][ T8626] Node 1 active_anon:600kB inactive_anon:8kB active_file:16kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2942.733585][ T8626] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2942.762732][ T8626] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2942.768427][ T8626] Node 0 DMA32 free:37668kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:515316kB inactive_anon:8kB active_file:0kB inactive_file:132kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2136kB pagetables:9916kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2942.799733][ T8626] lowmem_reserve[]: 0 0 707 707 707 [ 2942.804955][ T8626] Node 0 Normal free:8756kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:319512kB inactive_anon:27736kB active_file:24kB inactive_file:0kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4240kB pagetables:7640kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2942.836241][ T8626] lowmem_reserve[]: 0 0 0 0 0 [ 2942.840992][ T8626] Node 1 Normal free:46356kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:600kB inactive_anon:8kB active_file:0kB inactive_file:44kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:72kB pagetables:124kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2942.871950][ T8626] lowmem_reserve[]: 0 0 0 0 0 [ 2942.876602][ T8626] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2942.889606][ T8626] Node 0 DMA32: 74*4kB (ME) 833*8kB (UME) 433*16kB (UME) 171*32kB (M) 40*64kB (UM) 3*128kB (UM) 1*256kB (U) 2*512kB (UM) 0*1024kB 3*2048kB (M) 2*4096kB (UM) = 37920kB [ 2942.906215][ T8626] Node 0 Normal: 849*4kB (UME) 320*8kB (UME) 92*16kB (UME) 19*32kB (UME) 6*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8548kB [ 2942.921323][ T8626] Node 1 Normal: 51*4kB (ME) 46*8kB (UME) 44*16kB (ME) 33*32kB (UME) 28*64kB (UME) 20*128kB (UME) 8*256kB (M) 7*512kB (UM) 5*1024kB (ME) 2*2048kB (M) 6*4096kB (U) = 46108kB [ 2942.938439][ T8626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2942.947959][ T8626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2942.957211][ T8626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2942.968304][ T8626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2942.977565][ T8626] 7181 total pagecache pages [ 2942.983345][ T8626] 0 pages in swap cache [ 2942.987467][ T8626] Swap cache stats: add 0, delete 0, find 0/0 [ 2942.993658][ T8626] Free swap = 0kB [ 2942.997373][ T8626] Total swap = 0kB [ 2943.001062][ T8626] 1965979 pages RAM [ 2943.006350][ T8626] 0 pages HighMem/MovableOnly [ 2943.011030][ T8626] 83163 pages reserved [ 2943.015130][ T8626] 0 pages cma reserved [ 2943.024161][ T8626] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=16933,uid=0 [ 2943.071386][ T8626] Out of memory: Killed process 16933 (syz-executor.1) total-vm:74976kB, anon-rss:2220kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2943.234068][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2943.438441][T21814] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2943.527307][T21814] CPU: 1 PID: 21814 Comm: syz-executor.3 Not tainted 5.8.0-rc7-syzkaller #0 [ 2943.536065][T21814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2943.546090][T21814] Call Trace: [ 2943.549423][T21814] dump_stack+0x10f/0x19d [ 2943.553727][T21814] dump_header+0x8e/0x400 [ 2943.558137][T21814] oom_kill_process+0x18d/0x3f0 [ 2943.562973][T21814] out_of_memory+0x5bd/0x880 [ 2943.567544][T21814] ? get_page_from_freelist+0x127/0x3c0 [ 2943.573065][T21814] __alloc_pages_slowpath+0x742/0x970 [ 2943.578440][T21814] __alloc_pages_nodemask+0x235/0x390 [ 2943.583782][T21814] alloc_pages_current+0x21d/0x310 [ 2943.588866][T21814] __page_cache_alloc+0x4f/0x120 [ 2943.593775][T21814] pagecache_get_page+0x494/0x8b0 [ 2943.598836][T21814] ? __do_page_cache_readahead+0x96/0xb0 [ 2943.604437][T21814] filemap_fault+0xba4/0x11e0 [ 2943.609085][T21814] ext4_filemap_fault+0x4b/0x60 [ 2943.613909][T21814] do_read_fault+0x41f/0x730 [ 2943.618509][T21814] handle_mm_fault+0x135d/0x1930 [ 2943.623424][T21814] do_user_addr_fault+0x393/0x810 [ 2943.628423][T21814] exc_page_fault+0xb8/0x330 [ 2943.633080][T21814] ? asm_exc_page_fault+0x8/0x30 [ 2943.638021][T21814] asm_exc_page_fault+0x1e/0x30 [ 2943.642851][T21814] RIP: 0033:0x45c2f0 [ 2943.646748][T21814] Code: Bad RIP value. [ 2943.650835][T21814] RSP: 002b:00007ffc1631cd28 EFLAGS: 00010202 [ 2943.656947][T21814] RAX: 0000000000000000 RBX: 00000000002cd30b RCX: 000000000041618a [ 2943.664905][T21814] RDX: 0000000040000001 RSI: 00007ffc1631cd60 RDI: 00000000000003e8 [ 2943.672842][T21814] RBP: 000000000000067c R08: 0000000000000001 R09: 0000000001c70940 [ 2943.680850][T21814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 2943.688793][T21814] R13: 00007ffc1631cd60 R14: 00000000002cce95 R15: 00007ffc1631cd70 [ 2943.722439][T21814] Mem-Info: [ 2943.725551][T21814] active_anon:208315 inactive_anon:6938 isolated_anon:0 [ 2943.725551][T21814] active_file:34 inactive_file:0 isolated_file:32 [ 2943.725551][T21814] unevictable:11 dirty:0 writeback:0 [ 2943.725551][T21814] slab_reclaimable:7523 slab_unreclaimable:25626 [ 2943.725551][T21814] mapped:55222 shmem:7148 pagetables:4394 bounce:0 [ 2943.725551][T21814] free:26604 free_pcp:0 free_cma:0 [ 2943.761768][T21814] Node 0 active_anon:832660kB inactive_anon:27744kB active_file:132kB inactive_file:76kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220892kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 557056kB writeback_tmp:0kB all_unreclaimable? yes [ 2943.789597][T21814] Node 1 active_anon:600kB inactive_anon:8kB active_file:0kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2943.815103][T21814] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2943.845296][T21814] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2943.851536][T21814] Node 0 DMA32 free:37452kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:513268kB inactive_anon:8kB active_file:0kB inactive_file:76kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2136kB pagetables:9904kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2943.892082][T21814] lowmem_reserve[]: 0 0 707 707 707 [ 2943.897283][T21814] Node 0 Normal free:8268kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:319392kB inactive_anon:27736kB active_file:56kB inactive_file:232kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4208kB pagetables:7548kB bounce:0kB free_pcp:324kB local_pcp:48kB free_cma:0kB [ 2943.929302][T21814] lowmem_reserve[]: 0 0 0 0 0 [ 2943.943249][T21814] Node 1 Normal free:46296kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:600kB inactive_anon:8kB active_file:0kB inactive_file:40kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:72kB pagetables:124kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2943.975338][T21814] lowmem_reserve[]: 0 0 0 0 0 [ 2943.980115][T21814] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2943.995454][T21814] Node 0 DMA32: 73*4kB (ME) 833*8kB (UME) 432*16kB (ME) 171*32kB (M) 39*64kB (M) 2*128kB (M) 0*256kB 2*512kB (UM) 0*1024kB 5*2048kB (UM) 1*4096kB (M) = 37452kB [ 2944.032267][T21814] Node 0 Normal: 879*4kB (UME) 323*8kB (UME) 93*16kB (UME) 18*32kB (UME) 6*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8676kB [ 2944.047764][T21814] Node 1 Normal: 52*4kB (UME) 46*8kB (UME) 45*16kB (UME) 32*32kB (ME) 28*64kB (UME) 20*128kB (UME) 9*256kB (UM) 7*512kB (UM) 5*1024kB (ME) 2*2048kB (M) 6*4096kB (U) = 46352kB [ 2944.069569][T21814] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2944.094642][T21814] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2944.124095][T21814] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2944.163652][T21814] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2944.251455][T21814] 7203 total pagecache pages [ 2944.256133][T21814] 0 pages in swap cache [ 2944.260256][T21814] Swap cache stats: add 0, delete 0, find 0/0 [ 2944.271695][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2944.340247][T21814] Free swap = 0kB [ 2944.362978][T21814] Total swap = 0kB [ 2944.366788][T21814] 1965979 pages RAM [ 2944.370561][T21814] 0 pages HighMem/MovableOnly [ 2944.439223][T21814] 83163 pages reserved [ 2944.443527][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2944.461236][T21814] 0 pages cma reserved [ 2944.480901][T21814] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=12975,uid=0 [ 2944.555682][T21814] Out of memory: Killed process 12975 (syz-executor.1) total-vm:74976kB, anon-rss:2220kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2944.808020][ T1] systemd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2944.879845][ T1] CPU: 0 PID: 1 Comm: systemd Not tainted 5.8.0-rc7-syzkaller #0 [ 2944.887620][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2944.897722][ T1] Call Trace: [ 2944.900987][ T1] dump_stack+0x10f/0x19d [ 2944.905291][ T1] dump_header+0x8e/0x400 [ 2944.909627][ T1] oom_kill_process+0x18d/0x3f0 [ 2944.914560][ T1] out_of_memory+0x5bd/0x880 [ 2944.919121][ T1] ? get_page_from_freelist+0x127/0x3c0 [ 2944.924637][ T1] __alloc_pages_slowpath+0x742/0x970 [ 2944.929982][ T1] __alloc_pages_nodemask+0x235/0x390 [ 2944.935327][ T1] alloc_pages_current+0x21d/0x310 [ 2944.940408][ T1] __page_cache_alloc+0x4f/0x120 [ 2944.945321][ T1] pagecache_get_page+0x494/0x8b0 [ 2944.950318][ T1] ? __do_page_cache_readahead+0x96/0xb0 [ 2944.955924][ T1] filemap_fault+0xba4/0x11e0 [ 2944.960600][ T1] ext4_filemap_fault+0x4b/0x60 [ 2944.965485][ T1] do_read_fault+0x41f/0x730 [ 2944.970303][ T1] handle_mm_fault+0x135d/0x1930 [ 2944.975220][ T1] do_user_addr_fault+0x393/0x810 [ 2944.980276][ T1] exc_page_fault+0xb8/0x330 [ 2944.984838][ T1] ? asm_exc_page_fault+0x8/0x30 [ 2944.989752][ T1] asm_exc_page_fault+0x1e/0x30 [ 2944.994569][ T1] RIP: 0033:0x7f9f788fe60a [ 2944.998965][ T1] Code: Bad RIP value. [ 2945.002994][ T1] RSP: 002b:00007ffde329fb80 EFLAGS: 00010202 [ 2945.009020][ T1] RAX: 00000000af7efc10 RBX: 0000563f5c8bf960 RCX: 0000000000051c10 [ 2945.016955][ T1] RDX: 0000000000000000 RSI: 00000000af79e000 RDI: 431bde82d7b634db [ 2945.024908][ T1] RBP: 00000000ffffffff R08: 0000062a970a8a9c R09: 00007ffde33e2080 [ 2945.032844][ T1] R10: 0000000000000010 R11: 00007ffde33e20b8 R12: 0000563f5c8bf1a0 [ 2945.040779][ T1] R13: 0000000000000000 R14: 0000563f5bef7a20 R15: 0000000000000003 [ 2945.051130][ T1] Mem-Info: [ 2945.055129][ T1] active_anon:207776 inactive_anon:6938 isolated_anon:0 [ 2945.055129][ T1] active_file:15 inactive_file:21 isolated_file:6 [ 2945.055129][ T1] unevictable:11 dirty:0 writeback:0 [ 2945.055129][ T1] slab_reclaimable:7519 slab_unreclaimable:25596 [ 2945.055129][ T1] mapped:55240 shmem:7148 pagetables:4394 bounce:0 [ 2945.055129][ T1] free:26709 free_pcp:100 free_cma:0 [ 2945.095387][ T1] Node 0 active_anon:830476kB inactive_anon:27744kB active_file:132kB inactive_file:160kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220988kB dirty:4kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 555008kB writeback_tmp:0kB all_unreclaimable? no [ 2945.144961][ T1] Node 1 active_anon:600kB inactive_anon:8kB active_file:8kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2945.173729][ T1] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2945.204561][ T1] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2945.210790][ T1] Node 0 DMA32 free:37784kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:511220kB inactive_anon:8kB active_file:36kB inactive_file:8kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2120kB pagetables:9888kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 2945.243695][ T1] lowmem_reserve[]: 0 0 707 707 707 [ 2945.253168][ T1] Node 0 Normal free:8604kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:319256kB inactive_anon:27736kB active_file:176kB inactive_file:212kB unevictable:44kB writepending:4kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4208kB pagetables:7460kB bounce:0kB free_pcp:552kB local_pcp:160kB free_cma:0kB [ 2945.289886][ T1] lowmem_reserve[]: 0 0 0 0 0 [ 2945.296668][ T1] Node 1 Normal free:46096kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:600kB inactive_anon:8kB active_file:8kB inactive_file:8kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:72kB pagetables:124kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2945.327387][ T1] lowmem_reserve[]: 0 0 0 0 0 [ 2945.330816][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2945.332170][ T1] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2945.353010][ T1] Node 0 DMA32: 74*4kB (UME) 832*8kB (ME) 433*16kB (UME) 171*32kB (M) 40*64kB (UM) 2*128kB (M) 1*256kB (U) 1*512kB (M) 0*1024kB 5*2048kB (M) 1*4096kB (M) = 37272kB [ 2945.369348][ T1] Node 0 Normal: 882*4kB (UME) 326*8kB (UME) 95*16kB (UME) 19*32kB (UME) 6*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8776kB [ 2945.391669][ T1] Node 1 Normal: 54*4kB (UME) 46*8kB (UME) 44*16kB (UME) 31*32kB (ME) 29*64kB (UME) 20*128kB (UME) 8*256kB (M) 7*512kB (UM) 5*1024kB (ME) 2*2048kB (M) 6*4096kB (U) = 46120kB [ 2945.409066][ T1] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2945.418626][ T1] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2945.427914][ T1] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2945.437434][ T1] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2945.446681][ T1] 7199 total pagecache pages [ 2945.451280][ T1] 0 pages in swap cache [ 2945.455493][ T1] Swap cache stats: add 0, delete 0, find 0/0 [ 2945.461536][ T1] Free swap = 0kB [ 2945.465221][ T1] Total swap = 0kB [ 2945.468902][ T1] 1965979 pages RAM [ 2945.472688][ T1] 0 pages HighMem/MovableOnly [ 2945.477393][ T1] 83163 pages reserved [ 2945.481479][ T1] 0 pages cma reserved [ 2945.485512][ T1] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.4,pid=12635,uid=0 [ 2945.499770][ T1] Out of memory: Killed process 12635 (syz-executor.4) total-vm:75108kB, anon-rss:2220kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2945.773209][T24244] usb 4-1: USB disconnect, device number 75 [ 2946.155805][ T5038] systemd-udevd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=-1000 [ 2946.258713][ T5038] CPU: 0 PID: 5038 Comm: systemd-udevd Not tainted 5.8.0-rc7-syzkaller #0 [ 2946.267278][ T5038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2946.277469][ T5038] Call Trace: [ 2946.280796][ T5038] dump_stack+0x10f/0x19d [ 2946.285102][ T5038] dump_header+0x8e/0x400 [ 2946.289410][ T5038] oom_kill_process+0x18d/0x3f0 [ 2946.294235][ T5038] out_of_memory+0x5bd/0x880 [ 2946.298795][ T5038] ? get_page_from_freelist+0x127/0x3c0 [ 2946.304315][ T5038] __alloc_pages_slowpath+0x742/0x970 [ 2946.309660][ T5038] __alloc_pages_nodemask+0x235/0x390 [ 2946.315011][ T5038] alloc_pages_current+0x21d/0x310 [ 2946.320096][ T5038] __page_cache_alloc+0x4f/0x120 [ 2946.325007][ T5038] pagecache_get_page+0x494/0x8b0 [ 2946.330008][ T5038] ? __do_page_cache_readahead+0x96/0xb0 [ 2946.335695][ T5038] filemap_fault+0xba4/0x11e0 [ 2946.340354][ T5038] ext4_filemap_fault+0x4b/0x60 [ 2946.345175][ T5038] do_read_fault+0x41f/0x730 [ 2946.349737][ T5038] handle_mm_fault+0x135d/0x1930 [ 2946.351447][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2946.354653][ T5038] do_user_addr_fault+0x393/0x810 [ 2946.367701][ T5038] exc_page_fault+0xb8/0x330 [ 2946.372265][ T5038] ? asm_exc_page_fault+0x8/0x30 [ 2946.377173][ T5038] asm_exc_page_fault+0x1e/0x30 [ 2946.381994][ T5038] RIP: 0033:0x7f9027b183a0 [ 2946.386388][ T5038] Code: Bad RIP value. [ 2946.390517][ T5038] RSP: 002b:00007ffeb7fc7568 EFLAGS: 00010202 [ 2946.396667][ T5038] RAX: 0000556a8d56b420 RBX: 0000556a8d56b240 RCX: 0048544150564544 [ 2946.404615][ T5038] RDX: 0000000000000008 RSI: 0048544150564544 RDI: 0000556a8d56b3e4 [ 2946.412573][ T5038] RBP: 0000556a8d56b258 R08: 0000000000000038 R09: 0000000000000010 [ 2946.420518][ T5038] R10: 0000000000000000 R11: 00007f9027c02060 R12: 0000556a8d56b420 [ 2946.428461][ T5038] R13: 0000000000000000 R14: 0000556a8d56b3e4 R15: 0000000000000001 [ 2946.818958][ T5038] Mem-Info: [ 2946.873056][ T5038] active_anon:206684 inactive_anon:6938 isolated_anon:0 [ 2946.873056][ T5038] active_file:22 inactive_file:7 isolated_file:0 [ 2946.873056][ T5038] unevictable:11 dirty:0 writeback:0 [ 2946.873056][ T5038] slab_reclaimable:7518 slab_unreclaimable:25595 [ 2946.873056][ T5038] mapped:55237 shmem:7148 pagetables:4316 bounce:0 [ 2946.873056][ T5038] free:26654 free_pcp:0 free_cma:0 [ 2947.048253][ T5038] Node 0 active_anon:826228kB inactive_anon:27744kB active_file:72kB inactive_file:4kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220932kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 550912kB writeback_tmp:0kB all_unreclaimable? yes [ 2947.280115][ T5038] Node 1 active_anon:508kB inactive_anon:8kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:104kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2947.395155][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2947.446256][ T5038] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2947.476661][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2947.635835][ T5038] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2947.678351][ T5038] Node 0 DMA32 free:37668kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:509172kB inactive_anon:8kB active_file:56kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2104kB pagetables:9820kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2947.874198][ T5038] lowmem_reserve[]: 0 0 707 707 707 [ 2947.879524][ T5038] Node 0 Normal free:8560kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:317056kB inactive_anon:27736kB active_file:56kB inactive_file:0kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4208kB pagetables:7424kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2948.151185][ T5038] lowmem_reserve[]: 0 0 0 0 0 [ 2948.156066][ T5038] Node 1 Normal free:46312kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2948.347884][ T5038] lowmem_reserve[]: 0 0 0 0 0 [ 2948.380927][ T5038] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2948.431294][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2948.489099][ T5038] Node 0 DMA32: 112*4kB (UME) 835*8kB (UME) 433*16kB (UME) 173*32kB (UM) 41*64kB (UM) 3*128kB (UM) 0*256kB 2*512kB (UM) 0*1024kB 7*2048kB (UM) 0*4096kB = 37960kB [ 2948.615633][ T5038] Node 0 Normal: 876*4kB (UME) 302*8kB (UME) 91*16kB (ME) 18*32kB (ME) 1*64kB (M) 1*128kB (U) 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 8656kB [ 2948.735167][ T5038] Node 1 Normal: 51*4kB (UME) 42*8kB (UME) 40*16kB (UME) 32*32kB (UME) 28*64kB (UME) 19*128kB (UME) 10*256kB (M) 7*512kB (UM) 5*1024kB (ME) 2*2048kB (M) 6*4096kB (U) = 46364kB [ 2948.863306][ T5038] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2948.921107][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2948.943438][ T5038] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2949.003223][ T5038] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2949.111635][ T5038] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2949.121005][ T5038] 7169 total pagecache pages [ 2949.217872][ T5038] 0 pages in swap cache [ 2949.242728][ T5038] Swap cache stats: add 0, delete 0, find 0/0 [ 2949.248918][ T5038] Free swap = 0kB [ 2949.304011][ T5038] Total swap = 0kB [ 2949.307711][ T5038] 1965979 pages RAM [ 2949.350149][ T5038] 0 pages HighMem/MovableOnly [ 2949.387342][ T5038] 83163 pages reserved [ 2949.415252][ T5038] 0 pages cma reserved [ 2949.419297][ T5038] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.2,pid=10637,uid=0 [ 2949.471260][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2949.588175][ T5038] Out of memory: Killed process 10637 (syz-executor.2) total-vm:74976kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2950.054946][ T6715] systemd-timesyn invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2950.100692][ T6715] CPU: 0 PID: 6715 Comm: systemd-timesyn Not tainted 5.8.0-rc7-syzkaller #0 [ 2950.109382][ T6715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2950.119407][ T6715] Call Trace: [ 2950.122758][ T6715] dump_stack+0x10f/0x19d [ 2950.127062][ T6715] dump_header+0x8e/0x400 [ 2950.131362][ T6715] oom_kill_process+0x18d/0x3f0 [ 2950.136197][ T6715] out_of_memory+0x5bd/0x880 [ 2950.140767][ T6715] ? get_page_from_freelist+0x127/0x3c0 [ 2950.146283][ T6715] __alloc_pages_slowpath+0x742/0x970 [ 2950.151628][ T6715] __alloc_pages_nodemask+0x235/0x390 [ 2950.156974][ T6715] alloc_pages_current+0x21d/0x310 [ 2950.162052][ T6715] __page_cache_alloc+0x4f/0x120 [ 2950.167035][ T6715] pagecache_get_page+0x494/0x8b0 [ 2950.172094][ T6715] ? __do_page_cache_readahead+0x96/0xb0 [ 2950.177699][ T6715] filemap_fault+0xba4/0x11e0 [ 2950.182352][ T6715] ext4_filemap_fault+0x4b/0x60 [ 2950.187180][ T6715] do_read_fault+0x41f/0x730 [ 2950.191740][ T6715] handle_mm_fault+0x135d/0x1930 [ 2950.196663][ T6715] do_user_addr_fault+0x393/0x810 [ 2950.201664][ T6715] exc_page_fault+0xb8/0x330 [ 2950.206236][ T6715] ? asm_exc_page_fault+0x8/0x30 [ 2950.211154][ T6715] asm_exc_page_fault+0x1e/0x30 [ 2950.215988][ T6715] RIP: 0033:0x7fd4cc7c8a60 [ 2950.220378][ T6715] Code: Bad RIP value. [ 2950.224427][ T6715] RSP: 002b:00007ffe0994b3f8 EFLAGS: 00010202 [ 2950.230551][ T6715] RAX: 0000000000000001 RBX: 00005615b56c48f0 RCX: 00007fd4cbfb3303 [ 2950.238490][ T6715] RDX: 0000000000000001 RSI: 00007ffe0994b400 RDI: 00005615b56c4a20 [ 2950.246431][ T6715] RBP: 00007ffe0994b550 R08: 0000000000000000 R09: 000000000000000d [ 2950.254375][ T6715] R10: 00000000ffffffff R11: 0000000000000000 R12: 00007ffe0994b400 [ 2950.262318][ T6715] R13: 0000000000000001 R14: 0000000000000001 R15: 0000000000000000 [ 2950.315447][ T6715] Mem-Info: [ 2950.318559][ T6715] active_anon:206139 inactive_anon:6938 isolated_anon:0 [ 2950.318559][ T6715] active_file:42 inactive_file:7 isolated_file:0 [ 2950.318559][ T6715] unevictable:11 dirty:0 writeback:0 [ 2950.318559][ T6715] slab_reclaimable:7510 slab_unreclaimable:25575 [ 2950.318559][ T6715] mapped:55221 shmem:7148 pagetables:4290 bounce:0 [ 2950.318559][ T6715] free:26626 free_pcp:0 free_cma:0 [ 2950.511213][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2950.519280][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2950.613159][ T6715] Node 0 active_anon:824048kB inactive_anon:27744kB active_file:76kB inactive_file:32kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220884kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 548864kB writeback_tmp:0kB all_unreclaimable? yes [ 2950.786402][ T6715] Node 1 active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2950.973292][ T6715] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2951.228591][ T6715] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2951.255799][ T6715] Node 0 DMA32 free:37692kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:507124kB inactive_anon:8kB active_file:104kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2104kB pagetables:9820kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2951.509776][ T6715] lowmem_reserve[]: 0 0 707 707 707 [ 2951.535906][ T6715] Node 0 Normal free:8556kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:316924kB inactive_anon:27736kB active_file:40kB inactive_file:40kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4192kB pagetables:7320kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2951.567314][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2951.730839][ T6715] lowmem_reserve[]: 0 0 0 0 0 [ 2951.735547][ T6715] Node 1 Normal free:46300kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2951.957142][ T6715] lowmem_reserve[]: 0 0 0 0 0 [ 2951.983138][ T6715] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2952.109727][ T6715] Node 0 DMA32: 83*4kB (UME) 829*8kB (UME) 432*16kB (ME) 171*32kB (M) 39*64kB (M) 2*128kB (M) 1*256kB (U) 2*512kB (UM) 0*1024kB 7*2048kB (M) 0*4096kB = 37716kB [ 2952.214210][ T6715] Node 0 Normal: 905*4kB (UME) 309*8kB (UME) 91*16kB (ME) 18*32kB (ME) 1*64kB (M) 1*128kB (U) 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 8828kB [ 2952.314237][ T6715] Node 1 Normal: 48*4kB (UME) 42*8kB (UME) 40*16kB (UME) 32*32kB (UME) 28*64kB (UME) 19*128kB (UME) 10*256kB (M) 7*512kB (UM) 5*1024kB (ME) 2*2048kB (M) 6*4096kB (U) = 46352kB [ 2952.458207][ T6715] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2952.507940][ T6715] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2952.573675][ T6715] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2952.590995][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2952.655280][ T6715] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2952.711275][ T6715] 7179 total pagecache pages [ 2952.715990][ T6715] 0 pages in swap cache [ 2952.720111][ T6715] Swap cache stats: add 0, delete 0, find 0/0 [ 2952.800144][ T6715] Free swap = 0kB [ 2952.828367][ T6715] Total swap = 0kB [ 2952.845119][ T6715] 1965979 pages RAM [ 2952.848986][ T6715] 0 pages HighMem/MovableOnly [ 2952.912986][ T6715] 83163 pages reserved [ 2952.917147][ T6715] 0 pages cma reserved [ 2952.966040][ T6715] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.4,pid=7322,uid=0 [ 2953.066193][ T6715] Out of memory: Killed process 7322 (syz-executor.4) total-vm:75108kB, anon-rss:2220kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2953.550781][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2953.630773][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2953.702634][ T8803] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2953.767468][ T8803] CPU: 0 PID: 8803 Comm: syz-executor.1 Not tainted 5.8.0-rc7-syzkaller #0 [ 2953.776115][ T8803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2953.786134][ T8803] Call Trace: [ 2953.789386][ T8803] dump_stack+0x10f/0x19d [ 2953.793766][ T8803] dump_header+0x8e/0x400 [ 2953.798063][ T8803] oom_kill_process+0x18d/0x3f0 [ 2953.802878][ T8803] out_of_memory+0x5bd/0x880 [ 2953.807475][ T8803] ? get_page_from_freelist+0x127/0x3c0 [ 2953.813077][ T8803] __alloc_pages_slowpath+0x742/0x970 [ 2953.818461][ T8803] __alloc_pages_nodemask+0x235/0x390 [ 2953.823796][ T8803] alloc_pages_current+0x21d/0x310 [ 2953.829005][ T8803] __page_cache_alloc+0x4f/0x120 [ 2953.833924][ T8803] pagecache_get_page+0x494/0x8b0 [ 2953.838906][ T8803] ? __do_page_cache_readahead+0x96/0xb0 [ 2953.844499][ T8803] filemap_fault+0xba4/0x11e0 [ 2953.849159][ T8803] ext4_filemap_fault+0x4b/0x60 [ 2953.853973][ T8803] do_read_fault+0x41f/0x730 [ 2953.858523][ T8803] handle_mm_fault+0x135d/0x1930 [ 2953.863448][ T8803] do_user_addr_fault+0x393/0x810 [ 2953.868508][ T8803] exc_page_fault+0xb8/0x330 [ 2953.873105][ T8803] ? asm_exc_page_fault+0x8/0x30 [ 2953.878017][ T8803] asm_exc_page_fault+0x1e/0x30 [ 2953.882841][ T8803] RIP: 0033:0x45c110 [ 2953.886778][ T8803] Code: Bad RIP value. [ 2953.890863][ T8803] RSP: 002b:00007fff333b2108 EFLAGS: 00010246 [ 2953.896887][ T8803] RAX: 000000000000a000 RBX: 0000000000000000 RCX: 000000000045b785 [ 2953.904819][ T8803] RDX: 00007fff333b2120 RSI: 00007fff333b2120 RDI: 00007fff333b21b0 [ 2953.913040][ T8803] RBP: 0000000000002736 R08: 0000000000000000 R09: 000000000000000d [ 2953.920973][ T8803] R10: 0000000000000006 R11: 0000000000000246 R12: 00007fff333b3240 [ 2953.928906][ T8803] R13: 00000000017c5940 R14: 0000000000000000 R15: 00007fff333b3240 [ 2954.047705][ T8803] Mem-Info: [ 2954.050864][ T8803] active_anon:205589 inactive_anon:6938 isolated_anon:0 [ 2954.050864][ T8803] active_file:12 inactive_file:0 isolated_file:26 [ 2954.050864][ T8803] unevictable:11 dirty:0 writeback:0 [ 2954.050864][ T8803] slab_reclaimable:7506 slab_unreclaimable:25558 [ 2954.050864][ T8803] mapped:55222 shmem:7148 pagetables:4265 bounce:0 [ 2954.050864][ T8803] free:26763 free_pcp:88 free_cma:0 [ 2954.087272][ T8803] Node 0 active_anon:821848kB inactive_anon:27744kB active_file:144kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220888kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 546816kB writeback_tmp:0kB all_unreclaimable? no [ 2954.114717][ T8803] Node 1 active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2954.140263][ T8803] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2954.202529][ T8803] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2954.230636][ T8803] Node 0 DMA32 free:37732kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:505060kB inactive_anon:8kB active_file:24kB inactive_file:44kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2088kB pagetables:9804kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 2954.427228][ T8803] lowmem_reserve[]: 0 0 707 707 707 [ 2954.439842][ T8803] Node 0 Normal free:8616kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:316788kB inactive_anon:27736kB active_file:20kB inactive_file:16kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4192kB pagetables:7236kB bounce:0kB free_pcp:4kB local_pcp:4kB free_cma:0kB [ 2954.523121][ T8803] lowmem_reserve[]: 0 0 0 0 0 [ 2954.527785][ T8803] Node 1 Normal free:46300kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2954.679815][ T8803] lowmem_reserve[]: 0 0 0 0 0 [ 2954.684855][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2954.692985][ T8803] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2954.706065][ T8803] Node 0 DMA32: 82*4kB (UME) 826*8kB (UME) 432*16kB (ME) 172*32kB (UM) 40*64kB (UM) 2*128kB (M) 1*256kB (U) 2*512kB (UM) 0*1024kB 7*2048kB (M) 0*4096kB = 37784kB [ 2954.722358][ T8803] Node 0 Normal: 941*4kB (UME) 315*8kB (UME) 94*16kB (UME) 18*32kB (ME) 1*64kB (M) 1*128kB (U) 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 9068kB [ 2954.737551][ T8803] Node 1 Normal: 48*4kB (UME) 42*8kB (UME) 40*16kB (UME) 32*32kB (UME) 28*64kB (UME) 19*128kB (UME) 10*256kB (M) 7*512kB (UM) 5*1024kB (ME) 2*2048kB (M) 6*4096kB (U) = 46352kB [ 2954.763036][ T8803] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2954.787211][ T8803] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2954.878879][ T8803] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2954.930278][ T8803] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2954.945047][ T8803] 7177 total pagecache pages [ 2954.949666][ T8803] 0 pages in swap cache [ 2954.954731][ T8803] Swap cache stats: add 0, delete 0, find 0/0 [ 2954.962321][ T8803] Free swap = 0kB [ 2954.966016][ T8803] Total swap = 0kB [ 2954.969703][ T8803] 1965979 pages RAM [ 2954.974276][ T8803] 0 pages HighMem/MovableOnly [ 2954.978929][ T8803] 83163 pages reserved [ 2954.983132][ T8803] 0 pages cma reserved [ 2954.987167][ T8803] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.5,pid=21767,uid=0 [ 2955.003164][ T8803] Out of memory: Killed process 21767 (syz-executor.5) total-vm:75240kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2955.020244][ T1931] oom_reaper: reaped process 21767 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2955.076721][ T8260] rs:main Q:Reg invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2955.110016][ T8260] CPU: 0 PID: 8260 Comm: rs:main Q:Reg Not tainted 5.8.0-rc7-syzkaller #0 [ 2955.118507][ T8260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2955.128532][ T8260] Call Trace: [ 2955.131896][ T8260] dump_stack+0x10f/0x19d [ 2955.136216][ T8260] dump_header+0x8e/0x400 [ 2955.140518][ T8260] oom_kill_process+0x18d/0x3f0 [ 2955.145343][ T8260] out_of_memory+0x5bd/0x880 [ 2955.149949][ T8260] ? get_page_from_freelist+0x127/0x3c0 [ 2955.155541][ T8260] __alloc_pages_slowpath+0x742/0x970 [ 2955.160886][ T8260] __alloc_pages_nodemask+0x235/0x390 [ 2955.166225][ T8260] alloc_pages_current+0x21d/0x310 [ 2955.171296][ T8260] __page_cache_alloc+0x4f/0x120 [ 2955.176200][ T8260] pagecache_get_page+0x494/0x8b0 [ 2955.181187][ T8260] ? __do_page_cache_readahead+0x96/0xb0 [ 2955.186955][ T8260] filemap_fault+0xba4/0x11e0 [ 2955.191597][ T8260] ext4_filemap_fault+0x4b/0x60 [ 2955.196411][ T8260] do_read_fault+0x41f/0x730 [ 2955.201034][ T8260] handle_mm_fault+0x135d/0x1930 [ 2955.205946][ T8260] do_user_addr_fault+0x393/0x810 [ 2955.211044][ T8260] exc_page_fault+0xb8/0x330 [ 2955.215600][ T8260] ? asm_exc_page_fault+0x8/0x30 [ 2955.220513][ T8260] asm_exc_page_fault+0x1e/0x30 [ 2955.225331][ T8260] RIP: 0033:0x55653b3c6da2 [ 2955.229715][ T8260] Code: Bad RIP value. [ 2955.233745][ T8260] RSP: 002b:00007f2a57ffe7e0 EFLAGS: 00010202 [ 2955.239774][ T8260] RAX: 0000000000000002 RBX: 00007f2a50017000 RCX: 00007f2a57ffe980 [ 2955.247719][ T8260] RDX: 000055653b412144 RSI: 0000000000000002 RDI: 00007f2a50017000 [ 2955.255673][ T8260] RBP: 00007f2a48016d40 R08: 0000000000000000 R09: 0000000000000000 [ 2955.263743][ T8260] R10: 0000000000000000 R11: 0000000000000000 R12: 00007f2a50017000 [ 2955.271768][ T8260] R13: 0000000000000000 R14: 00007f2a50017000 R15: 00007f2a48016d40 [ 2955.341089][ T8260] Mem-Info: [ 2955.345064][ T8260] active_anon:205049 inactive_anon:6938 isolated_anon:0 [ 2955.345064][ T8260] active_file:45 inactive_file:98 isolated_file:0 [ 2955.345064][ T8260] unevictable:11 dirty:0 writeback:7 [ 2955.345064][ T8260] slab_reclaimable:7504 slab_unreclaimable:25556 [ 2955.345064][ T8260] mapped:55274 shmem:7148 pagetables:4240 bounce:0 [ 2955.345064][ T8260] free:26650 free_pcp:105 free_cma:0 [ 2955.451763][ T8260] Node 0 active_anon:819688kB inactive_anon:27744kB active_file:168kB inactive_file:28kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220992kB dirty:0kB writeback:24kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 546816kB writeback_tmp:0kB all_unreclaimable? no [ 2955.511617][ T8260] Node 1 active_anon:508kB inactive_anon:8kB active_file:8kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:0kB writeback:4kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2955.656914][ T8260] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2955.724055][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2955.848914][ T8260] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2955.882976][ T8260] Node 0 DMA32 free:37544kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:503012kB inactive_anon:8kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:8kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2088kB pagetables:9804kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2956.033083][ T8260] lowmem_reserve[]: 0 0 707 707 707 [ 2956.038384][ T8260] Node 0 Normal free:8632kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:316632kB inactive_anon:27736kB active_file:12kB inactive_file:4kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4160kB pagetables:7132kB bounce:0kB free_pcp:32kB local_pcp:32kB free_cma:0kB [ 2956.069796][ T8260] lowmem_reserve[]: 0 0 0 0 0 [ 2956.074498][ T8260] Node 1 Normal free:46352kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2956.104904][ T8260] lowmem_reserve[]: 0 0 0 0 0 [ 2956.109546][ T8260] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2956.122605][ T8260] Node 0 DMA32: 53*4kB (ME) 746*8kB (ME) 433*16kB (UME) 172*32kB (UM) 40*64kB (UM) 2*128kB (M) 1*256kB (U) 1*512kB (M) 1*1024kB (U) 7*2048kB (M) 0*4096kB = 37556kB [ 2956.138949][ T8260] Node 0 Normal: 866*4kB (UME) 303*8kB (UME) 94*16kB (UME) 19*32kB (UME) 2*64kB (UM) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 8640kB [ 2956.168834][ T8260] Node 1 Normal: 47*4kB (UME) 42*8kB (UME) 40*16kB (UME) 32*32kB (UME) 28*64kB (UME) 19*128kB (UME) 10*256kB (M) 7*512kB (UM) 5*1024kB (ME) 2*2048kB (M) 6*4096kB (U) = 46348kB [ 2956.186263][ T8260] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2956.195790][ T8260] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2956.205065][ T8260] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2956.214579][ T8260] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2956.223824][ T8260] 7201 total pagecache pages [ 2956.228374][ T8260] 0 pages in swap cache [ 2956.232496][ T8260] Swap cache stats: add 0, delete 0, find 0/0 [ 2956.238553][ T8260] Free swap = 0kB [ 2956.242239][ T8260] Total swap = 0kB [ 2956.245919][ T8260] 1965979 pages RAM [ 2956.249728][ T8260] 0 pages HighMem/MovableOnly [ 2956.254407][ T8260] 83163 pages reserved [ 2956.258471][ T8260] 0 pages cma reserved [ 2956.262511][ T8260] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=19314,uid=0 [ 2956.277061][ T8260] Out of memory: Killed process 19314 (syz-executor.0) total-vm:74976kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2956.293772][ T1931] oom_reaper: reaped process 19314 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2956.590485][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2956.634784][ T1] systemd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2956.645232][ T1] CPU: 0 PID: 1 Comm: systemd Not tainted 5.8.0-rc7-syzkaller #0 [ 2956.652919][ T1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2956.662944][ T1] Call Trace: [ 2956.666209][ T1] dump_stack+0x10f/0x19d [ 2956.670518][ T1] dump_header+0x8e/0x400 [ 2956.674854][ T1] oom_kill_process+0x18d/0x3f0 [ 2956.679677][ T1] out_of_memory+0x5bd/0x880 [ 2956.684312][ T1] ? get_page_from_freelist+0x127/0x3c0 [ 2956.689830][ T1] __alloc_pages_slowpath+0x742/0x970 [ 2956.695273][ T1] __alloc_pages_nodemask+0x235/0x390 [ 2956.700689][ T1] alloc_pages_current+0x21d/0x310 [ 2956.705788][ T1] __page_cache_alloc+0x4f/0x120 [ 2956.710731][ T1] pagecache_get_page+0x494/0x8b0 [ 2956.715741][ T1] ? __do_page_cache_readahead+0x96/0xb0 [ 2956.721419][ T1] filemap_fault+0xba4/0x11e0 [ 2956.726070][ T1] ext4_filemap_fault+0x4b/0x60 [ 2956.730891][ T1] do_read_fault+0x41f/0x730 [ 2956.735570][ T1] handle_mm_fault+0x135d/0x1930 [ 2956.740543][ T1] do_user_addr_fault+0x393/0x810 [ 2956.745531][ T1] exc_page_fault+0xb8/0x330 [ 2956.750204][ T1] ? asm_exc_page_fault+0x8/0x30 [ 2956.755293][ T1] asm_exc_page_fault+0x1e/0x30 [ 2956.760101][ T1] RIP: 0033:0x563f5be5eac0 [ 2956.764482][ T1] Code: Bad RIP value. [ 2956.768510][ T1] RSP: 002b:00007ffde329f9d8 EFLAGS: 00010246 [ 2956.774534][ T1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000452 [ 2956.782509][ T1] RDX: 0000563f5c90c390 RSI: 0000563f5c8bf980 RDI: 0000563f5c91ff60 [ 2956.790444][ T1] RBP: 0000000000000000 R08: 77e71a28344f2f3f R09: 00000000000000a0 [ 2956.798434][ T1] R10: ebbe5c80b962c398 R11: c0203777c7cba325 R12: 00007ffde329fbe0 [ 2956.806366][ T1] R13: 0000000000000001 R14: 0000563f5c869300 R15: 0000563f5c90c390 [ 2956.870557][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2956.938670][ T1] Mem-Info: [ 2956.980471][ T1] active_anon:204492 inactive_anon:6938 isolated_anon:0 [ 2956.980471][ T1] active_file:32 inactive_file:7 isolated_file:0 [ 2956.980471][ T1] unevictable:11 dirty:5 writeback:0 [ 2956.980471][ T1] slab_reclaimable:7497 slab_unreclaimable:25546 [ 2956.980471][ T1] mapped:55230 shmem:7148 pagetables:4238 bounce:0 [ 2956.980471][ T1] free:26686 free_pcp:0 free_cma:0 [ 2957.054105][ T1] Node 0 active_anon:817460kB inactive_anon:27744kB active_file:100kB inactive_file:160kB unevictable:44kB isolated(anon):0kB isolated(file):56kB mapped:220896kB dirty:20kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 542720kB writeback_tmp:0kB all_unreclaimable? yes [ 2957.082540][ T1] Node 1 active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:4kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2957.108579][ T1] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2957.137597][ T1] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2957.143331][ T1] Node 0 DMA32 free:38128kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:500940kB inactive_anon:8kB active_file:32kB inactive_file:304kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2088kB pagetables:9804kB bounce:0kB free_pcp:72kB local_pcp:20kB free_cma:0kB [ 2957.175061][ T1] lowmem_reserve[]: 0 0 707 707 707 [ 2957.180236][ T1] Node 0 Normal free:8456kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:316520kB inactive_anon:27736kB active_file:152kB inactive_file:0kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4144kB pagetables:7028kB bounce:0kB free_pcp:492kB local_pcp:92kB free_cma:0kB [ 2957.211903][ T1] lowmem_reserve[]: 0 0 0 0 0 [ 2957.216550][ T1] Node 1 Normal free:46100kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:20kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2957.247245][ T1] lowmem_reserve[]: 0 0 0 0 0 [ 2957.251904][ T1] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2957.264990][ T1] Node 0 DMA32: 52*4kB (E) 747*8kB (UME) 433*16kB (UME) 172*32kB (UM) 39*64kB (M) 3*128kB (UM) 1*256kB (U) 1*512kB (M) 1*1024kB (U) 7*2048kB (M) 0*4096kB = 37624kB [ 2957.281352][ T1] Node 0 Normal: 802*4kB (UME) 308*8kB (UME) 94*16kB (UME) 18*32kB (ME) 3*64kB (UM) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 8456kB [ 2957.296594][ T1] Node 1 Normal: 47*4kB (UME) 42*8kB (UME) 40*16kB (UME) 32*32kB (UME) 28*64kB (UME) 19*128kB (UME) 10*256kB (M) 7*512kB (UM) 5*1024kB (ME) 2*2048kB (M) 6*4096kB (U) = 46348kB [ 2957.313974][ T1] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2957.323492][ T1] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2957.332752][ T1] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2957.342348][ T1] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2957.351592][ T1] 7177 total pagecache pages [ 2957.356139][ T1] 0 pages in swap cache [ 2957.360252][ T1] Swap cache stats: add 0, delete 0, find 0/0 [ 2957.366318][ T1] Free swap = 0kB [ 2957.370034][ T1] Total swap = 0kB [ 2957.373736][ T1] 1965979 pages RAM [ 2957.377500][ T1] 0 pages HighMem/MovableOnly [ 2957.382195][ T1] 83163 pages reserved [ 2957.386221][ T1] 0 pages cma reserved [ 2957.390253][ T1] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=5690,uid=0 [ 2957.404390][ T1] Out of memory: Killed process 5690 (syz-executor.1) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2957.960517][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2958.010651][ T8803] syz-executor.1 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2958.082149][ T8803] CPU: 1 PID: 8803 Comm: syz-executor.1 Not tainted 5.8.0-rc7-syzkaller #0 [ 2958.090758][ T8803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2958.100783][ T8803] Call Trace: [ 2958.104044][ T8803] dump_stack+0x10f/0x19d [ 2958.108442][ T8803] dump_header+0x8e/0x400 [ 2958.112741][ T8803] oom_kill_process+0x18d/0x3f0 [ 2958.117574][ T8803] out_of_memory+0x5bd/0x880 [ 2958.122135][ T8803] ? get_page_from_freelist+0x127/0x3c0 [ 2958.127651][ T8803] __alloc_pages_slowpath+0x742/0x970 [ 2958.133009][ T8803] __alloc_pages_nodemask+0x235/0x390 [ 2958.138353][ T8803] alloc_pages_current+0x21d/0x310 [ 2958.143435][ T8803] __page_cache_alloc+0x4f/0x120 [ 2958.148422][ T8803] pagecache_get_page+0x494/0x8b0 [ 2958.153417][ T8803] ? __do_page_cache_readahead+0x96/0xb0 [ 2958.159111][ T8803] filemap_fault+0xba4/0x11e0 [ 2958.163760][ T8803] ext4_filemap_fault+0x4b/0x60 [ 2958.168615][ T8803] do_read_fault+0x41f/0x730 [ 2958.173179][ T8803] handle_mm_fault+0x135d/0x1930 [ 2958.178102][ T8803] do_user_addr_fault+0x393/0x810 [ 2958.183099][ T8803] exc_page_fault+0xb8/0x330 [ 2958.187660][ T8803] ? asm_exc_page_fault+0x8/0x30 [ 2958.192571][ T8803] asm_exc_page_fault+0x1e/0x30 [ 2958.197393][ T8803] RIP: 0033:0x45f8c3 [ 2958.201324][ T8803] Code: Bad RIP value. [ 2958.205357][ T8803] RSP: 002b:00007fff333b1eb0 EFLAGS: 00010246 [ 2958.211400][ T8803] RAX: 0000000000000011 RBX: 00007fff333b1eb0 RCX: 000000007fffffee [ 2958.219354][ T8803] RDX: 00000000004c103f RSI: 0000000000000000 RDI: 00007fff333b1eb0 [ 2958.227310][ T8803] RBP: 0000000000000fff R08: 0000000000000000 R09: 0000000000000011 [ 2958.235250][ T8803] R10: 000000000000000a R11: 00000000017c59db R12: 00007fff333b21b0 [ 2958.243191][ T8803] R13: 00000000004c103a R14: 00007fff333b2028 R15: 0000000000000001 [ 2958.352841][ T8803] Mem-Info: [ 2958.356035][ T8803] active_anon:203953 inactive_anon:6938 isolated_anon:0 [ 2958.356035][ T8803] active_file:12 inactive_file:0 isolated_file:0 [ 2958.356035][ T8803] unevictable:11 dirty:0 writeback:0 [ 2958.356035][ T8803] slab_reclaimable:7498 slab_unreclaimable:25548 [ 2958.356035][ T8803] mapped:55222 shmem:7148 pagetables:4187 bounce:0 [ 2958.356035][ T8803] free:26689 free_pcp:0 free_cma:0 [ 2958.421505][ T8803] Node 0 active_anon:815304kB inactive_anon:27744kB active_file:144kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220888kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 540672kB writeback_tmp:0kB all_unreclaimable? yes [ 2958.510828][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2958.580171][ T8803] Node 1 active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:8kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2958.628396][ T8803] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2958.658363][ T8803] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2958.664065][ T8803] Node 0 DMA32 free:37636kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:500928kB inactive_anon:8kB active_file:120kB inactive_file:72kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2088kB pagetables:9804kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2958.695293][ T8803] lowmem_reserve[]: 0 0 707 707 707 [ 2958.700644][ T8803] Node 0 Normal free:8636kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:314376kB inactive_anon:27736kB active_file:72kB inactive_file:0kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4128kB pagetables:6924kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2958.731816][ T8803] lowmem_reserve[]: 0 0 0 0 0 [ 2958.736466][ T8803] Node 1 Normal free:46296kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:8kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2958.800264][ T8803] lowmem_reserve[]: 0 0 0 0 0 [ 2958.804927][ T8803] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2958.885732][ T8803] Node 0 DMA32: 83*4kB (UME) 829*8kB (UME) 433*16kB (UME) 172*32kB (UM) 39*64kB (M) 3*128kB (UM) 1*256kB (U) 2*512kB (UM) 0*1024kB 7*2048kB (M) 0*4096kB = 37892kB [ 2958.988904][ T8803] Node 0 Normal: 868*4kB (UME) 302*8kB (ME) 93*16kB (ME) 21*32kB (ME) 2*64kB (UM) 0*128kB 0*256kB 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 8688kB [ 2959.003951][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2959.012503][T21547] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2959.021120][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2959.060306][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2959.101424][ T8803] Node 1 Normal: 41*4kB (ME) 37*8kB (UME) 40*16kB (UME) 32*32kB (UME) 27*64kB (UME) 18*128kB (ME) 10*256kB (M) 7*512kB (UM) 5*1024kB (ME) 2*2048kB (M) 6*4096kB (U) = 46092kB [ 2959.118698][ T8803] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2959.128294][ T8803] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2959.137595][ T8803] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2959.147107][ T8803] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2959.156364][ T8803] 7226 total pagecache pages [ 2959.160999][ T8803] 0 pages in swap cache [ 2959.165198][ T8803] Swap cache stats: add 0, delete 0, find 0/0 [ 2959.171229][ T8803] Free swap = 0kB [ 2959.174908][ T8803] Total swap = 0kB [ 2959.178587][ T8803] 1965979 pages RAM [ 2959.182363][ T8803] 0 pages HighMem/MovableOnly [ 2959.187010][ T8803] 83163 pages reserved [ 2959.191053][ T8803] 0 pages cma reserved [ 2959.195084][ T8803] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.1,pid=4561,uid=0 [ 2959.209280][ T8803] Out of memory: Killed process 4561 (syz-executor.1) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2959.226238][ T1931] oom_reaper: reaped process 4561 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2959.630239][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2959.633253][ T8250] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2959.650440][ T8250] CPU: 1 PID: 8250 Comm: in:imklog Not tainted 5.8.0-rc7-syzkaller #0 [ 2959.658564][ T8250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2959.668622][ T8250] Call Trace: [ 2959.671884][ T8250] dump_stack+0x10f/0x19d [ 2959.676187][ T8250] dump_header+0x8e/0x400 [ 2959.680495][ T8250] oom_kill_process+0x18d/0x3f0 [ 2959.685315][ T8250] out_of_memory+0x5bd/0x880 [ 2959.689877][ T8250] ? get_page_from_freelist+0x127/0x3c0 [ 2959.695395][ T8250] __alloc_pages_slowpath+0x742/0x970 [ 2959.700730][ T8250] __alloc_pages_nodemask+0x235/0x390 [ 2959.706063][ T8250] alloc_pages_current+0x21d/0x310 [ 2959.711137][ T8250] __page_cache_alloc+0x4f/0x120 [ 2959.716034][ T8250] pagecache_get_page+0x494/0x8b0 [ 2959.721082][ T8250] ? __do_page_cache_readahead+0x96/0xb0 [ 2959.726677][ T8250] filemap_fault+0xba4/0x11e0 [ 2959.731331][ T8250] ext4_filemap_fault+0x4b/0x60 [ 2959.736145][ T8250] do_read_fault+0x41f/0x730 [ 2959.740700][ T8250] handle_mm_fault+0x135d/0x1930 [ 2959.745658][ T8250] do_user_addr_fault+0x393/0x810 [ 2959.750699][ T8250] exc_page_fault+0xb8/0x330 [ 2959.755252][ T8250] ? asm_exc_page_fault+0x8/0x30 [ 2959.760189][ T8250] asm_exc_page_fault+0x1e/0x30 [ 2959.765000][ T8250] RIP: 0033:0x7f2a5dc4d211 [ 2959.769384][ T8250] Code: Bad RIP value. [ 2959.773411][ T8250] RSP: 002b:00007f2a5c584960 EFLAGS: 00010283 [ 2959.779498][ T8250] RAX: ffffffffffffff38 RBX: 0000000000000000 RCX: 0000000000000030 [ 2959.787489][ T8250] RDX: 000000000000000a RSI: 00007f2a5dd62940 RDI: 00007f2a5c584c70 [ 2959.795421][ T8250] RBP: 00007f2a5c5850a0 R08: 00007f2a5dfb0400 R09: 00007f2a5dd78fe9 [ 2959.803354][ T8250] R10: 0000000000000000 R11: ffffffffffffff48 R12: 00007f2a5c584c70 [ 2959.811320][ T8250] R13: 00007f2a5c584c70 R14: 0000000000000000 R15: 0000000000000001 [ 2959.831626][ T8250] Mem-Info: [ 2959.834737][ T8250] active_anon:203418 inactive_anon:6938 isolated_anon:0 [ 2959.834737][ T8250] active_file:14 inactive_file:20 isolated_file:29 [ 2959.834737][ T8250] unevictable:11 dirty:4 writeback:0 [ 2959.834737][ T8250] slab_reclaimable:7495 slab_unreclaimable:25548 [ 2959.834737][ T8250] mapped:55247 shmem:7148 pagetables:4162 bounce:0 [ 2959.834737][ T8250] free:26547 free_pcp:163 free_cma:0 [ 2959.871391][ T8250] Node 0 active_anon:813164kB inactive_anon:27744kB active_file:52kB inactive_file:84kB unevictable:44kB isolated(anon):0kB isolated(file):116kB mapped:220988kB dirty:12kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 540672kB writeback_tmp:0kB all_unreclaimable? yes [ 2959.899142][ T8250] Node 1 active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2959.924582][ T8250] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2959.953675][ T8250] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2959.959442][ T8250] Node 0 DMA32 free:37544kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:498880kB inactive_anon:8kB active_file:0kB inactive_file:316kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2072kB pagetables:9704kB bounce:0kB free_pcp:164kB local_pcp:152kB free_cma:0kB [ 2959.990940][ T8250] lowmem_reserve[]: 0 0 707 707 707 [ 2959.996201][ T8250] Node 0 Normal free:8640kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:314376kB inactive_anon:27736kB active_file:0kB inactive_file:0kB unevictable:44kB writepending:12kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4128kB pagetables:6924kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2960.027355][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2960.032433][ T8250] Node 1 Normal free:46092kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2960.062810][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2960.067450][ T8250] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2960.080449][ T8250] Node 0 DMA32: 115*4kB (UME) 823*8kB (UME) 432*16kB (ME) 172*32kB (UM) 40*64kB (UM) 3*128kB (UM) 1*256kB (U) 2*512kB (UM) 0*1024kB 7*2048kB (M) 0*4096kB = 38020kB [ 2960.096843][ T8250] Node 0 Normal: 821*4kB (UME) 306*8kB (UME) 94*16kB (UME) 21*32kB (ME) 4*64kB (UM) 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8548kB [ 2960.112195][ T8250] Node 1 Normal: 41*4kB (ME) 37*8kB (UME) 40*16kB (UME) 32*32kB (UME) 27*64kB (UME) 18*128kB (ME) 10*256kB (M) 7*512kB (UM) 5*1024kB (ME) 2*2048kB (M) 6*4096kB (U) = 46092kB [ 2960.129493][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2960.139726][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2960.151078][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2960.160359][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2960.169866][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2960.180875][ T8250] 7180 total pagecache pages [ 2960.185435][ T8250] 0 pages in swap cache [ 2960.189599][ T8250] Swap cache stats: add 0, delete 0, find 0/0 [ 2960.195696][ T8250] Free swap = 0kB [ 2960.199382][ T8250] Total swap = 0kB [ 2960.203122][ T8250] 1965979 pages RAM [ 2960.206901][ T8250] 0 pages HighMem/MovableOnly [ 2960.211652][ T8250] 83163 pages reserved [ 2960.215761][ T8250] 0 pages cma reserved [ 2960.219796][ T8250] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.5,pid=32463,uid=0 [ 2960.234085][ T8250] Out of memory: Killed process 32463 (syz-executor.5) total-vm:74976kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2960.250614][ T1931] oom_reaper: reaped process 32463 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2960.536261][ T5038] systemd-udevd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=-1000 [ 2960.576211][ T5038] CPU: 0 PID: 5038 Comm: systemd-udevd Not tainted 5.8.0-rc7-syzkaller #0 [ 2960.584688][ T5038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2960.594719][ T5038] Call Trace: [ 2960.597978][ T5038] dump_stack+0x10f/0x19d [ 2960.602352][ T5038] dump_header+0x8e/0x400 [ 2960.606652][ T5038] oom_kill_process+0x18d/0x3f0 [ 2960.611479][ T5038] out_of_memory+0x5bd/0x880 [ 2960.616042][ T5038] ? get_page_from_freelist+0x127/0x3c0 [ 2960.621595][ T5038] __alloc_pages_slowpath+0x742/0x970 [ 2960.626940][ T5038] __alloc_pages_nodemask+0x235/0x390 [ 2960.632285][ T5038] alloc_pages_current+0x21d/0x310 [ 2960.637374][ T5038] __page_cache_alloc+0x4f/0x120 [ 2960.642288][ T5038] pagecache_get_page+0x494/0x8b0 [ 2960.647307][ T5038] ? __do_page_cache_readahead+0x96/0xb0 [ 2960.652909][ T5038] filemap_fault+0xba4/0x11e0 [ 2960.657564][ T5038] ext4_filemap_fault+0x4b/0x60 [ 2960.662406][ T5038] do_read_fault+0x41f/0x730 [ 2960.666995][ T5038] handle_mm_fault+0x135d/0x1930 [ 2960.671959][ T5038] do_user_addr_fault+0x393/0x810 [ 2960.676973][ T5038] exc_page_fault+0xb8/0x330 [ 2960.681619][ T5038] ? asm_exc_page_fault+0x8/0x30 [ 2960.686534][ T5038] asm_exc_page_fault+0x1e/0x30 [ 2960.691364][ T5038] RIP: 0033:0x556a8cb043c0 [ 2960.695783][ T5038] Code: Bad RIP value. [ 2960.699831][ T5038] RSP: 002b:00007ffeb7fc73f8 EFLAGS: 00010202 [ 2960.705865][ T5038] RAX: 0000556a8cb49990 RBX: 0000556a8d5c5138 RCX: 0000000000000020 [ 2960.713862][ T5038] RDX: 0000000000000000 RSI: 0000556a8d5c5148 RDI: 00007ffeb7fc7400 [ 2960.721808][ T5038] RBP: 0000000000000005 R08: 0000000000000018 R09: 0000000000000018 [ 2960.729754][ T5038] R10: 0000000000000000 R11: 0000556a8d5694d0 R12: 0000556a8d569410 [ 2960.737698][ T5038] R13: 0000556a8d5695c0 R14: 0000556a8cb479a0 R15: 0000000000000000 [ 2960.785059][ T5038] Mem-Info: [ 2960.788248][ T5038] active_anon:202874 inactive_anon:6938 isolated_anon:0 [ 2960.788248][ T5038] active_file:15 inactive_file:0 isolated_file:0 [ 2960.788248][ T5038] unevictable:11 dirty:0 writeback:0 [ 2960.788248][ T5038] slab_reclaimable:7495 slab_unreclaimable:25523 [ 2960.788248][ T5038] mapped:55247 shmem:7148 pagetables:4161 bounce:0 [ 2960.788248][ T5038] free:26631 free_pcp:0 free_cma:0 [ 2960.971136][ T5038] Node 0 active_anon:810988kB inactive_anon:27744kB active_file:176kB inactive_file:12kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220988kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 538624kB writeback_tmp:0kB all_unreclaimable? yes [ 2961.054415][ T5038] Node 1 active_anon:508kB inactive_anon:8kB active_file:12kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2961.079989][ T5038] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2961.108930][ T5038] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2961.114644][ T5038] Node 0 DMA32 free:38104kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:496832kB inactive_anon:8kB active_file:24kB inactive_file:20kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2056kB pagetables:9604kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2961.145717][ T5038] lowmem_reserve[]: 0 0 707 707 707 [ 2961.151026][ T5038] Node 0 Normal free:8496kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:314128kB inactive_anon:27736kB active_file:0kB inactive_file:112kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4128kB pagetables:6916kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2961.193880][ T5038] lowmem_reserve[]: 0 0 0 0 0 [ 2961.199051][ T5038] Node 1 Normal free:46092kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:4kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2961.232732][ T5038] lowmem_reserve[]: 0 0 0 0 0 [ 2961.237385][ T5038] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2961.250328][ T5038] Node 0 DMA32: 76*4kB (UME) 801*8kB (UME) 432*16kB (ME) 171*32kB (M) 39*64kB (M) 3*128kB (UM) 1*256kB (U) 2*512kB (UM) 0*1024kB 7*2048kB (M) 0*4096kB = 37592kB [ 2961.266429][ T5038] Node 0 Normal: 897*4kB (UME) 307*8kB (UME) 95*16kB (ME) 24*32kB (UME) 1*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8780kB [ 2961.281836][ T5038] Node 1 Normal: 41*4kB (ME) 37*8kB (UME) 40*16kB (UME) 32*32kB (UME) 27*64kB (UME) 18*128kB (ME) 10*256kB (M) 7*512kB (UM) 5*1024kB (ME) 2*2048kB (M) 6*4096kB (U) = 46092kB [ 2961.299026][ T5038] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2961.308641][ T5038] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2961.317892][ T5038] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2961.327406][ T5038] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2961.336663][ T5038] 7178 total pagecache pages [ 2961.341362][ T5038] 0 pages in swap cache [ 2961.345480][ T5038] Swap cache stats: add 0, delete 0, find 0/0 [ 2961.351721][ T5038] Free swap = 0kB [ 2961.355421][ T5038] Total swap = 0kB [ 2961.359100][ T5038] 1965979 pages RAM [ 2961.362902][ T5038] 0 pages HighMem/MovableOnly [ 2961.367546][ T5038] 83163 pages reserved [ 2961.371593][ T5038] 0 pages cma reserved [ 2961.375630][ T5038] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.5,pid=23804,uid=0 [ 2961.389863][ T5038] Out of memory: Killed process 23804 (syz-executor.5) total-vm:74976kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2961.802691][ T8626] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2961.814678][ T8626] CPU: 0 PID: 8626 Comm: syz-fuzzer Not tainted 5.8.0-rc7-syzkaller #0 [ 2961.822882][ T8626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2961.832906][ T8626] Call Trace: [ 2961.836167][ T8626] dump_stack+0x10f/0x19d [ 2961.840492][ T8626] dump_header+0x8e/0x400 [ 2961.844813][ T8626] oom_kill_process+0x18d/0x3f0 [ 2961.849636][ T8626] out_of_memory+0x5bd/0x880 [ 2961.854205][ T8626] ? get_page_from_freelist+0x127/0x3c0 [ 2961.859725][ T8626] __alloc_pages_slowpath+0x742/0x970 [ 2961.865087][ T8626] __alloc_pages_nodemask+0x235/0x390 [ 2961.870514][ T8626] alloc_pages_current+0x21d/0x310 [ 2961.875593][ T8626] __page_cache_alloc+0x4f/0x120 [ 2961.880501][ T8626] pagecache_get_page+0x494/0x8b0 [ 2961.885494][ T8626] ? __do_page_cache_readahead+0x96/0xb0 [ 2961.891101][ T8626] filemap_fault+0xba4/0x11e0 [ 2961.895752][ T8626] ext4_filemap_fault+0x4b/0x60 [ 2961.900574][ T8626] do_read_fault+0x41f/0x730 [ 2961.905133][ T8626] handle_mm_fault+0x135d/0x1930 [ 2961.910047][ T8626] do_user_addr_fault+0x393/0x810 [ 2961.915041][ T8626] exc_page_fault+0xb8/0x330 [ 2961.919678][ T8626] ? asm_exc_page_fault+0x8/0x30 [ 2961.924585][ T8626] asm_exc_page_fault+0x1e/0x30 [ 2961.929417][ T8626] RIP: 0033:0x4561b0 [ 2961.933285][ T8626] Code: Bad RIP value. [ 2961.937316][ T8626] RSP: 002b:000000c00004df30 EFLAGS: 00010206 [ 2961.943412][ T8626] RAX: 000002b19f61c1f0 RBX: 000000c00003e000 RCX: 0000000000000b91 [ 2961.951355][ T8626] RDX: 00000000360757f0 RSI: 000000c00004df10 RDI: 00000000360757f0 [ 2961.959304][ T8626] RBP: 000000c00004dfa0 R08: 00000633ffbd718a R09: 00007ffebadc4080 [ 2961.967249][ T8626] R10: 0000000000000010 R11: 00007ffebadc40b8 R12: 0000000000439470 [ 2961.975192][ T8626] R13: 0000000000000000 R14: 0000000000accd54 R15: 0000000000000000 [ 2962.055902][ T8626] Mem-Info: [ 2962.059104][ T8626] active_anon:202321 inactive_anon:6938 isolated_anon:0 [ 2962.059104][ T8626] active_file:0 inactive_file:30 isolated_file:0 [ 2962.059104][ T8626] unevictable:11 dirty:0 writeback:0 [ 2962.059104][ T8626] slab_reclaimable:7491 slab_unreclaimable:25519 [ 2962.059104][ T8626] mapped:55222 shmem:7148 pagetables:4109 bounce:0 [ 2962.059104][ T8626] free:26607 free_pcp:0 free_cma:0 [ 2962.096393][ T8626] Node 0 active_anon:808776kB inactive_anon:27744kB active_file:0kB inactive_file:120kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220888kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 534528kB writeback_tmp:0kB all_unreclaimable? yes [ 2962.124841][ T8626] Node 1 active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2962.150351][ T8626] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2962.190100][T30179] net_ratelimit: 1 callbacks suppressed [ 2962.190104][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2962.204840][ T8626] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2962.210552][ T8626] Node 0 DMA32 free:37452kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:494784kB inactive_anon:8kB active_file:32kB inactive_file:76kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2040kB pagetables:9528kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2962.243194][ T8626] lowmem_reserve[]: 0 0 707 707 707 [ 2962.248368][ T8626] Node 0 Normal free:8476kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:313992kB inactive_anon:27736kB active_file:20kB inactive_file:4kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4128kB pagetables:6888kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2962.309922][ T8626] lowmem_reserve[]: 0 0 0 0 0 [ 2962.314685][ T8626] Node 1 Normal free:46096kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2962.473412][ T8626] lowmem_reserve[]: 0 0 0 0 0 [ 2962.478164][ T8626] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2962.548291][ T8626] Node 0 DMA32: 85*4kB (UME) 826*8kB (ME) 433*16kB (UME) 171*32kB (M) 39*64kB (M) 2*128kB (M) 0*256kB 1*512kB (M) 1*1024kB (U) 7*2048kB (M) 0*4096kB = 37972kB [ 2962.634846][ T8626] Node 0 Normal: 941*4kB (UME) 310*8kB (UME) 95*16kB (ME) 23*32kB (UME) 1*64kB (M) 1*128kB (U) 1*256kB (U) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8948kB [ 2962.669976][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2962.716988][ T8626] Node 1 Normal: 42*4kB (UME) 37*8kB (UME) 40*16kB (UME) 32*32kB (UME) 27*64kB (UME) 18*128kB (ME) 10*256kB (M) 7*512kB (UM) 5*1024kB (ME) 2*2048kB (M) 6*4096kB (U) = 46096kB [ 2962.811950][ T8626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2962.860218][ T8626] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2962.869503][ T8626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2962.957567][ T8626] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2963.011256][ T8626] 7176 total pagecache pages [ 2963.015927][ T8626] 0 pages in swap cache [ 2963.058230][ T8626] Swap cache stats: add 0, delete 0, find 0/0 [ 2963.084615][ T8626] Free swap = 0kB [ 2963.088351][ T8626] Total swap = 0kB [ 2963.092461][ T8626] 1965979 pages RAM [ 2963.096668][ T8626] 0 pages HighMem/MovableOnly [ 2963.104249][ T8626] 83163 pages reserved [ 2963.108290][ T8626] 0 pages cma reserved [ 2963.112383][ T8626] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.5,pid=13154,uid=0 [ 2963.127924][ T8626] Out of memory: Killed process 13154 (syz-executor.5) total-vm:74976kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2963.146726][ T1931] oom_reaper: reaped process 13154 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 2963.250230][T24244] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2963.407550][ T1931] oom_reaper: reaped process 6765 (syz-executor.2), now anon-rss:0kB, file-rss:34752kB, shmem-rss:0kB [ 2963.444695][ T6828] systemd-udevd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2963.461405][ T6828] CPU: 1 PID: 6828 Comm: systemd-udevd Not tainted 5.8.0-rc7-syzkaller #0 [ 2963.469931][ T6828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2963.479992][ T6828] Call Trace: [ 2963.483261][ T6828] dump_stack+0x10f/0x19d [ 2963.487573][ T6828] dump_header+0x8e/0x400 [ 2963.491876][ T6828] oom_kill_process+0x18d/0x3f0 [ 2963.496697][ T6828] out_of_memory+0x5bd/0x880 [ 2963.501257][ T6828] ? get_page_from_freelist+0x127/0x3c0 [ 2963.506767][ T6828] __alloc_pages_slowpath+0x742/0x970 [ 2963.512104][ T6828] __alloc_pages_nodemask+0x235/0x390 [ 2963.517443][ T6828] alloc_pages_current+0x21d/0x310 [ 2963.522514][ T6828] __page_cache_alloc+0x4f/0x120 [ 2963.527431][ T6828] pagecache_get_page+0x494/0x8b0 [ 2963.532417][ T6828] ? __do_page_cache_readahead+0x96/0xb0 [ 2963.538014][ T6828] filemap_fault+0xba4/0x11e0 [ 2963.542657][ T6828] ext4_filemap_fault+0x4b/0x60 [ 2963.547479][ T6828] do_read_fault+0x41f/0x730 [ 2963.552047][ T6828] handle_mm_fault+0x135d/0x1930 [ 2963.556948][ T6828] do_user_addr_fault+0x393/0x810 [ 2963.561940][ T6828] exc_page_fault+0xb8/0x330 [ 2963.566496][ T6828] ? asm_exc_page_fault+0x8/0x30 [ 2963.571396][ T6828] asm_exc_page_fault+0x1e/0x30 [ 2963.576251][ T6828] RIP: 0033:0x556a8cae19b0 [ 2963.580636][ T6828] Code: Bad RIP value. [ 2963.584703][ T6828] RSP: 002b:00007ffeb7fc6ee8 EFLAGS: 00010212 [ 2963.590741][ T6828] RAX: 0000000000000000 RBX: 0000556a8d568b14 RCX: 0000000000000073 [ 2963.598684][ T6828] RDX: 0000000000000003 RSI: 0000556a8cb2367b RDI: 0000556a8d568b14 [ 2963.606617][ T6828] RBP: 0000556a8cb24292 R08: 0000556a8cb2428f R09: 00000000000001c8 [ 2963.614550][ T6828] R10: 0000556a8cb23d0c R11: 00007f9027c02060 R12: 0000000000000003 [ 2963.622484][ T6828] R13: 0000556a8cb2367b R14: 0000000000000003 R15: 000000000000000e [ 2963.636024][ T6828] Mem-Info: [ 2963.639135][ T6828] active_anon:201241 inactive_anon:6938 isolated_anon:0 [ 2963.639135][ T6828] active_file:57 inactive_file:0 isolated_file:0 [ 2963.639135][ T6828] unevictable:11 dirty:0 writeback:0 [ 2963.639135][ T6828] slab_reclaimable:7491 slab_unreclaimable:25514 [ 2963.639135][ T6828] mapped:55246 shmem:7148 pagetables:4109 bounce:0 [ 2963.639135][ T6828] free:16301 free_pcp:284 free_cma:0 [ 2963.657254][ T6765] warn_alloc: 1 callbacks suppressed [ 2963.657266][ T6765] syz-executor.2: vmalloc: allocation failure, allocated 2517053440 of 3724722176 bytes, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 2963.680886][ T6828] Node 0 active_anon:804456kB inactive_anon:27744kB active_file:136kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220984kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 534528kB writeback_tmp:0kB all_unreclaimable? yes [ 2963.715957][ T6765] CPU: 0 PID: 6765 Comm: syz-executor.2 Not tainted 5.8.0-rc7-syzkaller #0 [ 2963.730857][ T6828] Node 1 active_anon:508kB inactive_anon:8kB active_file:92kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2963.733342][ T6765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2963.764549][ T6828] Node 0 DMA free:14324kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2963.768908][ T6765] Call Trace: [ 2963.801144][ T6765] dump_stack+0x10f/0x19d [ 2963.803901][ T6828] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2963.805450][ T6765] warn_alloc+0x105/0x160 [ 2963.811138][ T6828] Node 0 DMA32 free:21632kB min:41072kB low:49804kB high:58536kB reserved_highatomic:0KB active_anon:492736kB inactive_anon:8kB active_file:24kB inactive_file:44kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2040kB pagetables:9528kB bounce:0kB free_pcp:288kB local_pcp:28kB free_cma:0kB [ 2963.815428][ T6765] __vmalloc_node_range+0x458/0x530 [ 2963.851889][ T6828] lowmem_reserve[]: 0 0 707 707 707 [ 2963.851970][ T6765] vmalloc_user+0x55/0x60 [ 2963.857120][ T6828] Node 0 Normal free:6336kB min:14812kB low:16976kB high:19140kB reserved_highatomic:0KB active_anon:311728kB inactive_anon:27736kB active_file:20kB inactive_file:8kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4128kB pagetables:6888kB bounce:0kB free_pcp:600kB local_pcp:248kB free_cma:0kB [ 2963.861421][ T6765] ? vb2_vmalloc_alloc+0x8f/0x120 [ 2963.861432][ T6765] vb2_vmalloc_alloc+0x8f/0x120 [ 2963.861503][ T6765] ? tsan.module_ctor+0x10/0x10 [ 2963.897997][ T6828] lowmem_reserve[]: 0 0 0 0 0 [ 2963.898096][ T6765] __vb2_queue_alloc+0x4fe/0xaf0 [ 2963.902914][ T6828] Node 1 Normal free:22912kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:508kB inactive_anon:8kB active_file:92kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:20kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 2963.907801][ T6765] vb2_core_create_bufs+0x334/0x570 [ 2963.916955][ T6828] lowmem_reserve[]: 0 0 0 0 0 [ 2963.917343][ T6765] vb2_create_bufs+0x419/0x560 [ 2963.953363][ T6828] Node 0 DMA: 1*4kB (U) 0*8kB 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14324kB [ 2963.957731][ T6765] vb2_ioctl_create_bufs+0x2b3/0x310 [ 2963.962464][ T6828] Node 0 DMA32: 74*4kB (ME) 819*8kB (UME) 430*16kB (UME) 169*32kB (UM) 39*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 21632kB [ 2963.977439][ T6765] v4l_create_bufs+0x15e/0x1b0 [ 2963.977450][ T6765] __video_do_ioctl+0x65b/0x870 [ 2963.977463][ T6765] ? __video_do_ioctl+0x2e1/0x870 [ 2963.987976][ T6828] Node 0 Normal: 674*4kB (UME) 237*8kB (UME) 77*16kB (UME) 16*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 6336kB [ 2963.997332][ T6765] ? __check_object_size+0x253/0x310 [ 2963.997341][ T6765] video_usercopy+0x6da/0xfc0 [ 2963.997350][ T6765] ? video_ioctl2+0x30/0x30 [ 2963.997366][ T6765] ? putname+0xa5/0xc0 [ 2964.007587][ T6828] Node 1 Normal: 42*4kB (UME) 37*8kB (UME) 39*16kB (ME) 32*32kB (UME) 27*64kB (UME) 19*128kB (UME) 11*256kB (UM) 7*512kB (UM) 6*1024kB (UME) 2*2048kB (M) 0*4096kB = 22912kB [ 2964.011895][ T6765] ? do_vfs_ioctl+0x4f1/0xec0 [ 2964.011948][ T6765] video_ioctl2+0x25/0x30 [ 2964.012032][ T6765] ? video_usercopy+0xfc0/0xfc0 [ 2964.031488][ T6828] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2964.035951][ T6765] v4l2_ioctl+0xc2/0xd0 [ 2964.044003][ T6828] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2964.044455][ T6765] ? v4l2_poll+0x150/0x150 [ 2964.066666][ T6828] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2964.070502][ T6765] __se_sys_ioctl+0xc9/0x130 [ 2964.070580][ T6765] __x64_sys_ioctl+0x3f/0x50 [ 2964.070593][ T6765] do_syscall_64+0x51/0xb0 [ 2964.075469][ T6828] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2964.084969][ T6765] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 2964.084976][ T6765] RIP: 0033:0x45c369 [ 2964.084994][ T6765] Code: Bad RIP value. [ 2964.084998][ T6765] RSP: 002b:00007f6618d9ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2964.093943][ T6828] 7197 total pagecache pages [ 2964.098390][ T6765] RAX: ffffffffffffffda RBX: 0000000000019f40 RCX: 000000000045c369 [ 2964.103396][ T6828] 0 pages in swap cache [ 2964.112267][ T6765] RDX: 00000000200001c0 RSI: 00000000c100565c RDI: 0000000000000003 [ 2964.112329][ T6765] RBP: 000000000078bf40 R08: 0000000000000000 R09: 0000000000000000 [ 2964.112338][ T6765] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000078bf0c [ 2964.118905][ T6828] Swap cache stats: add 0, delete 0, find 0/0 [ 2964.121442][ T6765] R13: 00007ffec3ff7cbf R14: 00007f6618d9f9c0 R15: 000000000078bf0c [ 2964.140614][ T6765] Mem-Info: [ 2964.146556][ T6828] Free swap = 0kB [ 2964.148954][ T6765] active_anon:201236 inactive_anon:6938 isolated_anon:0 [ 2964.148954][ T6765] active_file:15 inactive_file:11 isolated_file:0 [ 2964.148954][ T6765] unevictable:11 dirty:0 writeback:0 [ 2964.148954][ T6765] slab_reclaimable:7491 slab_unreclaimable:25514 [ 2964.148954][ T6765] mapped:55222 shmem:7148 pagetables:4082 bounce:0 [ 2964.148954][ T6765] free:16301 free_pcp:305 free_cma:0 [ 2964.157278][ T6828] Total swap = 0kB [ 2964.157282][ T6828] 1965979 pages RAM [ 2964.157289][ T6828] 0 pages HighMem/MovableOnly [ 2964.181575][ T6765] Node 0 active_anon:804436kB inactive_anon:27744kB active_file:56kB inactive_file:44kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220888kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 530432kB writeback_tmp:0kB all_unreclaimable? yes [ 2964.187449][ T6828] 83163 pages reserved [ 2964.209169][ T6765] Node 1 active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2964.216983][ T6828] 0 pages cma reserved [ 2964.229570][ T6765] Node 0 DMA free:14324kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2964.260503][ T6828] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.5,pid=10043,uid=0 [ 2964.275882][ T6765] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2964.302495][ T6828] Out of memory: Killed process 10043 (syz-executor.5) total-vm:74976kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2964.326830][ T6765] Node 0 DMA32 free:21632kB min:41072kB low:49804kB high:58536kB reserved_highatomic:0KB active_anon:492724kB inactive_anon:8kB active_file:40kB inactive_file:16kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2024kB pagetables:9424kB bounce:0kB free_pcp:344kB local_pcp:288kB free_cma:0kB [ 2964.334847][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2964.360317][ T6765] lowmem_reserve[]: 0 0 707 707 707 [ 2964.443044][ T6828] systemd-udevd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2964.453975][ T6828] CPU: 0 PID: 6828 Comm: systemd-udevd Not tainted 5.8.0-rc7-syzkaller #0 [ 2964.462435][ T6828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2964.472457][ T6828] Call Trace: [ 2964.475747][ T6828] dump_stack+0x10f/0x19d [ 2964.480051][ T6828] dump_header+0x8e/0x400 [ 2964.484396][ T6828] oom_kill_process+0x18d/0x3f0 [ 2964.489249][ T6828] out_of_memory+0x5bd/0x880 [ 2964.493885][ T6828] ? get_page_from_freelist+0x127/0x3c0 [ 2964.499404][ T6828] __alloc_pages_slowpath+0x742/0x970 [ 2964.504788][ T6828] __alloc_pages_nodemask+0x235/0x390 [ 2964.510136][ T6828] alloc_pages_current+0x21d/0x310 [ 2964.515270][ T6828] __page_cache_alloc+0x4f/0x120 [ 2964.520178][ T6828] pagecache_get_page+0x494/0x8b0 [ 2964.525173][ T6828] ? __do_page_cache_readahead+0x96/0xb0 [ 2964.530788][ T6828] filemap_fault+0xba4/0x11e0 [ 2964.535573][ T6828] ext4_filemap_fault+0x4b/0x60 [ 2964.540392][ T6828] do_read_fault+0x41f/0x730 [ 2964.544957][ T6828] handle_mm_fault+0x135d/0x1930 [ 2964.549870][ T6828] do_user_addr_fault+0x393/0x810 [ 2964.554868][ T6828] exc_page_fault+0xb8/0x330 [ 2964.559425][ T6828] ? asm_exc_page_fault+0x8/0x30 [ 2964.564334][ T6828] asm_exc_page_fault+0x1e/0x30 [ 2964.569153][ T6828] RIP: 0033:0x556a8cae19b0 [ 2964.573545][ T6828] Code: Bad RIP value. [ 2964.577580][ T6828] RSP: 002b:00007ffeb7fc6ee8 EFLAGS: 00010212 [ 2964.583617][ T6828] RAX: 0000000000000000 RBX: 0000556a8d568b14 RCX: 0000000000000073 [ 2964.591575][ T6828] RDX: 0000000000000003 RSI: 0000556a8cb2367b RDI: 0000556a8d568b14 [ 2964.599528][ T6828] RBP: 0000556a8cb24292 R08: 0000556a8cb2428f R09: 00000000000001c8 [ 2964.607465][ T6828] R10: 0000556a8cb23d0c R11: 00007f9027c02060 R12: 0000000000000003 [ 2964.615402][ T6828] R13: 0000556a8cb2367b R14: 0000000000000003 R15: 000000000000000e [ 2964.630504][ T6765] Node 0 Normal free:6744kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:311644kB inactive_anon:27736kB active_file:16kB inactive_file:28kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4128kB pagetables:6884kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2964.662549][ T6765] lowmem_reserve[]: 0 0 0 0 0 [ 2964.667208][ T6765] Node 1 Normal free:23112kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:20kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2964.701414][ T6765] lowmem_reserve[]: 0 0 0 0 0 [ 2964.706117][ T6765] Node 0 DMA: 1*4kB (U) 0*8kB 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14324kB [ 2964.728159][ T6765] Node 0 DMA32: 114*4kB (UME) 834*8kB (UME) 432*16kB (UME) 170*32kB (UM) 39*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 24152kB [ 2964.752128][ T6765] Node 0 Normal: 793*4kB (UME) 247*8kB (UME) 82*16kB (UME) 21*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7132kB [ 2964.769518][ T6765] Node 1 Normal: 42*4kB (UME) 36*8kB (ME) 39*16kB (ME) 32*32kB (UME) 27*64kB (UME) 19*128kB (UME) 10*256kB (M) 6*512kB (M) 5*1024kB (ME) 3*2048kB (UM) 0*4096kB = 23160kB [ 2964.789757][ T6828] Mem-Info: [ 2964.792935][ T6828] active_anon:200702 inactive_anon:6938 isolated_anon:0 [ 2964.792935][ T6828] active_file:37 inactive_file:0 isolated_file:0 [ 2964.792935][ T6828] unevictable:11 dirty:0 writeback:0 [ 2964.792935][ T6828] slab_reclaimable:7491 slab_unreclaimable:25514 [ 2964.792935][ T6828] mapped:55222 shmem:7148 pagetables:4045 bounce:0 [ 2964.792935][ T6828] free:17002 free_pcp:0 free_cma:0 [ 2964.829031][ T6765] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2964.838708][ T6765] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2964.847963][ T6765] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2964.858364][ T6765] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2964.867691][ T6828] Node 0 active_anon:802300kB inactive_anon:27744kB active_file:144kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:220888kB dirty:0kB writeback:0kB shmem:28584kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 530432kB writeback_tmp:0kB all_unreclaimable? yes [ 2964.895179][ T6765] 7174 total pagecache pages [ 2964.899754][ T6765] 0 pages in swap cache [ 2964.903884][ T6765] Swap cache stats: add 0, delete 0, find 0/0 [ 2964.910222][T21547] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2964.910777][ T6765] Free swap = 0kB [ 2964.922543][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2964.931194][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2964.934039][ T6828] Node 1 active_anon:508kB inactive_anon:8kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:8kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2964.965789][ T6765] Total swap = 0kB [ 2964.969478][ T6765] 1965979 pages RAM [ 2964.974435][ T6765] 0 pages HighMem/MovableOnly [ 2964.979150][ T6765] 83163 pages reserved [ 2964.985723][ T6765] 0 pages cma reserved [ 2965.003008][ T6828] Node 0 DMA free:14324kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2965.059836][ T6828] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2965.066147][ T6828] Node 0 DMA32 free:23864kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:490676kB inactive_anon:8kB active_file:0kB inactive_file:84kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2024kB pagetables:9324kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2965.129699][ T6828] lowmem_reserve[]: 0 0 707 707 707 [ 2965.134882][ T6828] Node 0 Normal free:7132kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:311596kB inactive_anon:27736kB active_file:24kB inactive_file:16kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4112kB pagetables:6880kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB 07:03:57 executing program 1: r0 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000380)='/dev/vhci\x00', 0x2a402) write$vhci(r0, &(0x7f0000000000)=@HCI_VENDOR_PKT, 0x2) bind$bt_hci(0xffffffffffffffff, &(0x7f00000000c0)={0x1f, 0x3}, 0x6) 07:03:57 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x15c, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb042"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 07:03:57 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) [ 2965.219720][ T6828] lowmem_reserve[]: 0 0 0 0 0 [ 2965.224507][ T6828] Node 1 Normal free:540212kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:908kB inactive_anon:8kB active_file:204kB inactive_file:10720kB unevictable:0kB writepending:444kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:40kB pagetables:168kB bounce:0kB free_pcp:1440kB local_pcp:1272kB free_cma:0kB 07:03:57 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x14b, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd0"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2965.289787][ T6828] lowmem_reserve[]: 0 0 0 0 0 [ 2965.294451][ T6828] Node 0 DMA: 1*4kB (U) 0*8kB 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 1*256kB (U) 1*512kB (U) 1*1024kB (U) 2*2048kB (UM) 2*4096kB (M) = 14324kB [ 2965.342539][ T6828] Node 0 DMA32: 114*4kB (UME) 834*8kB (UME) 432*16kB (UME) 172*32kB (UM) 39*64kB (UM) 1*128kB (U) 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 0*4096kB = 24216kB 07:03:57 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x14b, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd0"}}], 0x1c) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2965.395613][ T6828] Node 0 Normal: 793*4kB (UME) 247*8kB (UME) 82*16kB (UME) 21*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7132kB [ 2965.451154][ T6828] Node 1 Normal: 6*4kB (UME) 6*8kB (UM) 8*16kB (UME) 9*32kB (UME) 10*64kB (UME) 18*128kB (UM) 19*256kB (U) 18*512kB (U) 16*1024kB (UE) 19*2048kB (UM) 215*4096kB (U) = 953448kB [ 2965.472226][ T6828] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2965.483230][ T6828] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2965.494344][ T6828] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2965.504420][ T6828] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2965.515805][ T6828] 11306 total pagecache pages [ 2965.520969][ T6828] 0 pages in swap cache [ 2965.525195][ T6828] Swap cache stats: add 0, delete 0, find 0/0 [ 2965.533009][ T6828] Free swap = 0kB [ 2965.537159][ T6828] Total swap = 0kB [ 2965.541117][ T6828] 1965979 pages RAM [ 2965.545009][ T6828] 0 pages HighMem/MovableOnly [ 2965.554386][ T6828] 83163 pages reserved [ 2965.558572][ T6828] 0 pages cma reserved [ 2965.562910][ T6828] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.3,pid=3134,uid=0 [ 2965.578458][ T6828] Out of memory: Killed process 3134 (syz-executor.3) total-vm:74976kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2965.709769][ T9218] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:03:57 executing program 4: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 07:03:57 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) [ 2966.039767][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:03:58 executing program 2: r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000001c0)={0x0, 0x4, 0x1, {0x1, @raw_data="8dbe1de5bef636482cd94438bf745fd543c8d48c66aa02de80fa60e8674369e5de70bc36ac9a2d44d20fb642cfbfc7639b1ab97ed33661e206e9546eb4b0daac9a57113103d1d521ebd8ea4ddc96af415027c66bc8262508b5d672bd3757a8a20d7e20b390668787e67d50c821def4822e520da38e81f8b92a082d8c230067b8cffb11e4e3b02ea46adf90cf28fc1c9db24ca741eabaedb97b27abb8516281afd0dace3552b3e8db414167da7b1fdd38bfcf771be3254c801a4c2fd3bfcf2b3e27850a0504b44dfc"}}) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 07:03:58 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 07:03:58 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x40}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000001980)={0x14, 0x0, &(0x7f0000001940)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) [ 2967.069614][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2967.309563][ T9218] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 2967.609525][ T9218] usb 4-1: device descriptor read/64, error 18 [ 2968.049489][ T9218] usb 4-1: device descriptor read/64, error 18 [ 2968.109519][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2968.119555][T26593] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog 07:04:00 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x15c, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd039b22c42008481594ccfc19cb5628cb042"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2968.330555][ T9218] usb 4-1: new high-speed USB device number 77 using dummy_hcd 07:04:00 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x0, 0x0, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x40) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x14b, &(0x7f0000000380)="f7f249b9740c9e02007f00000000000032a5b60a00008024c30e478947d190ac00000000000000000000000097ba4ecb40a2ee2e32a3b88aaf3c06f4970e85a63c9a4bf38a9aad9c9ba4c998db2f7155d302a7be122bb1609f8b0164eb12c07af20200169c864e1d5f8179cba2e431126de0594ce1487e311e84395a80adbe3e7f3622703c353de8e6928bfd5a5f2cc05e4b942d6ed155b67a555f4b2e2b0cd0e93e41c330f70401c1d96f546e65fab4fae51bb32a6f3ca61632d15b0c1cec89839cd7fe16d03af16efd5295d2eea42f3e25765b72b9727176c1966620ada4a27b28739a2eed558cee393ecaa3df004548e6f43be3f968529e96628cebee42b6fa46cb0b55a45cadf1f354a424830def8e07e2a29b11068c63cd93ad448a65b64680efd31f5171162879ecb8090d43afe3fff4ae9f7b26a14484d3848f385e0dd56aeec033921ab8521cd0"}}], 0x1c) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2968.629432][ T9218] usb 4-1: device descriptor read/64, error 18 [ 2968.749501][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2969.049397][ T9218] usb 4-1: device descriptor read/64, error 18 [ 2969.149453][T30179] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2969.169452][ T9218] usb usb4-port1: attempt power cycle [ 2969.909321][ T9218] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 2970.122222][T21814] syz-executor.3 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2970.134441][T21814] CPU: 0 PID: 21814 Comm: syz-executor.3 Not tainted 5.8.0-rc7-syzkaller #0 [ 2970.143181][T21814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2970.153204][T21814] Call Trace: [ 2970.156473][T21814] dump_stack+0x10f/0x19d [ 2970.160858][T21814] dump_header+0x8e/0x400 [ 2970.165236][T21814] oom_kill_process+0x18d/0x3f0 [ 2970.170063][T21814] out_of_memory+0x5bd/0x880 [ 2970.174632][T21814] ? get_page_from_freelist+0x127/0x3c0 [ 2970.180149][T21814] __alloc_pages_slowpath+0x742/0x970 [ 2970.185572][T21814] __alloc_pages_nodemask+0x235/0x390 [ 2970.189358][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2970.190917][T21814] alloc_pages_current+0x21d/0x310 [ 2970.204015][T21814] __page_cache_alloc+0x4f/0x120 [ 2970.208920][T21814] pagecache_get_page+0x494/0x8b0 [ 2970.213914][T21814] ? __do_page_cache_readahead+0x96/0xb0 [ 2970.219528][T21814] filemap_fault+0xba4/0x11e0 [ 2970.224179][T21814] ext4_filemap_fault+0x4b/0x60 [ 2970.229072][T21814] do_read_fault+0x41f/0x730 [ 2970.233630][T21814] handle_mm_fault+0x135d/0x1930 [ 2970.238535][T21814] do_user_addr_fault+0x393/0x810 [ 2970.243529][T21814] exc_page_fault+0xb8/0x330 [ 2970.248093][T21814] ? asm_exc_page_fault+0x8/0x30 [ 2970.253045][T21814] asm_exc_page_fault+0x1e/0x30 [ 2970.257867][T21814] RIP: 0033:0x45c324 [ 2970.261775][T21814] Code: Bad RIP value. [ 2970.265810][T21814] RSP: 002b:00007ffc1631cd10 EFLAGS: 00010217 [ 2970.271840][T21814] RAX: 0000000000000000 RBX: 00000000002d470d RCX: 000000000045a870 [ 2970.279784][T21814] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00007ffc1631cd10 [ 2970.287723][T21814] RBP: 0000000000000684 R08: 0000000000000001 R09: 0000000001c70940 [ 2970.295666][T21814] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 2970.303616][T21814] R13: 00007ffc1631cd60 R14: 00000000002d46e8 R15: 00007ffc1631cd70 [ 2970.321525][T21814] Mem-Info: [ 2970.324637][T21814] active_anon:202490 inactive_anon:6938 isolated_anon:0 [ 2970.324637][T21814] active_file:21 inactive_file:2 isolated_file:25 [ 2970.324637][T21814] unevictable:11 dirty:0 writeback:0 [ 2970.324637][T21814] slab_reclaimable:7483 slab_unreclaimable:25538 [ 2970.324637][T21814] mapped:55348 shmem:7149 pagetables:4136 bounce:0 [ 2970.324637][T21814] free:26653 free_pcp:0 free_cma:0 [ 2970.361027][T21814] Node 0 active_anon:808232kB inactive_anon:27740kB active_file:80kB inactive_file:8kB unevictable:44kB isolated(anon):0kB isolated(file):100kB mapped:221392kB dirty:0kB writeback:0kB shmem:28576kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 534528kB writeback_tmp:0kB all_unreclaimable? yes [ 2970.388712][T21814] Node 1 active_anon:1728kB inactive_anon:12kB active_file:4kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:20kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2970.414380][T21814] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2970.446121][T21814] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2970.451831][T21814] Node 0 DMA32 free:37676kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:494620kB inactive_anon:4kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2024kB pagetables:9148kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2970.482720][T21814] lowmem_reserve[]: 0 0 707 707 707 [ 2970.487880][T21814] Node 0 Normal free:8416kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:313612kB inactive_anon:27736kB active_file:44kB inactive_file:112kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4128kB pagetables:6984kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2970.519212][T21814] lowmem_reserve[]: 0 0 0 0 0 [ 2970.523961][T21814] Node 1 Normal free:46408kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:1728kB inactive_anon:12kB active_file:4kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:88kB pagetables:412kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2970.555502][T21814] lowmem_reserve[]: 0 0 0 0 0 [ 2970.561899][T21814] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2970.574941][T21814] Node 0 DMA32: 66*4kB (UME) 830*8kB (UME) 419*16kB (UME) 168*32kB (UM) 41*64kB (UM) 4*128kB (M) 0*256kB 1*512kB (M) 1*1024kB (U) 1*2048kB (U) 3*4096kB (U) = 37992kB [ 2970.593344][T21814] Node 0 Normal: 820*4kB (UME) 310*8kB (UME) 102*16kB (ME) 19*32kB (ME) 6*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8384kB [ 2970.607910][T21814] Node 1 Normal: 129*4kB (UME) 108*8kB (M) 95*16kB (UME) 82*32kB (ME) 49*64kB (ME) 37*128kB (UME) 12*256kB (UM) 4*512kB (UM) 3*1024kB (UME) 0*2048kB 6*4096kB (U) = 46164kB [ 2970.624941][T21814] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2970.634648][T21814] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2970.643949][T21814] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2970.653456][T21814] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2970.663698][T21814] 7215 total pagecache pages [ 2970.668247][T21814] 0 pages in swap cache [ 2970.672412][T21814] Swap cache stats: add 0, delete 0, find 0/0 [ 2970.678440][T21814] Free swap = 0kB [ 2970.683793][T21814] Total swap = 0kB [ 2970.687530][T21814] 1965979 pages RAM [ 2970.691324][T21814] 0 pages HighMem/MovableOnly [ 2970.695968][T21814] 83163 pages reserved [ 2970.700008][T21814] 0 pages cma reserved [ 2970.704038][T21814] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.0,pid=6873,uid=0 [ 2970.718245][T21814] Out of memory: Killed process 6873 (syz-executor.0) total-vm:74844kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:132kB oom_score_adj:1000 [ 2971.129292][ T8250] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 2971.139883][ T8250] CPU: 1 PID: 8250 Comm: in:imklog Not tainted 5.8.0-rc7-syzkaller #0 [ 2971.147991][ T8250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2971.158007][ T8250] Call Trace: [ 2971.161262][ T8250] dump_stack+0x10f/0x19d [ 2971.165600][ T8250] dump_header+0x8e/0x400 [ 2971.169934][ T8250] oom_kill_process+0x18d/0x3f0 [ 2971.174746][ T8250] out_of_memory+0x5bd/0x880 [ 2971.179297][ T8250] ? get_page_from_freelist+0x127/0x3c0 [ 2971.184804][ T8250] __alloc_pages_slowpath+0x742/0x970 [ 2971.190261][ T8250] __alloc_pages_nodemask+0x235/0x390 [ 2971.195595][ T8250] alloc_pages_current+0x21d/0x310 [ 2971.200680][ T8250] __page_cache_alloc+0x4f/0x120 [ 2971.205580][ T8250] pagecache_get_page+0x494/0x8b0 [ 2971.210567][ T8250] ? __do_page_cache_readahead+0x96/0xb0 [ 2971.216160][ T8250] filemap_fault+0xba4/0x11e0 [ 2971.220799][ T8250] ext4_filemap_fault+0x4b/0x60 [ 2971.225759][ T8250] do_read_fault+0x41f/0x730 [ 2971.230312][ T8250] handle_mm_fault+0x135d/0x1930 [ 2971.235211][ T8250] do_user_addr_fault+0x393/0x810 [ 2971.240431][ T8250] exc_page_fault+0xb8/0x330 [ 2971.244990][ T8250] ? asm_exc_page_fault+0x8/0x30 [ 2971.249889][ T8250] asm_exc_page_fault+0x1e/0x30 [ 2971.254723][ T8250] RIP: 0033:0x7f2a5ebe8ed0 [ 2971.259116][ T8250] Code: Bad RIP value. [ 2971.263145][ T8250] RSP: 002b:00007f2a5c585578 EFLAGS: 00010293 [ 2971.269171][ T8250] RAX: 0000000000000057 RBX: 0000000000000000 RCX: 00007f2a5ebe922d [ 2971.277146][ T8250] RDX: 0000000000000057 RSI: 00007f2a5c585da0 RDI: 0000000000000000 [ 2971.285079][ T8250] RBP: 000055653d0f99d0 R08: 0000000000000000 R09: 0000000004000001 [ 2971.293012][ T8250] R10: 0000000000000001 R11: 0000000000000293 R12: 00007f2a5c585da0 [ 2971.300945][ T8250] R13: 0000000000001fa0 R14: 0000000000001f9f R15: 00007f2a5c585dde [ 2971.319240][ T8250] Mem-Info: [ 2971.322392][ T8250] active_anon:201954 inactive_anon:6938 isolated_anon:0 [ 2971.322392][ T8250] active_file:38 inactive_file:0 isolated_file:0 [ 2971.322392][ T8250] unevictable:11 dirty:0 writeback:0 [ 2971.322392][ T8250] slab_reclaimable:7483 slab_unreclaimable:25538 [ 2971.322392][ T8250] mapped:55366 shmem:7149 pagetables:4110 bounce:0 [ 2971.322392][ T8250] free:26700 free_pcp:0 free_cma:0 [ 2971.359280][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2971.371276][ T8250] Node 0 active_anon:806184kB inactive_anon:27740kB active_file:176kB inactive_file:0kB unevictable:44kB isolated(anon):0kB isolated(file):0kB mapped:221392kB dirty:0kB writeback:0kB shmem:28576kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 532480kB writeback_tmp:0kB all_unreclaimable? yes [ 2971.462835][ T8250] Node 1 active_anon:1632kB inactive_anon:12kB active_file:76kB inactive_file:24kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:72kB dirty:0kB writeback:0kB shmem:20kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB all_unreclaimable? yes [ 2971.600059][ T8250] Node 0 DMA free:14404kB min:188kB low:232kB high:276kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15904kB mlocked:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2971.629068][ T8250] lowmem_reserve[]: 0 2850 3557 3557 3557 [ 2971.636481][ T8250] Node 0 DMA32 free:37704kB min:34928kB low:43660kB high:52392kB reserved_highatomic:0KB active_anon:492572kB inactive_anon:4kB active_file:0kB inactive_file:24kB unevictable:0kB writepending:0kB present:3129332kB managed:2920588kB mlocked:0kB kernel_stack:2024kB pagetables:9148kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2971.667474][ T8250] lowmem_reserve[]: 0 0 707 707 707 [ 2971.672660][ T8250] Node 0 Normal free:8456kB min:8668kB low:10832kB high:12996kB reserved_highatomic:0KB active_anon:313612kB inactive_anon:27736kB active_file:16kB inactive_file:0kB unevictable:44kB writepending:0kB present:786432kB managed:724524kB mlocked:0kB kernel_stack:4128kB pagetables:6984kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2971.713842][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2971.718498][ T8250] Node 1 Normal free:46236kB min:46320kB low:57900kB high:69480kB reserved_highatomic:0KB active_anon:1632kB inactive_anon:12kB active_file:76kB inactive_file:0kB unevictable:0kB writepending:0kB present:3932160kB managed:3870248kB mlocked:0kB kernel_stack:72kB pagetables:308kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2971.819216][ T2853] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2971.827391][ T8250] lowmem_reserve[]: 0 0 0 0 0 [ 2971.863560][ T8250] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 0*32kB 1*64kB (U) 0*128kB 0*256kB 0*512kB 0*1024kB 1*2048kB (M) 3*4096kB (UM) = 14404kB [ 2971.885329][ T8250] Node 0 DMA32: 66*4kB (UME) 833*8kB (UME) 421*16kB (UME) 167*32kB (UM) 42*64kB (UM) 5*128kB (UM) 0*256kB 1*512kB (M) 1*1024kB (U) 1*2048kB (U) 3*4096kB (U) = 38208kB [ 2971.974884][ T8250] Node 0 Normal: 823*4kB (UME) 312*8kB (UME) 103*16kB (UME) 21*32kB (UME) 5*64kB (UM) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8428kB [ 2972.032503][ T8250] Node 1 Normal: 79*4kB (UME) 116*8kB (UM) 99*16kB (UME) 85*32kB (UME) 50*64kB (UME) 36*128kB (ME) 11*256kB (M) 3*512kB (M) 2*1024kB (ME) 1*2048kB (U) 6*4096kB (U) = 46380kB [ 2972.060548][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2972.080725][ T8250] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2972.112576][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2972.145044][ T8250] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 2972.246294][ T8250] 7181 total pagecache pages [ 2972.264195][ T8250] 0 pages in swap cache [ 2972.268324][ T8250] Swap cache stats: add 0, delete 0, find 0/0 [ 2972.307910][ T8250] Free swap = 0kB [ 2972.339827][ T8250] Total swap = 0kB [ 2972.343532][ T8250] 1965979 pages RAM [ 2972.347311][ T8250] 0 pages HighMem/MovableOnly [ 2972.407389][ T8250] 83163 pages reserved [ 2972.430309][ T5930] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 2972.433184][ T8250] 0 pages cma reserved [ 2972.482900][ T8250] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0-1,global_oom,task_memcg=/,task=syz-executor.4,pid=32498,uid=0 [ 2972.579511][ T8250] Out of memory: Killed process 32498 (syz-executor.4) total-vm:74976kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB, UID:0 pgtables:128kB oom_score_adj:1000 [ 2972.819167][ T9218] usb 4-1: device descriptor read/8, error -71 [ 2973.059048][ T9218] usb 4-1: device descriptor read/8, error -71 [ 2973.125275][ T2463] ================================================================== [ 2973.133338][ T2463] BUG: KCSAN: data-race in list_lru_add / list_lru_count_one [ 2973.140672][ T2463] [ 2973.142971][ T2463] write to 0xffff88821b20f998 of 8 bytes by task 2464 on cpu 0: [ 2973.150563][ T2463] list_lru_add+0x1e4/0x270 [ 2973.155027][ T2463] workingset_update_node+0xc2/0xe0 [ 2973.160184][ T2463] xas_store+0x863/0xd00 [ 2973.164437][ T2463] __delete_from_page_cache+0x22c/0x390 [ 2973.169942][ T2463] __remove_mapping+0x384/0x430 [ 2973.174765][ T2463] shrink_page_list+0x1409/0x23a0 [ 2973.179753][ T2463] shrink_inactive_list+0x27d/0x610 [ 2973.184911][ T2463] shrink_lruvec+0x38a/0x620 [ 2973.189463][ T2463] shrink_node_memcgs+0x1be/0x360 [ 2973.194447][ T2463] shrink_node+0x94e/0x1170 [ 2973.198908][ T2463] balance_pgdat+0x675/0xbb0 [ 2973.203457][ T2463] kswapd+0x1ef/0x370 [ 2973.207405][ T2463] kthread+0x20d/0x230 [ 2973.211436][ T2463] ret_from_fork+0x1f/0x30 [ 2973.215824][ T2463] [ 2973.218131][ T2463] read to 0xffff88821b20f998 of 8 bytes by task 2463 on cpu 1: [ 2973.225632][ T2463] list_lru_count_one+0xb6/0xd0 [ 2973.230442][ T2463] count_shadow_nodes+0x45/0x3c0 [ 2973.235339][ T2463] do_shrink_slab+0x86/0x5c0 [ 2973.239896][ T2463] shrink_slab+0xea/0x1c0 [ 2973.244186][ T2463] shrink_node_memcgs+0x1f9/0x360 [ 2973.249179][ T2463] shrink_node+0x94e/0x1170 [ 2973.253643][ T2463] balance_pgdat+0x675/0xbb0 [ 2973.258192][ T2463] kswapd+0x1ef/0x370 [ 2973.262134][ T2463] kthread+0x20d/0x230 [ 2973.266174][ T2463] ret_from_fork+0x1f/0x30 [ 2973.270545][ T2463] [ 2973.272844][ T2463] Reported by Kernel Concurrency Sanitizer on: [ 2973.278956][ T2463] CPU: 1 PID: 2463 Comm: kswapd0 Not tainted 5.8.0-rc7-syzkaller #0 [ 2973.286889][ T2463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2973.296903][ T2463] ================================================================== [ 2973.304923][ T2463] Kernel panic - not syncing: panic_on_warn set ... [ 2973.311471][ T2463] CPU: 1 PID: 2463 Comm: kswapd0 Not tainted 5.8.0-rc7-syzkaller #0 [ 2973.319406][ T2463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2973.329422][ T2463] Call Trace: [ 2973.332672][ T2463] dump_stack+0x10f/0x19d [ 2973.336962][ T2463] panic+0x207/0x64a [ 2973.340822][ T2463] ? vprintk_emit+0x44a/0x4f0 [ 2973.345459][ T2463] kcsan_report+0x684/0x690 [ 2973.349924][ T2463] ? kcsan_setup_watchpoint+0x453/0x4d0 [ 2973.355429][ T2463] ? list_lru_count_one+0xb6/0xd0 [ 2973.360413][ T2463] ? count_shadow_nodes+0x45/0x3c0 [ 2973.365485][ T2463] ? do_shrink_slab+0x86/0x5c0 [ 2973.370209][ T2463] ? shrink_slab+0xea/0x1c0 [ 2973.374671][ T2463] ? shrink_node_memcgs+0x1f9/0x360 [ 2973.379837][ T2463] ? shrink_node+0x94e/0x1170 [ 2973.384473][ T2463] ? balance_pgdat+0x675/0xbb0 [ 2973.389195][ T2463] ? kswapd+0x1ef/0x370 [ 2973.393311][ T2463] ? kthread+0x20d/0x230 [ 2973.397515][ T2463] ? ret_from_fork+0x1f/0x30 [ 2973.402071][ T2463] ? check_preemption_disabled+0x60/0x140 [ 2973.407751][ T2463] ? mem_cgroup_update_lru_size+0x53/0xf0 [ 2973.413432][ T2463] ? __list_del_entry_valid+0x54/0xc0 [ 2973.418764][ T2463] ? __list_add_valid+0x28/0x90 [ 2973.423579][ T2463] kcsan_setup_watchpoint+0x453/0x4d0 [ 2973.428912][ T2463] ? preempt_count_add+0x4e/0x90 [ 2973.433811][ T2463] list_lru_count_one+0xb6/0xd0 [ 2973.438792][ T2463] count_shadow_nodes+0x45/0x3c0 [ 2973.443695][ T2463] ? super_cache_count+0x171/0x190 [ 2973.448770][ T2463] do_shrink_slab+0x86/0x5c0 [ 2973.453327][ T2463] shrink_slab+0xea/0x1c0 [ 2973.457634][ T2463] shrink_node_memcgs+0x1f9/0x360 [ 2973.462625][ T2463] shrink_node+0x94e/0x1170 [ 2973.467094][ T2463] balance_pgdat+0x675/0xbb0 [ 2973.471650][ T2463] kswapd+0x1ef/0x370 [ 2973.475593][ T2463] ? kswapd_run+0x100/0x100 [ 2973.480057][ T2463] kthread+0x20d/0x230 [ 2973.484100][ T2463] ? kswapd_run+0x100/0x100 [ 2973.488564][ T2463] ? kthread_blkcg+0x80/0x80 [ 2973.493115][ T2463] ret_from_fork+0x1f/0x30 [ 2973.498774][ T2463] Kernel Offset: disabled [ 2973.503078][ T2463] Rebooting in 86400 seconds..