Starting mcstransd: [....] Starting periodic command scheduler: cron[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. [ 47.533154] audit: type=1800 audit(1584846100.926:33): pid=7849 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="startpar" name="rc.local" dev="sda1" ino=2465 res=0 Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 51.152032] kauditd_printk_skb: 1 callbacks suppressed [ 51.152045] audit: type=1400 audit(1584846104.546:35): avc: denied { map } for pid=8022 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '10.128.1.1' (ECDSA) to the list of known hosts. 2020/03/22 03:01:51 fuzzer started [ 58.075646] audit: type=1400 audit(1584846111.466:36): avc: denied { map } for pid=8031 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 2020/03/22 03:01:52 dialing manager at 10.128.0.105:41309 2020/03/22 03:01:53 syscalls: 2955 2020/03/22 03:01:53 code coverage: enabled 2020/03/22 03:01:53 comparison tracing: enabled 2020/03/22 03:01:53 extra coverage: extra coverage is not supported by the kernel 2020/03/22 03:01:53 setuid sandbox: enabled 2020/03/22 03:01:53 namespace sandbox: enabled 2020/03/22 03:01:53 Android sandbox: /sys/fs/selinux/policy does not exist 2020/03/22 03:01:53 fault injection: enabled 2020/03/22 03:01:53 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/03/22 03:01:53 net packet injection: enabled 2020/03/22 03:01:53 net device setup: enabled 2020/03/22 03:01:53 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/03/22 03:01:53 devlink PCI setup: PCI device 0000:00:10.0 is not available 03:04:52 executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x10000, 0x100) ioctl$SNDRV_PCM_IOCTL_PREPARE(r0, 0x4140, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f00000000c0)={0x15, 0x110, 0xfa00, {r1, 0x3, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @broadcast}, @ib={0x1b, 0x6, 0x8, {"5396457fa33267aac980c0aed0b11d0d"}, 0x3, 0xfffffffffffffffb, 0xe7}}}, 0x118) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200)='/dev/sequencer2\x00', 0x400080, 0x0) sendmsg$TIPC_CMD_GET_NETID(r2, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, 0x0, 0x902, 0x70bd26, 0x25dfdbfe, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000800}, 0x1) r3 = syz_open_dev$audion(&(0x7f0000000340)='/dev/audio#\x00', 0xff, 0x10000) sendmsg$SMC_PNETID_DEL(r3, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x68, 0x0, 0xe2d, 0x70bd26, 0x25dfdbfd, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz1\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'bridge0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}]}, 0x68}, 0x1, 0x0, 0x0, 0x4091}, 0x8041) r4 = creat(&(0x7f00000004c0)='./file0\x00', 0x40) ioctl$KDENABIO(r4, 0x4b36) sendmsg$NLBL_MGMT_C_LISTDEF(r0, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000540)={0x48, 0x0, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x11}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @local}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x7}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @rand_addr=0x6}, @NLBL_MGMT_A_DOMAIN={0x7, 0x1, '$[\x00'}]}, 0x48}}, 0x4000010) r5 = accept$unix(r4, &(0x7f0000000640), &(0x7f00000006c0)=0x6e) ioctl$SIOCGSTAMP(r5, 0x8906, &(0x7f0000000700)) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000780)='nl80211\x00') getpeername$packet(0xffffffffffffffff, &(0x7f0000000b40)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000b80)=0x14) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000bc0)={@loopback, 0x0}, &(0x7f0000000c00)=0x14) sendmsg$NL80211_CMD_NEW_MPATH(r3, &(0x7f0000000d00)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x208801a}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c40)={0x80, r6, 0x2, 0x70bd26, 0x25dfdbff, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @random="6f43b44d1996"}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r8}, @NL80211_ATTR_MAC={0xa, 0x6, @multicast}, @NL80211_ATTR_MAC={0xa, 0x6, @dev={[], 0x13}}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x5, 0x1}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0xffffffffffffffff}, @NL80211_ATTR_MAC={0xa, 0x6, @multicast}, @NL80211_ATTR_MAC={0xa, 0x6, @random="4615be33a1b9"}]}, 0x80}, 0x1, 0x0, 0x0, 0x40080}, 0x4) write$midi(r0, &(0x7f0000000d40)="4e1b166b5fb0d2ecc951a4bcfa927cc80ab1c4128135697a203d5e82b15f5f6651ebe4cf4667ca7295ce54a8e0191e44ed02c9788cc548bd351be8234a97999f9e11486189ce4ce441eff3ab11479f5094023d8e8b3c95b4b6d19adcfbc73e6c42a63b3792af985af8dec3370c02b0113ecc1843566f692262403ef42913d8741608f388176645955b1365c51437", 0x8e) socket$inet_tcp(0x2, 0x1, 0x0) sendmsg$NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f0000000f40)={&(0x7f0000000e40)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000f00)={&(0x7f0000000e80)={0x70, 0x0, 0x800, 0x70bd29, 0x25dfdbfb, {}, [@NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x7ff}, @NL80211_ATTR_STA_PLINK_STATE={0x5, 0x74, 0x1}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x43, 0xbe, "2f4838887bb41abdd999a39b39b38607385e19d9f66ad6c4043853384ef89fb39cc80acf437b653e21461cb258f0e5ea9532f1c18989883f58bd2dcc9a5651"}]}, 0x70}, 0x1, 0x0, 0x0, 0xc801}, 0x1000) [ 239.405321] audit: type=1400 audit(1584846292.796:37): avc: denied { map } for pid=8048 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=17172 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 239.500809] IPVS: ftp: loaded support on port[0] = 21 03:04:53 executing program 1: r0 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x8001, 0x8002) ioctl$UI_SET_SNDBIT(r0, 0x4004556a, 0x1) write$binfmt_elf64(r0, &(0x7f0000000040)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0xfa, 0x6, 0xc0, 0x3, 0x3, 0x3, 0x2, 0x224, 0x40, 0x25c, 0x7ff, 0x40, 0x38, 0x2, 0x25, 0x1000, 0x690}, [{0x7, 0x6, 0x9, 0x5, 0x7, 0xde, 0x200, 0x4}, {0x2504216f831ae965, 0x7, 0x2, 0x3, 0x7fa2, 0x3, 0xbf8, 0xf}], "2277cead58447523a4354b7aa052b04d7f4b5c05e42c6757992f1e067c2360bd067de1dfe47d2d7ce5972c25ac8de992fb1cddaa0bb36d3ebe100e67a1224ca563885185", [[], [], [], [], [], [], []]}, 0x7f4) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000840)={0x2, 0x1db, 0x8, 0x0, 0x185be0}) fsetxattr$security_ima(r0, &(0x7f0000000880)='security.ima\x00', &(0x7f00000008c0)=@sha1={0x1, "c1127ffc92547ac5b4be5cc85d5bc7a7b3449b58"}, 0x15, 0x2) r1 = accept4$inet(0xffffffffffffffff, &(0x7f0000000900)={0x2, 0x0, @remote}, &(0x7f0000000940)=0x10, 0x0) fsync(r1) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) bind$inet6(r0, &(0x7f0000000980)={0xa, 0x4e23, 0xfffffffb, @empty, 0x400}, 0x1c) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000009c0)=0x2, 0x6) r2 = semget(0x2, 0x4, 0x403) semctl$SETVAL(r2, 0x2, 0x10, &(0x7f0000000a00)=0xf7b4) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/dlm_plock\x00', 0x80000, 0x0) sendto$rxrpc(r3, &(0x7f0000000b40)="f693ef9d55bf9c3bf98a65a715fb76c641020c2aa6e103076e513928bbcb34ff035933bd308918aef468b622933f8a", 0x2f, 0x40000, &(0x7f0000000b80)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e20, @multicast1}}, 0x24) r4 = syz_open_dev$mice(&(0x7f0000000bc0)='/dev/input/mice\x00', 0x0, 0x10c02) ioctl$KVM_RUN(r4, 0xae80, 0x0) r5 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000c00)='/selinux/commit_pending_bools\x00', 0x1, 0x0) r6 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000c40)='/dev/snapshot\x00', 0x260800, 0x0) ioctl$TUNSETSTEERINGEBPF(r5, 0x800454e0, &(0x7f0000000c80)=r6) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000cc0)={{0x2, 0x0, @descriptor="35edfeaf7667534b"}, 0x1000, [], "7a97de605031d3c44005cff520cfc95c0790e72780d26571c1bd8963f6023fc57083c0582f0b5bc5958e2622feeb100be3c78db1435c397b315be9e87ee7ed94feae7cc6e3c19a50fbfa7b7133414da23ee898ff6f910f6d94a6e5487e308a64e780e84d36b75538b1cc2c2806c1a6c385348b9f746a90d2fe9b413ec23969287783ca6a5b8b4fd8e5c757493ca83e6a9fbba55954d842ed2f17a115217dbb57abfa98c82642069139c1c369e280d52ad5d17591cabfde6eba761c4413855180d31c11e27af73c228aaa57c1409ffe0f64982a248206e1a9ad141a627c38fd6bbc53bfaefe31f2261b84d1358a8ab807f1763bd120db1a0da75c4279bad0e03de7fb8694f06e4e04c31e41fc37fc1f7ade27427ec086170342d0975815e2c8156acbcd11b3f9bbb2655dac723e6e92c46ea0b91b83f46069b67666f4e247044e35b2d1aefa2b53a3cce175546a4454b872599fb2c041c545b7eba3598b620d2ae5cc5555a47123d70afef53d7eb750c12d141be11cdf1fd4f73097cf7cb9d6e7aeaa64cc6fe63eac56f2128d4612159fd6900e468e89e21308dc5a47e69168daa599460b0169d3b9b47119ae40c75fbe5e1a4cd2f0e10e3a913c1bf6261309edd9c93a2cb45dff68a19197336196994cf8b89ef6dfc3b37a94b0eea1a79c73e08ee88efc5f3d90015b358a297543dfe7c28693ead58030dcd67e80438cf057ff05a1474ad3d18ee62326aeb64c3d11a9d404c0bf744a9b9c94deab9d5fee6d307fcef6ea2ccad19e2808ae5d19c177eed848eab4d426f69130c20f65ab24d82ca099c4aecc551e31082bb87441dcb93c06902a1de4e82a02193334c1773a82cf4f50baf0e49406054b86e1c42954bf15baccf4d52709e3e4959362ec40be7cc144ee6d4aec78a5b5621e5295ba8dc5baae3c5ba728a9616f0840da917434a6134d5256f10828d9dd0d834d8e883334a6c23e99b59c10d6686099b998dfcb2b463e47678389461ac006bd6521b8cdd68e216469ae974430fd04e2d05a6ccabe11cfc222fa812e9c9941ebf92b4ae506139b3442e2d4a22bc018fc4baba7319a8ae25b4fb92ddb12699d99e763c3611a2cd17b331109b140485c406bc13c9dbde5c6e6e63ab7b16c2647eca0ec3c5dfed2c8a9f379f10e747fb2426b2a96172c344297f6e9e5c64d111502f899f0632cc9a3db6be589e663c68d4aa573452219a0388d251a8c32ecee215b306cbd97b461f692ce7a77fc9749d5e3dff6a6f16a29e188dea7cee2bc48424106a15ad282eb62fe09f03f4ce15c2bc91235dcbfdbfa6c7fea56d27c4c2e507e9445d5c9ed196ded051733cd6e91c8b1dcd9f0965d197317933d26c0e8e16755d7384f2f8d595b5a288463a91a12f19d8de1da8eb485388531d994d5f086ef1770176c816994a1dd08b1836342a4759c32dfbdb3bfacade23f434ca85bdf3132aa8b7307eff9a52e2d409b3c16a4a6b9900d76cd4ff4f60ba8e76f091ae1d9f373cd58d5e9b69d64ddc6fe6b2b00d6358e4788b03d8cba56a553b6810fcfb53d6ce16d75feefbbd582cb6916a32390954585894763326bea253eb717cd86ec3b00f1b156cceea5f94c996528cf81ccccf88f5a2bc73330ec7dfb45489abf518440f8b81ee04372cc3cb2cdc573ed0b51a7b1c632ff238427acd6455e7de987e43e541195fce28b979cce3efd7e6662853f0c7f58993c6927ddeaab39d3ba18a975062eb0ac18e667ecbb470aa47d75c94117f6ccf1d247c8a415fc085e7d304333476ea04862c1942d5982f644f9c6caa8e44b1395b7e7f8cf11d95c414f27c32abb13f15981ea4697db532310bc78ebca8a569e4d2e400db2b787b5fc1c610bda48da4d5b71585fba3f2ca0071ec4aa4de09717e6b978c05e5ef49b046cecd061d82d8fc4d9c0fc397af5e14128cc00e814120800e14b0b8fb0a77c7f40bc77f909e7a47435ae9ffc2feff86029c758fd3c8e6f3b92d58c33044ad14e166d6cb935ed59fd90dd24666e09b9c84d02bcaed610e55322db68b522791ad689ef04ea9715f2fca2feef0d36bca8240b342c5783772a36346fb0b228012beb9fc292f1fda334b98fcf38a254e64382a99df7a01bf898da8ea0c40ebb9d0353e6be7b6b9ce978b853d051b9e361de648a47427910074a9ab5e2acebffd6cf2595775b0f7eae382c03a4ec0f02de48ee0901049c1b52710bcd997e84be9c3b04771150231abae4f8a98868911561a1c7edbaeeecb5d68fd394f789394f141c26f73534c1ba6101ac88978171e2c2363f7a081eaf1e8bed3b72bcff3f852351c1725a778b5c1b0102a50f784b2aecbd2025fa4c856fd636986a4056876c3809d9391d3a2556127825d9f6b252326f75d1254cfbb441e62be5b8e783771cef18897d8a6e9d1c4b0ed50ef85d341f381c3d671f358974de7925688d242dc44e8a2f1146351e08da4319dc2dbc4a1750d1acb76cbb224c286b68ea7c4c33e89d8002d32dddf0593ad8db4c5adc77db8011f05f38652d31cee99b3c7b7c27fe41dfc8ec6f85978aa5032c264d7e7a29fc5435871ab6678fd64775962a82d6bb3bb10206b3760acbcbff89f2348639cbc840b87941536719e7abb640712d7d8e1dc01ff831ee365b551ff1952924e3bb465815edc1de190dcef7b9938066924b3f0386673d33dac30fe56f26b853db93a8330d3a5e2501e2fb693042b2c12fd2e0e8da8230d49460bd32a7f1cafb95b30c3f289ee36b1bbd6df9329d9a551146cd74e2bdf5aed4e1d0ab05a6b420fd6cfe3041557d7382b0254bf02019870ddb9cb85dfade183e701952aed3078a541dbcaeb3f6694371ad7715d5ee6861c094e99fe71a2425f010a526fc450ee2ba3ca166ce0590dbb4003e8dfbb7b410fef0f6579ae06322fc4323cb8b9a2c88b3e4a766eafc19c7090eb5dc389cd7ffa77c55e8f4f8190bb40bc490d745cecdd7bcfebe5b9ffd53920263a58d29b64241d6ce1c2777f4acef51929fff86912b10df6c824a673aaafe3ea6efd5d4411423b98a6bed8d49d15cc745fbfa5e808f6970932d0d876cda4e2c341bb208a43d1278cfadab1e8a8140bbc6f312b9ab44d79074a8d695701d896bef90c79e7b034aa9d033365ed3a5267dbe1981c91e0c37d37d0deeebdca5cc60ce0c1dc1a6f4a620bdbfa39ccd09cf9db227f1ff9865b2f999bcdd5746648715a7b1bdef298ef68c2696e7d1318f9a84259defcca0ba94300abac53416d967d73b8bdee3c885ffaa552be359732ef8000f139cf414e930360d34beba15ed97dbbc493419bf5a4c016ed677313137cfe351ceb865582117f84d029f61b33c58dc772c7a539102b5753d0192887dedacccdb3ff2e8062e1ec2e8bf7b5fdd22ddbe3a2ddc7a03b92952bf346ebaedd235a442d3162252bc3e200ec0f20844b161320fbb9125e0574ba4229633c0fd76a51a2bbe0de78edd08dbb88826ec71f19b28667d3384e629d2f45194a00783a779de8be125f1c25fbe9002e621f83cecb2f47478ad0130b05776d704752c1eb668dc463d32d61582884f54caf902c2ceecca06e269a3c1c83792e2733e0e2bdbc545474fa387eabe4103cc4f34cb3d4c4c077d583a8a22b10162a4ed78bae2eabb388241329304c6f1fddb978061ccf6de1d4cff34b57c22c4ccee6a2e9dd2545eb02d6a1c3ba3137709af22cde175a3e447f927bd20c718b60097351cc487a44cfd03737188364c3e57db0c07226431eeeb59d6f6a6f8041e151a839fde82da650189c6c80902b69ed1b8a9318881f6e0eb807a6fed22fa38940803b80c13f8bc25c3e60060f3b8144a637e353114907909c0b9e7c429d0b4d7f7e0ff1b9960432dc86603c5aff7083e779bfbdbb282e520ce60b56706e61949fbf0736ac998b4f8ef6ed62e919921eba4e48be1066ce39df7f846d71327fa57fcffe98384028ab3be199b15e79859ab3bb809af2cb547b5d50eee1f8b3468113603ad077163c90b21fe2259965a857f6f93d85560af4a8a449f02d888aae7afbd7f334d6b9c9390443dffcc1a2e1c5d88ccc275025a690562eb5945ca99a09d9f97f4ff700f280ae5e9f45ddb5b49c1bb5d69329dee7b8889e1563a0e36f69482bf657a505c31fdfff5cb0b90293b2b49d93db5cb1ab5214abedf87634fb70ca830db63bf51d932ba39e0c70f39f28596a8656b496cd533513d3a9262a82d524cf506b31ec15c5549b2a1eef248939d967240dc3e761e7d5ba4e0077fd949c772e655e8ade72627f3e483082344072809eef8b71b2bcbc4b38194b685dc3e4482d7a58958ac860f5b04e0d4b51b03b3df23ec5a751f2bf130f29d813eb98daa40dbc08c56a693d296fb00b17e4ac46bf758fbeaf423583e83cf00520aeed15d83e4bff60cc98b90c87775185a10fa3b7ab681f51c57679a73aee1c19552c1ffd1c6dbee50c79fb154067243040c9d6decd463314cbc16a5621f73160fddbdedae34184c1c5927fdcabb755b000034d12b032031702f7a7dfc33ab472e54f52a9677770f092acae38c67f9829bda59672f75115006a499d259775aa7e0c6398abab26dec0f9569d8a7c3c671dea100085e53176be40dacb62b3f5999f3105dad203651c2b6a378a84324aee3bd1daa0271a36ed7de8ed2a7a262d2a5035cd80f2bc1fa0cafd8508eaab4e1876e9a27a1c2b808b919d2b546c843c809a569f2fb93df3f85bbb84df35734b74c7846f805463bb6720f3cc662334c6306979793c05b6bc2c582a91b48ad59fd91ec2cda75410ec6c663ef6683890e4e893f5568f73a633a05f8a60a25b30ec3c95aeffefcb7da7608a3987c75c04325fd786d1ed3709adcd49416c738a484780a70945c2d81868978fb67e36b9dcc93fd06e7aff1505f518bce04bfbebbfcffc6754ab27ef758ec796a732f2dcee6adc41c3c78f9fe2375815f2eaf7ebb4dd535032987f4e724e50adb8a1ef3bafefdd5a7d43582c7c3ce68c7160aabacf74be9c22e3ca6865deb1ddc6cc5c36623ac1133752a52324d072e28b8c08ce0822ae2def5e16fb8902c4378850ca1cce546442f9cec7396c96b277a7527fef86931bb523806896ed3bb7dfcda36a998383b3625c20e6aeb9c24635a3664b947b655874a9fbf9cae5422def04e6dcfc94110836e2b705d4de7981e73e9fec18769e203a44308481b27beaf2523973b1750900182e89a3ed77867cdae376a1371c0f4a3483dd8162c6c84d1f7ec544b07a4d782f941f1df12417d954187f8abe213e4ee0e002229a7d2546de3359f336d9cbd951837498345d3463d4109248433412ab2d1b9a965cd6154c13e76d4119d2f64e413c1173628007102630288e8ae2f59fed5dba66186e8f53f98419407de573e793db859d21efd6df547a74f512a60a547ec8cdc59c8449d0dd2c18b1a043a2a0ba818809c21257d3cd9e25db365935624e530a44ac7ae345034272c533e520224cbafe527bfbf96722074837acd461bf853cfc5800e597302f22cdd061c195b58e323aeeb5ea860d2b641dd1783abc87f1d95cc331555a0b1f02930c6045073886d973e9b275aac79677316ee6fcf9d09487bede07a8eea760974999d60d4c68c3bdbfd3481ee31077a123501a40536c4aed3b633eed808e085a80a82b9319c244377f85d8de2d74c14ee5b5342316517841733015dbbdbead5bd7fe5c7583fa21fef8d1900aa35e9d806af78961639d47970ee99bcb2786d69466d25b5422d5fe585cdf7c0d774c44358004f03de1eb4c4ef36512b0b77d76977d51e38d725c1"}) [ 239.619133] chnl_net:caif_netlink_parms(): no params data found [ 239.756473] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.768915] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.780241] device bridge_slave_0 entered promiscuous mode [ 239.788859] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.796405] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.804240] device bridge_slave_1 entered promiscuous mode [ 239.830556] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 239.840991] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 239.844100] IPVS: ftp: loaded support on port[0] = 21 [ 239.866951] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 239.875956] team0: Port device team_slave_0 added [ 239.882448] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 239.891228] team0: Port device team_slave_1 added [ 239.919711] batman_adv: batadv0: Adding interface: batadv_slave_0 03:04:53 executing program 2: ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000040)={0x3, 0x6, 0x4, 0x10000, 0x7, {}, {0x2, 0x2, 0x20, 0x6, 0x20, 0x1, "72066f93"}, 0x1, 0x5, @planes=&(0x7f0000000000)={0x80000000, 0xff, @mem_offset=0x10000, 0x9}, 0x3034c0d7, 0x0, 0xffffffffffffffff}) mmap$snddsp(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1, 0x11, r0, 0xb000) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x200, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r2, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, 0x645}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20048801}, 0x4000040) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000280)={0xffffffffffffffff, r1, 0x0, 0x8, &(0x7f0000000240)='nl80211\x00', 0xffffffffffffffff}, 0x30) syz_open_procfs(r3, &(0x7f00000002c0)='net/llc/socket\x00') syz_open_dev$usbfs(&(0x7f0000000300)='/dev/bus/usb/00#/00#\x00', 0x8, 0x48100) r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000340)='/dev/vcsu\x00', 0x96a40, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000880)={0x11, 0x0, 0x0}, &(0x7f00000008c0)=0x14) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000900)={'veth0_to_bridge\x00', 0x0}) sendmsg$NL80211_CMD_SET_MESH_CONFIG(r4, &(0x7f0000000ac0)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x84042282}, 0xc, &(0x7f0000000a80)={&(0x7f0000000940)={0x104, r2, 0x2, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r5}, @NL80211_ATTR_MESH_CONFIG={0x2c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x40}, @NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0x94}, @NL80211_MESHCONF_HOLDING_TIMEOUT={0x6, 0x3, 0xfc}, @NL80211_MESHCONF_CONFIRM_TIMEOUT={0x6, 0x2, 0x8}, @NL80211_MESHCONF_HWMP_RANN_INTERVAL={0x6}]}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x9}}, @NL80211_ATTR_MESH_CONFIG={0x3c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_AUTO_OPEN_PLINKS={0x5, 0x7, 0x3}, @NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES={0x5, 0x8, 0x2}, @NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT={0x6, 0xa, 0x2}, @NL80211_MESHCONF_HOLDING_TIMEOUT={0x6, 0x3, 0x2c}, @NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL={0x6, 0x12, 0x1ff}, @NL80211_MESHCONF_RETRY_TIMEOUT={0x6, 0x1, 0xd3}, @NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL={0x6, 0x12, 0x200}]}, @NL80211_ATTR_WDEV={0xc, 0x99, {0xc7f, 0x3}}, @NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_MESH_CONFIG={0x3c, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_MAX_PEER_LINKS={0x6, 0x4, 0x1a}, @NL80211_MESHCONF_MAX_RETRIES={0x5, 0x5, 0xc}, @NL80211_MESHCONF_AWAKE_WINDOW={0x6, 0x1b, 0x264}, @NL80211_MESHCONF_ELEMENT_TTL={0x5, 0xf, 0x80}, @NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL={0x6, 0xc, 0x8}, @NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT={0x6, 0xa, 0x9}, @NL80211_MESHCONF_TTL={0x5, 0x6, 0x6}]}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r6}, @NL80211_ATTR_MESH_CONFIG={0x14, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x9972}, @NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x36f1}]}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x2}]}, 0x104}, 0x1, 0x0, 0x0, 0x80}, 0x40) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000c80)={0xffffffffffffffff, 0x10, &(0x7f0000000c40)={&(0x7f0000000bc0)=""/99, 0x63, 0x0}}, 0x10) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000d00)={r1, 0x10, &(0x7f0000000cc0)={&(0x7f0000000b00)=""/136, 0x88, r7}}, 0x10) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000d40)='/dev/hwrng\x00', 0x4040, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r8, &(0x7f0000000d80)={0xc0000002}) r9 = syz_open_dev$media(&(0x7f0000000dc0)='/dev/media#\x00', 0x1, 0x8200) ioctl$EVIOCGID(r9, 0x80084502, &(0x7f0000000e00)=""/165) r10 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000ec0)='/dev/ocfs2_control\x00', 0x1, 0x0) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r10, 0x84, 0x7b, &(0x7f0000000f00)={0x0, 0xbb24}, 0x8) [ 239.925978] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 239.952228] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 239.973021] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 239.990152] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 240.039453] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 240.079772] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 240.087660] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 240.095663] IPVS: ftp: loaded support on port[0] = 21 03:04:53 executing program 3: removexattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@random={'security.', 'cgroup\x92@:\\}\x00'}) r0 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/hash_stats\x00', 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_UNLINK(r0, 0x4161, 0x0) chroot(&(0x7f00000000c0)='./file0\x00') ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000100)={0x9, 0x1, 0x4, 0x10000, 0x9, {}, {0x2, 0x8, 0x81, 0x7f, 0x40, 0xf7, "ded15fc7"}, 0x8, 0x4, @fd, 0x0, 0x0, 0xffffffffffffffff}) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f0000000180)={0x0, 'syz1\x00'}) r2 = syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0x9, 0x48041) ioctl$USBDEVFS_CLAIM_PORT(r2, 0x80045518, &(0x7f0000000200)=0x7f) r3 = openat(r2, &(0x7f0000000240)='./file0\x00', 0xa800, 0x80) ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r3, 0xc0884123, &(0x7f0000000280)={0x6, "828c3e8881e51c6416afc7b3b2363b934c12c2f54a347b56177693f255e5bc6e9579d6c371a3f2863a81dd5bf74f5f4ad7f780289c3f642f4a758e0353e3e7f3", {0x92ea, 0x200}}) statx(r2, &(0x7f0000000340)='./file0\x00', 0x100, 0x21, &(0x7f0000000380)) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f00000005c0)={&(0x7f0000000480), 0xc, &(0x7f0000000580)={&(0x7f00000004c0)={0xb0, 0x1403, 0x20, 0x70bd27, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'macvlan0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'ip_vti0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'netdevsim0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'ip6tnl0\x00'}}]}, 0xb0}, 0x1, 0x0, 0x0, 0xbc625a13fad8063c}, 0x8004) r4 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000600)='/dev/nvme-fabrics\x00', 0x4000, 0x0) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f0000000640)={0x30, 0x5, 0x0, {0x0, 0x1, 0x8, 0x6}}, 0x30) ioctl$KVM_ENABLE_CAP(r4, 0x4068aea3, &(0x7f0000000680)={0x79, 0x0, [0x200, 0x7f, 0x80, 0x9671]}) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f0000000700)) r5 = socket$nl_sock_diag(0x10, 0x3, 0x4) ioctl$int_in(r5, 0x5452, &(0x7f0000000740)=0x5) r6 = creat(&(0x7f0000000780)='./file0\x00', 0x8) sendmsg$RDMA_NLDEV_CMD_SYS_GET(r6, &(0x7f0000000880)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x18, 0x1406, 0x104, 0x70bd27, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x44040}, 0x0) [ 240.214506] device hsr_slave_0 entered promiscuous mode [ 240.270536] device hsr_slave_1 entered promiscuous mode [ 240.312947] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 240.330173] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 240.361063] IPVS: ftp: loaded support on port[0] = 21 [ 240.451972] chnl_net:caif_netlink_parms(): no params data found 03:04:53 executing program 4: r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) setsockopt$inet_tcp_TLS_RX(r0, 0x6, 0x2, &(0x7f0000000040)=@gcm_128={{0x303}, "ba663abf6bd14c82", "ce96c940a85b12d12c8464921231ca90", "c9cc955e", "c45b7c64463f8eb3"}, 0x28) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f0000000080)) socketpair(0x4, 0x1, 0x10000, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_bt_bnep_BNEPGETCONNLIST(r2, 0x800442d2, &(0x7f0000000180)={0x3, &(0x7f0000000100)=[{0x0, 0x0, 0x0, @multicast}, {0x0, 0x0, 0x0, @multicast}, {0x0, 0x0, 0x0, @multicast}]}) r3 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f00000001c0)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) getsockopt$inet_IP_XFRM_POLICY(r2, 0x0, 0x11, &(0x7f0000000200)={{{@in6=@dev, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in=@initdev}}, &(0x7f0000000300)=0xe8) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000340)={0x0, 0x0, 0x0}, &(0x7f0000000380)=0xc) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000003c0)=0x0) write$P9_RSTATu(r3, &(0x7f0000000400)={0x9c, 0x7d, 0x1, {{0x0, 0x6a, 0x0, 0xffff8001, {0x2, 0x2, 0x1}, 0x80000, 0x2, 0x81d, 0x200, 0x1, '!', 0x0, '', 0x36, 'posix_acl_access-eth0eth1systemGPL){++selfcpusetsystem'}, 0x1d, '/selinux/avc/cache_threshold\x00', r4, r7, r8}}, 0x9c) syz_init_net_socket$ax25(0x3, 0x2, 0xc3) r9 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000007c0)='/selinux/policy\x00', 0x0, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000800)={0x6, 0x1ff, {r5}, {r6}, 0x6, 0x1f}) setsockopt$inet_IP_XFRM_POLICY(r9, 0x0, 0x11, &(0x7f0000000840)={{{@in=@multicast2, @in=@multicast1, 0x4e22, 0x1, 0x4e22, 0x9, 0x2, 0x20, 0x0, 0x2f, 0x0, r10}, {0xc, 0xfff, 0x2, 0x6, 0x3, 0xff, 0xae00, 0xffffffff}, {0x10000, 0x1, 0x9, 0x8}, 0x3, 0x0, 0x0, 0x1}, {{@in=@broadcast, 0x4d2, 0xff}, 0x1e, @in=@dev={0xac, 0x14, 0x14, 0xc}, 0x0, 0x2, 0x3, 0x16, 0x4, 0x967, 0xaa}}, 0xe8) r11 = dup(r1) ioctl$TUNSETCARRIER(r11, 0x400454e2, &(0x7f0000000940)=0x1) ioctl$VIDIOC_OVERLAY(r0, 0x4004560e, &(0x7f0000000980)=0x25f4) syz_open_dev$cec(&(0x7f00000009c0)='/dev/cec#\x00', 0x3, 0x2) r12 = socket$vsock_dgram(0x28, 0x2, 0x0) ioctl$sock_SIOCOUTQ(r12, 0x5411, &(0x7f0000001d40)) [ 240.591660] chnl_net:caif_netlink_parms(): no params data found [ 240.622130] audit: type=1400 audit(1584846294.016:38): avc: denied { create } for pid=8049 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 240.682661] audit: type=1400 audit(1584846294.036:39): avc: denied { write } for pid=8049 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 240.736174] audit: type=1400 audit(1584846294.096:40): avc: denied { read } for pid=8049 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 240.748115] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 240.813690] IPVS: ftp: loaded support on port[0] = 21 [ 240.819770] chnl_net:caif_netlink_parms(): no params data found [ 240.880356] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.886826] bridge0: port 1(bridge_slave_0) entered disabled state [ 240.900539] device bridge_slave_0 entered promiscuous mode [ 240.908976] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.915611] bridge0: port 2(bridge_slave_1) entered disabled state [ 240.923221] device bridge_slave_1 entered promiscuous mode [ 240.974339] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 240.983989] bond0: Enslaving bond_slave_1 as an active interface with an up link 03:04:54 executing program 5: r0 = socket$pppl2tp(0x18, 0x1, 0x1) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r0, 0x8982, &(0x7f0000000000)={0x1, 'veth0_to_batadv\x00', {}, 0x9}) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm-control\x00', 0x4100c2, 0x0) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f0000000080)={0x0, 'syz0\x00'}) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x1cb100, 0x0) ioctl$SIOCPNDELRESOURCE(r2, 0x89ef, &(0x7f0000000100)=0x6) r3 = socket$key(0xf, 0x3, 0x2) getsockopt$IP_VS_SO_GET_TIMEOUT(r3, 0x0, 0x486, &(0x7f0000000140), &(0x7f0000000180)=0xc) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snapshot\x00', 0x2, 0x0) ioctl$VIDIOC_ENUMOUTPUT(r4, 0xc0485630, &(0x7f0000000200)={0x2, "3dc79d4bd065e0ed02eb7069acf5fb4add43960ddc612965fcb92b528c552fd9", 0x2, 0x8001, 0x3, 0x2, 0x4}) r5 = accept4$rose(r4, &(0x7f0000000280)=@full={0xb, @remote, @rose, 0x0, [@remote, @null, @default, @default, @rose]}, &(0x7f00000002c0)=0x40, 0x0) sendmsg(r5, &(0x7f0000001840)={&(0x7f0000000300)=@in={0x2, 0x4e22, @broadcast}, 0x80, &(0x7f0000001680)=[{&(0x7f0000000380)="ff3f53631ecafc09056008fbb0a1bb2f0f42291cc6d18094396dfbb2b490d5", 0x1f}, {&(0x7f00000003c0)="c67b39f83b5ca1ff041ac0d868b814bd353f07d639aff0392c910c8fc410640b5aa79664ddc449c40f12aa4167039ae37238f02bdde02a19cea9ff6841459fa8539548e157913c3cf6b38d9db8dcd1f9cb157c125b97cdabc778549f05c8e3bacd73f6bdb0cd6c16f14df625b5d2f463f1e69976c177e1f966f0a3569ab8cc943e71286eb6d8500d4faefc06a626dbd5fd6f86abc96b099e6faed6c889758ab51f39d3e4eae55fbb4dabd88800bf56faedf79bebf066740402", 0xb9}, {&(0x7f0000000480)="ea41b810fdeff2ab0cd8e31fd720e4b78237157d23d458a37ec226c96188f65b", 0x20}, {&(0x7f00000004c0)="c215aa973b6e5af321d3b54bd712163cf1d8c8e1eaf04ad69e19d24abf5704ce720df0392ad86986f2cf1cf162c7c2e2b64db1f97fb2b63e7c6aa3252e36e02d1ede6a9ce866a6806a71700fa2a73238eb7472906fcdc7c88b6a39b50f4b3e6547e04409f51cc1c8b55d65cc7470166eaaa63244b2d3207a2b6d6f2eff0ac07b19a0c5f1623545d02266a9348879dc5e33fc620d39c0cac39801756c61b3509b354fd22c8bc61d6c9369", 0xaa}, {&(0x7f0000000580)="5038bf4933099ccb692e2cc567ba866b7d88361e3050ca6db48b7ec3ac4fa6142822eadd60b43e3b6412f66df93a3286dc64bbc09f2311c5e896aacedded73a8e6311529cdfffe4362d6c1dd5d9fbd2f88e817027f0f44c24f74bd70a7a41f0438ee0d0fbfced6e9c7c389cc18f01d005637dde79144985ee95c231d1fdef1ad7d7ecae2ce9ac746175cf920201365773ff7c2acf1337d8b516a06ce347dbf7cc8fc7938497d52ecc2f596ba5616fc5ac2a7728b4e933c8c78d227d1861adb713e5a818e64a6158a8a552fc46812f6a24a7ecf", 0xd3}, {&(0x7f0000000680)="2a800f75207f452d4797b71e7db058a79b2b11257efdb47339f998dee7b8da92c6eafe098ed3aaacb6d3644e330e6e40fe096cf0363a3c691eee18efe112df7bebf45da56b2378f4583e484e820233ac6226058137453c01eeacdc0cddb8515771ee09d028e7baf05fe759d0c8ada73899d33cc98f11bf80430d61b2c6549af66db51bb3e3118c59a6635663bd157205bb0d2e58132c1f7d6da879c3a32d4993b3c0ce277fd778f1791dbfac31cade2d3089c55d612662c1fedbee358ec8d1c045d41efb7cd04005cae7ae5475e68049d6fc4d773467562bd94c6072bf8fe2e0b8c147b516696fa1ee0e70fe994b542f7d2cd74f7141a3d1da33760ccc8e7f9dd1eef31048fee05a74be652d351de71e5fdc364df18b226b5c7d77e43d5c1bf59001d29290f06dc315e12cd0c95c2b6b0293b2c694f80d60bb0112ca96135377361bcb35a693a009de8e04879a8745242ebf15d7d0d892a7f362fec36722c7250e986cd6a49def718967883b3fd91a5e9031b8cd692a5c27511338f406187fd3c45ff0a85cf9c76b53944621fbf95d36c2d6e447784acc12c423ec8d81ed653c736f99ac1cc07bc69295cb64a004e187ce17d2c5947911aa7755827b6dd1eef0f218206f2b3e14d56ae40d045f5cc7d003a8aae0d8d970fd3452d0c656f4f5c50c25700ae8db0c762f113b6e827e5eb9ca7f84d1822e5a8ca144464de62a90ed8e6689fb6d911f957e58b140ef9a2847e3e94bed30681245d1b3b628d9265164aab0473d1c2609e1e8247af11c86d96ee252f6694ce707691ed8889f5c17ef67f87b66d9981b13e8d1f95c9358fbba6901c071faf90ea596ac280dd4bcc0676fa43d3436561606d93eaa817c73c0ca625120bdebd35810296a22456ff41a6ce0498e3b47a013d713fbb6626b0374587edd315026e39962e5596c832833db74492b1f7b4f6af13e24510c716e8fb49ac86379f1d0f259c16a726fa2a91cf25b5375d7e8fbac4f697192d0264b28140a88c32fe1b081eabf57e3cb97d458f95234861e5c8df1643316618bb68ddbc8fab1d33b7e84370859791ea8d4df9bcb11117a99a604a8fb1fd3aa61f17718c557c17653c3ea21cf521e716d8e3f09c05a6e1b02e4c7be706ddc2d7f082b0e5a702761f7287ca57351e22e48973980ff67912f29080dd2bb88f5788ed721ebb0476d94cfcbd71b3beced1c47062821d8998c57f5d1b9f9da681a54125542f2a3dfc74cdb8b26c178826357b58fbfd88fb65a6423b24edb401c260a97f30ecc1f856f74fb55cf40ad7492150d80f87f56ec8f99a966f6ba83a340745ef31eb079ffa20841f64c28fc98328750d0d99156daa860cf4f966ee2ca4bd1fbaae2833651eb842da451260976bb84cac52c63a8e8cee8b4d83ea9485612eb2aec93cdb630140b6a65d4d8bd77f8394e19377b41056e216ce89b44b3ceec0fea0d75e37c53e0294d5e3b7dbaa696282ddc5e4807b64ad997c3ef2936a5bc037f71ed9bd0915e17c6e2bda12e6ea22ffd465f1f04207d4dd2021057b1e980f469b61ab8deb93211b4fa8b3b2d482a39bedcbe4b7b9dd6d31dcb38693bd16b45cd88f5c34a207c75a2e202220b1f39ce0a3a2f68430889779418a74cca5a6a87d2a6ac45b2fd98ad5b8dff35e3aa3aff92365026bb877debdad5edea5396468c71a1d9f33abfee500aa36004601a4f698132b0de17e8a3e03c774d622ed6d6dd08cc439a5bb92bc91eba23ef7f0b346d176b9ffdef179a7ac0754565fd1d7172e636c9a1bc26c50038dbbbd80c2eb07e6f52206e42ff5b3386bad0c517e1c805abbca8ec150a69e7123cdaf4051d415bb29329673ecfc8b812480b8ae72b38674e780473528f7a79bb4745dae88d88889a53cae6ee05177c7353d421d545d02ee58a222819b5f3b8cc563918b12b0828c84851e6caf033cbb8b8a2875b00f28b2b36f583a33d14299708ed07bb5942d8d40d92b61eb93c7f5a6aa17390e84db9d635488ad86a69819f10bd1b9dad89b21f0c27abad442cc1b6685fbbbed822c9d6b422016d291b4db6b2f029d741b28d929ac3b28cc617e321c39d3a6d7a6e61bec32454bede357e6b6238c6e4912e8c6cc7a5d350b61d4e7c6d96640ca515cc612537be825f8c95d08fb5f3d990327ff3deb51f8d4cbf6e662e953f7b4da20f728e029a6de5079c2ad2e2cd5e496919d5844dffc6be6b3837a9aabdbe51ee3c06941660b82a54f65d636f1500a2af032d7bdcad5b21772e51faf18e31fb79b3752d208016021082e2482c9199cd7e1e471d06632e88d75fa0679aece69d3bf2353e2cce39aa1a802af3365d2df2291f68897efc3aed17aced873223ac785dc14ac1a962477cd10262170ccfe132184a0036554caa55b83c83b0676f041da1f2693ac40664df55e0bc42a38d03e812e0a694009e9f43fc3918ee1b2bfa42878016885d0ed3093cb9c624e5a95aa749799bed2c685c4756c99713af03214e190033180d57d0e96378dc7ba2790e47a4a803b14cf346004a676bbd7a09891f1ca420ccd2f0df7c9cc912c733f659cab62441226d1a8211c54414783511a3352671e5191ea9b8f18889f35a9829c8f3be05a7a591067853a4146ba2c96c3272159639f61d99d32121af090dd2febce17ae905969c637f7236973cb30e437362d32adaf0091b6d976fea9c7b5ca00927f8ed855fa66a9e01622cc9357e1d88655978986dfdd18cb466d2f432611bb13501f81414a797685ff844563639e114b161fdd5225e6f029e0d8492bcc8199a0d46693bbb208ff698ab0e995fc9fe8df6743d169c18a3dbb46d944206f6d7853d1b5b8da83f7bc70f89972467977592a76120afe47804d2c6c9f6d9542e4cb0aa01390d5ac4bb9cfcab1ae03b37605230107b5d25b2ba1c624e001a5be7524a3cadaf3ee37f5fb6f660be8db001a071c82c75e866762bf9b89030a74c3e1aa3d2c193398bec6f5fd54004f689bfa4cfdebf202bde64146504e974a42195a3fc65f10875ef15aae5928f88de9f4c4d4b5ff0ec7808300948860f606a1e806c8cdc7ba8ae28efd0dad9cfa79346381bf1f864ff819bc05f94f2f8bf90384a7fc0386886f3741a59f303e3b8cde5c192162be877263594be9a78e1db8d82c7d2af93cfa91bdb858df7d9fdaeec2da9afb6d6ff7ca867895a391118d502cfbcf6f0b716dcc695995291f2605b1b7429a350e3fe651c360b87f79912ebae303778a8aaf261560430225a8b024ca641c3336a519d6a73d260299bf1dd675c84c83a496411b7105dc352fe199b66ef3687e294d1bcc4389cf15269f3b027e273595c48ba41c86214cfd3725081274356505f69bdd3f5ac47e3bc58c24d1c809903cdeb7487c2d178d2aa14b06b54321f2a1fc2190a12d547dff527815ca24f1296a5180284320fe523b31b0dca23d99f3024a1b34e61c1cdd2a7c16262c2022b70000eb0fe0ba413a138b23907636259a57df1d5cea27c100ded7a15b3edc59fe37e749015ee0ec2981430d00f1d8e9bc53a3482beaa9924f7f32467c39a2949cdb3d7afc385dc4ed2275b9c3de20b80ec445c4a2fae49c4672507f7c5548e7d8fdad952dc137ac4ce74e6f0de6821e8124c2a0aa7c783b57433c0680f95096f5a5e40b0bbd826946157c1460076c725835631bda1285428019e066baedd6de60d0d1faf2c4a6d7718b962f28ad48e79e8eb04a9daf0acdb19a19a3b475b7b72a2000a6af6e05071027fb903dc2e58b7fa55fefcefe4e78432ee0d63b185b01972745b70c849f555a796eb8740e95251b2076d44776c9985101c6bab3e716f17bad3f6634688ecad3c317d0266594cc1d03fdfced02aea0927073c9baeac84f7fca2e3e3de439192bbf2800a9d928c11ed2fdd657d8df63fcce09b3f31793c0f075217b02b6cd389f4d1cdf40e57e16164bfac3bae45219cad671a545cce1a56ffad7cc5d02323631d5b29eaaf923a4f0fa606c1c902480f8268ecc8cc6beae8bbc2e0fab3c3a209426b0cbe16fcc2b31e1034402d6340afee9a68da1c0245831c730d479a68beed7b929066c7c95296895ef11d15498078ff105275de3905c6f29195f60a31f5dcfd732d9d88ed9c3fa50d51a7d56ab2b09a9e71966b39b221f143b910b4ff42aad63008a8c9a0bc38fc0646183400e5e7a811899bae235cabaefbc2af0cda806859836dedd281c8bf772390c959f2cfcf6a95f4cb1ee7f34f8ebcb46691a2a2bcb43cb7a8f0e0ccaf17bfbbedf5b38b7087e274dcaceda423b7053161978c721af2e7ee66620a196c33a9056611ec3aa531b6342fb7108351627270aa465358c3d45fa022b7be28c0d3f1834b674d3431519770ddd774321dcd84371bafd8c5e123b239fce55b06b023f0459ea44de799fd66d3d05940459066f5bff8c609b212d74a37a6bc278332c878be3df6e32c2613828a56bb5647e27162b0cd318f0d4fede50130ddff2118121d9c3dbd8ee76910bedc3d32915df69de5be0d80fbfe13085ce4710c325e357822015a3908274349dc9cb6863787c9461bb67362a178fea10a0414703d9c4597b2a49da0b8b5990af4bfb4494ef46bc0828e87a9a964d24f2398d1f9779eeda58db9a34b7827d4aac19f682ea0fa3e23722f8337eb083207736ab4c6fe3e572a2549a8ce311282375e932cd8d222d340290d4beefd9a77d6aeb89b8903d15391414140d4305c80ca11fb4fce3cb52462b7d4618ef8e0f024d1a10e6f64861f4cabe9b4a8a61791c1bef16b76226a0e023ba0700b78d7dc6bca5ae1273aa2a95013316e3ee7a55f7af29e9374d77d83df453e8f60194749813d6d3ae8f5a5578878247ad0799e8fb8d9aecd9cc8e8dddbf3175000609829d51c7df339f5457b07d226eb70c0abedae7137017452b67ba9856a9bc3f7f6a3d6da436380d8ce10283739cbbce31a770ef47fe24d76038fd72ca9afce9695b30d379147a2e58d9978122964f15c5afe70c0b9040aac9890315e9d6da38d23fd04b26a6909ead9f6446a8b64841cd2b044900f18d823aaed52ecd456824e996b05a44c65aea0929af7d0f2673ebecd040cca7ad7827c53601045a8d2e376ec10bd82baec2f9aeccce41da4c915196968d398ae4efb14873d247e0d81401ac10979af255475908e9db808a1b15d451d08939ffa12f2aa8b041cc0bd77c197ab79bf1a1456519c9751746390a5dc944a98e1f21a44af1a1273dbbf93d452955ac142f1d69328a2790ccd2091bc9de8fa9590a8edd6337e86ab71c7cbecf422d38337e518f428f8847ef467c3607fef1d09256130febac7ba3f73d9056a5bc932075d0f255de16f8e16ad736a663eb5ffa571e974c4d9ffdc2b7f361fa960f070635b5532c63669e210b333b9d676cbd16ddaa169f0a090b41f12fbdded05fc1b74bb48a47f557469419ff78a740f37e8a460c45895b4a20b521c86589c10a3911c27a49b734e206af8edc9e9f34a0a4b97d25ceae88d2ad8103f14a1dcb51e4c70db3d4d744c3a6bb2636e26dbb2539df8680cdbfd279864cec6c65490aef7bcf4b74c3a8315c4fe1d465d0192a81d17758bbb6ae39307c1fa0849c41e9ebd856e6a83018aa9353a5f1fc5743c7b6a271c80335c4cb693b17b476d919c3575c56560eb8a1510d528d6bfa23509d499824d75d5798ccba57b64c332f6237ac7399f47929b18f3601e43b79854d5e4f959eae10bddc126ca4c6909c5c36bc7d6dfd5c2efdcaeba1e7be4fea52190690bdd1ed49256a718ece48b961dcf7cce6d6ea8471e05e9c9", 0x1000}], 0x6, &(0x7f0000001700)=[{0x108, 0x101, 0x8001, "f55904406e48a7580aa5eaf5dcf10cfb7b413b836445ea49f96aa202dde1a8a520e7b09c578b378c806e08504a3cc6f4d366211d7aca7826f888cf9001ea552598f628be9f37c5a82a4cbfa29db4728a9db9325b9fb92d934e7cfbc8bf3123bd0069250e63ee2fe409952ed4f845a79a7e7fd3a518ad13da380725580718d1fd9f31735fde2c46b5563c74a0cca588d2dd44306983e81eeee2527e58045afd7dc09cda44977c1af7a07f1341688a2cca2963f7efc754d7d3b8c55f1a9262d74a3306d3fa034b6ca76a3fbb9bdcb79f06639fd61a8a9a826153c16c6f7eb0c6102d40caedabc99116b33d8e1404ec867f9f9c"}], 0x108}, 0x4000) setsockopt$inet_sctp6_SCTP_RESET_ASSOC(0xffffffffffffffff, 0x84, 0x78, &(0x7f0000001880), 0x4) r6 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f00000018c0)='/dev/nvme-fabrics\x00', 0x664aac8d74bf553f, 0x0) setsockopt$inet_tcp_TLS_TX(r6, 0x6, 0x1, &(0x7f0000001900)=@ccm_128={{0x304}, "0a4a5cdf51b5e5fa", "ba84ef4a3969cefd5710a7df0f02f763", "ae5752db", "2c67848886331857"}, 0x28) r7 = syz_genetlink_get_family_id$fou(&(0x7f0000001980)='fou\x00') sendmsg$FOU_CMD_DEL(r1, &(0x7f0000001a40)={&(0x7f0000001940)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001a00)={&(0x7f00000019c0)={0x14, r7, 0x200, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x48002}, 0x10) r8 = add_key$user(&(0x7f0000001a80)='user\x00', &(0x7f0000001ac0)={'syz', 0x1}, &(0x7f0000001b00)="08f435dcada8a3af6a4113f730d778cde59e4735a43fde1241beb920a1980fc215b7f49efdd26dbfd1ea5dff398c7276903d34c99e93ec817f6e66f3bf7787e811915b3ccf38045599151b1d871c37b7d71926cc5a09c5d7e655178990e1d265b0358a04ea7d7952251b012f0bea7df816a68bbe26a490101fcec766ad0a319a1bbded09dc164ebfd6afee7877784477bbeee00d4cbcff6f04763b6b5fdc1458561788a290aeb7c0ccf38e8e819f8e301bc5fa2201f69cf5d52565dd7fdff1899e973d65c603985f039f42a6105c82b779cb08cd1073f1c568672c7194cc414fa8d8e276051600c6598e07b99e10d861e8f8a4773cf7d7029b", 0xf9, 0x0) keyctl$update(0x2, r8, &(0x7f0000001c00)="1460c9830e93ad3245c796d291203240699c9cb3b15d6ac749e1670667c8fddf7c66cd1c0e", 0x25) ioctl$RNDADDENTROPY(0xffffffffffffffff, 0x40085203, &(0x7f0000001c40)={0x7fff, 0x76, "ac4c66aa7db5963be26f908bb2f3cd441f052cde24853227e2570ae19aca7f9e06a60a190955712b2758868574c09aae06aad972e4c377f28e1748a2b61c0bc883e3bd36bd76c01d20fdeec416f3c8cab21ab19cd9d758c9c17c1cb25eadc97813f9da9838285d5fbd12cc2cb0ce63e734f1f2c796e5"}) [ 241.042731] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 241.052918] team0: Port device team_slave_0 added [ 241.076827] 8021q: adding VLAN 0 to HW filter on device bond0 [ 241.085223] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 241.094339] team0: Port device team_slave_1 added [ 241.133177] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.148959] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.156993] device bridge_slave_0 entered promiscuous mode [ 241.173679] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 241.182858] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 241.208550] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 241.220295] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 241.227249] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 241.234132] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 241.259765] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 241.270172] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.276552] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.284318] device bridge_slave_1 entered promiscuous mode [ 241.301384] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 241.308068] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 241.325998] IPVS: ftp: loaded support on port[0] = 21 [ 241.334144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 241.341859] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 241.357478] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 241.368483] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 241.386554] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 241.425442] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.432013] bridge0: port 1(bridge_slave_0) entered disabled state [ 241.438968] device bridge_slave_0 entered promiscuous mode [ 241.447388] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 241.454045] 8021q: adding VLAN 0 to HW filter on device team0 [ 241.465950] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 241.473978] team0: Port device team_slave_0 added [ 241.503900] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.510366] bridge0: port 2(bridge_slave_1) entered disabled state [ 241.517411] device bridge_slave_1 entered promiscuous mode [ 241.537221] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 241.544609] team0: Port device team_slave_1 added [ 241.611323] device hsr_slave_0 entered promiscuous mode [ 241.659731] device hsr_slave_1 entered promiscuous mode [ 241.730041] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 241.739005] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 241.756044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 241.764305] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 241.772254] bridge0: port 1(bridge_slave_0) entered blocking state [ 241.778673] bridge0: port 1(bridge_slave_0) entered forwarding state [ 241.786089] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 241.795881] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 241.804194] chnl_net:caif_netlink_parms(): no params data found [ 241.818997] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 241.828535] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 241.842863] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 241.850378] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 241.858138] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 241.865920] bridge0: port 2(bridge_slave_1) entered blocking state [ 241.872283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 241.909187] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 241.916646] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 241.942209] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 241.954095] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 241.960400] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 241.988163] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 242.001468] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 242.021274] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 242.028139] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 242.049165] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 242.060187] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 242.067587] team0: Port device team_slave_0 added [ 242.078633] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 242.106644] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 242.115054] team0: Port device team_slave_1 added [ 242.133499] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 242.142381] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 242.148619] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 242.174002] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 242.185813] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 242.192345] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 242.217770] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 242.228875] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 242.247934] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 242.303092] device hsr_slave_0 entered promiscuous mode [ 242.339703] device hsr_slave_1 entered promiscuous mode [ 242.391829] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 242.398960] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 242.423583] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 242.432508] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 242.440870] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 242.448455] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 242.551370] device hsr_slave_0 entered promiscuous mode [ 242.589609] device hsr_slave_1 entered promiscuous mode [ 242.640077] bridge0: port 1(bridge_slave_0) entered blocking state [ 242.646470] bridge0: port 1(bridge_slave_0) entered disabled state [ 242.655681] device bridge_slave_0 entered promiscuous mode [ 242.663587] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 242.674742] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 242.703009] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 242.710653] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 242.718257] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 242.726222] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 242.734182] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 242.741767] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 242.749754] bridge0: port 2(bridge_slave_1) entered blocking state [ 242.756147] bridge0: port 2(bridge_slave_1) entered disabled state [ 242.763423] device bridge_slave_1 entered promiscuous mode [ 242.809788] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 242.827014] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 242.839913] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 242.854690] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 242.862312] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 242.882718] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 242.888789] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 242.896412] chnl_net:caif_netlink_parms(): no params data found [ 242.937952] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 242.965215] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 242.975674] team0: Port device team_slave_0 added [ 242.981967] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 242.990352] team0: Port device team_slave_1 added [ 243.029025] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 243.041131] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 243.047382] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 243.072939] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 243.086615] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 243.093249] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 243.118824] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 243.132635] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 243.145580] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 243.164655] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 243.177250] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 243.188540] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 243.226016] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 243.261642] device hsr_slave_0 entered promiscuous mode [ 243.289694] device hsr_slave_1 entered promiscuous mode [ 243.330739] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 243.360728] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 243.381504] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.387912] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.396469] device bridge_slave_0 entered promiscuous mode [ 243.403747] bridge0: port 2(bridge_slave_1) entered blocking state [ 243.410180] bridge0: port 2(bridge_slave_1) entered disabled state [ 243.417143] device bridge_slave_1 entered promiscuous mode [ 243.439899] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 243.481337] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 243.490878] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 243.532019] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 243.539812] team0: Port device team_slave_0 added [ 243.545803] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 243.553523] team0: Port device team_slave_1 added [ 243.578122] 8021q: adding VLAN 0 to HW filter on device bond0 [ 243.599363] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 243.605636] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 243.633245] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 243.648993] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 243.658073] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 243.683449] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 243.694685] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 243.702732] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 243.734325] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 243.747246] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 243.760067] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 243.768648] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 243.822426] device hsr_slave_0 entered promiscuous mode [ 243.869583] device hsr_slave_1 entered promiscuous mode [ 243.914559] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 243.924305] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 243.935928] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 243.942125] 8021q: adding VLAN 0 to HW filter on device team0 [ 243.951943] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 243.966568] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 243.974056] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 243.982980] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 243.992446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 244.007070] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 244.014959] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.021378] bridge0: port 1(bridge_slave_0) entered forwarding state [ 244.028645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 244.037076] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 244.047929] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 244.077831] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 244.085972] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 244.094647] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 244.102722] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.109094] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.119161] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 244.143514] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 244.163383] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 244.181697] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 244.188456] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 244.208736] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 244.216737] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 244.224005] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 244.234423] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.248175] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 244.291394] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 244.302127] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 244.316117] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 244.324113] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 244.332352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 244.340077] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 244.348028] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 244.355754] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 244.362793] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 244.373237] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 244.381730] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 244.392220] device veth0_vlan entered promiscuous mode [ 244.403412] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 244.409847] 8021q: adding VLAN 0 to HW filter on device team0 [ 244.416120] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 244.424210] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 244.434555] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.441579] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.453161] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 244.468143] device veth1_vlan entered promiscuous mode [ 244.477518] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 244.487040] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 244.494543] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 244.502557] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 244.518247] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 244.530233] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 244.541242] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 244.551337] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 244.561183] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 244.568965] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 244.576913] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 244.584893] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 244.593675] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 244.601698] bridge0: port 1(bridge_slave_0) entered blocking state [ 244.608047] bridge0: port 1(bridge_slave_0) entered forwarding state [ 244.615769] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 244.622486] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 244.639108] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 244.653811] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 244.662147] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 244.670788] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 244.678355] bridge0: port 2(bridge_slave_1) entered blocking state [ 244.684802] bridge0: port 2(bridge_slave_1) entered forwarding state [ 244.694696] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.710192] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 244.721413] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 244.733077] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 244.741350] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 244.752533] 8021q: adding VLAN 0 to HW filter on device bond0 [ 244.761698] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 244.772018] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 244.778675] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 244.785866] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 244.793685] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 244.802787] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.810068] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.820065] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 244.829955] device veth0_macvtap entered promiscuous mode [ 244.836341] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 244.844821] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 244.853964] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 244.871338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 244.880752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 244.888417] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 244.898186] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 244.911857] device veth1_macvtap entered promiscuous mode [ 244.918237] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 244.928079] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 244.937060] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 244.948336] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 244.956497] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 244.964451] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 244.971755] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 244.978614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 244.986449] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 244.995242] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 245.005638] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 245.015769] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 245.022073] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.032825] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 245.038896] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.048497] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 245.061879] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 245.072246] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 245.079967] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 245.087744] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 245.098755] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 245.112137] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 245.123150] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 245.131815] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 245.140513] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 245.148494] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 245.156626] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 245.164660] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 245.173000] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 245.180940] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 245.188522] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.194906] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.202190] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 245.210331] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 245.217899] bridge0: port 1(bridge_slave_0) entered blocking state [ 245.224325] bridge0: port 1(bridge_slave_0) entered forwarding state [ 245.231510] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 245.238556] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 245.254264] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 245.263278] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 245.271016] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 245.280592] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 245.290491] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 245.301472] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 245.307512] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 245.315434] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 245.324477] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 245.332482] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.338810] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.345934] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 245.353713] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 245.361825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 245.369418] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 245.378346] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 245.388777] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 245.402227] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 245.409090] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 245.418337] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 245.427056] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 245.435199] bridge0: port 2(bridge_slave_1) entered blocking state [ 245.441601] bridge0: port 2(bridge_slave_1) entered forwarding state [ 245.449080] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 245.457029] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 245.465180] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 245.479144] 8021q: adding VLAN 0 to HW filter on device bond0 [ 245.488109] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 245.513144] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 245.525275] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 245.532923] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 245.539784] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 245.548701] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 245.563049] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 245.571835] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 245.578612] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 245.591120] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 245.603298] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 245.611332] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 245.618040] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 245.625352] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 245.633187] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 245.641094] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 245.648060] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 245.658221] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 245.673028] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 245.683393] device veth0_vlan entered promiscuous mode [ 245.703577] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 245.710698] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 245.718850] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 245.728406] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 245.736644] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 245.747557] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 245.761824] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 245.770404] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 245.784849] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 245.793602] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 245.807019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 245.814343] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 245.822094] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 245.830225] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 245.838654] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 245.848120] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 245.858806] device veth1_vlan entered promiscuous mode [ 245.864968] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 245.874965] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 245.881134] 8021q: adding VLAN 0 to HW filter on device team0 [ 245.890057] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 245.897409] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 245.905950] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 245.917379] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 245.929428] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 245.938505] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 245.949916] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 245.957279] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 245.965038] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 245.972744] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 245.980739] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 245.988727] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 245.996505] bridge0: port 1(bridge_slave_0) entered blocking state [ 246.002899] bridge0: port 1(bridge_slave_0) entered forwarding state [ 246.010177] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 246.018033] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 246.025781] bridge0: port 2(bridge_slave_1) entered blocking state [ 246.032140] bridge0: port 2(bridge_slave_1) entered forwarding state [ 246.039910] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 246.048870] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 246.055244] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 246.064071] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 246.081591] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 246.091174] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 246.103940] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 246.113160] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 246.121159] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 246.128669] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 246.136440] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 246.155224] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 246.163873] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 246.173920] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 246.183343] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 246.190641] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 246.201675] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 246.211065] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 246.224990] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 246.233597] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 246.253859] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 246.261735] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 246.275181] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 246.295514] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 246.301728] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 246.313964] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 246.325078] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 246.353506] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 246.363669] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 246.374894] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 246.383549] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 246.392268] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 246.400934] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 246.408567] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 246.417140] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 246.425218] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 246.435465] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 246.442347] audit: type=1400 audit(1584846299.826:41): avc: denied { associate } for pid=8049 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 246.507500] device veth0_macvtap entered promiscuous mode [ 246.525150] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 246.531902] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 246.539985] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 246.547802] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 246.558408] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 246.578756] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 246.596979] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready 03:05:00 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x40, 0xfe, 0x0, 0x4, 0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, @perf_bp={0x0, 0xb}, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x10}, 0x0, 0xfffffffffffffffc, 0xffffffffffffffff, 0x9) accept(0xffffffffffffffff, 0x0, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f00000000c0)={0x0, 0x53d, {0x57, 0x1ff, 0x2c, {0x0, 0x7}, {0x4650, 0x4}, @rumble={0x9f, 0xfc3}}, {0x53, 0xa7e, 0x3, {0x9, 0x8}, {0xfffa, 0x9263}, @ramp={0x33, 0x2, {0xec, 0x5, 0x1, 0x8000}}}}) r0 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x3310, 0x0) ioctl$SNDCTL_DSP_POST(r0, 0x5008, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) r2 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r2, 0x3310, 0x0) getsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040), &(0x7f0000000000)=0x14) syz_read_part_table(0x0, 0x1, &(0x7f0000000080)=[{0x0}]) setsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x3, &(0x7f0000000140), 0x4) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000a40)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000000e000000040000008803000000000000f0000000e8010000f0000000f0000000b8020000b8020000b8020000b8020000b802000004000000442f06995c7e1e45a4243c37e945e245de279deedcc153617f3dc8ea9b4c3af8a2dac344759eab8c6a9db677334f8ea9a17c6c57251fa9da4eb8a58ee08845f217975832138f47080eb5077f", @ANYRESOCT=r1, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800f000000000000000000000000000000000000000000000000000480049444c4554494d45520000000000000000000000000000000000000000006c91000073797a300000000000000000000000000000000000000000000000000700000000000000fe8000000000000000000000000000bbfe8000000000000000000000000000bbff000000ffffff00000000ffffffffff000000ffffffff00ffffffff00000000626f6e645f736c6176655f310000000073797a6b616c6c65723000000000000080000000000000000000000000000000ff000000000000000000000000000000320020014200000000000000d000f8000000000000000000000000000000000000000000000000002800737461746500000000000000000000000000000000000000000000000000ff01000000000000280052454a45435400000000000000000000000000000000000000000000000007000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d000000000000000000000000000000000000000000000000000280052454a45435400000000000000000000000000000000000000000000000004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff00000000"], 0x3) [ 246.627346] device veth1_macvtap entered promiscuous mode [ 246.636160] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 246.656362] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 246.675252] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 246.688545] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 246.696806] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 246.706682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 246.717288] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 246.727884] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 246.738394] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 246.747836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 246.756434] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 246.767010] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 246.777754] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 246.788601] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 246.795276] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 246.814709] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 246.822365] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready 03:05:00 executing program 0: setsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, &(0x7f0000000640)=0x4, 0x4) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, 0xffffffffffffffff) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff}, 0x19000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) semget$private(0x0, 0x1, 0x20) mlockall(0x0) pipe(0x0) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffc, 0x6c404, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x4, @perf_config_ext={0x37}, 0x8000000200004d1e, 0x800007c, 0x0, 0x6, 0x6, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x9) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) pwritev(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)="e5ef06b2d7dc696a8e1230aa84226b090ca0a12d52b98bc677337653f148806d75e0", 0x22}, {&(0x7f0000000280)="c0b3f66779c653b34c2e2d73917b1cc871f8f6fe436fb4a60ce2dc46c2fd1bd5b79b9acf61318e185e46e089c9514f615a0da2913bfcc9d64e6e375db4704f22906f9a06cd35ea5486c206d810e325c5a674311f999c08f6648b2e17027c5e172187738a78763d9f05f114d191cb21ceabbd17a25a60996a1a3dff66db4cbff02884f645", 0x84}, {&(0x7f0000000340)="d2ba5a8677e8c4902f6ab354d9fc5332524baa486a256490cb3696d2ad42ee0f32d6322ff346ad3960f04579f9f65c09c553458cde1e4f4b79c08e5169e7155f40afd93f46afad8e389c9ae9f0b7c85b95c34110a9490b11f28126230e63064b70e8513af76951ab1fa24b6394d392c6c600489f3d38ef2bc6fd1ff0971f56faf98999dab9e6ec4573a9b200f0b341125f0c14cf555c3470f9cb9088209bf91035321946aa111d23d491271f8d82bc50211eecfe1120f3a15bac5ac8c0255a529b915b8c75df08e4eb9b698fc6", 0xcd}, {&(0x7f0000000440)="68860190be862206514100315ff0e8643d08f3a17384986d0fa0e31e4839a331f11378a440ce79a9aab333c9a7ff30e06a75bc6fcb4ea85a11e24134ec74e3765223b7c87f5e9515bd6ee87ddb2f11a0de943b18f5e929fe0fbfacc797e803ecdc8f8377b736f2386e287aca85834f22261a1b4afec2bc18b481b7fc1f1ad06563dd1c", 0x83}, {&(0x7f00000000c0)="568e0c97f3f75a699b8046ac1ed30ddae02e334570af98e080d450a4f2cdc39342ea53912c9bec60a9895cbee693ff1b025b82d8f48db78e03f683704d5d4059", 0x40}], 0x5, 0x7f) open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) pipe(&(0x7f0000000000)) [ 246.829118] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 246.839135] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 246.860642] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 246.868475] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready [ 246.896167] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 246.930122] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 246.953309] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 246.975709] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 246.995941] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 247.010213] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 247.025981] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 247.051671] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 247.060010] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 247.068134] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 247.082325] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 247.089189] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 247.102289] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 247.113462] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 247.128252] device veth0_vlan entered promiscuous mode [ 247.128376] hrtimer: interrupt took 94792 ns [ 247.138766] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 247.153288] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 247.164164] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 247.175040] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 247.191472] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 247.208070] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 247.217181] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 247.230460] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 247.246990] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 247.268217] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 247.276435] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 247.292945] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 247.304572] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 247.315081] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 247.334449] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 247.348814] device veth1_vlan entered promiscuous mode [ 247.374596] device veth0_vlan entered promiscuous mode [ 247.394413] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 247.407018] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 247.433338] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 247.471218] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 247.491344] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready [ 247.515320] device veth1_vlan entered promiscuous mode [ 247.530634] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready [ 247.566019] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 247.607361] IPv6: ADDRCONF(NETDEV_UP): veth1_virt_wifi: link is not ready [ 247.633432] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready [ 247.640390] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 247.650462] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 247.676686] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 247.701833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 247.726057] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 247.740795] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 247.748761] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 247.816944] device veth0_macvtap entered promiscuous mode [ 247.835995] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 247.851345] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready 03:05:01 executing program 0: setsockopt$TIPC_IMPORTANCE(0xffffffffffffffff, 0x10f, 0x7f, &(0x7f0000000640)=0x4, 0x4) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, 0xffffffffffffffff) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0xffffffff}, 0x19000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) semget$private(0x0, 0x1, 0x20) mlockall(0x0) pipe(0x0) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x18, 0x0, 0x0) perf_event_open(&(0x7f000000a000)={0x4, 0x70, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffc, 0x6c404, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x4, @perf_config_ext={0x37}, 0x8000000200004d1e, 0x800007c, 0x0, 0x6, 0x6, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x9) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, &(0x7f000000a000)) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) pwritev(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)="e5ef06b2d7dc696a8e1230aa84226b090ca0a12d52b98bc677337653f148806d75e0", 0x22}, {&(0x7f0000000280)="c0b3f66779c653b34c2e2d73917b1cc871f8f6fe436fb4a60ce2dc46c2fd1bd5b79b9acf61318e185e46e089c9514f615a0da2913bfcc9d64e6e375db4704f22906f9a06cd35ea5486c206d810e325c5a674311f999c08f6648b2e17027c5e172187738a78763d9f05f114d191cb21ceabbd17a25a60996a1a3dff66db4cbff02884f645", 0x84}, {&(0x7f0000000340)="d2ba5a8677e8c4902f6ab354d9fc5332524baa486a256490cb3696d2ad42ee0f32d6322ff346ad3960f04579f9f65c09c553458cde1e4f4b79c08e5169e7155f40afd93f46afad8e389c9ae9f0b7c85b95c34110a9490b11f28126230e63064b70e8513af76951ab1fa24b6394d392c6c600489f3d38ef2bc6fd1ff0971f56faf98999dab9e6ec4573a9b200f0b341125f0c14cf555c3470f9cb9088209bf91035321946aa111d23d491271f8d82bc50211eecfe1120f3a15bac5ac8c0255a529b915b8c75df08e4eb9b698fc6", 0xcd}, {&(0x7f0000000440)="68860190be862206514100315ff0e8643d08f3a17384986d0fa0e31e4839a331f11378a440ce79a9aab333c9a7ff30e06a75bc6fcb4ea85a11e24134ec74e3765223b7c87f5e9515bd6ee87ddb2f11a0de943b18f5e929fe0fbfacc797e803ecdc8f8377b736f2386e287aca85834f22261a1b4afec2bc18b481b7fc1f1ad06563dd1c", 0x83}, {&(0x7f00000000c0)="568e0c97f3f75a699b8046ac1ed30ddae02e334570af98e080d450a4f2cdc39342ea53912c9bec60a9895cbee693ff1b025b82d8f48db78e03f683704d5d4059", 0x40}], 0x5, 0x7f) open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) pipe(&(0x7f0000000000)) [ 247.872284] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 247.885114] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 247.893865] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 247.915334] device veth1_macvtap entered promiscuous mode [ 247.923401] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 247.944683] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 247.968600] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 247.979962] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 247.989252] device veth0_macvtap entered promiscuous mode [ 247.997014] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 248.006331] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 248.016661] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 248.028247] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 248.042151] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 248.062810] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 248.073098] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 248.087637] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 248.104967] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready [ 248.116237] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready [ 248.127503] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready [ 248.143765] IPv6: ADDRCONF(NETDEV_UP): veth1_vlan: link is not ready [ 248.157241] device veth1_macvtap entered promiscuous mode [ 248.173033] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 248.191141] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 248.204198] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 248.224958] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 248.234584] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 248.246663] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 248.257948] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 248.273537] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 248.286966] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.298190] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 248.313775] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.326222] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 248.340033] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 248.346794] device veth0_vlan entered promiscuous mode [ 248.360790] device veth0_vlan entered promiscuous mode [ 248.372886] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 248.386761] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 248.395262] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 248.416715] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 248.437920] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 248.456191] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 248.472274] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.486025] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 248.503052] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.514923] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 248.526234] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 248.538429] device veth1_vlan entered promiscuous mode [ 248.554501] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 248.568099] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 248.583054] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 248.615638] device veth1_vlan entered promiscuous mode [ 248.635643] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 248.662078] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.678139] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 248.694168] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.703674] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 248.718816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.735757] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 248.743214] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 248.767363] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready 03:05:02 executing program 0: open(&(0x7f0000000440)='./file0\x00', 0x110000141042, 0x0) mount(&(0x7f0000000340)=ANY=[@ANYBLOB='[d::]:0::'], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='ceph\x00', 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) epoll_ctl$EPOLL_CTL_DEL(r0, 0x2, r1) [ 248.822092] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 248.850300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 248.860720] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 248.876817] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.888680] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 248.891863] libceph: parse_ips bad ip '[d::]:0:' [ 248.898866] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.912921] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 248.922684] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 248.933512] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 248.940841] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 248.950876] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 248.969106] device veth0_macvtap entered promiscuous mode [ 248.976245] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 248.984345] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 248.993504] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 249.002136] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 249.010520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 249.034830] device veth1_macvtap entered promiscuous mode [ 249.043025] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 249.070522] libceph: parse_ips bad ip '[d::]:0:' [ 249.075460] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 249.086941] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready 03:05:02 executing program 1: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) getpeername$packet(r0, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f00000001c0)=0x14) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=@migrate={0xec, 0x21, 0xd39, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast1, 0xfffc}}, [@migrate={0x9c, 0x11, [{@in6=@mcast1, @in=@broadcast, @in6=@empty, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, {@in6=@mcast1, @in=@broadcast, @in=@broadcast, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}]}]}, 0xec}}, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r1, 0x3310, 0x0) sendmsg$IPSET_CMD_TYPE(r1, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)={0x48, 0xd, 0x6, 0x5, 0x0, 0x0, {0xc, 0x0, 0x9}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x40085) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8114}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="63ac1d2b", @ANYRES16=0x0, @ANYBLOB="340b2bbd7000ffdbdf25440000000c0099000300000004000000"], 0x20}, 0x1, 0x0, 0x0, 0x20040000}, 0x20000080) [ 249.138073] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready [ 249.176953] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 249.222521] IPv6: ADDRCONF(NETDEV_UP): veth1_macvtap: link is not ready [ 249.234520] device veth0_macvtap entered promiscuous mode [ 249.241431] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready [ 249.248117] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 249.264505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready 03:05:02 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x11) getpid() socket$inet6(0xa, 0x40000080806, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x7000000}}], 0x4000000000000d0, 0x0) syz_open_dev$sg(&(0x7f0000000200)='/dev/sg#\x00', 0x0, 0x163882) r0 = open(&(0x7f0000000100)='./bus\x00', 0x141042, 0x0) pwritev(r0, &(0x7f0000000080)=[{&(0x7f0000003040)="02", 0x1}], 0x1, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$KDSKBMODE(r1, 0x4b45, &(0x7f0000000000)=0x2) fallocate(r0, 0x20, 0x0, 0xfffffeff000) fallocate(r0, 0x0, 0x0, 0x10000101) [ 249.277008] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 249.314655] device veth1_macvtap entered promiscuous mode [ 249.335451] IPv6: ADDRCONF(NETDEV_UP): macsec0: link is not ready [ 249.342744] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 249.357855] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 249.378386] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 249.397292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.419344] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 249.429094] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.447200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 249.462484] audit: type=1800 audit(1584846302.846:42): pid=8231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.1" name="bus" dev="sda1" ino=16518 res=0 03:05:02 executing program 1: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000180)={r3}) getsockopt$SO_COOKIE(r4, 0x1, 0x39, &(0x7f0000000200), &(0x7f0000000240)=0x8) accept(r1, &(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000140)=0x80) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r5 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000280), &(0x7f0000000300)=0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x50, 0x0, 0x9, 0x5, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_TUPLE={0x30, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}]}]}, 0x50}}, 0x0) [ 249.490261] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.528200] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 03:05:02 executing program 0: sched_setscheduler(0x0, 0x0, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000240)={0xa, 0x0, 0x0, @mcast1, 0x2}, 0x1c) perf_event_open(0x0, 0xffffffffffffffff, 0xb, r0, 0x0) connect(r1, &(0x7f00000001c0)=@in={0x2, 0x4e20, @remote}, 0x80) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='loginuid\x00') pwritev(r3, &(0x7f0000000200)=[{&(0x7f0000000080)='4', 0x1}, {&(0x7f0000000040)='+', 0x1}], 0x2, 0x0) r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000000c0)='NLBL_MGMT\x00') sendmsg$NLBL_MGMT_C_ADDDEF(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='Y', @ANYRES16=r4, @ANYBLOB="0004a8bd7000ffdbdf250400010026100000dcb209900469613f9a9d3d7a599543aafbba0539be5881c2144888b033e3ab909b6ab13b6e4b2425c81a9a10b0e73d10934f87cf3c0c36e308437f9618e769f1e235d1c7353843234660c3cf3ebeee6a6d9e4a02dc418cd9c5acf37021efb1f74a7dbd9756ea8f34ebb5b4a0c3f03fa8faedf884328041368455a8b32a0afcdb28d589f08ca27661f4941171f83ff9d0e65f1e781e61d25c9cee075469e1b26cf8b40aa7ef32f08b5efe604b30c3505178a064b73456209a19c5f0ce4fe0c28356c00dbd7847f7e5d8a8708594657e7debe532832ba48e6e5298eaa259aa5b3f9e7d1f06fab90c2ecb8047871cb0e4947207376a0b382d7923f19f256ca9f849cc"], 0x3}, 0x1, 0x0, 0x0, 0xd0}, 0x48005) sendmsg$NLBL_MGMT_C_LISTALL(r3, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)={0x44, r4, 0x100, 0x70bd27, 0x0, {}, [@NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @rand_addr="3a302d5abbebb8ec9f2158c8c0c8a882"}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @mcast1}]}, 0x44}}, 0x0) sendmsg$NLBL_MGMT_C_VERSION(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, r4, 0x10, 0x70bd26, 0x25dfdbfe, {}, [@NLBL_MGMT_A_CV4DOI={0x8}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x5}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @local}, @NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @dev={0xfe, 0x80, [], 0x42}}, @NLBL_MGMT_A_DOMAIN={0x6, 0x1, '&\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x20000804}, 0x4000800) sendmmsg(r1, &(0x7f00000002c0), 0x4000000000000d7, 0x0) [ 249.545029] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.554994] audit: type=1400 audit(1584846302.946:43): avc: denied { create } for pid=8239 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 249.562067] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 249.591548] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 249.606785] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 249.622687] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 249.634201] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready [ 249.643466] audit: type=1400 audit(1584846303.036:44): avc: denied { write } for pid=8239 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_netfilter_socket permissive=1 [ 249.643675] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 249.674001] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 249.700956] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.710475] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 249.720279] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.722852] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 249.729802] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 249.757730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.768012] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 249.778165] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.790287] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 249.797283] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 249.808766] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready [ 249.822022] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 249.836557] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 249.862135] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 249.877924] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.880779] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 249.889111] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 249.904513] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.913931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 249.924743] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.933931] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 249.943736] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.952935] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 249.962672] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 249.973312] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready [ 249.980992] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 249.990593] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 250.001207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.010604] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 250.020914] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.030113] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 250.040189] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.049362] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 250.059058] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.068367] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 250.078139] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 250.089442] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready [ 250.096341] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 250.109551] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 250.117484] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 250.134126] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 250.142599] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 03:05:03 executing program 0: open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r0 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000200)='threaded\x00', 0x2ffe00) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r1, r0, 0x0) creat(&(0x7f00000001c0)='./file0\x00', 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000240)={&(0x7f0000000000)='./file0\x00', 0x0, 0x18}, 0x10) r2 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = dup(0xffffffffffffffff) dup2(r3, r2) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 250.426830] audit: type=1800 audit(1584846303.816:45): pid=8300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16526 res=0 03:05:03 executing program 3: syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe800, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(0x0, 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r1, 0x1000) lseek(r1, 0x0, 0x2) rt_sigprocmask(0x2, &(0x7f00000000c0)={[0xb393]}, 0x0, 0x8) r2 = open(&(0x7f0000000240)='./bus\x00', 0x105010, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r2, &(0x7f0000d83ff8)=0xe00, 0x8000fffffffe) dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0xffbc, @mcast1}, 0x1c) [ 250.554958] audit: type=1804 audit(1584846303.866:46): pid=8300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir058652832/syzkaller.xZlqwW/6/file0" dev="sda1" ino=16526 res=1 [ 250.638888] audit: type=1804 audit(1584846303.906:47): pid=8314 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir058652832/syzkaller.xZlqwW/6/file0" dev="sda1" ino=16526 res=1 [ 250.747195] audit: type=1804 audit(1584846304.136:48): pid=8322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir280741127/syzkaller.n0DJUN/1/bus" dev="sda1" ino=16533 res=1 [ 250.789932] audit: type=1800 audit(1584846304.136:49): pid=8322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16533 res=0 03:05:04 executing program 0: r0 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x3310, 0x0) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r0, 0x80845663, &(0x7f0000000140)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) prlimit64(0x0, 0x7, &(0x7f0000000040)={0x6, 0x8}, 0x0) getsockname$unix(r1, &(0x7f0000000080), &(0x7f0000000100)=0x6e) syz_init_net_socket$bt_sco(0x1f, 0x3, 0x5) 03:05:04 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x110, r4, 0xab0f5000) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:04 executing program 2: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000200)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x2e, 0x24, 0x0, 0x0, 0x94020000}}, &(0x7f0000000240)='GPL\x00', 0x1, 0x348, &(0x7f0000000480)=""/195}, 0x48) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = gettid() r5 = add_key$keyring(0x0, &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$setperm(0x5, r5, 0x0) r6 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, r5) r7 = add_key$keyring(0x0, &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$setperm(0x5, r7, 0x0) r8 = add_key$keyring(&(0x7f0000000400)='keyring\x00', &(0x7f0000000440)={'syz', 0x1}, 0x0, 0x0, r7) keyctl$KEYCTL_MOVE(0x1e, 0x0, r6, r8, 0x0) r9 = getuid() r10 = getgid() sendmsg$unix(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001a40)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r4, @ANYRES32=r9, @ANYRES32=r10, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32], 0x3c}, 0x0) mount$fuseblk(&(0x7f0000000040)='/dev/loop0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='fuseblk\x00', 0x841000, &(0x7f0000000280)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id', 0x3d, 0xee00}, 0x2c, {'group_id', 0x3d, r10}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1000}}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@default_permissions='default_permissions'}, {@blksize={'blksize', 0x3d, 0x1800}}, {@blksize={'blksize', 0x3d, 0x600}}, {@allow_other='allow_other'}, {@blksize={'blksize', 0x3d, 0x800}}, {@blksize={'blksize'}}], [{@smackfsfloor={'smackfsfloor', 0x3d, 'em1@'}}]}}) 03:05:04 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 250.973868] audit: type=1400 audit(1584846304.366:50): avc: denied { prog_load } for pid=8341 comm="syz-executor.2" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=bpf permissive=1 03:05:04 executing program 5: r0 = syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x104082) r1 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) perf_event_open(&(0x7f0000000240)={0x3, 0x70, 0x6, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, @perf_bp={&(0x7f0000000200), 0xd}, 0x41401, 0x5, 0x0, 0x9, 0x10400000000004, 0x0, 0x12}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0) open(&(0x7f00000003c0)='./file0\x00', 0x0, 0x0) flock(0xffffffffffffffff, 0x2) ioctl$NBD_SET_BLKSIZE(0xffffffffffffffff, 0xab01, 0xff) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) pwritev(0xffffffffffffffff, &(0x7f0000000300)=[{&(0x7f0000000740)="d71ff9bbe429f13559d444ec8e26b4f3e6bf9eea16ef9f8c9ad0b5b51ead50d4aa4c0550311449e21ffa7d16038817a90e497e39d94adabd10cce10af395f61f6a0d17d6d30d4a199760c91adac18fea85cabdb0fa6e2203481bf5448351f8d609bd834d1950afeca28c087b4d77d7ecbab61747950349cc170ac9420fe67e837cc827779cf5c9d1d01f3a26ca93e3095b14f81c60baa4330b879f784c1021fc85978d02b20a121d199b729de2bccbf559669a67eee1ab2fd76d2dce47719e0f8d0de6a87dc472fe19ad647b4e64ebb4e331d629477e93948995c3c7cef7c98c86ba08c6e6eb74db30bb1287f13379852fff53426dcd6d575ef7a27209acd10a1c75133f65fad1421f3e85fcae99f8c008457a06e937d709484e8af2e5c992c687002fe7339316488d984440bec8a6c5de3b00e88f70d65667f1a4c75a43749e082eb2569489fd081974ad530987c786bbfb471bd21363db3d8c6cb35cc7ea01a89c96f4dab258cc3fb2a477693fec080810a9d24e2422b793202ae7d51aecac8a", 0x181}, {&(0x7f0000000180)}], 0x2, 0x3) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x1b5, 0x0) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x4000004) r2 = getpid() sched_setscheduler(r2, 0x0, &(0x7f0000000100)=0x200022) r3 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/bluetooth/6lowpan_enable\x00', 0x2, 0x0) r4 = creat(&(0x7f00000002c0)='./file0\x00', 0x116) ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r4, 0xc0884123, &(0x7f0000000480)={0x7, "c04c76ac1d8199f9d8b3b7470346d7791f41555485c81dda5b57c79be306787409670b62626fa46b39303f0a730175bf750100", {0xa, 0xfffffffffffffc00}}) flistxattr(r3, &(0x7f00000000c0)=""/17, 0x11) open(&(0x7f0000000040)='./file0\x00', 0x2fc, 0x0) flock(0xffffffffffffffff, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x8) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/syz1\x00', 0x1ff) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) socket(0x2c, 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETCARRIER(r5, 0x400454e2, 0x0) ioctl$TUNSETCARRIER(r5, 0x400454e2, &(0x7f0000000000)) fchmod(r5, 0xd8) sendfile(r0, r0, 0x0, 0x40fdf) [ 251.025496] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 251.036305] xt_HMARK: spi-set and port-set can't be combined 03:05:04 executing program 0: write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x7a05, 0x1700) r0 = socket$kcm(0x11, 0x8000000000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000001640), 0x4) sendmsg(r0, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x5}, 0x80, &(0x7f0000000140)=[{&(0x7f00000027c0)="84843611e80d08233e496d5671dc71ff04291b2c1501772502bb867063f70647862a15257781bcf1d1e498104d082833914ee68afc14ac7cb85975751b8c31271948ee303aa2a34be964b8c1b95638607b2e7ec7fda28fea4caada028a39bf259538214e80b9b5c9b58b1cb36a933d64a25324566f7733ea93fc91c98fec268cb1e2148198e2ccf2463d2ae56c61ac436c336b2d421c6b512a600955c6ede3e5820165eabf2dda9e2294300485327a6d28f7913f19d79e5f478626bb6a607c2f5085c68749edc417da6cc4db8c605215575067836f62b0b3e0b49e8c321240c1b1b54babad07a7000c4eb99200b9d016f1554683b7b3323ab37f066b973d584345792feba5b719ec0413d1c37689ce927de538b4ac16687f6595120220e5205f79227e43a8eaa610c8c232bcb811b4a63eab1b87da214700408e830774dcd6318bec9ef28b9171b0492bddb09009a8d26f797713d81548e0c547b8aa7bcd844c2cfa69560deaa6188b576792cccdc09a1f94da4e4c4f05e4d053d6a2fcdb253dce696d6cd85a1aee740c2a84e3d63aa558d3db42531e2303c6e8cfc0b6e31950fcbf3021f708d47c05edcf3fcdd66226d99f1f132d73f698e0820c395f343e0d69042b6b06bf40b45ea6a8f52a32255f3c40d4e9fb93084421a6235116be29125e5afe2d8c418cedb2548db2fcade80c118af8a6be1e650517519721a5920f842662aad37473f2ba60f7ee8466f8dba829c3e17d3e618ef5768b1b0a8991c64f2e592e726bb4636d13fbd04ed71b031e1c1a27fe30325e521a9845ef1abae620cefb216c47a1e3b4db8cb1287006b9fed827fa5a944b8045a3397ba4208c5cb67117393b2f836e4e79196e05ebd7488fa76619ea0521982b9cb76a63bed4f0ffe48ceb4b2bbe4e590dec80eca4740027f855dad06313a2a0188932a2069fc70b8af0e4294a7b51b552ad72ccd5625fd2a971354bad2930eec5f41e0ae271224b8a9160d96965d372c65e4a0adcee1e8bb84406b6a5c5e4d6ed7ff529afdffcdbea58f43e7c39f8aa9845fc92c84aa8bc0eef238d19b2cd3dd0c6d52694c99f2f493b7064076b62d139837eda3d11e43ae52fb771c1585974bcc6e2adb24096fd3d5ac867afb9cfb6ed07cb34e227f00ed5541499d2e7e3b4f3da831a3b9c32de8be0f5b45e8248b5a2811bb452ca6dc7d56d87531347ad316e6e8c6bf887f70f455cdeae8dcfff004b0ed1b8fd63d1d5e55cbdf1541b87821f3c90f7d47e542ec75b132f5285862d3e9fd84f841e4d137e2735d5f23c87108bcaa591a14ab2ab43802ffb176453312420fe0e79af7236850104bc3e925b16fd0a57ee9959ae8ccc13c843365442bb462d86ead8a20c41e064e0ad286f4aa4c69d0046e5012cecf425b0df11c0b458e31804d8ffe98554afc69b475ca03cbe926806b276e19aa47b3e101b95ee2fd32b9f06a3fcf6f078ce694f9ed8fe03425446bcdd0e7c1f4d3e109bbe30020cb81b64bb0cdfd8a0d33e1143c4fbb7fef15d1059e1f20b394f69d482a1da5fd49508808c80c824a843698386b4d3c3885f063aa3c047624f93298040fbc706020d295cf3f363d42f21d327d91d101cc4758c67195a49c3b3002e14cf28a5b8899b7ef08b6713d89c7049ef594361b1d8a0c5838ff30a6a3f1b0f9f947c76d5f1629d3df215975b498bd33ddbc44798a9f76ba0c41e9ad565e44ebf3c333fade1d4306b1042c5e2e855f3e5fdcd64ce7fdf73b09044bec8a2f0cecbb00c6c76c85891478aa4bae6282541cff613f2b461cce115ba0b78c6f50f4593efe5c2ae558f6c0534db14d5b44416b08abe45c6ddf5c749aae8141e427a0a2f42b903ac71caa09e5098cc2c07d79145c7408415d8f937108d6becdbb38a2b3250c0fdf36297375aa3212c9bc8483e8d629c54a79ca55cdda720496753f27fd9e88e203594c1e28514e0d22b9c34c3e1f10253217abed40b09a533fad16c7b9b8e89d7dfd3b27d579bfc813ad2895543ada10f886c7c75010bc70345b727513fa3b7c6aa677a22e037e2bd7731148996f3a8c424075fd12aa8eb9d8f6a8fe7b2eb68934799f5063c58c1816caa4b400bb0914fc7300111c063e5c01910b0b01803a1a348f387542236d82bef6d926ba571ca0e7745e586eddf2334baeafd7b1149502e781ec45299c3f3cd34c3628057def3c012878123224e33828b216022dfebdc6a284e503868a1e4369af819fcfd4124d801386dbb123ce88d54712f6351c77aad6039b2f5ff3d0d1903c74043864fa9f801847ac8446280a31739e0215bce77c08c2477e9079f62225cf179da445e9f220560d995238f17e87dd4ce0f7ebe5f8941d5d130c2d6398e08bb893b5dd8e58701e41e75fd0182d3ebac8920aad7f4777b4e096eb5c5a17e440c0a5b95ca92bbaec63130bbc41d0cbfccb03eb6c1cffc8558bd255c2096a285346dd9600f33554acf62aef19d2776bd5d8a5a9f0a4976022b8ac1400e3f0a7fa227ebc0ad80187939562492154c708739f865a9803512a6213d5026b1febd0a20ce4b3a4d7d90dc5af3f5beaa06b8af1d19556655ac578f9266f5d3b393f24a2d112eee90f749e1f0a6e27ff2469f1cc21d5bcbf355168c62044fd1cc4861544a8175f640ad3c5bb6c81efa331822efb70b57f4110deebe68794211ee4a95c259b4eb519d887b6cfdee178758382f4f63c80b1f0b9f2337dd5a11a5b1fb04c3315ff942cf7f5d7da36c088a65f86529d003c8c9bf74392f9d897b53a422cb3b3f9e09f9936514ac100fecf3c9a573aae041ce3c86cce6dc2884053bc56a510791392bda454aa7dc580a3a7cf71c18dd57bec21c0eb143deb654d8b0fc642bbc7484dc9943c2102169a6aca278f0fd81b1b6b082b355443c8198284e3b01e9fff1c8df1895e9c9593f16438c7f737f2ab56c0f57eadfcd570c5b04b5218fc7d2c0cdca5c7ba5ff428b4fe541d4c8f6fe274d2a3290343f3d6944c918571e350caf2ec3cc9601cd5b71e8f22ff401024c51c592bf476f255b200962e2ed014ce551376235e8d220763f8c9c904570d6b6227c94d62e08b0c9bd3557b96c8ed227685fc54d43e4a05ca5996c4d8e3e5076f394b0c0bc7cdf972f996c45987ffb2d6a138a1772b7ffbeaa66ceddd34839051c61f9d87153f23823f9178b56eb016524ba862cdca9d147b5bda79553ade825d5a1b8ea3acf8c7cad88cd11b68625d367931b9a0296b228fd2c52da32d050d746942fb38dbb3d5e2ad75b7243f7340a8c0d4c7b156e030b6eb154ec6c47c1b6af307ea0e8916e21166572632321f8b4978ecd1f8b4029a6baba4da2dd984d245d1b6dd4a6f2a72acc4d90f480de489826130dd7b2a9ad79938ed6de65c7a56e0515d84302a8a8ee98c20ea32db20b231b9d00e03dd74b804e15c70ce8a6b169ffa79db7e24062b2dd3560502337bb03c8506a25ce77eaa06f9fb54aff0bab9545c32bb9a35a700361f46a3995ef929af7698bf16df9d8965f4d939f5dba6eb238c1089c25617568b29760ecbfef273b8070c3853a652d30da91cb00e0afa1c663589158711984cfe38869974c30e9b51333091cb0f5d72f5ddb0f3bc550b2787ff6fdfe0b90764f8ec319a2674d6e16ca2417b7a2144b5a4ad248fc4b2b8f74ed1957bd4f52f0db0ac4eb8f6dc62c51e16a803bff507359abdbd0ce1ee0fb936a4a060954c1a939b4b197b61311d079ef09e57e60f94fd796c12cf7e62e11bbdc11e04fc79736e42d6d2dcb02e705dc4e8e17addcc0902af4ebbf0a2f57db53cbe99bb0797137c903195de282ed02c37634181936e351f383fb590eb453e539b80c6935185ac40890c1ba70b5e2eb53235f3a983ce4608929d2609354f89fc22f80a0aa9fc0ea9af7f06e46d8b5f5d47dbd2efe1f2d0f4edee09f11b57c257ff5ecfe96ada3c5f37e1d766c5c85490d14f297e1ce65ae34909f04492e7cc955faabb205491a096147d0930ffa70b68055523e360328f26f28ff160cdb8b4785a22110191c9ecfd187267c1a4300e9370a41c73fe224f3a9c54493780b1a4ff96398f0a60f66e48ef4ad7183f71c0c4d6d9d1a57e19a56d9ed426cd4143de82ceb33011988ed079b52ab30300255e066a84959a10676c7b58515ff9bed194c784072af1062734f5d497f2be9b0ea1228f5a981e8d5d78da49da90b040d4e3a93b7f71360b25cf75fca36a4068748e1bc171dd40fa31d6f9c4c926a635f4ea4faf7511146bc5782606966aaab13a30d67cf182751149f678852da30d0f9b6ea5524a1f5ea01e77d7a74ac588ab2251cdbc9f4f8aa2cf367f0ad2178e66fbd7ab447aae12a7bc6cf3925fe99dcdf8ec95cf4576520b781dc12fe6d310978315d2e3d7dbc49c9be2fa40788ebd5fc02c6c7f566a64b7f4af7a96353265dc9e4c74c909b9a385966f4d7312fdcdfa8f5d0632c6db4a19ce696416a04e937d4a994e757eae59c07e5d3228254b35003eba32ed448516e9aa77b5b92c9ce7fff06a8f4f652d27971a46c621a6b2ee3c1adaf60d5cdfb381a4e4ac9ab7d7d72fcb2d6aa7e104255345f1e15dec8299c9c75735a01338d20f72d8b359803becef76d9ca6da029d0a795e6d4a652bf3880efeee074c81774b2971da03eff6d9516ac8a0c34b686aa1afbcb2befc79618a3dbb2bcd53da0075cdba0ddd975fd4e833291005f0fbf7b167922dc85b109e1381431e0fdc50f80b8592edd57f50f9dd950205e1a21cd3026cb30abe6d06dbec6c7cdb76d90c0e85a69aa1522281bcb3f4fc54ee443e76c7d9bf82e313f2dc3e277c699e079a847635780a5b724aca0ede72febba648de12fd14e3a78b29e9df82a19f4ed9c712e5b313c05e6908f6d4601d076afda5cf77eab4ea7c44c9d40f463fe8cde79f18170de9b087b113cfc7d467bd164564c2a8a99e4566d6f9eb1a8d5393700158fe84c109735cfe0ab45d9eb6fe61619d8538512730e015ffac07279973126e9087b209144c8797dd6b65381e616256a9cbf7771222c41618eb82d3539e7750ef0614acb4c901f88f31589d9d6d87c4b2a5361ad44155bf5476f2bc42cd2e758d478a1bcaf27c6c5607f025c8ff75913cb95eb631a690e3e6201204e616a4482a6eae323dadc0a9c22a7de1567ec3f45380bbde304cc76efd4bb0ac9f28475534eb973fc02f3f5dc73a862052f82f6d40c0821012589925ce3f2274ff2a8097b8464b44068c1505b967679bcc6b5d7e7ece9bd1880fc32531fe5d7bac9c5262a709239e477ecf44915a70aa7f984ec1bed047f3ec92a55714403c7c7503a3ac87cec792e072eefa623c56b6b33beb5ae7f5066a952cf6b0b25ab74841e5d2a9b20b1fe0cd83c3aae37eac0dd08d6a65410af956767766f2c6c12d13e87f363052e1e645c2dccd42948be835a9fe1c8892453b73cbcaa7c9222ccece11f86fba52d29d64a609da597e226e5f59e9a8301297c1e9881557a860df15ee14cf4bf70988e2cf90359587bc378adba5aa610db3cc1d6ae5fba9390b4c", 0x1318}, {&(0x7f0000000840)='\x00', 0xff5e}], 0x2, 0x0, 0x0, 0x1a0}, 0x0) 03:05:04 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x110, r4, 0xab0f5000) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:04 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x110, r4, 0xab0f5000) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 251.516228] xt_HMARK: spi-set and port-set can't be combined [ 251.580141] xt_HMARK: spi-set and port-set can't be combined 03:05:05 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x110, r4, 0xab0f5000) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:05 executing program 0: write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x7a05, 0x1700) r0 = socket$kcm(0x11, 0x8000000000000003, 0x0) setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000001640), 0x4) sendmsg(r0, &(0x7f0000000440)={&(0x7f00000001c0)=@nfc={0x104, 0x5}, 0x80, &(0x7f0000000140)=[{&(0x7f00000027c0)="84843611e80d08233e496d5671dc71ff04291b2c1501772502bb867063f70647862a15257781bcf1d1e498104d082833914ee68afc14ac7cb85975751b8c31271948ee303aa2a34be964b8c1b95638607b2e7ec7fda28fea4caada028a39bf259538214e80b9b5c9b58b1cb36a933d64a25324566f7733ea93fc91c98fec268cb1e2148198e2ccf2463d2ae56c61ac436c336b2d421c6b512a600955c6ede3e5820165eabf2dda9e2294300485327a6d28f7913f19d79e5f478626bb6a607c2f5085c68749edc417da6cc4db8c605215575067836f62b0b3e0b49e8c321240c1b1b54babad07a7000c4eb99200b9d016f1554683b7b3323ab37f066b973d584345792feba5b719ec0413d1c37689ce927de538b4ac16687f6595120220e5205f79227e43a8eaa610c8c232bcb811b4a63eab1b87da214700408e830774dcd6318bec9ef28b9171b0492bddb09009a8d26f797713d81548e0c547b8aa7bcd844c2cfa69560deaa6188b576792cccdc09a1f94da4e4c4f05e4d053d6a2fcdb253dce696d6cd85a1aee740c2a84e3d63aa558d3db42531e2303c6e8cfc0b6e31950fcbf3021f708d47c05edcf3fcdd66226d99f1f132d73f698e0820c395f343e0d69042b6b06bf40b45ea6a8f52a32255f3c40d4e9fb93084421a6235116be29125e5afe2d8c418cedb2548db2fcade80c118af8a6be1e650517519721a5920f842662aad37473f2ba60f7ee8466f8dba829c3e17d3e618ef5768b1b0a8991c64f2e592e726bb4636d13fbd04ed71b031e1c1a27fe30325e521a9845ef1abae620cefb216c47a1e3b4db8cb1287006b9fed827fa5a944b8045a3397ba4208c5cb67117393b2f836e4e79196e05ebd7488fa76619ea0521982b9cb76a63bed4f0ffe48ceb4b2bbe4e590dec80eca4740027f855dad06313a2a0188932a2069fc70b8af0e4294a7b51b552ad72ccd5625fd2a971354bad2930eec5f41e0ae271224b8a9160d96965d372c65e4a0adcee1e8bb84406b6a5c5e4d6ed7ff529afdffcdbea58f43e7c39f8aa9845fc92c84aa8bc0eef238d19b2cd3dd0c6d52694c99f2f493b7064076b62d139837eda3d11e43ae52fb771c1585974bcc6e2adb24096fd3d5ac867afb9cfb6ed07cb34e227f00ed5541499d2e7e3b4f3da831a3b9c32de8be0f5b45e8248b5a2811bb452ca6dc7d56d87531347ad316e6e8c6bf887f70f455cdeae8dcfff004b0ed1b8fd63d1d5e55cbdf1541b87821f3c90f7d47e542ec75b132f5285862d3e9fd84f841e4d137e2735d5f23c87108bcaa591a14ab2ab43802ffb176453312420fe0e79af7236850104bc3e925b16fd0a57ee9959ae8ccc13c843365442bb462d86ead8a20c41e064e0ad286f4aa4c69d0046e5012cecf425b0df11c0b458e31804d8ffe98554afc69b475ca03cbe926806b276e19aa47b3e101b95ee2fd32b9f06a3fcf6f078ce694f9ed8fe03425446bcdd0e7c1f4d3e109bbe30020cb81b64bb0cdfd8a0d33e1143c4fbb7fef15d1059e1f20b394f69d482a1da5fd49508808c80c824a843698386b4d3c3885f063aa3c047624f93298040fbc706020d295cf3f363d42f21d327d91d101cc4758c67195a49c3b3002e14cf28a5b8899b7ef08b6713d89c7049ef594361b1d8a0c5838ff30a6a3f1b0f9f947c76d5f1629d3df215975b498bd33ddbc44798a9f76ba0c41e9ad565e44ebf3c333fade1d4306b1042c5e2e855f3e5fdcd64ce7fdf73b09044bec8a2f0cecbb00c6c76c85891478aa4bae6282541cff613f2b461cce115ba0b78c6f50f4593efe5c2ae558f6c0534db14d5b44416b08abe45c6ddf5c749aae8141e427a0a2f42b903ac71caa09e5098cc2c07d79145c7408415d8f937108d6becdbb38a2b3250c0fdf36297375aa3212c9bc8483e8d629c54a79ca55cdda720496753f27fd9e88e203594c1e28514e0d22b9c34c3e1f10253217abed40b09a533fad16c7b9b8e89d7dfd3b27d579bfc813ad2895543ada10f886c7c75010bc70345b727513fa3b7c6aa677a22e037e2bd7731148996f3a8c424075fd12aa8eb9d8f6a8fe7b2eb68934799f5063c58c1816caa4b400bb0914fc7300111c063e5c01910b0b01803a1a348f387542236d82bef6d926ba571ca0e7745e586eddf2334baeafd7b1149502e781ec45299c3f3cd34c3628057def3c012878123224e33828b216022dfebdc6a284e503868a1e4369af819fcfd4124d801386dbb123ce88d54712f6351c77aad6039b2f5ff3d0d1903c74043864fa9f801847ac8446280a31739e0215bce77c08c2477e9079f62225cf179da445e9f220560d995238f17e87dd4ce0f7ebe5f8941d5d130c2d6398e08bb893b5dd8e58701e41e75fd0182d3ebac8920aad7f4777b4e096eb5c5a17e440c0a5b95ca92bbaec63130bbc41d0cbfccb03eb6c1cffc8558bd255c2096a285346dd9600f33554acf62aef19d2776bd5d8a5a9f0a4976022b8ac1400e3f0a7fa227ebc0ad80187939562492154c708739f865a9803512a6213d5026b1febd0a20ce4b3a4d7d90dc5af3f5beaa06b8af1d19556655ac578f9266f5d3b393f24a2d112eee90f749e1f0a6e27ff2469f1cc21d5bcbf355168c62044fd1cc4861544a8175f640ad3c5bb6c81efa331822efb70b57f4110deebe68794211ee4a95c259b4eb519d887b6cfdee178758382f4f63c80b1f0b9f2337dd5a11a5b1fb04c3315ff942cf7f5d7da36c088a65f86529d003c8c9bf74392f9d897b53a422cb3b3f9e09f9936514ac100fecf3c9a573aae041ce3c86cce6dc2884053bc56a510791392bda454aa7dc580a3a7cf71c18dd57bec21c0eb143deb654d8b0fc642bbc7484dc9943c2102169a6aca278f0fd81b1b6b082b355443c8198284e3b01e9fff1c8df1895e9c9593f16438c7f737f2ab56c0f57eadfcd570c5b04b5218fc7d2c0cdca5c7ba5ff428b4fe541d4c8f6fe274d2a3290343f3d6944c918571e350caf2ec3cc9601cd5b71e8f22ff401024c51c592bf476f255b200962e2ed014ce551376235e8d220763f8c9c904570d6b6227c94d62e08b0c9bd3557b96c8ed227685fc54d43e4a05ca5996c4d8e3e5076f394b0c0bc7cdf972f996c45987ffb2d6a138a1772b7ffbeaa66ceddd34839051c61f9d87153f23823f9178b56eb016524ba862cdca9d147b5bda79553ade825d5a1b8ea3acf8c7cad88cd11b68625d367931b9a0296b228fd2c52da32d050d746942fb38dbb3d5e2ad75b7243f7340a8c0d4c7b156e030b6eb154ec6c47c1b6af307ea0e8916e21166572632321f8b4978ecd1f8b4029a6baba4da2dd984d245d1b6dd4a6f2a72acc4d90f480de489826130dd7b2a9ad79938ed6de65c7a56e0515d84302a8a8ee98c20ea32db20b231b9d00e03dd74b804e15c70ce8a6b169ffa79db7e24062b2dd3560502337bb03c8506a25ce77eaa06f9fb54aff0bab9545c32bb9a35a700361f46a3995ef929af7698bf16df9d8965f4d939f5dba6eb238c1089c25617568b29760ecbfef273b8070c3853a652d30da91cb00e0afa1c663589158711984cfe38869974c30e9b51333091cb0f5d72f5ddb0f3bc550b2787ff6fdfe0b90764f8ec319a2674d6e16ca2417b7a2144b5a4ad248fc4b2b8f74ed1957bd4f52f0db0ac4eb8f6dc62c51e16a803bff507359abdbd0ce1ee0fb936a4a060954c1a939b4b197b61311d079ef09e57e60f94fd796c12cf7e62e11bbdc11e04fc79736e42d6d2dcb02e705dc4e8e17addcc0902af4ebbf0a2f57db53cbe99bb0797137c903195de282ed02c37634181936e351f383fb590eb453e539b80c6935185ac40890c1ba70b5e2eb53235f3a983ce4608929d2609354f89fc22f80a0aa9fc0ea9af7f06e46d8b5f5d47dbd2efe1f2d0f4edee09f11b57c257ff5ecfe96ada3c5f37e1d766c5c85490d14f297e1ce65ae34909f04492e7cc955faabb205491a096147d0930ffa70b68055523e360328f26f28ff160cdb8b4785a22110191c9ecfd187267c1a4300e9370a41c73fe224f3a9c54493780b1a4ff96398f0a60f66e48ef4ad7183f71c0c4d6d9d1a57e19a56d9ed426cd4143de82ceb33011988ed079b52ab30300255e066a84959a10676c7b58515ff9bed194c784072af1062734f5d497f2be9b0ea1228f5a981e8d5d78da49da90b040d4e3a93b7f71360b25cf75fca36a4068748e1bc171dd40fa31d6f9c4c926a635f4ea4faf7511146bc5782606966aaab13a30d67cf182751149f678852da30d0f9b6ea5524a1f5ea01e77d7a74ac588ab2251cdbc9f4f8aa2cf367f0ad2178e66fbd7ab447aae12a7bc6cf3925fe99dcdf8ec95cf4576520b781dc12fe6d310978315d2e3d7dbc49c9be2fa40788ebd5fc02c6c7f566a64b7f4af7a96353265dc9e4c74c909b9a385966f4d7312fdcdfa8f5d0632c6db4a19ce696416a04e937d4a994e757eae59c07e5d3228254b35003eba32ed448516e9aa77b5b92c9ce7fff06a8f4f652d27971a46c621a6b2ee3c1adaf60d5cdfb381a4e4ac9ab7d7d72fcb2d6aa7e104255345f1e15dec8299c9c75735a01338d20f72d8b359803becef76d9ca6da029d0a795e6d4a652bf3880efeee074c81774b2971da03eff6d9516ac8a0c34b686aa1afbcb2befc79618a3dbb2bcd53da0075cdba0ddd975fd4e833291005f0fbf7b167922dc85b109e1381431e0fdc50f80b8592edd57f50f9dd950205e1a21cd3026cb30abe6d06dbec6c7cdb76d90c0e85a69aa1522281bcb3f4fc54ee443e76c7d9bf82e313f2dc3e277c699e079a847635780a5b724aca0ede72febba648de12fd14e3a78b29e9df82a19f4ed9c712e5b313c05e6908f6d4601d076afda5cf77eab4ea7c44c9d40f463fe8cde79f18170de9b087b113cfc7d467bd164564c2a8a99e4566d6f9eb1a8d5393700158fe84c109735cfe0ab45d9eb6fe61619d8538512730e015ffac07279973126e9087b209144c8797dd6b65381e616256a9cbf7771222c41618eb82d3539e7750ef0614acb4c901f88f31589d9d6d87c4b2a5361ad44155bf5476f2bc42cd2e758d478a1bcaf27c6c5607f025c8ff75913cb95eb631a690e3e6201204e616a4482a6eae323dadc0a9c22a7de1567ec3f45380bbde304cc76efd4bb0ac9f28475534eb973fc02f3f5dc73a862052f82f6d40c0821012589925ce3f2274ff2a8097b8464b44068c1505b967679bcc6b5d7e7ece9bd1880fc32531fe5d7bac9c5262a709239e477ecf44915a70aa7f984ec1bed047f3ec92a55714403c7c7503a3ac87cec792e072eefa623c56b6b33beb5ae7f5066a952cf6b0b25ab74841e5d2a9b20b1fe0cd83c3aae37eac0dd08d6a65410af956767766f2c6c12d13e87f363052e1e645c2dccd42948be835a9fe1c8892453b73cbcaa7c9222ccece11f86fba52d29d64a609da597e226e5f59e9a8301297c1e9881557a860df15ee14cf4bf70988e2cf90359587bc378adba5aa610db3cc1d6ae5fba9390b4c", 0x1318}, {&(0x7f0000000840)='\x00', 0xff5e}], 0x2, 0x0, 0x0, 0x1a0}, 0x0) 03:05:05 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x110, r4, 0xab0f5000) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 251.627211] kauditd_printk_skb: 2 callbacks suppressed [ 251.627224] audit: type=1804 audit(1584846305.016:53): pid=8377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir280741127/syzkaller.n0DJUN/1/bus" dev="sda1" ino=16533 res=1 03:05:05 executing program 3: syz_mount_image$msdos(&(0x7f0000000340)='msdos\x00', &(0x7f0000000280)='./file0\x00', 0xe800, 0x1, &(0x7f0000000140)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400020401000200027400f8", 0x16}], 0x0, 0x0) r0 = open(0x0, 0x0, 0x0) fchdir(r0) r1 = creat(&(0x7f0000000700)='./bus\x00', 0x0) ftruncate(r1, 0x1000) lseek(r1, 0x0, 0x2) rt_sigprocmask(0x2, &(0x7f00000000c0)={[0xb393]}, 0x0, 0x8) r2 = open(&(0x7f0000000240)='./bus\x00', 0x105010, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r2, &(0x7f0000d83ff8)=0xe00, 0x8000fffffffe) dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0xffbc, @mcast1}, 0x1c) [ 251.710616] audit: type=1804 audit(1584846305.106:54): pid=8378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir280741127/syzkaller.n0DJUN/1/bus" dev="sda1" ino=16533 res=1 [ 251.777773] audit: type=1804 audit(1584846305.136:56): pid=8365 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=ToMToU comm="syz-executor.5" name="/root/syzkaller-testdir002250382/syzkaller.m4aDGG/1/file0" dev="sda1" ino=16538 res=1 [ 251.816740] audit: type=1800 audit(1584846305.106:55): pid=8378 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16533 res=0 03:05:05 executing program 5: r0 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x3310, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x8c, 0x0, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x81}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7f}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4040005}, 0x800) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000300)={r1, r2, 0x1, 0xb, &(0x7f00000002c0)="276534b370aa16304bb4c7", 0x4, 0x4, 0xfffc, 0x438a, 0x1f, 0x1, 0x3ff, 'syz1\x00'}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xffffffffffffff18, &(0x7f0000000100)=[{&(0x7f0000000000)="2f0000001c0005c5ffffff000d000000020000000b000000ec0091c913000180f0ffffeb", 0x1dd}], 0x1}, 0x0) r3 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r3, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r4 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r6 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) getsockopt$CAN_RAW_JOIN_FILTERS(r6, 0x65, 0x6, &(0x7f00000003c0), &(0x7f0000000400)=0x4) lsetxattr$trusted_overlay_opaque(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='trusted.overlay.opaque\x00', &(0x7f00000004c0)='y\x00', 0x2, 0x2) sendmsg$TIPC_NL_NODE_GET(r4, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x60, r5, 0x200, 0x70bd25, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x34, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xef}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2400}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x101}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x10}, 0x804) 03:05:05 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x110, r4, 0xab0f5000) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 251.970217] xt_HMARK: spi-set and port-set can't be combined [ 251.997907] xt_HMARK: spi-set and port-set can't be combined 03:05:05 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x110, r4, 0xab0f5000) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 252.491116] xt_HMARK: spi-set and port-set can't be combined [ 252.497434] xt_HMARK: spi-set and port-set can't be combined 03:05:05 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:05 executing program 0: perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@loopback, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@remote, 0x0, 0x33}, 0x2, @in6=@ipv4={[], [], @rand_addr=0x9}, 0x0, 0x4, 0x0, 0x6}}, 0xe8) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f0000000080)=0x0, &(0x7f0000000100)=0x4) ioctl$sock_inet6_SIOCSIFDSTADDR(r1, 0x8918, &(0x7f0000000140)={@dev={0xfe, 0x80, [], 0x30}, 0x41, r2}) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) 03:05:05 executing program 5: r0 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x3310, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f0000000640)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000600)={&(0x7f0000000540)={0x8c, 0x0, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0xfff}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x81}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7f}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4040005}, 0x800) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_bt_hidp_HIDPCONNADD(0xffffffffffffffff, 0x400448c8, &(0x7f0000000300)={r1, r2, 0x1, 0xb, &(0x7f00000002c0)="276534b370aa16304bb4c7", 0x4, 0x4, 0xfffc, 0x438a, 0x1f, 0x1, 0x3ff, 'syz1\x00'}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0xffffffffffffff18, &(0x7f0000000100)=[{&(0x7f0000000000)="2f0000001c0005c5ffffff000d000000020000000b000000ec0091c913000180f0ffffeb", 0x1dd}], 0x1}, 0x0) r3 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r3, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x492492492492805, 0x0) r4 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/avc/cache_stats\x00', 0x0, 0x0) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') r6 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) getsockopt$CAN_RAW_JOIN_FILTERS(r6, 0x65, 0x6, &(0x7f00000003c0), &(0x7f0000000400)=0x4) lsetxattr$trusted_overlay_opaque(&(0x7f0000000440)='./file0\x00', &(0x7f0000000480)='trusted.overlay.opaque\x00', &(0x7f00000004c0)='y\x00', 0x2, 0x2) sendmsg$TIPC_NL_NODE_GET(r4, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x60, r5, 0x200, 0x70bd25, 0x25dfdbfb, {}, [@TIPC_NLA_NODE={0x34, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xef}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2400}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x101}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x3}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x2}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x10}, 0x804) 03:05:05 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x110, r4, 0xab0f5000) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) 03:05:06 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x110, r4, 0xab0f5000) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:06 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x110, r4, 0xab0f5000) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:06 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x110, r4, 0xab0f5000) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 252.669895] audit: type=1804 audit(1584846306.066:57): pid=8417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir280741127/syzkaller.n0DJUN/2/bus" dev="sda1" ino=16548 res=1 03:05:06 executing program 0: r0 = socket$inet6(0xa, 0x80002, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x88880, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @dev, 0x3}, 0x1c) sendto$inet6(r0, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c) setsockopt$inet6_mtu(r0, 0x29, 0x17, &(0x7f0000000040)=0x3, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r1, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14) setsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000000), 0x4) r2 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r2, 0x3310, 0x0) sendmsg$NFNL_MSG_ACCT_GET(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000100)={&(0x7f0000000200)={0xbc, 0x1, 0x7, 0x5, 0x0, 0x0, {0x3, 0x0, 0xa}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x100000000}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0xffffffff}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x6}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x4}, @NFACCT_FILTER={0x3c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x10000}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x4}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x3}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x100}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0xfffffffc}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x81}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0xffffffff}]}, @NFACCT_FILTER={0x24, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x2}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0xffffffff}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x3}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x5}]}, @NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x200}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4080}, 0x4048000) pipe(&(0x7f0000000140)={0xffffffffffffffff}) dup2(r3, r1) [ 252.964373] audit: type=1800 audit(1584846306.066:58): pid=8417 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16548 res=0 03:05:06 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x110, r4, 0xab0f5000) 03:05:06 executing program 5: r0 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x3310, 0x0) ioctl$FBIO_WAITFORVSYNC(r0, 0x40044620, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r1, 0x3310, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000680)='TIPC\x00') getsockname$packet(r0, &(0x7f00000001c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000200)=0x14) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)={0x34, r3, 0x1, 0x0, 0x0, {{}, {0x0, 0x4104}, {0x18, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'vlan0\x00'}}}}}, 0x34}}, 0x0) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="00082bbd7000fbdbdf2501000000000000000b000000000c001473797a31000000003a4cbcdd4f61fa12"], 0x28}, 0x1, 0x0, 0x0, 0x40004}, 0x20000003) getpeername$inet6(r0, &(0x7f0000000140)={0xa, 0x0, 0x0, @remote}, &(0x7f0000000180)=0x1c) 03:05:06 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x110, r4, 0xab0f5000) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:06 executing program 0: io_setup(0x0, 0x0) io_setup(0x7fff, &(0x7f0000000000)=0x0) r1 = dup(0xffffffffffffffff) prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x2) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) unlinkat(r2, &(0x7f0000000080)='./file0\x00', 0x200) fcntl$getownex(r2, 0x10, &(0x7f0000000100)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SNDRV_PCM_IOCTL_REWIND(r1, 0x40084146, &(0x7f0000000040)=0x2) r3 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r3, 0x3310, 0x0) ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f00000000c0)=@usbdevfs_connect={0x800}) io_destroy(r0) 03:05:07 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:07 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:07 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x110, r4, 0xab0f5000) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:07 executing program 3: r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) poll(&(0x7f0000000280), 0x200000000000007a, 0x6) ioctl(r0, 0x7f, &(0x7f0000000000)="b5163364ce13efe3badaf74feb9058cf416cb9aa6694fdfd6ea39e8d8898b5c81f4ab6a41b1e7a78b73f1e431592fc93f8d8fe2821c7e5576bd09d30b8574c85b7687af2f29c94d6b7255e") r1 = syz_open_procfs(0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) kcmp$KCMP_EPOLL_TFD(0x0, 0x0, 0x7, r1, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff, 0xfffffff7}) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r2, @ANYBLOB="00000000ffffffff0000000009000100686673630000000008000200000000005b47b4b04fed4e2a21ad8beb06b167de4283ffaec56d159e56a166c9db835a8808a86292f4bea321847a42767a7b89b65e4841c9695825a4b10dd5cb8b24f89f29ceef0a428124dcefb40b6b8ce6222864e92d22b053bda211a0aa613e4d66c8a0490480cbaca2b1216ca5637c028cbe0af4fd13ed36a2ddd56830044f3ead6d80d6f3f39955a2bb6662c29c913e8356d5a58ddb4293241f2ed955ffa0b9"], 0x38}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0x8}}, [@filter_kind_options=@f_rsvp={{0x9, 0x1, 'rsvp\x00'}, {0x64, 0x2, [@TCA_RSVP_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c}]}, @TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0xfe}}]}}]}, 0x94}}, 0x0) sendmsg$NL80211_CMD_NEW_MPATH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x4, 0x70bd26, 0x25dfdbfd, {}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x1}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') preadv(r3, &(0x7f00000017c0), 0x3da, 0x0) ioctl$DRM_IOCTL_ADD_MAP(0xffffffffffffffff, 0xc0286415, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setitimer(0x0, &(0x7f0000000100)={{0x77359400}, {0x77359400}}, 0x0) r5 = syz_open_dev$midi(&(0x7f0000001400)='/dev/midi#\x00', 0x2, 0x1a1002) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r5, 0xc0305710, &(0x7f0000001440)={0x0, 0x3f, 0x2}) dup3(r4, r5, 0x0) 03:05:07 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000180)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000080)="441f0801000000e8c94ef56491ee54be0e1c2074ed27c1c6fe76cef3e2", 0x1d) sendto$inet(r0, 0x0, 0x0, 0x240007bd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000040)={'batadv_slave_0\x00', &(0x7f0000000000)=@ethtool_sset_info={0x37, 0x80000000, 0x3, [0x1, 0x952]}}) 03:05:07 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000005c0)={0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$kcm(0x10, 0x2, 0x10) ioctl$VIDIOC_QUERYCTRL(r2, 0xc0445624, &(0x7f0000000080)={0x1ff, 0x2, "3177a1d523ba54e8931b6bcd6b9ef5127fb9ff8c9f29d75c44c05a3466cec19c", 0x8, 0x5, 0xf9d, 0x5, 0xc4}) sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x2fe, &(0x7f0000000000)=[{&(0x7f0000000140)="2e0000003100050ad24180648c6394fb0124fc0012000b400c000200053582c137153e370900018025641700d1bd", 0x2e}], 0x1}, 0x0) [ 253.752548] xt_HMARK: spi-set and port-set can't be combined 03:05:07 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 253.807887] netlink: 'syz-executor.0': attribute type 2 has an invalid length. 03:05:07 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x110, r4, 0xab0f5000) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:07 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 253.942938] device 0 entered promiscuous mode [ 253.951985] netlink: 'syz-executor.0': attribute type 2 has an invalid length. 03:05:07 executing program 5: perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x511d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x40, 0x0, 0x7ff, 0x0, 0x7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0xa, 0xd658) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e23, @broadcast}, 0x10) mremap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000, 0x0, &(0x7f0000ffe000/0x1000)=nil) sendto$inet(r0, 0x0, 0x10b, 0x200007fe, &(0x7f0000000100)={0x2, 0x10004e23, @dev={0xac, 0x14, 0x14, 0xa}}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0)='nl80211\x00') sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f000001d080)={&(0x7f0000000100)={0x14, r2, 0x709}, 0x14}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000b00)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000a80)=0x1a) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r7, @ANYBLOB="00000000ffffffff0000000009000100686673630000000008000200000000005b47b4b04fed4e2a21ad8beb06b167de4283ffaec56d159e56a166c9db835a8808a86292f4bea321847a42767a7b89b65e4841c9695825a4b10dd5cb8b24f89f29ceef0a428124dcefb40b6b8ce6222864e92d22b053bda211a0aa613e4d66c8a0490480cbaca2b1216ca5637c028cbe0af4fd13ed36a2ddd56830044f3ead6d80d6f3f39955a2bb6662c29c913e8356d5a58ddb4293241f2ed955ffa0b9"], 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {}, {0x8}}, [@filter_kind_options=@f_rsvp={{0x9, 0x1, 'rsvp\x00'}, {0x64, 0x2, [@TCA_RSVP_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c}]}, @TCA_RSVP_PINFO={0x20, 0x4, {{}, {}, 0x0, 0x0, 0xfe}}]}}]}, 0x94}}, 0x0) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000280)={0x7dc, r2, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_IE={0x796, 0x2a, "bb70bb9de12e61abdb03cba6ce564234973149e15c0d0e08782b62b341e4efea25fd8653faf709dbc32044b4fe5fb635d5d68416e25daeab71f615900df11e3c1e842c9de47796e7c6e3388abadb293f005dba195e7c498405b2111c3f5bb2bd41a1dee59d2e6f6077e8350cf19414f32d1d1ebc2991a18e69a6b486ac464129a8f6f80ffd83a87c0c4e1e5e1a77d567c0a6758f2ebe9c25c8eca5c57af15f717f4ac12bc0792fe21b3a171f9db8070a895cebaae6aecf8d47907bf5ccf9a681cf6b22a2f5703d47396c063eb921d485db8c64becdbb70599d448381fa298acf78e1ea3b31b20d311682fff3fcb0523f479d5b503c25844c0b9d3d111aa1fc543a21a46cedcb8809ccd1b34c37bc4a3da6fbb20315eafabd5fec56c4135c14b09278a4fa89ee84b6e2021ffadd9304f702d42ea64e657f31618e430df95ee902bb6a6d91849c0a58eef137daaa09fa464de5c64a2ce4f8c26711da8c8c22c9418bbfd5dacd8c5ee73526a9e785cae2c0ae03226ad0d6ac0d78b6ac9315d1b5b95f39a115d5d28fda1a664e33f735785bd922c842a2fe27d86972daa77252dfb454bb25db15abc5043dbf81596c67bcf31fac412c3afc1a14e5d658429d4f0e06d9d655ca94721f6fcc2deab41548efaf3e89c0b87e712aed6865a31d33648d60b3afe97000ebab1df376c72044786dc96fcf98648371c4878df25b93e580f20f304929b42f2859c998afe0eeb6855541bdf30a7bb18a183e5ecee3b94935d85a2b9d3563f2db64bcb1dede790827f2f22e933d3e6b763110a82d97d92c0740276ff308635aaf9cb80bbea4a60209df6237deca117911e5f810be0f13577eefb5b70983a7798e90d4c632b8a9e2cf566072d5a131e7dc95d61398d9eacb75b508bd35571d62dab1702dbc6aabf3cb068a8fe34f8373837d00d02ff75c24157196df06c0acb938e6edbba1fc94829c91df120fd583585f2fcbb64fdbc0b41f24fd95fd92de5ba95d91fd1be34ad7b1433c23f8927f5c3501891680b496fa577297a53798bd3b27ee363c87c4be9408cc4e06293f172f9d107309983b4111a4e9ec1331fa59deb354dfc2a412f94cec8a7b6c1bf41062ffb5a05a13a4ace75c0624ace09600ecefd252ab640c9ddb1ebab3e78f5c031e63340100355fd8a392f76ad318ce6ff178a84892a82194897f4788c5cb434489dffba75648d0bf48fe5e1a84db4bb7dd011ab2c9c30b47d0a2bc95b1690c9892744bf0c11cf7cc06f77fe9d917cf2a206b9277d83292b67ed06cb7dcecdca582e20c12fe71ca6409ddcdc2f5fd75d4207ddc6cf2080aa1651e5cbf7ca551ec91b2fb4dff962d89b74cdd1d9fe7e9a210b64665f16036618b97dfd301b76863b408b6d548aaaef81b8d6ba275c40e6752eb101cef64b3abcc73b24cba6e793bbc63ff57a8162e361073bd200a2c0554c2f5a14e338af2a7a9cd980899555d3456f8c739b51ae7af495af36451c2e68883826e81ce44c8baf5d70c45ae6d98147216dc3ab84e814002687e6e63d1005cefca802878c855a450115b673a6c7d51e0b500353aee3c06147b8e77d1ef7f736ce3a89456373687459e401c0e8f57fd42f63f7981ad7d547ca8fde733e7cdff74f630fdcf9f9600f3f8e9ae7c17563ba1517b3ba4700cbfbebff8dcabe55036541e9b17d1a317cc6ee93f04a1bf0eeee50675ed2a021b622054d313c8ff4dcb7b2186c180b74010580ead50f24019d07fa68c5afdca4b02d6409f9d0858d5cb3d6578e391b255a2c32217fa86c54781ebcfebe04ce6c0d7c13e0a91527a1a3373a350bbf8a5abb1d2a253cf2fdfb05db3f2c0589d0e4ba6c6cecb2d062c34b9deb38ac5559865bf618c97175ce44242be840b840283dac311676fb27c472bd43c604d18c17c0d1649ceb78597a2e82ff9ff3e89c1b30a66493afe6f9834c55b043595c2da4de788f39ff7fb93c5ffe172228302a8fae31ee44cc2ecfca49043ec1448ebdd8d4a5973375ce5778feaec62a9f831322e783993ea62bdc74a8648b44a990ee3c505963e0547bda7ef29d91650c5f15fa16360cbcd04c4e0ec77ecef00b83fb13649eb04dcea857cd597df3fc71247dd78844607d8f88768c26b393b111d658c9081cad343f87c8ae4fe58ad4a7877555b175f7f91e50df7fb9968fec83cdde8568826f61dfe8637a467ace56ef15052262e63fdb0bff2b61882c113fa57b1b8d470d63da6a1cce56f8fe9c19488d26f0391814ccc2f0ddb6a4b942dcea0fbe9b62ea736c4b32920f582e8373bb8f62eefb21d8a06eec1b29cf6ab259b4e7214b35bb334e14397c4f5691b54cc6e4bddc1fd30e3e60349bd794e8263e1a4524770b4d9f6f091715a94b9025ac84e003a5fcd4cc1f1a5c0b677ecd9b7e2d171f988d3c94aef519d29449c66feb480d4fc20cb1912cd7d18ac276296bcbfe41b289629a8fe0be9125437e9b9e32f7939ec2f8bc59401c41d6c4ad40cd670c5e1e77478783ef186749ebefd0d8bb74dc2d6994f3f89cb1fa361da1b53764861491b6d288649bf9686cc06e97f6e74b567df04b8a97bc930c6858570e3ce6c2f710892378771ab01b233d0e90167a054547c03d74617dd43aa25ba3acd4f3a781a85c4a655a464c7b5d323ec376419afece2aa8eefe5405606a33b28f68b88f7b19bdaa085bfddd51ea062f9a99de5f3eb80605a2281000e49c3f9af47cede91c3e343815ebd7bfd602dff"}, @NL80211_ATTR_BSSID={0xa, 0xf5, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, @NL80211_ATTR_MEASUREMENT_DURATION={0x6, 0xeb, 0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_BSSID={0xa, 0xf5, @remote}]}, 0x7dc}, 0x1, 0x0, 0x0, 0x14}, 0x80) sendto$inet(r0, &(0x7f0000d7cfcb), 0xffffffffffffffef, 0x0, 0x0, 0x0) [ 253.988966] audit: type=1400 audit(1584846307.376:59): avc: denied { ioctl } for pid=8487 comm="syz-executor.0" path="socket:[31751]" dev="sockfs" ino=31751 ioctlcmd=0x5624 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 03:05:07 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 254.056439] device 1 entered promiscuous mode [ 254.070248] syz-executor.5 uses obsolete (PF_INET,SOCK_PACKET) [ 254.078435] xt_HMARK: spi-set and port-set can't be combined 03:05:07 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 254.447323] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=57009 sclass=netlink_route_socket pig=8507 comm=syz-executor.5 [ 254.514281] syz-executor.5 (8507) used greatest stack depth: 22984 bytes left 03:05:09 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:09 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x110, r4, 0xab0f5000) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:09 executing program 0: fanotify_init(0x10, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') r1 = open(&(0x7f0000000040)='./bus\x00', 0x40000, 0x20) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/avc/hash_stats\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) sendfile(r1, r4, 0x0, 0x8) r5 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f0000000140)={0xfb, 0x9, 0x4, 0x4, 0x7f, {}, {0x2, 0xc, 0x0, 0xff, 0x80, 0x3, "59f276a2"}, 0x0, 0x3, @planes=&(0x7f0000000100)={0x2dc, 0x2, @fd=r5, 0xadfd}, 0x41c, 0x0, r0}) 03:05:09 executing program 3: syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={[{@shortname_mixed='shortname=mixed'}]}) r0 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x3310, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b20000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000014c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff0000000009000100686673630000000008000200000000005b47b4b04fed4e2a21ad8beb06b167de4283ffaec56d159e56a166c9db835a8808a86292f4bea321847a42767a7b89b65e4841c9695825a4b10dd5cb8b24f89f29ceef0a428124dcefb40b6b8ce6222864e92d22b053bda211a0aa613e4d66c8a0490480cbaca2b1216ca5637c028cbe0af4fd13ed36a2ddd56830044f3ead6d80d6f3f39955a2bb6662c29c913e8356d5a58ddb4293241f2ed955ffa0b9"], 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="940000002c00270d00"/20, @ANYRES32=r5, @ANYBLOB="00000000000000000800000009000100727376700000000064000200400002403c0001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200004000000000000000000000000000000000000000000000000000000fe00"], 0x94}}, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x24, &(0x7f0000000000)={@rand_addr, @multicast2, r5}, 0xc) r6 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/avc/hash_stats\x00', 0x0, 0x0) getsockopt$bt_sco_SCO_CONNINFO(r6, 0x11, 0x2, &(0x7f0000000340)=""/8, &(0x7f0000000380)=0x8) 03:05:09 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:09 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = dup(r0) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$FBIOPUTCMAP(r2, 0x4605, &(0x7f00000001c0)={0x882, 0x1, &(0x7f0000000080)=[0x0], &(0x7f00000000c0)=[0x3ba5, 0x200, 0x1, 0x3f], &(0x7f0000000100)=[0x8], &(0x7f0000000180)=[0x8]}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$PIO_CMAP(0xffffffffffffffff, 0x4b71, &(0x7f0000000000)={0x1, 0x1, 0x20, 0x30000000000000, 0x2, 0x5}) r3 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BLKDISCARD(r3, 0x1277, &(0x7f0000000040)=0xe9) [ 255.794321] FAT-fs (loop3): bogus number of reserved sectors [ 255.810368] xt_HMARK: spi-set and port-set can't be combined 03:05:09 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:09 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, 0x0) r1 = socket(0x10, 0x1, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x3000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x4, r2}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0xffffff7f}, 0x0) 03:05:09 executing program 0: r0 = open(&(0x7f0000000180)='./file0\x00', 0x40000, 0x85) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, 0x0) setsockopt$inet_dccp_int(r0, 0x21, 0x11, &(0x7f0000000300)=0x5d, 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000880}, 0x24040000) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x248000009, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0xffffffffffffffdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b200"], 0x5}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xf, 0xa}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x14, 0x2, [@TCA_BASIC_EMATCHES={0x10, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2e23}}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}}, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={0x0, @llc={0x1a, 0x102, 0x3f, 0x0, 0x7f, 0x2, @random="84ba6091b481"}, @can={0x1d, r2}, @can, 0x8, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x800}) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, &(0x7f0000000040)) [ 255.836984] FAT-fs (loop3): Can't find a valid FAT filesystem 03:05:09 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:09 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 256.061045] FAT-fs (loop3): bogus number of reserved sectors [ 256.124737] FAT-fs (loop3): Can't find a valid FAT filesystem 03:05:09 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 256.283025] xt_HMARK: spi-set and port-set can't be combined [ 256.315871] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 256.402292] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 256.572374] syz-executor.5 (8562) used greatest stack depth: 21592 bytes left 03:05:10 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:05:10 executing program 0: r0 = open(&(0x7f0000000180)='./file0\x00', 0x40000, 0x85) ioctl$TIOCGLCKTRMIOS(r0, 0x5456, 0x0) setsockopt$inet_dccp_int(r0, 0x21, 0x11, &(0x7f0000000300)=0x5d, 0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000500)={0x2, 0x70, 0x4, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000880}, 0x24040000) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x248000009, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0xffffffffffffffdc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r2, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b200"], 0x5}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xf, 0xa}}, [@filter_kind_options=@f_basic={{0xa, 0x1, 'basic\x00'}, {0x14, 0x2, [@TCA_BASIC_EMATCHES={0x10, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x2e23}}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}}, 0x0) ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000380)={0x0, @llc={0x1a, 0x102, 0x3f, 0x0, 0x7f, 0x2, @random="84ba6091b481"}, @can={0x1d, r2}, @can, 0x8, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x800}) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x4030582a, &(0x7f0000000040)) 03:05:10 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:10 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) dup(0xffffffffffffffff) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:10 executing program 3: getpid() socket$inet6_tcp(0xa, 0x1, 0x0) sched_setscheduler(0x0, 0x5, &(0x7f0000000440)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000008c0)=[@text16={0x10, &(0x7f00000001c0)="0f21e60f9e4b000fae400a66b9800000c00f326635008000000f3066b8908c238766efbafc0c66edd3c90f0fc28e0f01ca0f01c50f4536e50e260f01c9", 0x3d}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4cf]}) r3 = openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/hash_stats\x00', 0x0, 0x0) recvfrom$rose(r3, &(0x7f0000000200)=""/174, 0xae, 0x10100, &(0x7f00000002c0)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x1, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}, 0x26) ioctl$KVM_RUN(r2, 0xae80, 0x0) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r4 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r4, 0x3310, 0x0) ioctl$VIDIOC_G_SLICED_VBI_CAP(r4, 0xc0745645, &(0x7f0000000300)={0x100, [0xa, 0x3f, 0x480, 0x9, 0x2, 0x6, 0x2, 0x1, 0x3f, 0x8, 0x9, 0x3, 0x1638, 0x9, 0xa5, 0x2, 0x0, 0x2, 0x4, 0x1, 0x100, 0x200, 0x3, 0x7, 0x4, 0x3, 0xfff8, 0x7, 0x6, 0x8, 0x4, 0xfff, 0x7ff, 0x3, 0x8, 0x3, 0x6, 0x0, 0x7, 0x6, 0x8, 0x0, 0x20, 0x7f, 0xd54b, 0x5, 0x5, 0x3], 0x3}) socket$inet_udplite(0x2, 0x2, 0x88) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f0000000080)={{0x0, 0x0, 0x4, 0x8, 0x81, 0x0, 0x1, 0x0, 0x0, 0x8}, {0x4000, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x80, 0x0, 0x3}, {0x1, 0x10000, 0xf, 0x0, 0x8f, 0x0, 0x0, 0x4}, {0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8, 0x0, 0x0, 0x4}, {0x4000, 0x0, 0x0, 0x0, 0x0, 0xff, 0xa4, 0x5, 0x0, 0x81}, {0x0, 0x100000, 0x0, 0x0, 0x0, 0x9, 0x0, 0x3f, 0x0, 0xa4, 0x4e, 0xff}, {0x2000, 0x2000, 0xb, 0xab, 0x0, 0x0, 0x0, 0x4, 0x3, 0x2, 0x6}, {0x4000, 0x0, 0x7, 0x0, 0x40, 0x0, 0x0, 0x0, 0x7f, 0x1f, 0x4}, {0x2, 0x7}, {0xf000, 0x5}, 0x20040029, 0x0, 0x0, 0x4000, 0x7, 0x2500, 0x10000, [0x0, 0x9]}) 03:05:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$SG_GET_PACK_ID(0xffffffffffffffff, 0x227c, 0x0) r1 = socket(0x10, 0x1, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x3000000, &(0x7f0000000200)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0x4, r2}, @IFLA_GROUP={0x8}]}, 0x30}, 0x1, 0xffffff7f}, 0x0) 03:05:10 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 256.802341] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 256.821987] xt_HMARK: spi-set and port-set can't be combined 03:05:10 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:10 executing program 5: perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x80, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x6, 0x3, 0x1001, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) openat$vcsu(0xffffffffffffff9c, &(0x7f0000001480)='/dev/vcsu\x00', 0x10000, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000000)=@in6={0xa, 0x4e20, 0x8, @ipv4={[], [], @loopback}, 0x3}, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x4000000}], 0x1, 0xc010) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) openat$nvram(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nvram\x00', 0x1, 0x0) r5 = dup(r4) ioctl$SIOCSIFHWADDR(r5, 0x8924, &(0x7f0000000100)={'bond0\x00', @local}) getsockname$packet(r5, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) fcntl$F_GET_FILE_RW_HINT(r2, 0x40d, &(0x7f0000000080)) sendmsg$nl_route_sched(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newtaction={0x50, 0x30, 0xffff, 0x0, 0x0, {0x0, 0x0, 0x1300}, [{0x3c, 0x1, [@m_mirred={0x38, 0x1, 0x0, 0x0, {{0xb, 0x1, 'mirred\x00'}, {0x24, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{}, 0x4, r6}}]}, {0x4}}}]}]}, 0x50}}, 0x0) [ 257.064829] xt_HMARK: spi-set and port-set can't be combined 03:05:10 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:10 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:10 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) r4 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r4, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:10 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:05:11 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_all\x00', 0x275a, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_all\x00', 0x275a, 0x0) fallocate(r1, 0x0, 0x0, 0xfffb) write$P9_RGETATTR(r1, &(0x7f00000001c0)={0xa0}, 0xa0) fallocate(r0, 0x0, 0x9f9c, 0xfffb) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) r3 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r3, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) r4 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x311040, 0x0) write$vhost_msg_v2(r5, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f00000002c0)=""/95, 0x5f, &(0x7f0000000340)=""/114, 0x1, 0x1}}, 0x48) ioctl$VHOST_SET_VRING_KICK(r4, 0x3310, 0x0) r6 = fcntl$dupfd(r4, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) fallocate(r0, 0x8, 0x0, 0x8000) 03:05:11 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 257.581832] xt_HMARK: spi-set and port-set can't be combined 03:05:11 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:11 executing program 5: perf_event_open(&(0x7f000001d000)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xf}, 0x8019, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) r0 = syz_open_dev$usbfs(&(0x7f0000001280)='/dev/bus/usb/00#/00#\x00', 0x1aa1, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x11, r0, 0x0) syz_open_dev$usbfs(0x0, 0x0, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x2, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) mmap(&(0x7f00002e5000/0x3000)=nil, 0x3000, 0x0, 0x13, r1, 0x0) 03:05:11 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:11 executing program 2: socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:11 executing program 0: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x5, 0x0, 0x5a6690ad8bcd0478}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x1) socket$inet_smc(0x2b, 0x1, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fsetxattr$trusted_overlay_nlink(0xffffffffffffffff, &(0x7f0000000280)='trusted.overlay.nlink\x00', 0x0, 0x0, 0x2) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x40, 0x13, 0xa, 0x101, 0x0, 0x0, {0xc}, [@NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x1}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x9}, @NFTA_OBJ_HANDLE={0xc, 0x6, 0x1, 0x0, 0x5}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0xc0) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, 0x0, &(0x7f0000000040)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) symlinkat(&(0x7f0000000000)='./bus\x00', r1, &(0x7f00000000c0)='./bus\x00') mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x10000000002) creat(&(0x7f0000000080)='./bus\x00', 0x0) [ 257.723017] xt_HMARK: spi-set and port-set can't be combined [ 257.872892] xt_HMARK: spi-set and port-set can't be combined [ 257.879372] audit: type=1400 audit(1584846311.226:60): avc: denied { map } for pid=8643 comm="syz-executor.5" path="/dev/bus/usb/007/001" dev="devtmpfs" ino=18763 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usb_device_t:s0 tclass=chr_file permissive=1 03:05:11 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:05:11 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:11 executing program 2: socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:11 executing program 5: socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket(0x10, 0x3, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r3, 0x3310, 0x0) socket$inet6_dccp(0xa, 0x6, 0x0) r4 = accept$alg(0xffffffffffffffff, 0x0, 0x0) sendmsg(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="0afa2c665b764acd67e491961d210e53f21c1d7299d3a993628bbc4b8c87223cd73db70298fe19cfde35aa6c5d9c6c3712c3bc", 0x33}, {&(0x7f0000000080)="0a053743baa0ace2140940966eb84a03aa81934e455dc117e92d806b8c762b67e7b9b5e42395928daa702b453385d1ea732de8369ea05fd6f11d4f0a241a0127ac2e890c24ed0b7a2fdff15c706d8fb2e026d6f4cced900f639dd1876a4769c14345066dd058c423134e6b614f6acd5cd248bee9c4df64b4c03e61fa880f527bd9c1a77e64e499fc03fb1ec07af4e7c4ca8e594324151a6e46be19ed0d8ff646fe402607fbc3b3e3dfd13e29c2538573c15e4c", 0xb3}, {&(0x7f0000000180)="5ba9f34cb279b0b9e3d89387314b590e787c131005ee702c092574cb405ee721cb0b6d5279899d993100bf17b5006093242df5d02396bab989dc94", 0x3b}], 0x3}, 0x2000090) [ 258.214891] xt_HMARK: spi-set and port-set can't be combined 03:05:11 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:05:11 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000080)={0x27c, r3, 0x400, 0x70bd2b, 0x25dfdbff, {}, [@TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x16a}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_BEARER={0xb4, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4a1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @loopback, 0x10001}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x8d5d, @mcast2, 0xfffffffd}}}}, @TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}]}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1ff000}]}]}, @TIPC_NLA_BEARER={0x174, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'rose0\x00'}}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x8, @empty, 0x1}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0xffffffff, @loopback, 0x4}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x0, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x3}}, {0x20, 0x2, @in6={0xa, 0x4e24, 0x100, @dev={0xfe, 0x80, [], 0x33}, 0x20}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffeffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x10001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x81}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x39}}}, {0x20, 0x2, @in6={0xa, 0x4e20, 0x49, @mcast1, 0x9}}}}]}, @TIPC_NLA_NODE={0x24, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x40000000}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xff}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x400c800}, 0x10) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r4, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:11 executing program 2: socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:11 executing program 0: r0 = openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_KICK(r0, 0x3310, 0x0) ioctl$TCSETA(r0, 0x5406, &(0x7f00000000c0)={0xc47, 0x731, 0x2, 0xa6, 0x1b, "2fa6837a9ca29fc2"}) r1 = socket$unix(0x1, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$msdos(&(0x7f0000000140)='msdos\x00', &(0x7f00000003c0)='./file0\x00', 0xffc00000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000000)="eb3c906d6b66732e666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="6e6f63940400d6a715185b8dc51731fc95ee88fda83a597f"]) 03:05:11 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) [ 258.465156] xt_HMARK: spi-set and port-set can't be combined 03:05:11 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 258.511571] FAT-fs (loop0): Unrecognized mount option "noc”" or missing value [ 258.580753] FAT-fs (loop0): Unrecognized mount option "noc”" or missing value 03:05:12 executing program 2: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg$can_bcm(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000280)=@rc={0x1f, @none}, 0x80, &(0x7f0000000080), 0x0, &(0x7f0000000700)=""/178, 0xb2}, 0x10023) prctl$PR_GET_SECUREBITS(0x1b) ioctl$VIDIOC_S_MODULATOR(0xffffffffffffffff, 0x40445637, 0x0) timer_create(0x1, &(0x7f0000000100)={0x0, 0x2a, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000140)=0x0) timer_delete(r0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x24, &(0x7f0000000000)={@multicast1, @local}, 0xc) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000340)={0x1, {{0x2, 0x0, @multicast1}}}, 0x88) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, &(0x7f00000000c0)) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ttyS3\x00', 0x2200, 0x0) sendfile(r3, r2, 0x0, 0x20000000000000d8) syz_genetlink_get_family_id$batadv(0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000040)={'batadv0\x00'}) [ 259.310242] xt_HMARK: spi-set and port-set can't be combined 03:05:13 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:05:13 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:13 executing program 2: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:13 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:13 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg$can_bcm(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000280)=@rc={0x1f, @none}, 0x80, &(0x7f0000000080), 0x0, &(0x7f0000000700)=""/178, 0xb2}, 0x10023) prctl$PR_GET_SECUREBITS(0x1b) ioctl$VIDIOC_S_MODULATOR(0xffffffffffffffff, 0x40445637, 0x0) timer_create(0x1, &(0x7f0000000100)={0x0, 0x2a, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000140)=0x0) timer_delete(r0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r1, 0x0, 0x24, &(0x7f0000000000)={@multicast1, @local}, 0xc) setsockopt$inet_MCAST_JOIN_GROUP(r1, 0x0, 0x2a, &(0x7f0000000340)={0x1, {{0x2, 0x0, @multicast1}}}, 0x88) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, 0x0, &(0x7f00000000c0)) r2 = syz_open_procfs(0x0, &(0x7f0000000240)='numa_maps\x00') r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ttyS3\x00', 0x2200, 0x0) sendfile(r3, r2, 0x0, 0x20000000000000d8) syz_genetlink_get_family_id$batadv(0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r4, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000040)={'batadv0\x00'}) 03:05:13 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 259.840010] xt_HMARK: spi-set and port-set can't be combined 03:05:13 executing program 2: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:13 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:05:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:05:13 executing program 2: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:13 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:13 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) dup(0xffffffffffffffff) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:14 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:05:14 executing program 2: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:14 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) dup(0xffffffffffffffff) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:14 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:05:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:05:15 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) dup(0xffffffffffffffff) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 262.213093] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 262.224841] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 262.230925] CPU: 0 PID: 8782 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 262.238721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 262.248067] Call Trace: [ 262.250775] dump_stack+0x188/0x20d [ 262.254465] dump_header+0x159/0xa5e [ 262.258192] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 262.263318] ? ___ratelimit+0x59/0x573 [ 262.267212] oom_kill_process.cold+0x10/0x6dc [ 262.271714] ? task_will_free_mem+0x134/0x6d0 [ 262.276214] out_of_memory+0x349/0x1250 [ 262.280193] ? oom_killer_disable+0x270/0x270 [ 262.284753] mem_cgroup_out_of_memory+0x1c7/0x240 [ 262.289599] ? memcg_event_wake+0x210/0x210 [ 262.293993] ? do_raw_spin_unlock+0x171/0x260 [ 262.298517] try_charge+0xe22/0x1300 [ 262.302243] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 262.307091] ? get_mem_cgroup_from_mm+0x179/0x4f0 03:05:15 executing program 2: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 262.311953] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 262.316538] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 262.322607] mem_cgroup_try_charge+0x249/0x5c0 [ 262.327195] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 262.332200] wp_page_copy+0x3fe/0x1530 [ 262.336110] ? follow_pfn+0x260/0x260 [ 262.339956] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 262.344730] do_wp_page+0x518/0xfa0 [ 262.348374] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 262.353076] ? __handle_mm_fault+0x1772/0x3b60 [ 262.357675] __handle_mm_fault+0x21a4/0x3b60 [ 262.362097] ? copy_page_range+0x1e70/0x1e70 [ 262.366519] ? count_memcg_event_mm+0x279/0x4c0 [ 262.371218] handle_mm_fault+0x1a5/0x670 [ 262.375294] __get_user_pages+0x599/0x1650 [ 262.379546] ? follow_page_mask+0x1a60/0x1a60 [ 262.384052] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 262.388817] ? retint_kernel+0x2d/0x2d [ 262.392717] populate_vma_page_range+0x1fd/0x290 [ 262.397486] __mm_populate+0x1e8/0x350 [ 262.401390] ? populate_vma_page_range+0x290/0x290 [ 262.406380] ? do_mlock+0x6b0/0x6b0 [ 262.410023] __x64_sys_mlockall+0x340/0x500 [ 262.414354] do_syscall_64+0xf9/0x620 [ 262.418163] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 262.423354] RIP: 0033:0x45c849 [ 262.426551] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 262.445450] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 262.453159] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 262.460432] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 262.467708] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 262.474982] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 262.482253] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 262.507272] Task in /syz4 killed as a result of limit of /syz4 [ 262.513518] memory: usage 307200kB, limit 307200kB, failcnt 20 [ 262.519688] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 262.526538] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 262.532805] Memory cgroup stats for /syz4: cache:0KB rss:301340KB rss_huge:266240KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:115656KB active_anon:72KB inactive_file:12KB active_file:8KB unevictable:185788KB [ 262.554922] Memory cgroup out of memory: Kill process 8776 (syz-executor.4) score 1233 or sacrifice child [ 262.565772] Killed process 8798 (syz-executor.4) total-vm:74832kB, anon-rss:18380kB, file-rss:34944kB, shmem-rss:0kB [ 262.599644] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 03:05:16 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 262.654809] hmark_tg_check: 3 callbacks suppressed [ 262.654881] xt_HMARK: spi-set and port-set can't be combined [ 262.686294] syz-executor.4 cpuset=syz4 mems_allowed=0-1 03:05:16 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 262.764823] CPU: 1 PID: 8792 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 262.772759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 262.782115] Call Trace: [ 262.784712] dump_stack+0x188/0x20d [ 262.788358] dump_header+0x159/0xa5e [ 262.792076] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 262.797178] ? ___ratelimit+0x59/0x573 [ 262.801083] oom_kill_process.cold+0x10/0x6dc [ 262.805706] ? task_will_free_mem+0x134/0x6d0 [ 262.810207] out_of_memory+0x349/0x1250 [ 262.814177] ? oom_killer_disable+0x270/0x270 [ 262.818668] mem_cgroup_out_of_memory+0x1c7/0x240 [ 262.823501] ? memcg_event_wake+0x210/0x210 [ 262.827815] ? do_raw_spin_unlock+0x171/0x260 [ 262.832314] try_charge+0xbdf/0x1300 [ 262.836033] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 262.840868] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 262.845713] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 262.851838] ? try_to_wake_up+0xb0/0xe90 [ 262.855889] ? __lock_acquire+0x6ee/0x49c0 [ 262.860113] mem_cgroup_try_charge+0x249/0x5c0 [ 262.864687] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 262.869608] wp_page_copy+0x3fe/0x1530 [ 262.873507] ? follow_pfn+0x260/0x260 [ 262.877294] ? __lock_acquire+0x6ee/0x49c0 [ 262.881526] do_wp_page+0x518/0xfa0 [ 262.885141] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 262.889847] __handle_mm_fault+0x21a4/0x3b60 [ 262.894244] ? copy_page_range+0x1e70/0x1e70 [ 262.898640] ? count_memcg_event_mm+0x279/0x4c0 [ 262.903308] handle_mm_fault+0x1a5/0x670 [ 262.907424] __do_page_fault+0x5ed/0xdd0 [ 262.911565] ? trace_hardirqs_off_caller+0x55/0x210 [ 262.916579] ? vmalloc_fault+0x730/0x730 [ 262.920679] ? page_fault+0x8/0x30 [ 262.924218] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 262.929052] ? page_fault+0x8/0x30 [ 262.932582] page_fault+0x1e/0x30 [ 262.936025] RIP: 0033:0x40b107 [ 262.939208] Code: eb 18 90 45 31 c0 31 c9 ba 80 00 00 00 48 89 de bf ca 00 00 00 e8 39 17 05 00 8b 03 85 c0 74 e3 48 89 ef c7 45 08 00 00 00 00 44 9f ff ff 4c 89 e7 e8 9c 8b ff ff eb e1 66 2e 0f 1f 84 00 00 [ 262.958098] RSP: 002b:00007f0aad337d00 EFLAGS: 00010202 03:05:16 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 262.963445] RAX: 0000000000000001 RBX: 000000000076bfa8 RCX: 000000000045c849 [ 262.970699] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000076bfa0 [ 262.977952] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 262.985207] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000076bfac [ 262.992462] R13: 00007ffce31c516f R14: 00007f0aad3389c0 R15: 000000000076bfac 03:05:16 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 263.079477] Task in /syz4 killed as a result of limit of /syz4 [ 263.086194] memory: usage 301304kB, limit 307200kB, failcnt 20 [ 263.109386] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 263.120957] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 263.144679] Memory cgroup stats for /syz4: cache:0KB rss:295744KB rss_huge:262144KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:111988KB active_anon:2120KB inactive_file:20KB active_file:0KB unevictable:181696KB [ 263.177153] xt_HMARK: spi-set and port-set can't be combined [ 263.232886] Memory cgroup out of memory: Kill process 8776 (syz-executor.4) score 1233 or sacrifice child [ 263.258480] Killed process 8776 (syz-executor.4) total-vm:74832kB, anon-rss:18380kB, file-rss:56432kB, shmem-rss:0kB 03:05:16 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:05:16 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:16 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r1, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 263.307761] oom_reaper: reaped process 8776 (syz-executor.4), now anon-rss:18380kB, file-rss:56424kB, shmem-rss:0kB [ 263.369477] xt_HMARK: spi-set and port-set can't be combined 03:05:16 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:17 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:05:17 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:05:17 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:17 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:17 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 264.077870] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 264.089523] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 264.095174] CPU: 0 PID: 8841 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 264.102975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 264.111783] xt_HMARK: spi-set and port-set can't be combined [ 264.112439] Call Trace: [ 264.120828] dump_stack+0x188/0x20d [ 264.124475] dump_header+0x159/0xa5e [ 264.128205] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 264.133329] ? ___ratelimit+0x59/0x573 [ 264.137242] oom_kill_process.cold+0x10/0x6dc [ 264.141767] ? task_will_free_mem+0x134/0x6d0 [ 264.146275] out_of_memory+0x349/0x1250 [ 264.150264] ? oom_killer_disable+0x270/0x270 [ 264.154773] mem_cgroup_out_of_memory+0x1c7/0x240 [ 264.159628] ? memcg_event_wake+0x210/0x210 [ 264.163971] ? do_raw_spin_unlock+0x171/0x260 [ 264.168481] try_charge+0xe22/0x1300 [ 264.172212] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 264.177065] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 264.181918] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 264.187985] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 264.192754] mem_cgroup_try_charge+0x249/0x5c0 [ 264.197343] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 264.202277] wp_page_copy+0x3fe/0x1530 [ 264.206181] ? follow_pfn+0x260/0x260 [ 264.209986] ? retint_kernel+0x2d/0x2d [ 264.213877] do_wp_page+0x518/0xfa0 [ 264.217511] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 264.222203] __handle_mm_fault+0x21a4/0x3b60 [ 264.226629] ? copy_page_range+0x1e70/0x1e70 [ 264.231046] ? count_memcg_event_mm+0x279/0x4c0 [ 264.235749] handle_mm_fault+0x1a5/0x670 [ 264.239820] __get_user_pages+0x599/0x1650 [ 264.244066] ? follow_page_mask+0x1a60/0x1a60 [ 264.248573] ? populate_vma_page_range+0x10e/0x290 [ 264.253515] populate_vma_page_range+0x1fd/0x290 [ 264.258292] __mm_populate+0x1e8/0x350 [ 264.262337] ? populate_vma_page_range+0x290/0x290 [ 264.267273] ? do_mlock+0x6b0/0x6b0 [ 264.270927] __x64_sys_mlockall+0x340/0x500 [ 264.275269] do_syscall_64+0xf9/0x620 [ 264.279085] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 264.284279] RIP: 0033:0x45c849 [ 264.287481] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 264.306394] RSP: 002b:00007f0aad337c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 264.314124] RAX: ffffffffffffffda RBX: 00007f0aad3386d4 RCX: 000000000045c849 [ 264.321413] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 264.328695] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 264.335971] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 264.343247] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bfac [ 264.350701] Task in /syz4 killed as a result of limit of /syz4 [ 264.356896] memory: usage 307200kB, limit 307200kB, failcnt 65 [ 264.363038] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 264.369916] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 264.376312] Memory cgroup stats for /syz4: cache:0KB rss:301328KB rss_huge:266240KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:115652KB active_anon:76KB inactive_file:0KB active_file:0KB unevictable:185668KB [ 264.398111] Memory cgroup out of memory: Kill process 8838 (syz-executor.4) score 1233 or sacrifice child [ 264.408242] Killed process 8844 (syz-executor.4) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB 03:05:18 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:18 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:05:18 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 264.918234] xt_HMARK: spi-set and port-set can't be combined 03:05:18 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:05:18 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:18 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:18 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 265.393471] xt_HMARK: spi-set and port-set can't be combined 03:05:18 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 265.605650] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 265.616964] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 265.622432] CPU: 1 PID: 8892 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 265.630233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 265.639593] Call Trace: [ 265.642195] dump_stack+0x188/0x20d [ 265.645831] dump_header+0x159/0xa5e [ 265.649553] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 265.654765] ? ___ratelimit+0x59/0x573 [ 265.658668] oom_kill_process.cold+0x10/0x6dc [ 265.663179] ? task_will_free_mem+0x134/0x6d0 [ 265.667692] out_of_memory+0x349/0x1250 [ 265.671697] ? oom_killer_disable+0x270/0x270 [ 265.676215] mem_cgroup_out_of_memory+0x1c7/0x240 [ 265.681076] ? memcg_event_wake+0x210/0x210 [ 265.685423] ? do_raw_spin_unlock+0x171/0x260 [ 265.689923] try_charge+0xe22/0x1300 [ 265.693759] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 265.698607] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 265.703459] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 265.709521] ? mark_held_locks+0xf0/0xf0 [ 265.713592] mem_cgroup_try_charge+0x249/0x5c0 [ 265.718178] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 265.723116] __handle_mm_fault+0x1cfb/0x3b60 [ 265.727531] ? copy_page_range+0x1e70/0x1e70 [ 265.731944] ? count_memcg_event_mm+0x279/0x4c0 [ 265.736633] handle_mm_fault+0x1a5/0x670 [ 265.740721] __get_user_pages+0x599/0x1650 [ 265.744979] ? follow_page_mask+0x1a60/0x1a60 [ 265.749495] ? lock_acquire+0x170/0x400 [ 265.753566] populate_vma_page_range+0x1fd/0x290 [ 265.758346] __mm_populate+0x1e8/0x350 [ 265.762258] ? populate_vma_page_range+0x290/0x290 [ 265.767185] ? do_mlock+0x6b0/0x6b0 [ 265.770824] __x64_sys_mlockall+0x340/0x500 [ 265.775151] do_syscall_64+0xf9/0x620 [ 265.779070] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 265.784269] RIP: 0033:0x45c849 [ 265.787471] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 265.806386] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 265.814103] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 265.821373] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 265.828644] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 265.835912] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 265.843182] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 265.850624] Task in /syz4 killed as a result of limit of /syz4 [ 265.856626] memory: usage 307200kB, limit 307200kB, failcnt 122 [ 265.862731] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 265.869596] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 265.875747] Memory cgroup stats for /syz4: cache:0KB rss:301080KB rss_huge:264192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:129724KB active_anon:2136KB inactive_file:4KB active_file:0KB unevictable:169348KB [ 265.897541] Memory cgroup out of memory: Kill process 8414 (syz-executor.4) score 1164 or sacrifice child [ 265.907372] Killed process 8414 (syz-executor.4) total-vm:75228kB, anon-rss:18776kB, file-rss:34816kB, shmem-rss:0kB [ 265.980461] oom_reaper: reaped process 8414 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 266.007357] xt_HMARK: spi-set and port-set can't be combined 03:05:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:05:19 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:19 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:19 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:05:19 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) dup(0xffffffffffffffff) [ 266.376773] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 266.388382] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 266.394203] CPU: 1 PID: 8892 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 266.402036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 266.411429] Call Trace: [ 266.414034] dump_stack+0x188/0x20d [ 266.417708] dump_header+0x159/0xa5e [ 266.421445] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 266.426562] ? ___ratelimit+0x59/0x573 [ 266.430480] oom_kill_process.cold+0x10/0x6dc [ 266.435003] ? task_will_free_mem+0x134/0x6d0 [ 266.439524] out_of_memory+0x349/0x1250 [ 266.443509] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 266.448266] ? oom_killer_disable+0x270/0x270 [ 266.452787] mem_cgroup_out_of_memory+0x1c7/0x240 [ 266.452811] xt_HMARK: spi-set and port-set can't be combined [ 266.457640] ? memcg_event_wake+0x210/0x210 [ 266.457661] ? do_raw_spin_unlock+0x72/0x260 [ 266.457675] ? do_raw_spin_unlock+0x171/0x260 [ 266.457688] try_charge+0xe22/0x1300 [ 266.457708] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 266.485233] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 266.490088] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 266.496161] ? __lock_acquire+0x6ee/0x49c0 [ 266.500405] mem_cgroup_try_charge+0x249/0x5c0 [ 266.504995] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 266.509935] wp_page_copy+0x3fe/0x1530 [ 266.513833] ? mark_held_locks+0xa6/0xf0 [ 266.517898] ? follow_pfn+0x260/0x260 [ 266.521706] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 266.526472] do_wp_page+0x518/0xfa0 [ 266.530101] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 266.534778] __handle_mm_fault+0x21a4/0x3b60 [ 266.539191] ? copy_page_range+0x1e70/0x1e70 [ 266.543600] ? count_memcg_event_mm+0x279/0x4c0 [ 266.548298] handle_mm_fault+0x1a5/0x670 [ 266.552379] __get_user_pages+0x599/0x1650 [ 266.556630] ? follow_page_mask+0x1a60/0x1a60 [ 266.561145] populate_vma_page_range+0x1fd/0x290 [ 266.565915] __mm_populate+0x1e8/0x350 [ 266.569816] ? populate_vma_page_range+0x290/0x290 [ 266.574751] ? __x64_sys_mlockall+0x261/0x500 [ 266.579251] __x64_sys_mlockall+0x340/0x500 [ 266.583577] do_syscall_64+0xf9/0x620 [ 266.587388] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 266.592575] RIP: 0033:0x45c849 [ 266.595776] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 266.614678] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 266.622395] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 266.629677] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 266.636958] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 266.644240] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 266.651521] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 266.660411] Task in /syz4 killed as a result of limit of /syz4 [ 266.666706] memory: usage 307200kB, limit 307200kB, failcnt 449 03:05:20 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 266.672854] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 266.679721] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 266.685980] Memory cgroup stats for /syz4: cache:0KB rss:300960KB rss_huge:258048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:114644KB active_anon:2120KB inactive_file:0KB active_file:0KB unevictable:184272KB [ 266.707781] Memory cgroup out of memory: Kill process 8891 (syz-executor.4) score 1233 or sacrifice child [ 266.717750] Killed process 8904 (syz-executor.4) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 266.732914] oom_reaper: reaped process 8904 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:05:20 executing program 1: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 267.085390] xt_HMARK: spi-set and port-set can't be combined 03:05:20 executing program 1: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 267.380327] xt_HMARK: spi-set and port-set can't be combined 03:05:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:21 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x0, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:21 executing program 1: r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:05:21 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) dup(0xffffffffffffffff) 03:05:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 267.704306] xt_HMARK: spi-set and port-set can't be combined 03:05:21 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x0, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:21 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 268.559850] xt_HMARK: spi-set and port-set can't be combined 03:05:22 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x0, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 268.900907] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 268.913592] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 268.919931] CPU: 0 PID: 8966 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 268.927746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 268.937111] Call Trace: [ 268.939717] dump_stack+0x188/0x20d [ 268.943369] dump_header+0x159/0xa5e [ 268.947102] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 268.952224] ? ___ratelimit+0x59/0x573 [ 268.956139] oom_kill_process.cold+0x10/0x6dc [ 268.960652] ? out_of_memory+0x19f/0x1250 [ 268.964819] out_of_memory+0x349/0x1250 [ 268.968825] ? oom_killer_disable+0x270/0x270 [ 268.973351] mem_cgroup_out_of_memory+0x1c7/0x240 [ 268.978213] ? memcg_event_wake+0x210/0x210 [ 268.982563] ? do_raw_spin_unlock+0x171/0x260 [ 268.987085] try_charge+0xe22/0x1300 [ 268.990818] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 268.995680] ? get_mem_cgroup_from_mm+0x179/0x4f0 03:05:22 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, 0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 269.000544] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 269.006618] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 269.011392] mem_cgroup_try_charge+0x249/0x5c0 [ 269.016001] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 269.020951] wp_page_copy+0x3fe/0x1530 [ 269.024870] ? follow_pfn+0x260/0x260 [ 269.028687] ? __lock_acquire+0x6ee/0x49c0 [ 269.032947] do_wp_page+0x518/0xfa0 [ 269.036588] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 269.041275] __handle_mm_fault+0x21a4/0x3b60 [ 269.045711] ? copy_page_range+0x1e70/0x1e70 [ 269.050145] ? count_memcg_event_mm+0x279/0x4c0 [ 269.054853] handle_mm_fault+0x1a5/0x670 [ 269.058941] __get_user_pages+0x599/0x1650 [ 269.063209] ? follow_page_mask+0x1a60/0x1a60 [ 269.067741] populate_vma_page_range+0x1fd/0x290 [ 269.072523] __mm_populate+0x1e8/0x350 [ 269.076538] ? populate_vma_page_range+0x290/0x290 [ 269.081497] ? do_mlock+0x6b0/0x6b0 [ 269.085151] __x64_sys_mlockall+0x340/0x500 [ 269.089500] do_syscall_64+0xf9/0x620 [ 269.093423] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 269.098632] RIP: 0033:0x45c849 03:05:22 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 269.101840] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 269.120755] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 269.128470] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 269.135745] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 269.143021] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 269.150297] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 269.157571] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 269.167802] Task in /syz4 killed as a result of limit of /syz4 [ 269.175028] memory: usage 307200kB, limit 307200kB, failcnt 473 [ 269.181458] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 269.188318] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 03:05:22 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, 0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 269.194672] Memory cgroup stats for /syz4: cache:0KB rss:300816KB rss_huge:264192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:114616KB active_anon:2124KB inactive_file:4KB active_file:0KB unevictable:184124KB [ 269.217387] Memory cgroup out of memory: Kill process 8965 (syz-executor.4) score 1233 or sacrifice child [ 269.228269] Killed process 8970 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 03:05:23 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:23 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:23 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, 0x0, 0x0) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:23 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:05:23 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) dup(0xffffffffffffffff) 03:05:23 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:23 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:23 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 270.050909] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 270.062439] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 270.067840] CPU: 0 PID: 9012 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 270.074027] xt_HMARK: spi-set and port-set can't be combined [ 270.075635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 270.075640] Call Trace: [ 270.075661] dump_stack+0x188/0x20d [ 270.075680] dump_header+0x159/0xa5e [ 270.100729] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 270.105854] ? ___ratelimit+0x59/0x573 [ 270.109773] oom_kill_process.cold+0x10/0x6dc [ 270.114289] ? task_will_free_mem+0x134/0x6d0 [ 270.118812] out_of_memory+0x349/0x1250 [ 270.122818] ? oom_killer_disable+0x270/0x270 [ 270.127336] mem_cgroup_out_of_memory+0x1c7/0x240 [ 270.132191] ? memcg_event_wake+0x210/0x210 [ 270.136535] ? do_raw_spin_unlock+0x171/0x260 [ 270.141046] try_charge+0xe22/0x1300 [ 270.144782] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 270.149646] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 270.154510] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 270.160575] ? mark_held_locks+0xf0/0xf0 [ 270.164652] mem_cgroup_try_charge+0x249/0x5c0 [ 270.169259] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 270.174210] __handle_mm_fault+0x1cfb/0x3b60 [ 270.178630] ? copy_page_range+0x1e70/0x1e70 [ 270.183043] ? count_memcg_event_mm+0x279/0x4c0 [ 270.187735] handle_mm_fault+0x1a5/0x670 [ 270.191812] __get_user_pages+0x599/0x1650 [ 270.196064] ? follow_page_mask+0x1a60/0x1a60 [ 270.200577] ? lock_acquire+0x170/0x400 [ 270.204558] populate_vma_page_range+0x1fd/0x290 [ 270.209322] __mm_populate+0x1e8/0x350 [ 270.213215] ? populate_vma_page_range+0x290/0x290 [ 270.218144] ? do_mlock+0x6b0/0x6b0 [ 270.221789] __x64_sys_mlockall+0x340/0x500 [ 270.226125] do_syscall_64+0xf9/0x620 [ 270.229939] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 270.235133] RIP: 0033:0x45c849 [ 270.238328] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 270.257243] RSP: 002b:00007f0aad337c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 270.264952] RAX: ffffffffffffffda RBX: 00007f0aad3386d4 RCX: 000000000045c849 [ 270.272234] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 270.279500] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 270.286770] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 270.294041] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bfac [ 270.302536] Task in /syz4 killed as a result of limit of /syz4 [ 270.308536] memory: usage 307200kB, limit 307200kB, failcnt 497 [ 270.314637] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 270.321479] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 270.327627] Memory cgroup stats for /syz4: cache:0KB rss:300584KB rss_huge:262144KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:129336KB active_anon:2144KB inactive_file:4KB active_file:4KB unevictable:169224KB 03:05:23 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 270.349142] Memory cgroup out of memory: Kill process 8381 (syz-executor.4) score 1163 or sacrifice child [ 270.358954] Killed process 8381 (syz-executor.4) total-vm:74964kB, anon-rss:18512kB, file-rss:34816kB, shmem-rss:0kB [ 270.612930] oom_reaper: reaped process 8381 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 03:05:24 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 271.049503] xt_HMARK: spi-set and port-set can't be combined 03:05:24 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 03:05:24 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 271.257403] xt_HMARK: spi-set and port-set can't be combined [ 271.899045] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 271.914287] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 271.921357] CPU: 0 PID: 9009 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 271.929171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 271.938524] Call Trace: [ 271.941107] dump_stack+0x188/0x20d [ 271.944719] dump_header+0x159/0xa5e [ 271.948420] ? _raw_spin_unlock_irqrestore+0xb7/0xe0 [ 271.953508] ? ___ratelimit+0x59/0x573 [ 271.957390] oom_kill_process.cold+0x10/0x6dc [ 271.961877] ? task_will_free_mem+0x134/0x6d0 [ 271.966361] out_of_memory+0x349/0x1250 [ 271.970337] ? oom_killer_disable+0x270/0x270 [ 271.974848] mem_cgroup_out_of_memory+0x1c7/0x240 [ 271.979714] ? memcg_event_wake+0x210/0x210 [ 271.984026] ? do_raw_spin_unlock+0x171/0x260 [ 271.988506] try_charge+0xe22/0x1300 [ 271.992318] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 271.997156] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 272.001993] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 272.008044] mem_cgroup_try_charge+0x249/0x5c0 [ 272.012627] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 272.017548] wp_page_copy+0x3fe/0x1530 [ 272.021426] ? follow_pfn+0x260/0x260 [ 272.025213] ? __lock_acquire+0x6ee/0x49c0 [ 272.029439] do_wp_page+0x518/0xfa0 [ 272.033058] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 272.037719] __handle_mm_fault+0x21a4/0x3b60 [ 272.042152] ? copy_page_range+0x1e70/0x1e70 [ 272.046558] ? count_memcg_event_mm+0x279/0x4c0 [ 272.051228] handle_mm_fault+0x1a5/0x670 [ 272.055276] __get_user_pages+0x599/0x1650 [ 272.059519] ? follow_page_mask+0x1a60/0x1a60 [ 272.064003] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 272.068749] ? retint_kernel+0x2d/0x2d [ 272.072625] populate_vma_page_range+0x1fd/0x290 [ 272.077369] __mm_populate+0x1e8/0x350 [ 272.081244] ? populate_vma_page_range+0x290/0x290 [ 272.086158] ? do_mlock+0x6b0/0x6b0 [ 272.089783] __x64_sys_mlockall+0x340/0x500 [ 272.094127] do_syscall_64+0xf9/0x620 [ 272.097935] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 272.103114] RIP: 0033:0x45c849 [ 272.106292] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 272.125227] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 272.132949] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 272.140206] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 272.147459] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 272.154718] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 272.161974] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 272.173312] Task in /syz4 killed as a result of limit of /syz4 [ 272.179578] memory: usage 307200kB, limit 307200kB, failcnt 2060 [ 272.185848] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 272.192876] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 272.199072] Memory cgroup stats for /syz4: cache:0KB rss:300472KB rss_huge:260096KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:130344KB active_anon:2120KB inactive_file:0KB active_file:0KB unevictable:168016KB [ 272.221564] Memory cgroup out of memory: Kill process 8999 (syz-executor.4) score 1233 or sacrifice child [ 272.232200] Killed process 9030 (syz-executor.4) total-vm:74964kB, anon-rss:18512kB, file-rss:34944kB, shmem-rss:0kB [ 272.247924] oom_reaper: reaped process 9030 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 273.121914] NOHZ: local_softirq_pending 08 03:05:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:26 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:26 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x0, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:26 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:05:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:26 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 03:05:27 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 273.576576] xt_HMARK: spi-set and port-set can't be combined 03:05:27 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:27 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 273.738140] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 273.749397] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 273.754791] CPU: 0 PID: 9065 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 273.762586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 273.771937] Call Trace: [ 273.774530] dump_stack+0x188/0x20d [ 273.778170] dump_header+0x159/0xa5e [ 273.781887] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 273.786992] ? ___ratelimit+0x59/0x573 [ 273.790887] oom_kill_process.cold+0x10/0x6dc [ 273.795390] ? task_will_free_mem+0x134/0x6d0 [ 273.799979] out_of_memory+0x349/0x1250 [ 273.803961] ? oom_killer_disable+0x270/0x270 [ 273.808471] mem_cgroup_out_of_memory+0x1c7/0x240 [ 273.813318] ? memcg_event_wake+0x210/0x210 [ 273.817651] ? do_raw_spin_unlock+0x171/0x260 [ 273.822150] try_charge+0xe22/0x1300 [ 273.825873] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 273.830725] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 273.835577] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 273.841647] ? mark_held_locks+0xf0/0xf0 [ 273.845723] mem_cgroup_try_charge+0x249/0x5c0 [ 273.850317] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 273.855257] __handle_mm_fault+0x1cfb/0x3b60 [ 273.859672] ? copy_page_range+0x1e70/0x1e70 [ 273.864084] ? count_memcg_event_mm+0x279/0x4c0 [ 273.868777] handle_mm_fault+0x1a5/0x670 [ 273.872848] __get_user_pages+0x599/0x1650 [ 273.877111] ? follow_page_mask+0x1a60/0x1a60 [ 273.881623] ? lock_acquire+0x170/0x400 [ 273.885613] populate_vma_page_range+0x1fd/0x290 [ 273.890382] __mm_populate+0x1e8/0x350 [ 273.894292] ? populate_vma_page_range+0x290/0x290 [ 273.899227] ? do_mlock+0x6b0/0x6b0 [ 273.902869] __x64_sys_mlockall+0x340/0x500 [ 273.907196] do_syscall_64+0xf9/0x620 [ 273.911004] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 273.916203] RIP: 0033:0x45c849 [ 273.919399] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 273.938304] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 273.946014] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 273.953282] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 273.960548] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 273.967816] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 273.975084] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 273.982429] Task in /syz4 killed as a result of limit of /syz4 [ 273.988429] memory: usage 307200kB, limit 307200kB, failcnt 2092 [ 273.994621] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 274.001407] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 274.007548] Memory cgroup stats for /syz4: cache:0KB rss:300424KB rss_huge:260096KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:145724KB active_anon:2136KB inactive_file:4KB active_file:4KB unevictable:152600KB [ 274.029008] Memory cgroup out of memory: Kill process 8394 (syz-executor.4) score 1163 or sacrifice child 03:05:27 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 274.038810] Killed process 8394 (syz-executor.4) total-vm:74964kB, anon-rss:18512kB, file-rss:34816kB, shmem-rss:0kB [ 274.056323] oom_reaper: reaped process 8394 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 03:05:27 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) [ 274.491392] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 274.502787] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 274.508378] CPU: 1 PID: 9065 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 274.516178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 274.525539] Call Trace: [ 274.528151] dump_stack+0x188/0x20d [ 274.531789] dump_header+0x159/0xa5e [ 274.535515] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 274.540626] ? ___ratelimit+0x59/0x573 [ 274.544528] oom_kill_process.cold+0x10/0x6dc [ 274.549044] ? out_of_memory+0x19f/0x1250 [ 274.553204] out_of_memory+0x349/0x1250 [ 274.557189] ? oom_killer_disable+0x270/0x270 [ 274.561721] mem_cgroup_out_of_memory+0x1c7/0x240 [ 274.566564] ? memcg_event_wake+0x210/0x210 [ 274.570896] ? do_raw_spin_unlock+0x171/0x260 [ 274.575393] try_charge+0xe22/0x1300 [ 274.579114] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 274.583961] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 274.588822] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 274.594886] mem_cgroup_try_charge+0x249/0x5c0 [ 274.599476] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 274.604421] wp_page_copy+0x3fe/0x1530 [ 274.608318] ? follow_pfn+0x260/0x260 [ 274.612121] ? __lock_acquire+0x6ee/0x49c0 [ 274.616366] do_wp_page+0x518/0xfa0 [ 274.619998] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 274.624680] __handle_mm_fault+0x21a4/0x3b60 [ 274.629094] ? copy_page_range+0x1e70/0x1e70 [ 274.633505] ? lock_release+0x42b/0x820 [ 274.637499] handle_mm_fault+0x1a5/0x670 [ 274.641565] __get_user_pages+0x599/0x1650 [ 274.645810] ? follow_page_mask+0x1a60/0x1a60 [ 274.650308] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 274.655073] ? retint_kernel+0x2d/0x2d [ 274.658970] populate_vma_page_range+0x1fd/0x290 [ 274.663748] __mm_populate+0x1e8/0x350 [ 274.667638] ? populate_vma_page_range+0x290/0x290 [ 274.672678] ? do_mlock+0x6b0/0x6b0 [ 274.676309] __x64_sys_mlockall+0x340/0x500 [ 274.680653] do_syscall_64+0xf9/0x620 [ 274.684464] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 274.689844] RIP: 0033:0x45c849 [ 274.693038] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 274.711944] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 274.719659] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 274.726926] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 274.734194] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 274.736385] xt_HMARK: spi-set and port-set can't be combined [ 274.741463] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 274.741472] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 274.741609] Task in /syz4 killed as a result of limit of /syz4 [ 274.768562] memory: usage 307200kB, limit 307200kB, failcnt 2140 [ 274.774808] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 274.781650] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 274.787934] Memory cgroup stats for /syz4: cache:0KB rss:300196KB rss_huge:258048KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:146704KB active_anon:2120KB inactive_file:8KB active_file:0KB unevictable:151504KB [ 274.809944] Memory cgroup out of memory: Kill process 9064 (syz-executor.4) score 1233 or sacrifice child [ 274.820346] Killed process 9082 (syz-executor.4) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB 03:05:28 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 275.278559] oom_reaper: reaped process 9082 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 275.399468] xt_HMARK: spi-set and port-set can't be combined 03:05:29 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:29 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, 0x0, 0x0) 03:05:29 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:29 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 03:05:29 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:05:29 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:29 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, 0x0, 0x0) [ 275.899865] xt_HMARK: spi-set and port-set can't be combined [ 276.027038] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 276.038408] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 276.043892] CPU: 0 PID: 9126 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 276.051693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 276.061045] Call Trace: [ 276.063638] dump_stack+0x188/0x20d [ 276.067284] dump_header+0x159/0xa5e [ 276.071010] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 276.076113] ? ___ratelimit+0x59/0x573 [ 276.080019] oom_kill_process.cold+0x10/0x6dc [ 276.084534] ? task_will_free_mem+0x134/0x6d0 [ 276.089040] out_of_memory+0x349/0x1250 [ 276.093027] ? oom_killer_disable+0x270/0x270 [ 276.097548] mem_cgroup_out_of_memory+0x1c7/0x240 [ 276.102393] ? memcg_event_wake+0x210/0x210 [ 276.106722] ? do_raw_spin_unlock+0x171/0x260 [ 276.111217] try_charge+0xe22/0x1300 [ 276.114938] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 276.119784] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 276.124636] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 276.130697] ? mark_held_locks+0xf0/0xf0 [ 276.134765] mem_cgroup_try_charge+0x249/0x5c0 [ 276.139353] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 276.144291] __handle_mm_fault+0x1cfb/0x3b60 [ 276.148703] ? copy_page_range+0x1e70/0x1e70 [ 276.153116] ? count_memcg_event_mm+0x279/0x4c0 [ 276.157809] handle_mm_fault+0x1a5/0x670 [ 276.161875] __get_user_pages+0x599/0x1650 [ 276.166119] ? follow_page_mask+0x1a60/0x1a60 [ 276.170626] ? lock_acquire+0x170/0x400 [ 276.174607] populate_vma_page_range+0x1fd/0x290 [ 276.179374] __mm_populate+0x1e8/0x350 [ 276.183295] ? populate_vma_page_range+0x290/0x290 [ 276.188221] ? do_mlock+0x6b0/0x6b0 [ 276.191854] __x64_sys_mlockall+0x340/0x500 [ 276.196176] do_syscall_64+0xf9/0x620 [ 276.199983] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 276.205170] RIP: 0033:0x45c849 [ 276.208364] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 276.227262] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 276.234974] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 276.242248] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 276.249522] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 276.256792] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 276.264074] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 276.271669] Task in /syz4 killed as a result of limit of /syz4 [ 276.277661] memory: usage 307200kB, limit 307200kB, failcnt 2593 [ 276.283842] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 276.290637] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 276.296774] Memory cgroup stats for /syz4: cache:0KB rss:300052KB rss_huge:256000KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:162108KB active_anon:2140KB inactive_file:4KB active_file:4KB unevictable:135932KB [ 276.319145] Memory cgroup out of memory: Kill process 9102 (syz-executor.4) score 1163 or sacrifice child [ 276.330183] Killed process 9102 (syz-executor.4) total-vm:74964kB, anon-rss:18516kB, file-rss:34816kB, shmem-rss:0kB 03:05:29 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 276.974742] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 276.986136] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 276.991778] CPU: 0 PID: 9126 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 276.999602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 277.008964] Call Trace: [ 277.011568] dump_stack+0x188/0x20d [ 277.015206] dump_header+0x159/0xa5e [ 277.018930] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 277.024037] ? ___ratelimit+0x59/0x573 [ 277.027934] oom_kill_process.cold+0x10/0x6dc [ 277.032441] ? mem_cgroup_get_max+0xde/0x240 [ 277.036857] out_of_memory+0x349/0x1250 [ 277.040844] ? oom_killer_disable+0x270/0x270 [ 277.045346] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 277.049940] mem_cgroup_out_of_memory+0x1c7/0x240 [ 277.054784] ? memcg_event_wake+0x210/0x210 [ 277.059115] ? try_charge+0xe14/0x1300 [ 277.063008] ? do_raw_spin_unlock+0x171/0x260 [ 277.067506] try_charge+0xe22/0x1300 [ 277.071236] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 277.076081] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 277.080930] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 277.087000] mem_cgroup_try_charge+0x249/0x5c0 [ 277.091718] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 277.096665] wp_page_copy+0x3fe/0x1530 [ 277.100573] ? follow_pfn+0x260/0x260 [ 277.104382] ? retint_kernel+0x2d/0x2d [ 277.108288] do_wp_page+0x518/0xfa0 [ 277.111926] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 277.116612] __handle_mm_fault+0x21a4/0x3b60 [ 277.121029] ? copy_page_range+0x1e70/0x1e70 [ 277.125446] ? count_memcg_event_mm+0x279/0x4c0 [ 277.130151] handle_mm_fault+0x1a5/0x670 [ 277.134224] ? __get_user_pages+0x4c7/0x1650 [ 277.138639] __get_user_pages+0x599/0x1650 [ 277.142894] ? follow_page_mask+0x1a60/0x1a60 [ 277.147418] populate_vma_page_range+0x1fd/0x290 [ 277.152203] __mm_populate+0x1e8/0x350 [ 277.156100] ? populate_vma_page_range+0x290/0x290 [ 277.161035] ? do_mlock+0x6b0/0x6b0 [ 277.164672] __x64_sys_mlockall+0x340/0x500 [ 277.169012] do_syscall_64+0xf9/0x620 [ 277.172820] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 277.178007] RIP: 0033:0x45c849 [ 277.181206] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 277.200112] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 277.207821] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 277.215091] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 277.222359] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 277.229627] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 277.236894] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 277.244304] Task in /syz4 killed as a result of limit of /syz4 [ 277.250597] memory: usage 307200kB, limit 307200kB, failcnt 2635 [ 277.256818] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 277.263716] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 277.270003] Memory cgroup stats for /syz4: cache:0KB rss:300044KB rss_huge:253952KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:148652KB active_anon:2120KB inactive_file:0KB active_file:4KB unevictable:149324KB [ 277.292032] Memory cgroup out of memory: Kill process 9121 (syz-executor.4) score 1233 or sacrifice child [ 277.301886] Killed process 9131 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 03:05:31 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, 0x0, 0x0) [ 277.800500] xt_HMARK: spi-set and port-set can't be combined 03:05:31 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:31 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:31 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(0x0) socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 278.037324] xt_HMARK: spi-set and port-set can't be combined 03:05:31 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:31 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:31 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:05:31 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) [ 278.333802] cgroup: fork rejected by pids controller in /syz1 03:05:31 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x801, @mcast1}}}, 0x90) 03:05:31 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(0x0) socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:31 executing program 2: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000000)={0x8, {{0xa, 0x0, 0x0, @mcast1}}, {{0xa, 0x0, 0x0, @remote}}}, 0x108) setsockopt$inet6_MCAST_MSFILTER(r2, 0x29, 0x30, &(0x7f0000000200)={0x8, {{0xa, 0x0, 0x0, @mcast1}}}, 0x90) 03:05:32 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 278.791280] xt_HMARK: spi-set and port-set can't be combined [ 278.833720] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 278.845042] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 278.850505] CPU: 1 PID: 9232 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 278.858301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 278.867665] Call Trace: [ 278.870264] dump_stack+0x188/0x20d [ 278.873885] dump_header+0x159/0xa5e [ 278.877609] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 278.882716] ? ___ratelimit+0x59/0x573 [ 278.886600] oom_kill_process.cold+0x10/0x6dc [ 278.891097] ? task_will_free_mem+0x134/0x6d0 [ 278.895596] out_of_memory+0x349/0x1250 [ 278.899566] ? oom_killer_disable+0x270/0x270 [ 278.904080] mem_cgroup_out_of_memory+0x1c7/0x240 [ 278.908931] ? memcg_event_wake+0x210/0x210 [ 278.913261] ? do_raw_spin_unlock+0x171/0x260 [ 278.917750] try_charge+0xe22/0x1300 [ 278.921462] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 278.926299] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 278.931134] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 278.937177] ? mark_held_locks+0xf0/0xf0 [ 278.941234] mem_cgroup_try_charge+0x249/0x5c0 [ 278.945814] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 278.950736] __handle_mm_fault+0x1cfb/0x3b60 [ 278.955135] ? copy_page_range+0x1e70/0x1e70 [ 278.959536] ? count_memcg_event_mm+0x279/0x4c0 [ 278.964207] handle_mm_fault+0x1a5/0x670 [ 278.968262] __get_user_pages+0x599/0x1650 [ 278.972493] ? follow_page_mask+0x1a60/0x1a60 [ 278.976983] ? lock_acquire+0x170/0x400 [ 278.980948] populate_vma_page_range+0x1fd/0x290 [ 278.985698] __mm_populate+0x1e8/0x350 [ 278.989580] ? populate_vma_page_range+0x290/0x290 [ 278.994497] ? do_mlock+0x6b0/0x6b0 [ 278.998117] __x64_sys_mlockall+0x340/0x500 [ 279.002431] do_syscall_64+0xf9/0x620 [ 279.006225] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 279.011400] RIP: 0033:0x45c849 [ 279.014577] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 279.033464] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 279.041157] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 279.048416] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 279.055672] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 279.062927] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 279.070182] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 279.078940] Task in /syz4 killed as a result of limit of /syz4 [ 279.085005] memory: usage 307200kB, limit 307200kB, failcnt 2701 [ 279.091230] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 279.098023] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 279.105633] Memory cgroup stats for /syz4: cache:0KB rss:299716KB rss_huge:253952KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:161980KB active_anon:2144KB inactive_file:8KB active_file:4KB unevictable:135776KB [ 279.127099] Memory cgroup out of memory: Kill process 9048 (syz-executor.4) score 1163 or sacrifice child [ 279.136871] Killed process 9048 (syz-executor.4) total-vm:74964kB, anon-rss:18512kB, file-rss:34816kB, shmem-rss:0kB 03:05:34 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(0x0) socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 281.156042] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 281.168121] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 281.174058] CPU: 0 PID: 9232 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 281.181865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 281.191217] Call Trace: [ 281.193815] dump_stack+0x188/0x20d [ 281.197469] dump_header+0x159/0xa5e [ 281.201206] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 281.206421] ? ___ratelimit+0x59/0x573 [ 281.210320] oom_kill_process.cold+0x10/0x6dc [ 281.214822] ? task_will_free_mem+0x134/0x6d0 [ 281.219326] out_of_memory+0x349/0x1250 [ 281.223319] ? oom_killer_disable+0x270/0x270 [ 281.227828] mem_cgroup_out_of_memory+0x1c7/0x240 [ 281.232679] ? memcg_event_wake+0x210/0x210 [ 281.237015] ? do_raw_spin_unlock+0x171/0x260 [ 281.241517] try_charge+0xe22/0x1300 [ 281.245272] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 281.250149] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 281.255001] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 281.261077] mem_cgroup_try_charge+0x249/0x5c0 [ 281.265669] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 281.270606] wp_page_copy+0x3fe/0x1530 [ 281.274520] ? follow_pfn+0x260/0x260 [ 281.278329] do_wp_page+0x518/0xfa0 [ 281.281959] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 281.286637] __handle_mm_fault+0x21a4/0x3b60 [ 281.291053] ? copy_page_range+0x1e70/0x1e70 [ 281.295465] ? count_memcg_event_mm+0x279/0x4c0 [ 281.300154] handle_mm_fault+0x1a5/0x670 [ 281.304226] __get_user_pages+0x599/0x1650 [ 281.308471] ? follow_page_mask+0x1a60/0x1a60 [ 281.312970] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 281.317732] ? retint_kernel+0x2d/0x2d [ 281.321629] populate_vma_page_range+0x1fd/0x290 [ 281.326395] __mm_populate+0x1e8/0x350 [ 281.330301] ? populate_vma_page_range+0x290/0x290 [ 281.335240] ? do_mlock+0x6b0/0x6b0 [ 281.338897] __x64_sys_mlockall+0x340/0x500 [ 281.343234] do_syscall_64+0xf9/0x620 [ 281.347048] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 281.352245] RIP: 0033:0x45c849 [ 281.355447] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 281.374359] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 281.382106] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 281.389377] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 281.396652] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 281.403927] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 281.411207] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 281.419377] Task in /syz4 killed as a result of limit of /syz4 [ 281.425594] memory: usage 307200kB, limit 307200kB, failcnt 3067 [ 281.431885] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 281.438722] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 281.445034] Memory cgroup stats for /syz4: cache:0KB rss:299616KB rss_huge:251904KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:148268KB active_anon:2120KB inactive_file:0KB active_file:0KB unevictable:149452KB [ 281.467098] Memory cgroup out of memory: Kill process 9202 (syz-executor.4) score 1233 or sacrifice child [ 281.477243] Killed process 9293 (syz-executor.4) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB 03:05:34 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:35 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:35 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:05:35 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:35 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:35 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 284.144427] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 284.155692] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 284.161131] CPU: 1 PID: 9585 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 284.168932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 284.178291] Call Trace: [ 284.180892] dump_stack+0x188/0x20d [ 284.184526] dump_header+0x159/0xa5e [ 284.188247] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 284.193360] ? ___ratelimit+0x59/0x573 [ 284.197265] oom_kill_process.cold+0x10/0x6dc [ 284.201764] ? task_will_free_mem+0x134/0x6d0 [ 284.206254] out_of_memory+0x349/0x1250 [ 284.210224] ? oom_killer_disable+0x270/0x270 [ 284.214716] mem_cgroup_out_of_memory+0x1c7/0x240 [ 284.219552] ? memcg_event_wake+0x210/0x210 [ 284.223875] ? do_raw_spin_unlock+0x171/0x260 [ 284.228356] try_charge+0xe22/0x1300 [ 284.232068] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 284.236903] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 284.241736] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 284.247782] ? mark_held_locks+0xf0/0xf0 [ 284.251846] mem_cgroup_try_charge+0x249/0x5c0 [ 284.256421] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 284.261340] __handle_mm_fault+0x1cfb/0x3b60 [ 284.265738] ? copy_page_range+0x1e70/0x1e70 [ 284.270141] ? count_memcg_event_mm+0x279/0x4c0 [ 284.274811] handle_mm_fault+0x1a5/0x670 [ 284.278867] __get_user_pages+0x599/0x1650 [ 284.283117] ? follow_page_mask+0x1a60/0x1a60 [ 284.287606] ? lock_acquire+0x170/0x400 [ 284.291575] populate_vma_page_range+0x1fd/0x290 [ 284.296323] __mm_populate+0x1e8/0x350 [ 284.300200] ? populate_vma_page_range+0x290/0x290 [ 284.305118] ? do_mlock+0x6b0/0x6b0 [ 284.308736] __x64_sys_mlockall+0x340/0x500 [ 284.313061] do_syscall_64+0xf9/0x620 [ 284.316880] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 284.322069] RIP: 0033:0x45c849 [ 284.325258] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 284.344159] RSP: 002b:00007f0aad337c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 284.351874] RAX: ffffffffffffffda RBX: 00007f0aad3386d4 RCX: 000000000045c849 [ 284.359131] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 284.366390] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 284.373647] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 284.380908] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bfac [ 284.388218] Task in /syz4 killed as a result of limit of /syz4 [ 284.388242] memory: usage 307200kB, limit 307200kB, failcnt 3090 [ 284.388251] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 284.388259] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 284.388264] Memory cgroup stats for /syz4: cache:0KB rss:299672KB rss_huge:251904KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:161976KB active_anon:2148KB inactive_file:8KB active_file:0KB unevictable:135628KB [ 284.388332] Memory cgroup out of memory: Kill process 9409 (syz-executor.4) score 1163 or sacrifice child [ 284.388384] Killed process 9409 (syz-executor.4) total-vm:74964kB, anon-rss:18512kB, file-rss:34816kB, shmem-rss:0kB 03:05:38 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:38 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:38 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:05:38 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:40 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:41 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:41 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:41 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:05:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:42 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:42 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:42 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, 0x0, 0x0) 03:05:44 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, 0x0, 0x0) 03:05:44 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:05:44 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:44 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, 0x0, 0x0) 03:05:44 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) [ 292.178330] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 292.190047] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 292.195696] CPU: 1 PID: 9817 Comm: syz-executor.3 Not tainted 4.19.112-syzkaller #0 [ 292.203492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 292.212844] Call Trace: [ 292.215439] dump_stack+0x188/0x20d [ 292.219074] dump_header+0x159/0xa5e [ 292.222793] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 292.227893] ? ___ratelimit+0x59/0x573 [ 292.231787] oom_kill_process.cold+0x10/0x6dc [ 292.236289] ? task_will_free_mem+0x134/0x6d0 [ 292.240796] out_of_memory+0x349/0x1250 [ 292.244807] ? oom_killer_disable+0x270/0x270 [ 292.249336] mem_cgroup_out_of_memory+0x1c7/0x240 [ 292.254181] ? memcg_event_wake+0x210/0x210 [ 292.258506] ? do_raw_spin_unlock+0x171/0x260 [ 292.263005] try_charge+0xe22/0x1300 [ 292.266734] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 292.271593] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 292.276456] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 292.282540] mem_cgroup_try_charge+0x249/0x5c0 [ 292.287141] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 292.292088] wp_page_copy+0x3fe/0x1530 [ 292.296012] ? follow_pfn+0x260/0x260 [ 292.299824] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 292.304605] do_wp_page+0x518/0xfa0 [ 292.308248] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 292.312932] ? do_raw_spin_lock+0xcb/0x240 [ 292.317185] ? do_raw_spin_lock+0x13f/0x240 [ 292.321532] __handle_mm_fault+0x21a4/0x3b60 [ 292.325957] ? copy_page_range+0x1e70/0x1e70 [ 292.330378] ? count_memcg_event_mm+0x279/0x4c0 [ 292.335088] handle_mm_fault+0x1a5/0x670 [ 292.339278] __get_user_pages+0x599/0x1650 [ 292.343538] ? follow_page_mask+0x1a60/0x1a60 [ 292.348039] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 292.352807] ? retint_kernel+0x2d/0x2d [ 292.356706] populate_vma_page_range+0x1fd/0x290 [ 292.361481] __mm_populate+0x1e8/0x350 [ 292.365379] ? populate_vma_page_range+0x290/0x290 [ 292.370451] ? do_mlock+0x6b0/0x6b0 [ 292.374100] __x64_sys_mlockall+0x340/0x500 [ 292.378434] do_syscall_64+0xf9/0x620 [ 292.382247] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 292.387440] RIP: 0033:0x45c849 [ 292.390639] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 292.409549] RSP: 002b:00007fb703599c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 292.417265] RAX: ffffffffffffffda RBX: 00007fb70359a6d4 RCX: 000000000045c849 [ 292.424540] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 292.431812] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 292.439079] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 292.446354] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 292.454595] Task in /syz3 killed as a result of limit of /syz3 [ 292.460890] memory: usage 307200kB, limit 307200kB, failcnt 52 [ 292.466990] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 292.474120] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 292.480416] Memory cgroup stats for /syz3: cache:0KB rss:299492KB rss_huge:186368KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:123624KB active_anon:60KB inactive_file:20KB active_file:0KB unevictable:175948KB [ 292.502353] Memory cgroup out of memory: Kill process 9816 (syz-executor.3) score 1233 or sacrifice child [ 292.512604] Killed process 9823 (syz-executor.3) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 03:05:46 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:46 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:05:46 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:47 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:47 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:47 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:47 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:05:47 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 03:05:47 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 03:05:48 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 296.354520] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 296.365838] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 296.371365] CPU: 1 PID: 9971 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 296.379165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 296.388524] Call Trace: [ 296.391126] dump_stack+0x188/0x20d [ 296.394772] dump_header+0x159/0xa5e [ 296.398499] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 296.403609] ? ___ratelimit+0x59/0x573 [ 296.407509] oom_kill_process.cold+0x10/0x6dc [ 296.412035] out_of_memory+0x349/0x1250 [ 296.416028] ? oom_killer_disable+0x270/0x270 [ 296.420552] mem_cgroup_out_of_memory+0x1c7/0x240 [ 296.425414] ? memcg_event_wake+0x210/0x210 [ 296.429756] ? do_raw_spin_unlock+0x171/0x260 [ 296.434242] try_charge+0xe22/0x1300 [ 296.437950] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 296.442785] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 296.447619] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 296.453673] mem_cgroup_try_charge+0x249/0x5c0 [ 296.458243] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 296.463163] wp_page_copy+0x3fe/0x1530 [ 296.467046] ? follow_pfn+0x260/0x260 [ 296.470848] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 296.475615] do_wp_page+0x518/0xfa0 [ 296.479239] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 296.484003] ? write_comp_data+0x68/0x70 [ 296.488056] __handle_mm_fault+0x21a4/0x3b60 [ 296.492470] ? copy_page_range+0x1e70/0x1e70 [ 296.496869] ? count_memcg_event_mm+0x279/0x4c0 [ 296.501540] handle_mm_fault+0x1a5/0x670 [ 296.505586] ? __get_user_pages+0x58b/0x1650 [ 296.509995] __get_user_pages+0x599/0x1650 [ 296.514227] ? follow_page_mask+0x1a60/0x1a60 [ 296.518720] populate_vma_page_range+0x1fd/0x290 [ 296.523480] __mm_populate+0x1e8/0x350 [ 296.527369] ? populate_vma_page_range+0x290/0x290 [ 296.532287] ? do_mlock+0x6b0/0x6b0 [ 296.535906] __x64_sys_mlockall+0x340/0x500 [ 296.540221] do_syscall_64+0xf9/0x620 [ 296.544012] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 296.549187] RIP: 0033:0x45c849 [ 296.552369] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 296.571270] RSP: 002b:00007f0aad337c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 296.578963] RAX: ffffffffffffffda RBX: 00007f0aad3386d4 RCX: 000000000045c849 [ 296.586219] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 296.593474] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 296.600730] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 296.607987] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bfac [ 296.615333] Task in /syz4 killed as a result of limit of /syz4 [ 296.621568] memory: usage 307200kB, limit 307200kB, failcnt 3132 [ 296.627798] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 296.634756] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 296.641092] Memory cgroup stats for /syz4: cache:0KB rss:299052KB rss_huge:239616KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:147648KB active_anon:2120KB inactive_file:4KB active_file:0KB unevictable:149452KB [ 296.663107] Memory cgroup out of memory: Kill process 9964 (syz-executor.4) score 1233 or sacrifice child [ 296.673207] Killed process 9973 (syz-executor.4) total-vm:74832kB, anon-rss:18380kB, file-rss:34944kB, shmem-rss:0kB [ 296.699170] syz-executor.4 invoked oom-killer: gfp_mask=0x6040d0(GFP_KERNEL|__GFP_COMP|__GFP_RECLAIMABLE), nodemask=(null), order=0, oom_score_adj=1000 03:05:50 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') socket$inet6_udp(0xa, 0x2, 0x0) clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x40, &(0x7f00000003c0)=@raw={'raw\x00', 0x2, 0x3, 0x220, 0x0, 0x0, 0xd0, 0xd0, 0x0, 0x188, 0x188, 0x188, 0x188, 0x188, 0x3, 0x0, {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@local, [], 0x0, 0x0, 0x0, 0x0, 0x3f}}}, {{@ip={@local, @remote, 0x0, 0x0, 'veth1_to_bond\x00'}, 0x0, 0x70, 0xb8}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x0, 'syz0\x00'}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) [ 296.771897] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 296.833043] CPU: 0 PID: 9967 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 296.840887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 296.850242] Call Trace: [ 296.852843] dump_stack+0x188/0x20d [ 296.856474] dump_header+0x159/0xa5e [ 296.860192] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 296.865296] ? ___ratelimit+0x59/0x573 [ 296.869190] oom_kill_process.cold+0x10/0x6dc [ 296.873690] ? task_will_free_mem+0x134/0x6d0 [ 296.878192] out_of_memory+0x349/0x1250 [ 296.882177] ? oom_killer_disable+0x270/0x270 [ 296.886682] mem_cgroup_out_of_memory+0x1c7/0x240 [ 296.891544] ? memcg_event_wake+0x210/0x210 [ 296.895888] ? do_raw_spin_unlock+0x171/0x260 [ 296.900383] try_charge+0xbdf/0x1300 [ 296.904105] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 296.908957] ? __lock_is_held+0xad/0x140 [ 296.913113] ? rcu_read_lock_sched_held+0x10a/0x130 [ 296.918163] ? __alloc_pages_nodemask+0x5d1/0x6a0 [ 296.923015] memcg_kmem_charge_memcg+0x7b/0x150 [ 296.927687] ? memcg_kmem_put_cache+0xb0/0xb0 [ 296.932200] ? mark_held_locks+0xa6/0xf0 [ 296.936326] ? cache_grow_begin+0x580/0x8a0 [ 296.940661] cache_grow_begin+0x3ed/0x8a0 [ 296.944822] fallback_alloc+0x205/0x2d0 [ 296.948808] kmem_cache_alloc+0x1ea/0x710 [ 296.953052] ? lookup_one_len_unlocked+0x100/0x100 [ 296.958062] alloc_inode+0xab/0x180 [ 296.961697] new_inode_pseudo+0x14/0xe0 [ 296.965674] new_inode+0x1b/0x40 [ 296.969110] debugfs_get_inode+0x1a/0x130 [ 296.973266] __debugfs_create_file+0xb6/0x400 [ 296.977807] kvm_dev_ioctl+0xa03/0x1720 [ 296.981856] ? debug_check_no_obj_freed+0x20a/0x42e [ 296.986883] ? kvm_put_kvm+0xc50/0xc50 [ 296.990794] ? kvm_put_kvm+0xc50/0xc50 [ 296.994701] do_vfs_ioctl+0xcda/0x12e0 [ 296.998707] ? selinux_file_ioctl+0x46c/0x5d0 [ 297.003228] ? selinux_file_ioctl+0x125/0x5d0 [ 297.007730] ? check_preemption_disabled+0x41/0x280 [ 297.012763] ? ioctl_preallocate+0x200/0x200 [ 297.017181] ? selinux_file_mprotect+0x600/0x600 [ 297.021940] ? __fget+0x340/0x510 [ 297.025421] ? iterate_fd+0x350/0x350 [ 297.029270] ? security_file_ioctl+0x6c/0xb0 [ 297.033692] ksys_ioctl+0x9b/0xc0 [ 297.037152] __x64_sys_ioctl+0x6f/0xb0 [ 297.041049] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 297.045637] do_syscall_64+0xf9/0x620 [ 297.049447] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 297.054638] RIP: 0033:0x45c849 [ 297.057834] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 03:05:50 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) [ 297.076755] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 297.084469] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 297.091739] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003 [ 297.099006] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 297.106277] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 297.113555] R13: 000000000000038f R14: 00000000004c6057 R15: 000000000076bf0c [ 297.209419] Task in /syz4 killed as a result of limit of /syz4 [ 297.220584] memory: usage 302836kB, limit 307200kB, failcnt 3132 03:05:50 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 297.254387] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 297.313523] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 297.391896] Memory cgroup stats for /syz4: cache:0KB rss:295072KB rss_huge:239616KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:143524KB active_anon:2128KB inactive_file:4KB active_file:0KB unevictable:149584KB [ 297.469304] Memory cgroup out of memory: Kill process 9964 (syz-executor.4) score 1233 or sacrifice child [ 297.500292] Killed process 9992 (syz-executor.4) total-vm:74964kB, anon-rss:18512kB, file-rss:34816kB, shmem-rss:0kB 03:05:50 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) 03:05:51 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:53 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:53 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:05:53 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:53 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:05:53 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 300.709197] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 300.721074] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 300.726672] CPU: 0 PID: 10127 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 300.734553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 300.743911] Call Trace: [ 300.746511] dump_stack+0x188/0x20d [ 300.750148] dump_header+0x159/0xa5e [ 300.753895] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 300.759006] ? ___ratelimit+0x59/0x573 [ 300.762904] oom_kill_process.cold+0x10/0x6dc [ 300.767410] ? out_of_memory+0x26a/0x1250 [ 300.771576] out_of_memory+0x349/0x1250 [ 300.775558] ? oom_killer_disable+0x270/0x270 [ 300.780069] mem_cgroup_out_of_memory+0x1c7/0x240 [ 300.784924] ? memcg_event_wake+0x210/0x210 [ 300.789257] ? do_raw_spin_unlock+0x171/0x260 [ 300.793768] try_charge+0xe22/0x1300 [ 300.797515] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 300.802368] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 300.807225] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 300.813303] mem_cgroup_try_charge+0x249/0x5c0 [ 300.817915] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 300.822853] wp_page_copy+0x3fe/0x1530 [ 300.826757] ? follow_pfn+0x260/0x260 [ 300.830558] ? __lock_acquire+0x6ee/0x49c0 [ 300.834802] do_wp_page+0x518/0xfa0 [ 300.838448] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 300.843139] __handle_mm_fault+0x21a4/0x3b60 [ 300.847560] ? copy_page_range+0x1e70/0x1e70 [ 300.851974] ? count_memcg_event_mm+0x279/0x4c0 [ 300.856678] handle_mm_fault+0x1a5/0x670 [ 300.860754] __get_user_pages+0x599/0x1650 [ 300.865022] ? follow_page_mask+0x1a60/0x1a60 [ 300.869537] ? populate_vma_page_range+0x10e/0x290 [ 300.874474] populate_vma_page_range+0x1fd/0x290 [ 300.879253] __mm_populate+0x1e8/0x350 [ 300.883155] ? populate_vma_page_range+0x290/0x290 [ 300.888096] ? up_write+0xae/0x150 [ 300.891646] __x64_sys_mlockall+0x340/0x500 [ 300.895991] do_syscall_64+0xf9/0x620 [ 300.899803] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 300.904992] RIP: 0033:0x45c849 [ 300.908188] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 300.927092] RSP: 002b:00007f0aad337c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 300.934800] RAX: ffffffffffffffda RBX: 00007f0aad3386d4 RCX: 000000000045c849 [ 300.942078] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 300.949346] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 300.956616] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 300.963885] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bfac [ 300.972252] Task in /syz4 killed as a result of limit of /syz4 [ 300.978507] memory: usage 307200kB, limit 307200kB, failcnt 3153 [ 300.984886] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 300.991915] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 300.998152] Memory cgroup stats for /syz4: cache:0KB rss:298788KB rss_huge:239616KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:147388KB active_anon:2120KB inactive_file:4KB active_file:0KB unevictable:149452KB [ 301.020352] Memory cgroup out of memory: Kill process 10122 (syz-executor.4) score 1233 or sacrifice child [ 301.030594] Killed process 10122 (syz-executor.4) total-vm:74832kB, anon-rss:18380kB, file-rss:56432kB, shmem-rss:0kB [ 301.099785] oom_reaper: reaped process 10122 (syz-executor.4), now anon-rss:18380kB, file-rss:56424kB, shmem-rss:0kB 03:05:54 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:55 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:55 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 302.417930] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 302.429517] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 302.435125] CPU: 0 PID: 10144 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 302.443109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 302.452462] Call Trace: [ 302.455072] dump_stack+0x188/0x20d [ 302.458703] dump_header+0x159/0xa5e [ 302.462421] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 302.467524] ? ___ratelimit+0x59/0x573 [ 302.471415] oom_kill_process.cold+0x10/0x6dc [ 302.475916] ? out_of_memory+0x26a/0x1250 [ 302.480066] out_of_memory+0x349/0x1250 [ 302.484047] ? oom_killer_disable+0x270/0x270 [ 302.488558] mem_cgroup_out_of_memory+0x1c7/0x240 [ 302.493405] ? memcg_event_wake+0x210/0x210 [ 302.497739] ? do_raw_spin_unlock+0x171/0x260 [ 302.502235] try_charge+0xe22/0x1300 [ 302.505957] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 302.510804] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 302.515672] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 302.521740] mem_cgroup_try_charge+0x249/0x5c0 [ 302.526332] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 302.531270] wp_page_copy+0x3fe/0x1530 [ 302.535167] ? follow_pfn+0x260/0x260 [ 302.538968] ? retint_kernel+0x2d/0x2d [ 302.542861] do_wp_page+0x518/0xfa0 [ 302.546493] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 302.551170] __handle_mm_fault+0x21a4/0x3b60 [ 302.555585] ? copy_page_range+0x1e70/0x1e70 [ 302.559999] ? count_memcg_event_mm+0x279/0x4c0 [ 302.564690] handle_mm_fault+0x1a5/0x670 [ 302.568760] __get_user_pages+0x599/0x1650 [ 302.573005] ? follow_page_mask+0x1a60/0x1a60 [ 302.577520] populate_vma_page_range+0x1fd/0x290 [ 302.582283] __mm_populate+0x1e8/0x350 [ 302.586176] ? populate_vma_page_range+0x290/0x290 [ 302.591106] ? do_mlock+0x6b0/0x6b0 [ 302.594740] __x64_sys_mlockall+0x340/0x500 [ 302.599068] do_syscall_64+0xf9/0x620 [ 302.602872] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 302.608059] RIP: 0033:0x45c849 [ 302.611253] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 302.630169] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 302.637875] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 302.645149] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 302.652423] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 302.659726] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 302.667010] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 302.682525] Task in /syz4 killed as a result of limit of /syz4 [ 302.688840] memory: usage 307200kB, limit 307200kB, failcnt 3181 [ 302.695189] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 302.702099] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 302.708385] Memory cgroup stats for /syz4: cache:0KB rss:298716KB rss_huge:239616KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:147152KB active_anon:2120KB inactive_file:4KB active_file:0KB unevictable:149452KB [ 302.730514] Memory cgroup out of memory: Kill process 10143 (syz-executor.4) score 1233 or sacrifice child [ 302.740763] Killed process 10152 (syz-executor.4) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB 03:05:56 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:05:56 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:05:56 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 304.057991] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 304.069295] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 304.074694] CPU: 0 PID: 10182 Comm: syz-executor.3 Not tainted 4.19.112-syzkaller #0 [ 304.082577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.091928] Call Trace: [ 304.094528] dump_stack+0x188/0x20d [ 304.098164] dump_header+0x159/0xa5e [ 304.101884] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 304.106993] ? ___ratelimit+0x59/0x573 [ 304.110890] oom_kill_process.cold+0x10/0x6dc [ 304.115394] ? task_will_free_mem+0x134/0x6d0 [ 304.119899] out_of_memory+0x349/0x1250 [ 304.123884] ? oom_killer_disable+0x270/0x270 [ 304.128397] mem_cgroup_out_of_memory+0x1c7/0x240 [ 304.133245] ? memcg_event_wake+0x210/0x210 [ 304.137581] ? do_raw_spin_unlock+0x171/0x260 [ 304.142080] try_charge+0xe22/0x1300 [ 304.145806] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 304.150660] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 304.155517] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 304.161581] ? __lock_acquire+0x6ee/0x49c0 [ 304.165819] mem_cgroup_try_charge+0x249/0x5c0 [ 304.170405] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 304.175338] wp_page_copy+0x3fe/0x1530 [ 304.179239] ? follow_pfn+0x260/0x260 [ 304.183041] ? __lock_acquire+0x6ee/0x49c0 [ 304.187287] do_wp_page+0x518/0xfa0 [ 304.190919] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 304.195607] __handle_mm_fault+0x21a4/0x3b60 [ 304.200020] ? copy_page_range+0x1e70/0x1e70 [ 304.204430] ? count_memcg_event_mm+0x279/0x4c0 [ 304.209118] handle_mm_fault+0x1a5/0x670 [ 304.213186] __get_user_pages+0x599/0x1650 [ 304.217432] ? follow_page_mask+0x1a60/0x1a60 [ 304.221928] ? mark_held_locks+0xf0/0xf0 [ 304.225996] ? lock_acquire+0x170/0x400 [ 304.229992] populate_vma_page_range+0x1fd/0x290 [ 304.234755] __mm_populate+0x1e8/0x350 [ 304.238651] ? populate_vma_page_range+0x290/0x290 [ 304.243583] ? do_mlock+0x6b0/0x6b0 [ 304.247220] __x64_sys_mlockall+0x340/0x500 [ 304.251552] do_syscall_64+0xf9/0x620 [ 304.255361] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 304.260551] RIP: 0033:0x45c849 [ 304.263745] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 304.282645] RSP: 002b:00007fb703578c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 304.290356] RAX: ffffffffffffffda RBX: 00007fb7035796d4 RCX: 000000000045c849 [ 304.297626] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 304.304897] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 304.312169] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 304.319437] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bfac [ 304.327056] Task in /syz3 killed as a result of limit of /syz3 [ 304.333125] memory: usage 307200kB, limit 307200kB, failcnt 83 [ 304.339105] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 304.345963] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 304.352156] Memory cgroup stats for /syz3: cache:0KB rss:298888KB rss_huge:186368KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:122972KB active_anon:60KB inactive_file:4KB active_file:4KB unevictable:176076KB [ 304.373461] Memory cgroup out of memory: Kill process 10164 (syz-executor.3) score 1233 or sacrifice child [ 304.383377] Killed process 10203 (syz-executor.3) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB 03:05:57 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:57 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:05:58 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 304.772302] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 304.783592] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 304.788988] CPU: 1 PID: 10278 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 304.796873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 304.806229] Call Trace: [ 304.808826] dump_stack+0x188/0x20d [ 304.812465] dump_header+0x159/0xa5e [ 304.816214] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 304.821324] ? ___ratelimit+0x59/0x573 [ 304.825224] oom_kill_process.cold+0x10/0x6dc [ 304.829731] ? task_will_free_mem+0x134/0x6d0 [ 304.834255] out_of_memory+0x349/0x1250 [ 304.838261] ? oom_killer_disable+0x270/0x270 [ 304.842775] mem_cgroup_out_of_memory+0x1c7/0x240 [ 304.847629] ? memcg_event_wake+0x210/0x210 [ 304.851966] ? do_raw_spin_unlock+0x171/0x260 [ 304.856468] try_charge+0xe22/0x1300 [ 304.860197] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 304.865047] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 304.869897] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 304.875958] ? mark_held_locks+0xf0/0xf0 [ 304.880028] mem_cgroup_try_charge+0x249/0x5c0 [ 304.884617] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 304.889549] __handle_mm_fault+0x1cfb/0x3b60 [ 304.893964] ? copy_page_range+0x1e70/0x1e70 [ 304.898373] ? count_memcg_event_mm+0x279/0x4c0 [ 304.903063] handle_mm_fault+0x1a5/0x670 [ 304.907129] __get_user_pages+0x599/0x1650 [ 304.911396] ? follow_page_mask+0x1a60/0x1a60 [ 304.915917] ? lock_acquire+0x170/0x400 [ 304.919901] populate_vma_page_range+0x1fd/0x290 [ 304.924662] __mm_populate+0x1e8/0x350 [ 304.928560] ? populate_vma_page_range+0x290/0x290 [ 304.933488] ? do_mlock+0x6b0/0x6b0 [ 304.937129] __x64_sys_mlockall+0x340/0x500 [ 304.941473] do_syscall_64+0xf9/0x620 [ 304.945284] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 304.950507] RIP: 0033:0x45c849 [ 304.953698] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 304.972591] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 304.980291] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 304.987562] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 304.994829] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 305.002088] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 305.009353] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 305.016755] Task in /syz4 killed as a result of limit of /syz4 [ 305.022796] memory: usage 307200kB, limit 307200kB, failcnt 3228 [ 305.028950] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 305.035756] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 305.041961] Memory cgroup stats for /syz4: cache:0KB rss:298616KB rss_huge:239616KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:161848KB active_anon:2136KB inactive_file:8KB active_file:0KB unevictable:134644KB [ 305.063424] Memory cgroup out of memory: Kill process 8470 (syz-executor.4) score 1163 or sacrifice child [ 305.073223] Killed process 8470 (syz-executor.4) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB 03:05:58 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 305.689023] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 305.701059] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 305.706650] CPU: 1 PID: 10278 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 305.714543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 305.723908] Call Trace: [ 305.726512] dump_stack+0x188/0x20d [ 305.730158] dump_header+0x159/0xa5e [ 305.733892] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 03:05:59 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:05:59 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:05:59 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) [ 305.739007] ? ___ratelimit+0x59/0x573 [ 305.742916] oom_kill_process.cold+0x10/0x6dc [ 305.747430] ? task_will_free_mem+0x134/0x6d0 [ 305.751943] out_of_memory+0x349/0x1250 [ 305.755937] ? oom_killer_disable+0x270/0x270 [ 305.760450] mem_cgroup_out_of_memory+0x1c7/0x240 [ 305.765306] ? memcg_event_wake+0x210/0x210 [ 305.769643] ? do_raw_spin_unlock+0x171/0x260 [ 305.774146] try_charge+0xe22/0x1300 [ 305.777870] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 305.782725] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 305.787576] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 305.793646] mem_cgroup_try_charge+0x249/0x5c0 [ 305.798238] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 305.803180] wp_page_copy+0x3fe/0x1530 [ 305.807094] ? follow_pfn+0x260/0x260 [ 305.810909] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 305.815501] do_wp_page+0x518/0xfa0 [ 305.819140] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 305.823833] __handle_mm_fault+0x21a4/0x3b60 [ 305.828253] ? copy_page_range+0x1e70/0x1e70 [ 305.832665] ? count_memcg_event_mm+0x279/0x4c0 [ 305.837360] handle_mm_fault+0x1a5/0x670 [ 305.841435] __get_user_pages+0x599/0x1650 [ 305.845700] ? follow_page_mask+0x1a60/0x1a60 [ 305.850228] populate_vma_page_range+0x1fd/0x290 [ 305.854994] __mm_populate+0x1e8/0x350 [ 305.858895] ? populate_vma_page_range+0x290/0x290 [ 305.863832] ? do_mlock+0x6b0/0x6b0 [ 305.867479] __x64_sys_mlockall+0x340/0x500 [ 305.871811] do_syscall_64+0xf9/0x620 [ 305.875626] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 305.880933] RIP: 0033:0x45c849 [ 305.884135] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 305.903045] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 305.910764] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 305.918047] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 305.925325] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 305.932605] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 305.939883] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 305.957958] Task in /syz4 killed as a result of limit of /syz4 [ 305.964294] memory: usage 307200kB, limit 307200kB, failcnt 3242 [ 305.970564] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 305.977425] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 305.983679] Memory cgroup stats for /syz4: cache:0KB rss:298592KB rss_huge:235520KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:147092KB active_anon:2112KB inactive_file:0KB active_file:4KB unevictable:149324KB [ 306.005717] Memory cgroup out of memory: Kill process 10276 (syz-executor.4) score 1233 or sacrifice child [ 306.015867] Killed process 10395 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 03:06:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:06:01 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 308.151637] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 308.162950] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 308.168351] CPU: 0 PID: 10418 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 308.176232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.185587] Call Trace: [ 308.188265] dump_stack+0x188/0x20d [ 308.191924] dump_header+0x159/0xa5e [ 308.195648] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 308.200753] ? ___ratelimit+0x59/0x573 [ 308.204657] oom_kill_process.cold+0x10/0x6dc [ 308.209189] ? task_will_free_mem+0x134/0x6d0 [ 308.213698] out_of_memory+0x349/0x1250 [ 308.217684] ? oom_killer_disable+0x270/0x270 [ 308.222196] mem_cgroup_out_of_memory+0x1c7/0x240 [ 308.227042] ? memcg_event_wake+0x210/0x210 [ 308.231386] ? do_raw_spin_unlock+0x171/0x260 [ 308.235889] try_charge+0xe22/0x1300 [ 308.239618] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 308.244474] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 308.249347] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 308.255412] ? mark_held_locks+0xf0/0xf0 [ 308.259491] mem_cgroup_try_charge+0x249/0x5c0 [ 308.264091] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 308.269028] __handle_mm_fault+0x1cfb/0x3b60 [ 308.273453] ? copy_page_range+0x1e70/0x1e70 [ 308.277874] ? count_memcg_event_mm+0x279/0x4c0 [ 308.282604] handle_mm_fault+0x1a5/0x670 [ 308.286692] __get_user_pages+0x599/0x1650 [ 308.290944] ? follow_page_mask+0x1a60/0x1a60 [ 308.295452] ? lock_acquire+0x170/0x400 [ 308.299428] populate_vma_page_range+0x1fd/0x290 [ 308.304190] __mm_populate+0x1e8/0x350 [ 308.308087] ? populate_vma_page_range+0x290/0x290 [ 308.313006] ? do_mlock+0x6b0/0x6b0 [ 308.316627] __x64_sys_mlockall+0x340/0x500 [ 308.320943] do_syscall_64+0xf9/0x620 [ 308.324741] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 308.329927] RIP: 0033:0x45c849 [ 308.333114] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 308.352010] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 308.359715] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 308.367082] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 308.374341] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 308.381598] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 308.388871] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 308.398137] Task in /syz4 killed as a result of limit of /syz4 [ 308.404227] memory: usage 307200kB, limit 307200kB, failcnt 3261 [ 308.410454] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 308.417209] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 308.423412] Memory cgroup stats for /syz4: cache:0KB rss:298300KB rss_huge:235520KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:161856KB active_anon:2128KB inactive_file:4KB active_file:4KB unevictable:134396KB [ 308.444905] Memory cgroup out of memory: Kill process 8578 (syz-executor.4) score 1163 or sacrifice child [ 308.454691] Killed process 8578 (syz-executor.4) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB 03:06:02 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:06:02 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 308.756785] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 308.768073] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 308.773538] CPU: 1 PID: 10418 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 308.781431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 308.790790] Call Trace: [ 308.793377] dump_stack+0x188/0x20d [ 308.796998] dump_header+0x159/0xa5e [ 308.800703] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 308.805810] ? ___ratelimit+0x59/0x573 [ 308.809690] oom_kill_process.cold+0x10/0x6dc [ 308.814178] ? task_will_free_mem+0x134/0x6d0 [ 308.818678] out_of_memory+0x349/0x1250 [ 308.822644] ? oom_killer_disable+0x270/0x270 [ 308.827137] mem_cgroup_out_of_memory+0x1c7/0x240 [ 308.831998] ? memcg_event_wake+0x210/0x210 [ 308.836316] ? do_raw_spin_unlock+0x171/0x260 [ 308.840798] try_charge+0xe22/0x1300 [ 308.844502] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 308.849336] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 308.854172] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 308.860225] ? __lock_acquire+0x6ee/0x49c0 [ 308.864459] mem_cgroup_try_charge+0x249/0x5c0 [ 308.869030] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 308.873950] wp_page_copy+0x3fe/0x1530 [ 308.877829] ? follow_pfn+0x260/0x260 [ 308.881619] ? __lock_acquire+0x6ee/0x49c0 [ 308.885847] do_wp_page+0x518/0xfa0 [ 308.889465] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 308.894128] __handle_mm_fault+0x21a4/0x3b60 [ 308.898546] ? copy_page_range+0x1e70/0x1e70 [ 308.902951] ? count_memcg_event_mm+0x279/0x4c0 [ 308.907647] handle_mm_fault+0x1a5/0x670 [ 308.911706] __get_user_pages+0x599/0x1650 [ 308.915939] ? follow_page_mask+0x1a60/0x1a60 [ 308.920437] ? mark_held_locks+0xf0/0xf0 [ 308.924498] ? lock_acquire+0x170/0x400 [ 308.928473] populate_vma_page_range+0x1fd/0x290 [ 308.933225] __mm_populate+0x1e8/0x350 [ 308.937112] ? populate_vma_page_range+0x290/0x290 [ 308.942032] ? do_mlock+0x6b0/0x6b0 [ 308.945659] __x64_sys_mlockall+0x340/0x500 [ 308.949970] do_syscall_64+0xf9/0x620 [ 308.953760] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 308.958934] RIP: 0033:0x45c849 [ 308.962123] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 308.981015] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 308.988709] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 308.995965] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 03:06:02 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 309.003220] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 309.010474] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 309.017729] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 309.028175] Task in /syz4 killed as a result of limit of /syz4 [ 309.035496] memory: usage 307200kB, limit 307200kB, failcnt 3784 [ 309.041726] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 309.048485] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 309.054678] Memory cgroup stats for /syz4: cache:0KB rss:298076KB rss_huge:233472KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:146844KB active_anon:2104KB inactive_file:4KB active_file:4KB unevictable:149324KB [ 309.076134] Memory cgroup out of memory: Kill process 10417 (syz-executor.4) score 1233 or sacrifice child [ 309.086018] Killed process 10423 (syz-executor.4) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 03:06:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:06:02 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 309.435341] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 309.464961] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 309.508967] CPU: 1 PID: 10432 Comm: syz-executor.5 Not tainted 4.19.112-syzkaller #0 [ 309.516899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 309.526282] Call Trace: [ 309.528885] dump_stack+0x188/0x20d [ 309.532521] dump_header+0x159/0xa5e [ 309.536241] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 309.541350] ? ___ratelimit+0x59/0x573 [ 309.545246] oom_kill_process.cold+0x10/0x6dc [ 309.549750] ? task_will_free_mem+0x134/0x6d0 [ 309.554260] out_of_memory+0x349/0x1250 [ 309.558241] ? oom_killer_disable+0x270/0x270 [ 309.562750] mem_cgroup_out_of_memory+0x1c7/0x240 [ 309.567599] ? memcg_event_wake+0x210/0x210 [ 309.571930] ? do_raw_spin_unlock+0x171/0x260 [ 309.576427] try_charge+0xe22/0x1300 [ 309.580150] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 309.584998] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 309.589848] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 309.595907] ? mark_held_locks+0xf0/0xf0 [ 309.599984] mem_cgroup_try_charge+0x249/0x5c0 [ 309.604590] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 309.609524] __handle_mm_fault+0x1cfb/0x3b60 [ 309.613937] ? copy_page_range+0x1e70/0x1e70 [ 309.618346] ? count_memcg_event_mm+0x279/0x4c0 [ 309.623041] handle_mm_fault+0x1a5/0x670 [ 309.627109] __get_user_pages+0x599/0x1650 [ 309.631355] ? follow_page_mask+0x1a60/0x1a60 [ 309.635859] ? lock_acquire+0x170/0x400 [ 309.639846] populate_vma_page_range+0x1fd/0x290 [ 309.644610] __mm_populate+0x1e8/0x350 [ 309.648500] ? populate_vma_page_range+0x290/0x290 [ 309.653427] ? do_mlock+0x6b0/0x6b0 [ 309.657067] __x64_sys_mlockall+0x340/0x500 [ 309.661411] do_syscall_64+0xf9/0x620 [ 309.665229] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 309.670430] RIP: 0033:0x45c849 [ 309.673635] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 309.692548] RSP: 002b:00007fe95a5afc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 309.700283] RAX: ffffffffffffffda RBX: 00007fe95a5b06d4 RCX: 000000000045c849 [ 309.707563] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 309.714845] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 309.722117] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 309.729390] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c 03:06:03 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:06:03 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 310.484213] Task in /syz5 killed as a result of limit of /syz5 [ 310.493986] memory: usage 307200kB, limit 307200kB, failcnt 47 [ 310.502449] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 310.603642] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 310.660815] Memory cgroup stats for /syz5: cache:0KB rss:298092KB rss_huge:204800KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:118980KB active_anon:192KB inactive_file:0KB active_file:12KB unevictable:178904KB [ 310.811623] Memory cgroup out of memory: Kill process 8808 (syz-executor.5) score 1163 or sacrifice child [ 310.884880] Killed process 8808 (syz-executor.5) total-vm:74964kB, anon-rss:18508kB, file-rss:34816kB, shmem-rss:0kB 03:06:04 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 311.181206] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 311.192510] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 311.197906] CPU: 1 PID: 10555 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 311.205792] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 311.215145] Call Trace: [ 311.217743] dump_stack+0x188/0x20d [ 311.221379] dump_header+0x159/0xa5e [ 311.225105] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 311.230209] ? ___ratelimit+0x59/0x573 [ 311.234102] oom_kill_process.cold+0x10/0x6dc [ 311.238605] ? task_will_free_mem+0x134/0x6d0 [ 311.243109] out_of_memory+0x349/0x1250 [ 311.247096] ? oom_killer_disable+0x270/0x270 [ 311.251602] mem_cgroup_out_of_memory+0x1c7/0x240 [ 311.256444] ? memcg_event_wake+0x210/0x210 [ 311.260777] ? do_raw_spin_unlock+0x171/0x260 [ 311.265271] try_charge+0xe22/0x1300 [ 311.268992] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 311.273838] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 311.278689] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 311.284750] ? mark_held_locks+0xf0/0xf0 [ 311.288820] mem_cgroup_try_charge+0x249/0x5c0 [ 311.293413] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 311.298343] __handle_mm_fault+0x1cfb/0x3b60 [ 311.302756] ? copy_page_range+0x1e70/0x1e70 [ 311.307167] ? count_memcg_event_mm+0x279/0x4c0 [ 311.311860] handle_mm_fault+0x1a5/0x670 [ 311.315928] __get_user_pages+0x599/0x1650 [ 311.320177] ? follow_page_mask+0x1a60/0x1a60 [ 311.324680] ? lock_acquire+0x170/0x400 [ 311.328663] populate_vma_page_range+0x1fd/0x290 [ 311.333427] __mm_populate+0x1e8/0x350 [ 311.337322] ? populate_vma_page_range+0x290/0x290 [ 311.342266] ? do_mlock+0x6b0/0x6b0 [ 311.345906] __x64_sys_mlockall+0x340/0x500 [ 311.350237] do_syscall_64+0xf9/0x620 [ 311.354045] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 311.359237] RIP: 0033:0x45c849 [ 311.362441] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 311.381445] RSP: 002b:00007f0aad337c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 311.389158] RAX: ffffffffffffffda RBX: 00007f0aad3386d4 RCX: 000000000045c849 [ 311.396431] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 311.403706] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 311.410986] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 311.418262] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bfac [ 311.425734] Task in /syz4 killed as a result of limit of /syz4 03:06:04 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:06:04 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 311.431772] memory: usage 307200kB, limit 307200kB, failcnt 3854 [ 311.437928] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 311.445946] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 311.452151] Memory cgroup stats for /syz4: cache:0KB rss:298072KB rss_huge:233472KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:161864KB active_anon:2128KB inactive_file:4KB active_file:0KB unevictable:134160KB [ 311.473600] Memory cgroup out of memory: Kill process 8604 (syz-executor.4) score 1163 or sacrifice child [ 311.483413] Killed process 8604 (syz-executor.4) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 311.500543] oom_reaper: reaped process 8604 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 312.458909] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 312.543213] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 312.588195] CPU: 0 PID: 10550 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 312.596126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 312.605486] Call Trace: [ 312.608089] dump_stack+0x188/0x20d [ 312.611731] dump_header+0x159/0xa5e [ 312.615666] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 312.620783] ? ___ratelimit+0x59/0x573 [ 312.624687] oom_kill_process.cold+0x10/0x6dc [ 312.629200] ? task_will_free_mem+0x134/0x6d0 [ 312.633835] out_of_memory+0x349/0x1250 [ 312.637829] ? oom_killer_disable+0x270/0x270 [ 312.642347] mem_cgroup_out_of_memory+0x1c7/0x240 [ 312.647203] ? memcg_event_wake+0x210/0x210 [ 312.651544] ? do_raw_spin_unlock+0x171/0x260 [ 312.656053] try_charge+0xe22/0x1300 [ 312.659789] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 312.664649] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 312.669514] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 312.675591] ? __lock_acquire+0x6ee/0x49c0 [ 312.679850] mem_cgroup_try_charge+0x249/0x5c0 [ 312.684446] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 312.689388] wp_page_copy+0x3fe/0x1530 [ 312.693291] ? follow_pfn+0x260/0x260 [ 312.697103] ? __lock_acquire+0x6ee/0x49c0 [ 312.701351] do_wp_page+0x518/0xfa0 [ 312.704991] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 312.709695] __handle_mm_fault+0x21a4/0x3b60 [ 312.714114] ? copy_page_range+0x1e70/0x1e70 [ 312.718530] ? count_memcg_event_mm+0x279/0x4c0 [ 312.723225] handle_mm_fault+0x1a5/0x670 [ 312.727303] __get_user_pages+0x599/0x1650 [ 312.731560] ? follow_page_mask+0x1a60/0x1a60 [ 312.736150] ? mark_held_locks+0xf0/0xf0 [ 312.740232] ? lock_acquire+0x170/0x400 [ 312.744219] populate_vma_page_range+0x1fd/0x290 [ 312.748991] __mm_populate+0x1e8/0x350 [ 312.752891] ? populate_vma_page_range+0x290/0x290 [ 312.757825] ? do_mlock+0x6b0/0x6b0 [ 312.761466] __x64_sys_mlockall+0x340/0x500 [ 312.765864] do_syscall_64+0xf9/0x620 [ 312.769679] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 312.774875] RIP: 0033:0x45c849 [ 312.778079] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 312.796994] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 312.804719] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 312.812003] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 312.819282] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 312.826673] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 312.833955] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c 03:06:06 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:06:06 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:06:06 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:06:06 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:06:06 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 312.988498] Task in /syz4 killed as a result of limit of /syz4 [ 312.995498] memory: usage 307200kB, limit 307200kB, failcnt 3893 [ 313.007046] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 313.014024] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 313.020312] Memory cgroup stats for /syz4: cache:0KB rss:297808KB rss_huge:231424KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:162652KB active_anon:2104KB inactive_file:0KB active_file:0KB unevictable:133200KB [ 313.042085] Memory cgroup out of memory: Kill process 10549 (syz-executor.4) score 1233 or sacrifice child [ 313.052046] Killed process 10668 (syz-executor.4) total-vm:74964kB, anon-rss:18512kB, file-rss:34816kB, shmem-rss:0kB [ 313.069697] oom_reaper: reaped process 10668 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB 03:06:08 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:06:08 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:06:08 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:06:08 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:06:08 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) [ 316.611273] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 316.839380] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 316.863761] CPU: 1 PID: 10835 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 316.871701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 316.881068] Call Trace: [ 316.883764] dump_stack+0x188/0x20d [ 316.887420] dump_header+0x159/0xa5e [ 316.891153] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 316.896274] ? ___ratelimit+0x59/0x573 [ 316.900186] oom_kill_process.cold+0x10/0x6dc [ 316.904819] ? task_will_free_mem+0x134/0x6d0 [ 316.909340] out_of_memory+0x349/0x1250 [ 316.913341] ? oom_killer_disable+0x270/0x270 [ 316.918045] mem_cgroup_out_of_memory+0x1c7/0x240 [ 316.922925] ? memcg_event_wake+0x210/0x210 [ 316.927277] ? do_raw_spin_unlock+0x171/0x260 [ 316.931788] try_charge+0xe22/0x1300 [ 316.935526] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 316.940389] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 316.945258] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 316.951346] ? __lock_acquire+0x6ee/0x49c0 [ 316.955604] mem_cgroup_try_charge+0x249/0x5c0 [ 316.960212] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 316.965165] wp_page_copy+0x3fe/0x1530 [ 316.969340] ? follow_pfn+0x260/0x260 [ 316.973158] ? __lock_acquire+0x6ee/0x49c0 [ 316.977414] do_wp_page+0x518/0xfa0 [ 316.981076] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 316.985768] __handle_mm_fault+0x21a4/0x3b60 [ 316.990296] ? copy_page_range+0x1e70/0x1e70 [ 316.994723] ? count_memcg_event_mm+0x279/0x4c0 [ 316.999431] handle_mm_fault+0x1a5/0x670 [ 317.003675] __get_user_pages+0x599/0x1650 [ 317.007937] ? follow_page_mask+0x1a60/0x1a60 [ 317.012449] ? mark_held_locks+0xf0/0xf0 [ 317.016517] ? lock_acquire+0x170/0x400 [ 317.020494] populate_vma_page_range+0x1fd/0x290 [ 317.025364] __mm_populate+0x1e8/0x350 [ 317.029260] ? populate_vma_page_range+0x290/0x290 [ 317.034194] ? do_mlock+0x6b0/0x6b0 [ 317.037827] __x64_sys_mlockall+0x340/0x500 [ 317.042151] do_syscall_64+0xf9/0x620 [ 317.045957] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 317.051143] RIP: 0033:0x45c849 [ 317.054339] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 317.073235] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 317.080938] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 317.088202] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 317.095522] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 317.102825] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 317.110105] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 317.159430] Task in /syz4 killed as a result of limit of /syz4 [ 317.165496] memory: usage 307200kB, limit 307200kB, failcnt 3915 [ 317.189365] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 317.196233] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 317.202728] Memory cgroup stats for /syz4: cache:0KB rss:297644KB rss_huge:217088KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:162584KB active_anon:2104KB inactive_file:4KB active_file:0KB unevictable:133068KB 03:06:10 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:06:10 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 317.309205] Memory cgroup out of memory: Kill process 10825 (syz-executor.4) score 1233 or sacrifice child [ 317.340135] Killed process 10916 (syz-executor.4) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB 03:06:10 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 317.410351] oom_reaper: reaped process 10916 (syz-executor.4), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 317.421705] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 317.433140] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 317.438780] CPU: 0 PID: 10928 Comm: syz-executor.0 Not tainted 4.19.112-syzkaller #0 [ 317.446677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.456041] Call Trace: [ 317.458668] dump_stack+0x188/0x20d [ 317.462324] dump_header+0x159/0xa5e [ 317.466066] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 317.471188] ? ___ratelimit+0x59/0x573 [ 317.475096] oom_kill_process.cold+0x10/0x6dc [ 317.479617] ? task_will_free_mem+0x134/0x6d0 [ 317.484247] out_of_memory+0x349/0x1250 [ 317.488247] ? oom_killer_disable+0x270/0x270 [ 317.492773] mem_cgroup_out_of_memory+0x1c7/0x240 [ 317.497630] ? memcg_event_wake+0x210/0x210 [ 317.501974] ? do_raw_spin_unlock+0x171/0x260 [ 317.506486] try_charge+0xe22/0x1300 [ 317.510223] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 317.515079] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 317.519935] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 317.526129] ? __lock_acquire+0x6ee/0x49c0 [ 317.530380] mem_cgroup_try_charge+0x249/0x5c0 [ 317.534978] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 317.539923] wp_page_copy+0x3fe/0x1530 [ 317.543941] ? follow_pfn+0x260/0x260 [ 317.547751] ? __lock_acquire+0x6ee/0x49c0 [ 317.552009] do_wp_page+0x518/0xfa0 [ 317.555666] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 317.560354] __handle_mm_fault+0x21a4/0x3b60 [ 317.564791] ? copy_page_range+0x1e70/0x1e70 [ 317.569206] ? count_memcg_event_mm+0x279/0x4c0 [ 317.573904] handle_mm_fault+0x1a5/0x670 [ 317.577982] __get_user_pages+0x599/0x1650 [ 317.582236] ? follow_page_mask+0x1a60/0x1a60 [ 317.586742] ? mark_held_locks+0xf0/0xf0 [ 317.590817] ? lock_acquire+0x170/0x400 [ 317.594804] populate_vma_page_range+0x1fd/0x290 [ 317.599585] __mm_populate+0x1e8/0x350 [ 317.603486] ? populate_vma_page_range+0x290/0x290 [ 317.608417] ? do_mlock+0x6b0/0x6b0 [ 317.612064] __x64_sys_mlockall+0x340/0x500 [ 317.616486] do_syscall_64+0xf9/0x620 [ 317.620414] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 317.625925] RIP: 0033:0x45c849 [ 317.629139] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 317.648396] RSP: 002b:00007f1e7c40ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 317.656136] RAX: ffffffffffffffda RBX: 00007f1e7c40f6d4 RCX: 000000000045c849 [ 317.663423] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 317.670711] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 317.677999] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 317.685282] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bfac [ 317.692968] Task in /syz0 killed as a result of limit of /syz0 [ 317.698973] memory: usage 307200kB, limit 307200kB, failcnt 64 [ 317.705134] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 317.711960] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 317.718106] Memory cgroup stats for /syz0: cache:96KB rss:297932KB rss_huge:122880KB shmem:220KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:179000KB active_anon:4372KB inactive_file:4KB active_file:20KB unevictable:114636KB [ 317.740150] Memory cgroup out of memory: Kill process 10922 (syz-executor.0) score 1233 or sacrifice child [ 317.750069] Killed process 10929 (syz-executor.0) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB 03:06:11 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 317.799947] syz-executor.0 invoked oom-killer: gfp_mask=0x6040d0(GFP_KERNEL|__GFP_COMP|__GFP_RECLAIMABLE), nodemask=(null), order=0, oom_score_adj=1000 [ 317.837155] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 317.877507] CPU: 1 PID: 10926 Comm: syz-executor.0 Not tainted 4.19.112-syzkaller #0 [ 317.885651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 317.895337] Call Trace: [ 317.897951] dump_stack+0x188/0x20d [ 317.901604] dump_header+0x159/0xa5e [ 317.905343] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 317.910581] ? ___ratelimit+0x59/0x573 [ 317.914497] oom_kill_process.cold+0x10/0x6dc [ 317.919012] ? task_will_free_mem+0x134/0x6d0 [ 317.923536] out_of_memory+0x349/0x1250 [ 317.927533] ? oom_killer_disable+0x270/0x270 [ 317.932058] mem_cgroup_out_of_memory+0x1c7/0x240 [ 317.936922] ? memcg_event_wake+0x210/0x210 [ 317.941270] ? do_raw_spin_unlock+0x171/0x260 [ 317.945790] try_charge+0xbdf/0x1300 [ 317.949624] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 317.954581] ? __lock_is_held+0xad/0x140 [ 317.958676] ? rcu_read_lock_sched_held+0x10a/0x130 [ 317.963855] ? __alloc_pages_nodemask+0x5d1/0x6a0 [ 317.968718] memcg_kmem_charge_memcg+0x7b/0x150 [ 317.973408] ? memcg_kmem_put_cache+0xb0/0xb0 [ 317.977916] ? mark_held_locks+0xa6/0xf0 [ 317.982100] ? cache_grow_begin+0x580/0x8a0 [ 317.986446] cache_grow_begin+0x3ed/0x8a0 [ 317.990774] fallback_alloc+0x205/0x2d0 [ 317.994778] kmem_cache_alloc+0x1ea/0x710 [ 317.998953] ? lookup_one_len_unlocked+0x100/0x100 [ 318.003915] alloc_inode+0xab/0x180 [ 318.007737] new_inode_pseudo+0x14/0xe0 [ 318.011732] new_inode+0x1b/0x40 [ 318.015116] debugfs_get_inode+0x1a/0x130 [ 318.019282] __debugfs_create_file+0xb6/0x400 [ 318.023943] kvm_dev_ioctl+0xa03/0x1720 [ 318.027945] ? debug_check_no_obj_freed+0x20a/0x42e [ 318.032994] ? kvm_put_kvm+0xc50/0xc50 [ 318.036999] ? kvm_put_kvm+0xc50/0xc50 [ 318.040921] do_vfs_ioctl+0xcda/0x12e0 [ 318.044982] ? selinux_file_ioctl+0x46c/0x5d0 [ 318.049495] ? selinux_file_ioctl+0x125/0x5d0 [ 318.054010] ? check_preemption_disabled+0x41/0x280 [ 318.059044] ? ioctl_preallocate+0x200/0x200 [ 318.063588] ? selinux_file_mprotect+0x600/0x600 [ 318.068378] ? __fget+0x340/0x510 [ 318.071858] ? iterate_fd+0x350/0x350 [ 318.075950] ? security_file_ioctl+0x6c/0xb0 [ 318.080509] ksys_ioctl+0x9b/0xc0 [ 318.083982] __x64_sys_ioctl+0x6f/0xb0 [ 318.087889] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 318.092491] do_syscall_64+0xf9/0x620 [ 318.096321] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 318.101529] RIP: 0033:0x45c849 [ 318.104734] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 318.123894] RSP: 002b:00007f1e7c42fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 318.131744] RAX: ffffffffffffffda RBX: 00007f1e7c4306d4 RCX: 000000000045c849 [ 318.139202] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003 [ 318.146486] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 318.153928] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 318.161376] R13: 000000000000038f R14: 00000000004c6057 R15: 000000000076bf0c 03:06:11 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:06:12 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:06:12 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 319.105053] Task in /syz0 killed as a result of limit of /syz0 [ 319.111138] memory: usage 288896kB, limit 307200kB, failcnt 65 [ 319.117329] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 319.124184] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 319.130372] Memory cgroup stats for /syz0: cache:96KB rss:279872KB rss_huge:122880KB shmem:220KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:160816KB active_anon:4372KB inactive_file:0KB active_file:24KB unevictable:114768KB [ 319.152333] Memory cgroup out of memory: Kill process 10922 (syz-executor.0) score 1233 or sacrifice child [ 319.162378] Killed process 10926 (syz-executor.0) total-vm:74964kB, anon-rss:18512kB, file-rss:56432kB, shmem-rss:0kB [ 319.902875] oom_reaper: reaped process 10926 (syz-executor.0), now anon-rss:18512kB, file-rss:56424kB, shmem-rss:0kB 03:06:13 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 320.315969] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 320.362714] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 320.368167] CPU: 1 PID: 11160 Comm: syz-executor.5 Not tainted 4.19.112-syzkaller #0 [ 320.376070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 320.385557] Call Trace: [ 320.388174] dump_stack+0x188/0x20d [ 320.391831] dump_header+0x159/0xa5e [ 320.395570] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 320.400697] ? ___ratelimit+0x59/0x573 [ 320.404622] oom_kill_process.cold+0x10/0x6dc [ 320.409152] ? task_will_free_mem+0x134/0x6d0 [ 320.413682] out_of_memory+0x349/0x1250 [ 320.417690] ? oom_killer_disable+0x270/0x270 [ 320.422362] mem_cgroup_out_of_memory+0x1c7/0x240 [ 320.427227] ? memcg_event_wake+0x210/0x210 [ 320.431583] ? do_raw_spin_unlock+0x171/0x260 [ 320.436100] try_charge+0xe22/0x1300 [ 320.439844] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 320.444719] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 320.449588] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 320.455668] ? __lock_acquire+0x6ee/0x49c0 [ 320.459924] mem_cgroup_try_charge+0x249/0x5c0 [ 320.464529] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 320.469480] wp_page_copy+0x3fe/0x1530 [ 320.473391] ? follow_pfn+0x260/0x260 [ 320.477207] ? __lock_acquire+0x6ee/0x49c0 [ 320.481468] do_wp_page+0x518/0xfa0 [ 320.485119] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 320.489813] __handle_mm_fault+0x21a4/0x3b60 [ 320.494366] ? copy_page_range+0x1e70/0x1e70 [ 320.498791] ? count_memcg_event_mm+0x279/0x4c0 [ 320.503502] handle_mm_fault+0x1a5/0x670 [ 320.507590] __get_user_pages+0x599/0x1650 [ 320.511856] ? follow_page_mask+0x1a60/0x1a60 [ 320.516375] ? mark_held_locks+0xf0/0xf0 [ 320.520466] ? lock_acquire+0x170/0x400 [ 320.524611] populate_vma_page_range+0x1fd/0x290 [ 320.529397] __mm_populate+0x1e8/0x350 [ 320.533310] ? populate_vma_page_range+0x290/0x290 [ 320.538256] ? do_mlock+0x6b0/0x6b0 [ 320.541912] __x64_sys_mlockall+0x340/0x500 [ 320.546262] do_syscall_64+0xf9/0x620 [ 320.550088] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 320.555294] RIP: 0033:0x45c849 [ 320.558605] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 320.577525] RSP: 002b:00007fe95a58ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 320.585477] RAX: ffffffffffffffda RBX: 00007fe95a58f6d4 RCX: 000000000045c849 [ 320.592774] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 320.600067] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 03:06:13 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 320.607350] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 320.614626] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bfac [ 320.773916] Task in /syz5 killed as a result of limit of /syz5 [ 320.794239] memory: usage 307200kB, limit 307200kB, failcnt 76 03:06:14 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 320.906983] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 320.988237] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 321.034627] Memory cgroup stats for /syz5: cache:0KB rss:293096KB rss_huge:188416KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:102520KB active_anon:176KB inactive_file:0KB active_file:8KB unevictable:190416KB 03:06:14 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:06:14 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) [ 321.125893] Memory cgroup out of memory: Kill process 10941 (syz-executor.5) score 1232 or sacrifice child [ 321.167891] Killed process 11160 (syz-executor.5) total-vm:74832kB, anon-rss:18384kB, file-rss:56432kB, shmem-rss:0kB [ 321.179525] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 321.191024] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 321.196426] CPU: 0 PID: 11273 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 321.204438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 321.213802] Call Trace: [ 321.216562] dump_stack+0x188/0x20d [ 321.220218] dump_header+0x159/0xa5e [ 321.223955] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 321.229078] ? ___ratelimit+0x59/0x573 [ 321.232998] oom_kill_process.cold+0x10/0x6dc [ 321.237837] ? task_will_free_mem+0x134/0x6d0 [ 321.242360] out_of_memory+0x349/0x1250 [ 321.246358] ? oom_killer_disable+0x270/0x270 [ 321.250968] mem_cgroup_out_of_memory+0x1c7/0x240 [ 321.255825] ? memcg_event_wake+0x210/0x210 [ 321.260169] ? do_raw_spin_unlock+0x171/0x260 [ 321.264789] try_charge+0xe22/0x1300 [ 321.268525] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 321.273393] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 321.278481] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 321.284676] ? mark_held_locks+0xf0/0xf0 [ 321.288767] mem_cgroup_try_charge+0x249/0x5c0 [ 321.293371] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 321.298322] __handle_mm_fault+0x1cfb/0x3b60 [ 321.302845] ? copy_page_range+0x1e70/0x1e70 [ 321.307358] ? count_memcg_event_mm+0x279/0x4c0 [ 321.312082] handle_mm_fault+0x1a5/0x670 [ 321.316170] __get_user_pages+0x599/0x1650 [ 321.320560] ? follow_page_mask+0x1a60/0x1a60 [ 321.325176] ? lock_acquire+0x170/0x400 [ 321.329173] populate_vma_page_range+0x1fd/0x290 [ 321.333951] __mm_populate+0x1e8/0x350 [ 321.337859] ? populate_vma_page_range+0x290/0x290 [ 321.342799] ? do_mlock+0x6b0/0x6b0 [ 321.346465] __x64_sys_mlockall+0x340/0x500 [ 321.350824] do_syscall_64+0xf9/0x620 [ 321.354647] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 321.359854] RIP: 0033:0x45c849 [ 321.363415] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 321.382330] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 321.390054] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 [ 321.397419] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 321.404695] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 03:06:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 321.412117] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 321.419487] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 321.427157] Task in /syz4 killed as a result of limit of /syz4 [ 321.433335] memory: usage 307200kB, limit 307200kB, failcnt 3949 [ 321.439997] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 321.446780] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 321.453024] Memory cgroup stats for /syz4: cache:0KB rss:297664KB rss_huge:217088KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:178244KB active_anon:2120KB inactive_file:4KB active_file:0KB unevictable:117300KB [ 321.474658] Memory cgroup out of memory: Kill process 8992 (syz-executor.4) score 1163 or sacrifice child [ 321.484499] Killed process 8992 (syz-executor.4) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB 03:06:15 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 322.027624] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 03:06:15 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 322.127389] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 322.134126] CPU: 1 PID: 11274 Comm: syz-executor.3 Not tainted 4.19.112-syzkaller #0 [ 322.142070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.151737] Call Trace: [ 322.154456] dump_stack+0x188/0x20d [ 322.158116] dump_header+0x159/0xa5e [ 322.161860] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 322.167115] ? ___ratelimit+0x59/0x573 [ 322.171177] oom_kill_process.cold+0x10/0x6dc [ 322.175704] ? task_will_free_mem+0x134/0x6d0 [ 322.180231] out_of_memory+0x349/0x1250 [ 322.184230] ? oom_killer_disable+0x270/0x270 [ 322.188756] mem_cgroup_out_of_memory+0x1c7/0x240 [ 322.193620] ? memcg_event_wake+0x210/0x210 [ 322.197970] ? do_raw_spin_unlock+0x171/0x260 [ 322.202605] try_charge+0xe22/0x1300 [ 322.206346] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 322.211210] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 322.216079] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 322.222300] mem_cgroup_try_charge+0x249/0x5c0 [ 322.226906] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 322.231856] wp_page_copy+0x3fe/0x1530 [ 322.235811] ? follow_pfn+0x260/0x260 [ 322.239633] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 322.244237] do_wp_page+0x518/0xfa0 [ 322.247884] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 322.252984] __handle_mm_fault+0x21a4/0x3b60 [ 322.257421] ? copy_page_range+0x1e70/0x1e70 [ 322.261855] ? count_memcg_event_mm+0x279/0x4c0 [ 322.266574] handle_mm_fault+0x1a5/0x670 [ 322.270796] __get_user_pages+0x599/0x1650 [ 322.275068] ? follow_page_mask+0x1a60/0x1a60 [ 322.279591] ? populate_vma_page_range+0x10e/0x290 [ 322.284549] populate_vma_page_range+0x1fd/0x290 [ 322.289334] __mm_populate+0x1e8/0x350 [ 322.293246] ? populate_vma_page_range+0x290/0x290 [ 322.298276] ? do_mlock+0x6b0/0x6b0 [ 322.301927] __x64_sys_mlockall+0x340/0x500 [ 322.306278] do_syscall_64+0xf9/0x620 [ 322.310098] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 322.315315] RIP: 0033:0x45c849 [ 322.318607] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 322.337638] RSP: 002b:00007fb703599c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 322.345367] RAX: ffffffffffffffda RBX: 00007fb70359a6d4 RCX: 000000000045c849 [ 322.352775] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 322.360064] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 322.367463] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff 03:06:15 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 322.374752] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 322.391229] Task in /syz3 killed as a result of limit of /syz3 [ 322.416338] memory: usage 307200kB, limit 307200kB, failcnt 114 [ 322.434163] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 322.460457] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 322.471447] Memory cgroup stats for /syz3: cache:0KB rss:297576KB rss_huge:188416KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:119080KB active_anon:2472KB inactive_file:4KB active_file:0KB unevictable:176080KB [ 322.555749] Memory cgroup out of memory: Kill process 11271 (syz-executor.3) score 1233 or sacrifice child [ 322.589062] Killed process 11312 (syz-executor.3) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 322.715375] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 322.726723] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 322.732174] CPU: 1 PID: 11407 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 322.740055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 322.749412] Call Trace: [ 322.752010] dump_stack+0x188/0x20d [ 322.755646] dump_header+0x159/0xa5e [ 322.759366] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 322.764483] ? ___ratelimit+0x59/0x573 [ 322.768380] oom_kill_process.cold+0x10/0x6dc [ 322.772883] ? task_will_free_mem+0x134/0x6d0 [ 322.777385] out_of_memory+0x349/0x1250 [ 322.781371] ? oom_killer_disable+0x270/0x270 [ 322.785885] mem_cgroup_out_of_memory+0x1c7/0x240 [ 322.790732] ? memcg_event_wake+0x210/0x210 [ 322.795062] ? do_raw_spin_unlock+0x171/0x260 [ 322.799563] try_charge+0xe22/0x1300 [ 322.803303] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 322.808150] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 322.813000] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 322.819061] ? mark_held_locks+0xf0/0xf0 [ 322.823130] mem_cgroup_try_charge+0x249/0x5c0 [ 322.827724] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 322.832657] __handle_mm_fault+0x1cfb/0x3b60 [ 322.837071] ? copy_page_range+0x1e70/0x1e70 [ 322.841497] ? count_memcg_event_mm+0x279/0x4c0 [ 322.846186] handle_mm_fault+0x1a5/0x670 [ 322.850253] __get_user_pages+0x599/0x1650 [ 322.854526] ? follow_page_mask+0x1a60/0x1a60 [ 322.859035] ? lock_acquire+0x170/0x400 [ 322.863017] populate_vma_page_range+0x1fd/0x290 [ 322.867789] __mm_populate+0x1e8/0x350 [ 322.871693] ? populate_vma_page_range+0x290/0x290 [ 322.876630] ? do_mlock+0x6b0/0x6b0 [ 322.880276] __x64_sys_mlockall+0x340/0x500 [ 322.884615] do_syscall_64+0xf9/0x620 [ 322.888426] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 322.893616] RIP: 0033:0x45c849 [ 322.896811] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 322.915827] RSP: 002b:00007f0aad337c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 322.923542] RAX: ffffffffffffffda RBX: 00007f0aad3386d4 RCX: 000000000045c849 [ 322.930829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 322.938095] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 322.945363] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 322.952633] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bfac [ 322.960834] Task in /syz4 killed as a result of limit of /syz4 [ 322.966837] memory: usage 307200kB, limit 307200kB, failcnt 3976 [ 322.973010] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 322.979802] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 322.985939] Memory cgroup stats for /syz4: cache:0KB rss:297532KB rss_huge:217088KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:178244KB active_anon:2128KB inactive_file:8KB active_file:0KB unevictable:117160KB [ 323.007381] Memory cgroup out of memory: Kill process 9135 (syz-executor.4) score 1163 or sacrifice child [ 323.017166] Killed process 9135 (syz-executor.4) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 323.220165] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 323.344414] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 323.387306] CPU: 1 PID: 11308 Comm: syz-executor.0 Not tainted 4.19.112-syzkaller #0 [ 323.395244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 323.404600] Call Trace: [ 323.407200] dump_stack+0x188/0x20d [ 323.410839] dump_header+0x159/0xa5e [ 323.414567] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 323.419683] ? ___ratelimit+0x59/0x573 [ 323.423590] oom_kill_process.cold+0x10/0x6dc [ 323.428102] ? task_will_free_mem+0x134/0x6d0 [ 323.432609] out_of_memory+0x349/0x1250 [ 323.436597] ? oom_killer_disable+0x270/0x270 [ 323.441108] mem_cgroup_out_of_memory+0x1c7/0x240 [ 323.445961] ? memcg_event_wake+0x210/0x210 [ 323.450299] ? do_raw_spin_unlock+0x171/0x260 [ 323.454799] try_charge+0xe22/0x1300 [ 323.458526] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 323.463376] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 323.468227] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 323.474293] ? mark_held_locks+0xf0/0xf0 [ 323.478366] mem_cgroup_try_charge+0x249/0x5c0 [ 323.482957] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 323.487897] __handle_mm_fault+0x1cfb/0x3b60 [ 323.492309] ? copy_page_range+0x1e70/0x1e70 [ 323.496719] ? count_memcg_event_mm+0x279/0x4c0 [ 323.501406] handle_mm_fault+0x1a5/0x670 [ 323.505480] __get_user_pages+0x599/0x1650 [ 323.509730] ? follow_page_mask+0x1a60/0x1a60 [ 323.514231] ? vma_set_page_prot+0x182/0x230 [ 323.518656] ? lock_acquire+0x170/0x400 [ 323.522657] populate_vma_page_range+0x1fd/0x290 [ 323.527429] __mm_populate+0x1e8/0x350 [ 323.531330] ? populate_vma_page_range+0x290/0x290 [ 323.536269] ? do_mmap+0x5c3/0x1060 [ 323.539916] vm_mmap_pgoff+0x1e2/0x200 [ 323.543821] ? vma_is_stack_for_current+0xc0/0xc0 [ 323.548682] ksys_mmap_pgoff+0xd8/0x5b0 [ 323.552666] ? find_mergeable_anon_vma+0x2e0/0x2e0 [ 323.557665] ? __ia32_sys_clock_settime+0x260/0x260 [ 323.562689] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 323.567452] ? trace_hardirqs_off_caller+0x55/0x210 [ 323.572475] ? do_syscall_64+0x21/0x620 [ 323.576463] do_syscall_64+0xf9/0x620 [ 323.580270] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 323.585457] RIP: 0033:0x45c89a [ 323.588650] Code: 89 f5 41 54 49 89 fc 55 53 74 35 49 63 e8 48 63 da 4d 89 f9 49 89 e8 4d 63 d6 48 89 da 4c 89 ee 4c 89 e7 b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 4e 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 00 [ 323.607556] RSP: 002b:00007ffdfb98eac8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 323.615273] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045c89a [ 323.622549] RDX: 0000000000000003 RSI: 0000000000021000 RDI: 0000000000000000 [ 323.629817] RBP: ffffffffffffffff R08: ffffffffffffffff R09: 0000000000000000 [ 323.637087] R10: 0000000000020022 R11: 0000000000000246 R12: 0000000000000000 [ 323.644355] R13: 0000000000021000 R14: 0000000000020022 R15: 0000000000000000 [ 323.697447] Task in /syz0 killed as a result of limit of /syz0 [ 323.729011] memory: usage 307200kB, limit 307200kB, failcnt 91 [ 323.759187] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 323.806752] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 323.835130] Memory cgroup stats for /syz0: cache:96KB rss:297876KB rss_huge:122880KB shmem:220KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:179068KB active_anon:4372KB inactive_file:8KB active_file:12KB unevictable:114572KB 03:06:17 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 323.975632] Memory cgroup out of memory: Kill process 11308 (syz-executor.0) score 1233 or sacrifice child [ 324.078668] Killed process 11372 (syz-executor.0) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 03:06:17 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 324.524673] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 324.720371] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 324.769347] CPU: 0 PID: 11526 Comm: syz-executor.5 Not tainted 4.19.112-syzkaller #0 [ 324.777270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 324.786624] Call Trace: [ 324.789218] dump_stack+0x188/0x20d [ 324.792850] dump_header+0x159/0xa5e [ 324.796571] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 324.801670] ? ___ratelimit+0x59/0x573 [ 324.805562] oom_kill_process.cold+0x10/0x6dc [ 324.810067] ? task_will_free_mem+0x134/0x6d0 [ 324.814573] out_of_memory+0x349/0x1250 [ 324.818559] ? oom_killer_disable+0x270/0x270 [ 324.823069] mem_cgroup_out_of_memory+0x1c7/0x240 [ 324.827913] ? memcg_event_wake+0x210/0x210 [ 324.832248] ? do_raw_spin_unlock+0x171/0x260 [ 324.836746] try_charge+0xe22/0x1300 [ 324.840469] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 324.845315] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 324.850165] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 324.856222] ? mark_held_locks+0xf0/0xf0 [ 324.860292] mem_cgroup_try_charge+0x249/0x5c0 [ 324.864886] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 324.869833] __handle_mm_fault+0x1cfb/0x3b60 [ 324.874251] ? copy_page_range+0x1e70/0x1e70 [ 324.878659] ? count_memcg_event_mm+0x279/0x4c0 [ 324.883352] handle_mm_fault+0x1a5/0x670 [ 324.887467] __get_user_pages+0x599/0x1650 [ 324.891729] ? follow_page_mask+0x1a60/0x1a60 [ 324.896242] ? lock_acquire+0x170/0x400 [ 324.900230] populate_vma_page_range+0x1fd/0x290 [ 324.905000] __mm_populate+0x1e8/0x350 [ 324.908914] ? populate_vma_page_range+0x290/0x290 [ 324.913852] ? do_mlock+0x6b0/0x6b0 [ 324.917492] __x64_sys_mlockall+0x340/0x500 [ 324.921829] do_syscall_64+0xf9/0x620 [ 324.925644] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 324.930834] RIP: 0033:0x45c849 [ 324.934031] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 324.952936] RSP: 002b:00007fe95a5afc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 324.960648] RAX: ffffffffffffffda RBX: 00007fe95a5b06d4 RCX: 000000000045c849 [ 324.967919] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 324.975188] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 324.982465] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 324.989752] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c 03:06:18 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) [ 325.619835] Task in /syz5 killed as a result of limit of /syz5 [ 325.629293] memory: usage 307200kB, limit 307200kB, failcnt 111 [ 325.674043] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 325.712394] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 325.796842] Memory cgroup stats for /syz5: cache:0KB rss:297624KB rss_huge:188416KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:121156KB active_anon:192KB inactive_file:12KB active_file:0KB unevictable:176424KB 03:06:19 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:06:19 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:06:19 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:06:19 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 325.946801] Memory cgroup out of memory: Kill process 11419 (syz-executor.5) score 1164 or sacrifice child [ 325.988926] Killed process 11419 (syz-executor.5) total-vm:75096kB, anon-rss:18636kB, file-rss:34816kB, shmem-rss:0kB 03:06:20 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:06:20 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:06:21 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:06:21 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:06:21 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:06:21 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) [ 328.816733] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 328.828238] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 328.834135] CPU: 1 PID: 11782 Comm: syz-executor.5 Not tainted 4.19.112-syzkaller #0 [ 328.842033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 328.851385] Call Trace: [ 328.853990] dump_stack+0x188/0x20d [ 328.857623] dump_header+0x159/0xa5e [ 328.861342] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 328.866445] ? ___ratelimit+0x59/0x573 [ 328.870341] oom_kill_process.cold+0x10/0x6dc [ 328.874842] ? task_will_free_mem+0x134/0x6d0 [ 328.879346] out_of_memory+0x349/0x1250 [ 328.883327] ? oom_killer_disable+0x270/0x270 [ 328.887832] mem_cgroup_out_of_memory+0x1c7/0x240 [ 328.892715] ? memcg_event_wake+0x210/0x210 [ 328.897065] ? do_raw_spin_unlock+0x171/0x260 [ 328.901563] try_charge+0xe22/0x1300 [ 328.905285] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 328.910151] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 328.915009] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 328.921071] ? retint_kernel+0x2d/0x2d [ 328.924978] mem_cgroup_try_charge+0x249/0x5c0 [ 328.929631] ? alloc_pages_vma+0xff/0x580 [ 328.933790] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 328.938736] do_huge_pmd_wp_page+0x921/0x32f0 [ 328.943246] ? __split_huge_pmd+0x29c0/0x29c0 [ 328.947739] ? retint_kernel+0x2d/0x2d [ 328.951646] ? pmd_val+0x7c/0xf0 [ 328.955017] ? add_mm_counter_fast.part.0+0x40/0x40 [ 328.960148] ? __handle_mm_fault+0x538/0x3b60 [ 328.964665] __handle_mm_fault+0x1561/0x3b60 [ 328.969090] ? copy_page_range+0x1e70/0x1e70 [ 328.973504] ? count_memcg_event_mm+0x279/0x4c0 [ 328.978201] handle_mm_fault+0x1a5/0x670 [ 328.982270] __get_user_pages+0x599/0x1650 [ 328.986535] ? follow_page_mask+0x1a60/0x1a60 [ 328.991042] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 328.995806] ? retint_kernel+0x2d/0x2d [ 328.999705] populate_vma_page_range+0x1fd/0x290 [ 329.004475] __mm_populate+0x1e8/0x350 [ 329.008373] ? populate_vma_page_range+0x290/0x290 [ 329.013300] ? do_mlock+0x6b0/0x6b0 [ 329.016936] __x64_sys_mlockall+0x340/0x500 [ 329.021267] do_syscall_64+0xf9/0x620 [ 329.025073] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 329.030261] RIP: 0033:0x45c849 [ 329.033457] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 329.052357] RSP: 002b:00007fe95a5afc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 329.060064] RAX: ffffffffffffffda RBX: 00007fe95a5b06d4 RCX: 000000000045c849 [ 329.067331] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 329.074602] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 329.081873] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 329.089144] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 329.097155] Task in /syz5 killed as a result of limit of /syz5 [ 329.103420] memory: usage 307200kB, limit 307200kB, failcnt 146 [ 329.109699] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 329.116550] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 329.122974] Memory cgroup stats for /syz5: cache:0KB rss:296676KB rss_huge:198656KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:106188KB active_anon:176KB inactive_file:4KB active_file:4KB unevictable:190412KB [ 329.145073] Memory cgroup out of memory: Kill process 11781 (syz-executor.5) score 1233 or sacrifice child [ 329.155333] Killed process 11795 (syz-executor.5) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB 03:06:23 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 330.038179] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 330.134634] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 330.181580] CPU: 1 PID: 11777 Comm: syz-executor.4 Not tainted 4.19.112-syzkaller #0 [ 330.189505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 330.198858] Call Trace: [ 330.201451] dump_stack+0x188/0x20d [ 330.205085] dump_header+0x159/0xa5e [ 330.208815] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 330.213920] ? ___ratelimit+0x59/0x573 [ 330.217818] oom_kill_process.cold+0x10/0x6dc [ 330.222333] out_of_memory+0x349/0x1250 [ 330.226314] ? oom_killer_disable+0x270/0x270 [ 330.230825] mem_cgroup_out_of_memory+0x1c7/0x240 [ 330.235673] ? memcg_event_wake+0x210/0x210 [ 330.240007] ? do_raw_spin_unlock+0x171/0x260 [ 330.244505] try_charge+0xe22/0x1300 [ 330.248228] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 330.253078] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 330.257926] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 330.263985] ? mark_held_locks+0xf0/0xf0 [ 330.268055] mem_cgroup_try_charge+0x249/0x5c0 [ 330.272645] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 330.277576] __handle_mm_fault+0x1cfb/0x3b60 [ 330.281988] ? copy_page_range+0x1e70/0x1e70 [ 330.286397] ? count_memcg_event_mm+0x279/0x4c0 [ 330.291087] handle_mm_fault+0x1a5/0x670 [ 330.295157] __get_user_pages+0x599/0x1650 [ 330.299405] ? follow_page_mask+0x1a60/0x1a60 [ 330.303904] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 330.308673] ? retint_kernel+0x2d/0x2d [ 330.312574] populate_vma_page_range+0x1fd/0x290 [ 330.317340] __mm_populate+0x1e8/0x350 [ 330.321239] ? populate_vma_page_range+0x290/0x290 [ 330.326171] ? do_mlock+0x6b0/0x6b0 [ 330.329807] __x64_sys_mlockall+0x340/0x500 [ 330.334134] do_syscall_64+0xf9/0x620 [ 330.337942] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 330.343136] RIP: 0033:0x45c849 [ 330.346333] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 330.365231] RSP: 002b:00007f0aad358c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 330.372941] RAX: ffffffffffffffda RBX: 00007f0aad3596d4 RCX: 000000000045c849 03:06:23 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 330.380207] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 330.387476] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 330.394745] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 330.402013] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 330.571486] Task in /syz4 killed as a result of limit of /syz4 [ 330.577762] memory: usage 307200kB, limit 307200kB, failcnt 4385 [ 330.584189] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 330.591100] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 330.597326] Memory cgroup stats for /syz4: cache:0KB rss:296716KB rss_huge:204800KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:178236KB active_anon:2356KB inactive_file:0KB active_file:0KB unevictable:116236KB 03:06:24 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 330.620223] Memory cgroup out of memory: Kill process 10410 (syz-executor.4) score 1163 or sacrifice child [ 330.630597] Killed process 10410 (syz-executor.4) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 330.646265] oom_reaper: reaped process 10410 (syz-executor.4), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:06:24 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) [ 331.242954] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 331.254560] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 331.260370] CPU: 1 PID: 11907 Comm: syz-executor.5 Not tainted 4.19.112-syzkaller #0 [ 331.268251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 331.277602] Call Trace: [ 331.280199] dump_stack+0x188/0x20d [ 331.283832] dump_header+0x159/0xa5e [ 331.287555] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 331.292661] ? ___ratelimit+0x59/0x573 [ 331.296554] oom_kill_process.cold+0x10/0x6dc [ 331.301058] ? out_of_memory+0x26a/0x1250 [ 331.305209] out_of_memory+0x349/0x1250 [ 331.309190] ? oom_killer_disable+0x270/0x270 [ 331.313692] ? mem_cgroup_out_of_memory+0x97/0x240 [ 331.318631] mem_cgroup_out_of_memory+0x1c7/0x240 [ 331.323478] ? memcg_event_wake+0x210/0x210 [ 331.327809] ? do_raw_spin_unlock+0x171/0x260 [ 331.332307] try_charge+0xe22/0x1300 [ 331.336032] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 331.340880] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 331.345732] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 331.351793] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 331.356557] mem_cgroup_try_charge+0x249/0x5c0 [ 331.361148] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 331.366084] wp_page_copy+0x3fe/0x1530 [ 331.369981] ? follow_pfn+0x260/0x260 [ 331.373784] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 331.378545] do_wp_page+0x518/0xfa0 [ 331.382180] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 331.386860] __handle_mm_fault+0x21a4/0x3b60 [ 331.391278] ? copy_page_range+0x1e70/0x1e70 [ 331.395689] ? count_memcg_event_mm+0x279/0x4c0 [ 331.400380] handle_mm_fault+0x1a5/0x670 [ 331.404452] __get_user_pages+0x599/0x1650 [ 331.408699] ? follow_page_mask+0x1a60/0x1a60 [ 331.413195] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 331.417955] ? retint_kernel+0x2d/0x2d [ 331.421868] populate_vma_page_range+0x1fd/0x290 [ 331.426631] __mm_populate+0x1e8/0x350 [ 331.430522] ? populate_vma_page_range+0x290/0x290 [ 331.435452] ? do_mlock+0x6b0/0x6b0 [ 331.439088] __x64_sys_mlockall+0x340/0x500 [ 331.443420] do_syscall_64+0xf9/0x620 [ 331.447224] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 331.452414] RIP: 0033:0x45c849 [ 331.455615] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 331.474516] RSP: 002b:00007fe95a5afc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 331.482225] RAX: ffffffffffffffda RBX: 00007fe95a5b06d4 RCX: 000000000045c849 [ 331.489499] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 331.496771] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 331.504041] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 331.511311] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 331.524829] Task in /syz5 killed as a result of limit of /syz5 [ 331.531144] memory: usage 307200kB, limit 307200kB, failcnt 178 [ 331.537315] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 331.544163] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 331.550509] Memory cgroup stats for /syz5: cache:0KB rss:297600KB rss_huge:198656KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:106188KB active_anon:176KB inactive_file:4KB active_file:4KB unevictable:191348KB [ 331.572461] Memory cgroup out of memory: Kill process 11906 (syz-executor.5) score 1233 or sacrifice child [ 331.582589] Killed process 11912 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 03:06:25 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:06:26 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:06:26 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:06:26 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) [ 333.441133] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 333.452723] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 333.458310] CPU: 0 PID: 11930 Comm: syz-executor.5 Not tainted 4.19.112-syzkaller #0 [ 333.466189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 333.475537] Call Trace: [ 333.478133] dump_stack+0x188/0x20d [ 333.481764] dump_header+0x159/0xa5e [ 333.485479] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 333.490580] ? ___ratelimit+0x59/0x573 [ 333.494472] oom_kill_process.cold+0x10/0x6dc [ 333.498974] ? out_of_memory+0x2fc/0x1250 [ 333.503131] out_of_memory+0x349/0x1250 [ 333.507117] ? oom_killer_disable+0x270/0x270 [ 333.511621] mem_cgroup_out_of_memory+0x1c7/0x240 [ 333.516463] ? memcg_event_wake+0x210/0x210 [ 333.520797] ? do_raw_spin_unlock+0x171/0x260 [ 333.525290] try_charge+0xe22/0x1300 [ 333.529013] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 333.533863] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 333.538708] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 333.544776] mem_cgroup_try_charge+0x249/0x5c0 [ 333.549366] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 333.554299] wp_page_copy+0x3fe/0x1530 [ 333.558197] ? follow_pfn+0x260/0x260 [ 333.562003] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 333.566767] do_wp_page+0x518/0xfa0 [ 333.570395] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 333.575070] ? __sanitizer_cov_trace_pc+0x1c/0x50 [ 333.579947] __handle_mm_fault+0x21a4/0x3b60 [ 333.584356] ? copy_page_range+0x1e70/0x1e70 [ 333.588767] ? count_memcg_event_mm+0x279/0x4c0 [ 333.593466] handle_mm_fault+0x1a5/0x670 [ 333.597535] __get_user_pages+0x599/0x1650 [ 333.601781] ? follow_page_mask+0x1a60/0x1a60 [ 333.606302] ? populate_vma_page_range+0x10e/0x290 [ 333.611234] populate_vma_page_range+0x1fd/0x290 [ 333.615993] __mm_populate+0x1e8/0x350 [ 333.619887] ? populate_vma_page_range+0x290/0x290 [ 333.624812] ? do_mlock+0x6b0/0x6b0 [ 333.628447] __x64_sys_mlockall+0x340/0x500 [ 333.632773] do_syscall_64+0xf9/0x620 [ 333.636579] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 333.641770] RIP: 0033:0x45c849 [ 333.644969] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 333.663870] RSP: 002b:00007fe95a58ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 333.671580] RAX: ffffffffffffffda RBX: 00007fe95a58f6d4 RCX: 000000000045c849 [ 333.678851] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 333.686119] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 333.693391] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 333.700663] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bfac [ 333.709121] Task in /syz5 killed as a result of limit of /syz5 [ 333.715527] memory: usage 307200kB, limit 307200kB, failcnt 247 [ 333.721874] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 333.728725] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 333.735140] Memory cgroup stats for /syz5: cache:0KB rss:297564KB rss_huge:188416KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:107092KB active_anon:176KB inactive_file:0KB active_file:4KB unevictable:190412KB [ 333.757403] Memory cgroup out of memory: Kill process 11925 (syz-executor.5) score 1233 or sacrifice child [ 333.767924] Killed process 11934 (syz-executor.5) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB 03:06:28 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:06:28 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:06:28 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 03:06:28 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 335.915593] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 335.927158] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 335.932887] CPU: 0 PID: 12056 Comm: syz-executor.5 Not tainted 4.19.112-syzkaller #0 [ 335.940784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 335.950144] Call Trace: [ 335.952749] dump_stack+0x188/0x20d [ 335.956386] dump_header+0x159/0xa5e [ 335.960107] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 335.965214] ? ___ratelimit+0x59/0x573 [ 335.969110] oom_kill_process.cold+0x10/0x6dc [ 335.973614] ? out_of_memory+0x435/0x1250 [ 335.977769] out_of_memory+0x349/0x1250 [ 335.981846] ? css_next_descendant_pre+0x6e/0x180 [ 335.986707] ? oom_killer_disable+0x270/0x270 [ 335.991216] mem_cgroup_out_of_memory+0x1c7/0x240 [ 335.996067] ? memcg_event_wake+0x210/0x210 [ 336.000398] ? do_raw_spin_unlock+0x171/0x260 [ 336.004895] try_charge+0xe22/0x1300 [ 336.008614] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 336.013465] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 336.018342] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 336.024405] ? lock_downgrade+0x740/0x740 [ 336.028561] mem_cgroup_try_charge+0x249/0x5c0 [ 336.033153] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 336.038087] do_huge_pmd_wp_page+0x921/0x32f0 [ 336.042595] ? __split_huge_pmd+0x29c0/0x29c0 [ 336.047097] ? pmd_val+0x7c/0xf0 [ 336.050467] ? add_mm_counter_fast.part.0+0x40/0x40 [ 336.055490] __handle_mm_fault+0x1561/0x3b60 [ 336.059907] ? copy_page_range+0x1e70/0x1e70 [ 336.064315] ? count_memcg_event_mm+0x279/0x4c0 [ 336.069005] handle_mm_fault+0x1a5/0x670 [ 336.073072] __get_user_pages+0x599/0x1650 [ 336.077317] ? follow_page_mask+0x1a60/0x1a60 [ 336.081831] populate_vma_page_range+0x1fd/0x290 [ 336.086592] __mm_populate+0x1e8/0x350 [ 336.090486] ? populate_vma_page_range+0x290/0x290 [ 336.095413] ? do_mlock+0x6b0/0x6b0 [ 336.099048] __x64_sys_mlockall+0x340/0x500 [ 336.103372] do_syscall_64+0xf9/0x620 [ 336.107181] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 336.112366] RIP: 0033:0x45c849 [ 336.115558] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 336.134459] RSP: 002b:00007fe95a58ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 336.142168] RAX: ffffffffffffffda RBX: 00007fe95a58f6d4 RCX: 000000000045c849 [ 336.149449] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 336.156722] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 336.163992] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 336.171269] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bfac [ 336.179555] Task in /syz5 killed as a result of limit of /syz5 [ 336.185820] memory: usage 307200kB, limit 307200kB, failcnt 299 [ 336.192079] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 336.198929] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 336.205195] Memory cgroup stats for /syz5: cache:0KB rss:296696KB rss_huge:196608KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:104140KB active_anon:176KB inactive_file:4KB active_file:0KB unevictable:192460KB [ 336.227043] Memory cgroup out of memory: Kill process 12050 (syz-executor.5) score 1233 or sacrifice child [ 336.237254] Killed process 12059 (syz-executor.5) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB 03:06:30 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:06:30 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) [ 337.021464] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 337.039492] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 337.048883] CPU: 0 PID: 12054 Comm: syz-executor.3 Not tainted 4.19.112-syzkaller #0 [ 337.056784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 337.066147] Call Trace: [ 337.068751] dump_stack+0x188/0x20d [ 337.072396] dump_header+0x159/0xa5e [ 337.076126] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 337.081236] ? ___ratelimit+0x59/0x573 [ 337.085141] oom_kill_process.cold+0x10/0x6dc [ 337.089649] ? task_will_free_mem+0x134/0x6d0 [ 337.094162] out_of_memory+0x349/0x1250 [ 337.098145] ? oom_killer_disable+0x270/0x270 [ 337.102664] mem_cgroup_out_of_memory+0x1c7/0x240 [ 337.107541] ? memcg_event_wake+0x210/0x210 [ 337.111887] ? do_raw_spin_unlock+0x171/0x260 [ 337.116402] try_charge+0xe22/0x1300 [ 337.120132] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 337.124996] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 337.129857] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 337.135932] ? lock_downgrade+0x740/0x740 [ 337.140100] mem_cgroup_try_charge+0x249/0x5c0 [ 337.144710] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 337.149659] do_huge_pmd_wp_page+0x921/0x32f0 [ 337.154172] ? __split_huge_pmd+0x29c0/0x29c0 [ 337.158680] ? pmd_val+0x7c/0xf0 [ 337.162064] ? add_mm_counter_fast.part.0+0x40/0x40 [ 337.167098] __handle_mm_fault+0x1561/0x3b60 03:06:30 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 337.171515] ? copy_page_range+0x1e70/0x1e70 [ 337.175936] ? count_memcg_event_mm+0x279/0x4c0 [ 337.180628] handle_mm_fault+0x1a5/0x670 [ 337.184702] __do_page_fault+0x5ed/0xdd0 [ 337.188783] ? trace_hardirqs_off_caller+0x55/0x210 [ 337.193814] ? vmalloc_fault+0x730/0x730 [ 337.197886] ? page_fault+0x8/0x30 [ 337.201432] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 337.206288] ? page_fault+0x8/0x30 [ 337.209839] page_fault+0x1e/0x30 [ 337.213293] RIP: 0033:0x400604 [ 337.216492] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 51 58 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 337.235401] RSP: 002b:00007fffe10a5040 EFLAGS: 00010202 [ 337.240783] RAX: 0000000000000001 RBX: 000000000076c900 RCX: 0000000000000000 [ 337.248061] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000001 [ 337.255455] RBP: 0000000000770780 R08: 0000000000000000 R09: 0000000000000000 [ 337.262736] R10: 00007fffe10a5150 R11: 0000000000000246 R12: 000000000076c040 03:06:30 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 337.270019] R13: 0000000000770788 R14: 00000000000523f5 R15: 000000000076c04c 03:06:31 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 338.637196] Task in /syz3 killed as a result of limit of /syz3 [ 338.643317] memory: usage 307200kB, limit 307200kB, failcnt 140 [ 338.649961] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 338.656738] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 338.663286] Memory cgroup stats for /syz3: cache:0KB rss:296116KB rss_huge:190464KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:117564KB active_anon:2472KB inactive_file:4KB active_file:0KB unevictable:176208KB [ 338.685179] Memory cgroup out of memory: Kill process 12054 (syz-executor.3) score 1233 or sacrifice child [ 338.695373] Killed process 12173 (syz-executor.3) total-vm:74964kB, anon-rss:18512kB, file-rss:34816kB, shmem-rss:0kB [ 338.770443] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 338.781837] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 338.787264] CPU: 1 PID: 12254 Comm: syz-executor.5 Not tainted 4.19.112-syzkaller #0 [ 338.795147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 338.804508] Call Trace: [ 338.807100] dump_stack+0x188/0x20d [ 338.810727] dump_header+0x159/0xa5e [ 338.814450] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 338.819544] ? ___ratelimit+0x59/0x573 [ 338.823427] oom_kill_process.cold+0x10/0x6dc [ 338.827918] ? task_will_free_mem+0x134/0x6d0 [ 338.832405] out_of_memory+0x349/0x1250 [ 338.836372] ? oom_killer_disable+0x270/0x270 [ 338.840904] mem_cgroup_out_of_memory+0x1c7/0x240 [ 338.845735] ? memcg_event_wake+0x210/0x210 [ 338.850050] ? do_raw_spin_unlock+0x171/0x260 [ 338.854548] try_charge+0xe22/0x1300 [ 338.858257] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 338.863108] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 338.867942] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 338.873988] ? mark_held_locks+0xf0/0xf0 [ 338.878050] mem_cgroup_try_charge+0x249/0x5c0 [ 338.882624] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 338.887558] __handle_mm_fault+0x1cfb/0x3b60 [ 338.891958] ? copy_page_range+0x1e70/0x1e70 [ 338.896357] ? count_memcg_event_mm+0x279/0x4c0 [ 338.901138] handle_mm_fault+0x1a5/0x670 [ 338.905201] __get_user_pages+0x599/0x1650 [ 338.909429] ? follow_page_mask+0x1a60/0x1a60 [ 338.913920] ? lock_acquire+0x170/0x400 [ 338.918011] populate_vma_page_range+0x1fd/0x290 [ 338.922765] __mm_populate+0x1e8/0x350 [ 338.926648] ? populate_vma_page_range+0x290/0x290 [ 338.931568] ? do_mlock+0x6b0/0x6b0 [ 338.935191] __x64_sys_mlockall+0x340/0x500 [ 338.939508] do_syscall_64+0xf9/0x620 [ 338.943308] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 338.948487] RIP: 0033:0x45c849 [ 338.951670] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 338.970558] RSP: 002b:00007fe95a5afc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 338.978252] RAX: ffffffffffffffda RBX: 00007fe95a5b06d4 RCX: 000000000045c849 [ 338.985524] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 338.992796] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 339.000065] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 339.007324] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 339.014811] Task in /syz5 killed as a result of limit of /syz5 03:06:32 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) [ 339.020862] memory: usage 307200kB, limit 307200kB, failcnt 1023 [ 339.027125] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 339.033985] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 339.040458] Memory cgroup stats for /syz5: cache:0KB rss:297352KB rss_huge:198656KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:118852KB active_anon:192KB inactive_file:4KB active_file:0KB unevictable:178440KB [ 339.061883] Memory cgroup out of memory: Kill process 10413 (syz-executor.5) score 1163 or sacrifice child [ 339.071794] Killed process 10413 (syz-executor.5) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 339.155164] oom_reaper: reaped process 10413 (syz-executor.5), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB 03:06:32 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:06:32 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 339.970486] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 341.014864] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 341.027203] CPU: 0 PID: 12297 Comm: syz-executor.0 Not tainted 4.19.112-syzkaller #0 [ 341.035117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 341.044472] Call Trace: [ 341.047070] dump_stack+0x188/0x20d [ 341.050709] dump_header+0x159/0xa5e [ 341.054431] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 341.059539] ? ___ratelimit+0x59/0x573 [ 341.063433] oom_kill_process.cold+0x10/0x6dc [ 341.067938] ? task_will_free_mem+0x134/0x6d0 [ 341.072441] out_of_memory+0x349/0x1250 [ 341.076423] ? oom_killer_disable+0x270/0x270 [ 341.080935] mem_cgroup_out_of_memory+0x1c7/0x240 [ 341.085781] ? memcg_event_wake+0x210/0x210 [ 341.090114] ? do_raw_spin_unlock+0x171/0x260 [ 341.094610] try_charge+0xe22/0x1300 [ 341.098343] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 341.103196] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 341.108050] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 341.114114] ? mark_held_locks+0xf0/0xf0 [ 341.118190] mem_cgroup_try_charge+0x249/0x5c0 [ 341.122779] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 341.127711] __handle_mm_fault+0x1cfb/0x3b60 [ 341.132126] ? copy_page_range+0x1e70/0x1e70 [ 341.136538] ? count_memcg_event_mm+0x279/0x4c0 [ 341.141227] handle_mm_fault+0x1a5/0x670 [ 341.145296] __get_user_pages+0x599/0x1650 [ 341.149548] ? follow_page_mask+0x1a60/0x1a60 [ 341.154054] ? lock_acquire+0x170/0x400 [ 341.158040] populate_vma_page_range+0x1fd/0x290 [ 341.162810] __mm_populate+0x1e8/0x350 [ 341.166703] ? populate_vma_page_range+0x290/0x290 [ 341.171631] ? do_mlock+0x6b0/0x6b0 [ 341.175267] __x64_sys_mlockall+0x340/0x500 [ 341.179594] do_syscall_64+0xf9/0x620 [ 341.183402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 341.188591] RIP: 0033:0x45c849 [ 341.191784] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 341.211037] RSP: 002b:00007f1e7c42fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 341.218746] RAX: ffffffffffffffda RBX: 00007f1e7c4306d4 RCX: 000000000045c849 [ 341.226019] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 341.233287] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 341.240565] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 341.247833] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c 03:06:34 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 341.542085] Task in /syz0 killed as a result of limit of /syz0 [ 341.549664] memory: usage 307200kB, limit 307200kB, failcnt 110 [ 341.555872] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 341.577207] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 341.669370] Memory cgroup stats for /syz0: cache:96KB rss:297168KB rss_huge:126976KB shmem:220KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:179200KB active_anon:4736KB inactive_file:8KB active_file:4KB unevictable:113308KB [ 341.669451] Memory cgroup out of memory: Kill process 12296 (syz-executor.0) score 1172 or sacrifice child [ 341.669513] Killed process 12296 (syz-executor.0) total-vm:74700kB, anon-rss:16952kB, file-rss:39080kB, shmem-rss:0kB 03:06:35 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 341.852200] oom_reaper: reaped process 12296 (syz-executor.0), now anon-rss:17000kB, file-rss:40056kB, shmem-rss:0kB 03:06:35 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:06:35 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 342.654909] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 342.666504] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 342.672407] CPU: 0 PID: 12322 Comm: syz-executor.5 Not tainted 4.19.112-syzkaller #0 [ 342.680298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 342.689657] Call Trace: [ 342.692258] dump_stack+0x188/0x20d [ 342.695894] dump_header+0x159/0xa5e [ 342.699615] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 342.704718] ? ___ratelimit+0x59/0x573 [ 342.708614] oom_kill_process.cold+0x10/0x6dc [ 342.713145] ? task_will_free_mem+0x134/0x6d0 [ 342.717647] out_of_memory+0x349/0x1250 [ 342.721645] ? oom_killer_disable+0x270/0x270 [ 342.726145] ? mem_cgroup_out_of_memory+0x97/0x240 [ 342.731086] mem_cgroup_out_of_memory+0x1c7/0x240 [ 342.735929] ? memcg_event_wake+0x210/0x210 [ 342.740259] ? do_raw_spin_unlock+0x171/0x260 [ 342.744753] try_charge+0xe22/0x1300 [ 342.748477] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 342.753341] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 342.758191] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 342.764252] ? __lock_acquire+0x6ee/0x49c0 [ 342.768495] mem_cgroup_try_charge+0x249/0x5c0 [ 342.773086] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 342.778020] wp_page_copy+0x3fe/0x1530 [ 342.781915] ? retint_kernel+0x2d/0x2d [ 342.785805] ? follow_pfn+0x260/0x260 [ 342.789616] do_wp_page+0x518/0xfa0 [ 342.793248] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 342.797927] __handle_mm_fault+0x21a4/0x3b60 [ 342.802340] ? copy_page_range+0x1e70/0x1e70 [ 342.806751] ? count_memcg_event_mm+0x279/0x4c0 [ 342.811442] handle_mm_fault+0x1a5/0x670 [ 342.815511] __get_user_pages+0x599/0x1650 [ 342.819757] ? follow_page_mask+0x1a60/0x1a60 [ 342.824256] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 342.829018] ? retint_kernel+0x2d/0x2d [ 342.832916] populate_vma_page_range+0x1fd/0x290 [ 342.837682] __mm_populate+0x1e8/0x350 [ 342.841576] ? populate_vma_page_range+0x290/0x290 [ 342.846514] ? up_write+0x7e/0x150 [ 342.850062] __x64_sys_mlockall+0x340/0x500 [ 342.854388] do_syscall_64+0xf9/0x620 [ 342.858194] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 342.863385] RIP: 0033:0x45c849 [ 342.866585] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 342.885490] RSP: 002b:00007fe95a5afc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 342.893205] RAX: ffffffffffffffda RBX: 00007fe95a5b06d4 RCX: 000000000045c849 [ 342.900489] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 342.907869] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 342.915146] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 342.922420] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 342.930882] Task in /syz5 killed as a result of limit of /syz5 [ 342.937148] memory: usage 307200kB, limit 307200kB, failcnt 1192 [ 342.943638] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 342.950890] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 342.957141] Memory cgroup stats for /syz5: cache:0KB rss:297296KB rss_huge:198656KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:104684KB active_anon:176KB inactive_file:4KB active_file:4KB unevictable:192460KB [ 342.979434] Memory cgroup out of memory: Kill process 12321 (syz-executor.5) score 1233 or sacrifice child [ 342.989674] Killed process 12340 (syz-executor.5) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB 03:06:37 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:06:37 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:06:37 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:06:37 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:06:37 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 344.875688] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 344.887282] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 344.893262] CPU: 0 PID: 12448 Comm: syz-executor.5 Not tainted 4.19.112-syzkaller #0 [ 344.901271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 344.910626] Call Trace: [ 344.913224] dump_stack+0x188/0x20d [ 344.916863] dump_header+0x159/0xa5e [ 344.920587] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 344.925693] ? ___ratelimit+0x59/0x573 [ 344.929589] oom_kill_process.cold+0x10/0x6dc [ 344.934097] ? task_will_free_mem+0x134/0x6d0 [ 344.938603] out_of_memory+0x349/0x1250 [ 344.942591] ? oom_killer_disable+0x270/0x270 [ 344.947100] mem_cgroup_out_of_memory+0x1c7/0x240 [ 344.951946] ? memcg_event_wake+0x210/0x210 [ 344.956280] ? do_raw_spin_unlock+0x171/0x260 [ 344.960783] try_charge+0xe22/0x1300 [ 344.964526] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 344.969375] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 344.974251] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 344.980323] mem_cgroup_try_charge+0x249/0x5c0 [ 344.984915] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 344.989849] wp_page_copy+0x3fe/0x1530 [ 344.993745] ? follow_pfn+0x260/0x260 [ 344.997550] ? retint_kernel+0x2d/0x2d [ 345.001443] do_wp_page+0x518/0xfa0 [ 345.005075] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 345.009752] __handle_mm_fault+0x21a4/0x3b60 [ 345.014165] ? copy_page_range+0x1e70/0x1e70 [ 345.018578] ? count_memcg_event_mm+0x279/0x4c0 [ 345.023267] handle_mm_fault+0x1a5/0x670 [ 345.027340] __get_user_pages+0x599/0x1650 [ 345.031585] ? follow_page_mask+0x1a60/0x1a60 [ 345.036091] ? lock_acquire+0x170/0x400 [ 345.040070] populate_vma_page_range+0x1fd/0x290 [ 345.044833] __mm_populate+0x1e8/0x350 [ 345.048727] ? populate_vma_page_range+0x290/0x290 [ 345.053668] __x64_sys_mlockall+0x340/0x500 [ 345.057993] do_syscall_64+0xf9/0x620 [ 345.061799] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 345.066986] RIP: 0033:0x45c849 [ 345.070184] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 345.089090] RSP: 002b:00007fe95a5afc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 345.096800] RAX: ffffffffffffffda RBX: 00007fe95a5b06d4 RCX: 000000000045c849 [ 345.104073] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 345.111342] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 345.118610] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 345.125882] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 345.133740] Task in /syz5 killed as a result of limit of /syz5 [ 345.140035] memory: usage 307200kB, limit 307200kB, failcnt 1274 [ 345.146327] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 345.153315] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 345.159699] Memory cgroup stats for /syz5: cache:0KB rss:297308KB rss_huge:198656KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:104840KB active_anon:176KB inactive_file:4KB active_file:4KB unevictable:192332KB [ 345.182038] Memory cgroup out of memory: Kill process 12447 (syz-executor.5) score 1233 or sacrifice child [ 345.192321] Killed process 12483 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB 03:06:39 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:06:39 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:06:39 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 347.049817] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 347.061344] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 347.066962] CPU: 1 PID: 12573 Comm: syz-executor.5 Not tainted 4.19.112-syzkaller #0 [ 347.074840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 347.084190] Call Trace: [ 347.086786] dump_stack+0x188/0x20d [ 347.090421] dump_header+0x159/0xa5e [ 347.094146] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 347.099256] ? ___ratelimit+0x59/0x573 [ 347.103166] oom_kill_process.cold+0x10/0x6dc [ 347.107680] ? task_will_free_mem+0x134/0x6d0 [ 347.112190] out_of_memory+0x349/0x1250 [ 347.116174] ? oom_killer_disable+0x270/0x270 [ 347.120696] mem_cgroup_out_of_memory+0x1c7/0x240 [ 347.125553] ? memcg_event_wake+0x210/0x210 [ 347.129892] ? do_raw_spin_unlock+0x171/0x260 [ 347.134395] try_charge+0xe22/0x1300 [ 347.138134] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 347.142992] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 347.147864] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 347.153928] ? retint_kernel+0x2d/0x2d [ 347.157956] mem_cgroup_try_charge+0x249/0x5c0 [ 347.162562] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 347.167504] wp_page_copy+0x3fe/0x1530 [ 347.171408] ? follow_pfn+0x260/0x260 [ 347.175212] ? __lock_acquire+0x6ee/0x49c0 [ 347.179455] do_wp_page+0x518/0xfa0 [ 347.183091] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 347.187773] __handle_mm_fault+0x21a4/0x3b60 [ 347.192189] ? copy_page_range+0x1e70/0x1e70 [ 347.196600] ? count_memcg_event_mm+0x279/0x4c0 [ 347.201289] handle_mm_fault+0x1a5/0x670 [ 347.205357] __get_user_pages+0x599/0x1650 [ 347.209603] ? follow_page_mask+0x1a60/0x1a60 [ 347.214099] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 347.218861] ? retint_kernel+0x2d/0x2d [ 347.222756] populate_vma_page_range+0x1fd/0x290 [ 347.227520] __mm_populate+0x1e8/0x350 [ 347.231411] ? populate_vma_page_range+0x290/0x290 [ 347.236339] ? do_mlock+0x6b0/0x6b0 [ 347.239974] __x64_sys_mlockall+0x340/0x500 [ 347.244303] do_syscall_64+0xf9/0x620 03:06:40 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 347.248106] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 347.253296] RIP: 0033:0x45c849 [ 347.256492] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 347.275398] RSP: 002b:00007fe95a58ec78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 347.283121] RAX: ffffffffffffffda RBX: 00007fe95a58f6d4 RCX: 000000000045c849 [ 347.290493] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 347.297757] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 347.305020] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 347.312287] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bfac [ 347.327062] Task in /syz5 killed as a result of limit of /syz5 [ 347.333469] memory: usage 307200kB, limit 307200kB, failcnt 1338 [ 347.339979] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 347.346858] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 347.353172] Memory cgroup stats for /syz5: cache:0KB rss:297176KB rss_huge:198656KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:104640KB active_anon:176KB inactive_file:0KB active_file:4KB unevictable:192460KB [ 347.375301] Memory cgroup out of memory: Kill process 12570 (syz-executor.5) score 1233 or sacrifice child [ 347.385292] Killed process 12574 (syz-executor.5) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB [ 348.152321] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 348.163656] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 348.169158] CPU: 0 PID: 12572 Comm: syz-executor.2 Not tainted 4.19.112-syzkaller #0 [ 348.177046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 348.186409] Call Trace: [ 348.188994] dump_stack+0x188/0x20d [ 348.192715] dump_header+0x159/0xa5e [ 348.196423] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 348.201516] ? ___ratelimit+0x59/0x573 [ 348.205396] oom_kill_process.cold+0x10/0x6dc [ 348.209889] ? task_will_free_mem+0x134/0x6d0 [ 348.214375] out_of_memory+0x349/0x1250 [ 348.218343] ? oom_killer_disable+0x270/0x270 [ 348.222871] mem_cgroup_out_of_memory+0x1c7/0x240 [ 348.227701] ? memcg_event_wake+0x210/0x210 [ 348.232018] ? do_raw_spin_unlock+0x171/0x260 [ 348.236499] try_charge+0xe22/0x1300 [ 348.240207] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 348.245053] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 348.249890] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 348.255937] ? __lock_acquire+0x6ee/0x49c0 [ 348.260158] mem_cgroup_try_charge+0x249/0x5c0 [ 348.264730] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 348.269650] wp_page_copy+0x3fe/0x1530 [ 348.273530] ? follow_pfn+0x260/0x260 [ 348.277314] ? __lock_acquire+0x6ee/0x49c0 [ 348.281539] do_wp_page+0x518/0xfa0 [ 348.285172] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 348.289835] __handle_mm_fault+0x21a4/0x3b60 [ 348.294234] ? copy_page_range+0x1e70/0x1e70 [ 348.298628] ? count_memcg_event_mm+0x279/0x4c0 [ 348.303302] handle_mm_fault+0x1a5/0x670 [ 348.307391] __get_user_pages+0x599/0x1650 [ 348.311655] ? follow_page_mask+0x1a60/0x1a60 [ 348.316170] populate_vma_page_range+0x1fd/0x290 [ 348.320923] __mm_populate+0x1e8/0x350 [ 348.324804] ? populate_vma_page_range+0x290/0x290 [ 348.329733] ? do_mlock+0x6b0/0x6b0 [ 348.333362] __x64_sys_mlockall+0x340/0x500 [ 348.337687] do_syscall_64+0xf9/0x620 [ 348.341503] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 348.346705] RIP: 0033:0x45c849 [ 348.349894] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 348.368814] RSP: 002b:00007faa8f7f4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 348.376518] RAX: ffffffffffffffda RBX: 00007faa8f7f56d4 RCX: 000000000045c849 [ 348.383815] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 348.391085] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 348.398350] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 348.405627] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bfac [ 348.414102] Task in /syz2 killed as a result of limit of /syz2 [ 348.420183] memory: usage 307080kB, limit 307200kB, failcnt 36 [ 348.426166] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 348.433035] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 348.439189] Memory cgroup stats for /syz2: cache:0KB rss:295628KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:268524KB active_anon:6812KB inactive_file:8KB active_file:4KB unevictable:20428KB [ 348.461490] Memory cgroup out of memory: Kill process 12568 (syz-executor.2) score 1233 or sacrifice child [ 348.471420] Killed process 12577 (syz-executor.2) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB 03:06:41 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:06:42 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:06:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) 03:06:42 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 349.716536] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 349.728112] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 349.733952] CPU: 0 PID: 12701 Comm: syz-executor.5 Not tainted 4.19.112-syzkaller #0 [ 349.741838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 349.751192] Call Trace: [ 349.753794] dump_stack+0x188/0x20d [ 349.757440] dump_header+0x159/0xa5e [ 349.761164] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 349.766278] ? ___ratelimit+0x59/0x573 [ 349.770171] oom_kill_process.cold+0x10/0x6dc [ 349.774678] ? task_will_free_mem+0x134/0x6d0 [ 349.779201] out_of_memory+0x349/0x1250 [ 349.783188] ? oom_killer_disable+0x270/0x270 [ 349.787719] mem_cgroup_out_of_memory+0x1c7/0x240 [ 349.792578] ? memcg_event_wake+0x210/0x210 [ 349.796915] ? do_raw_spin_unlock+0x171/0x260 [ 349.801414] try_charge+0xe22/0x1300 [ 349.805138] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 349.809996] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 349.814849] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 349.820921] mem_cgroup_try_charge+0x249/0x5c0 [ 349.825520] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 349.830455] wp_page_copy+0x3fe/0x1530 [ 349.834359] ? follow_pfn+0x260/0x260 [ 349.838175] ? __lock_acquire+0x6ee/0x49c0 [ 349.842424] do_wp_page+0x518/0xfa0 [ 349.846058] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 349.850747] __handle_mm_fault+0x21a4/0x3b60 [ 349.855170] ? copy_page_range+0x1e70/0x1e70 [ 349.859587] ? lock_release+0x42b/0x820 [ 349.863584] handle_mm_fault+0x1a5/0x670 [ 349.867659] __get_user_pages+0x599/0x1650 [ 349.871911] ? follow_page_mask+0x1a60/0x1a60 [ 349.876412] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 349.881180] ? retint_kernel+0x2d/0x2d [ 349.885081] populate_vma_page_range+0x1fd/0x290 [ 349.889848] __mm_populate+0x1e8/0x350 [ 349.893748] ? populate_vma_page_range+0x290/0x290 [ 349.899072] ? do_mlock+0x6b0/0x6b0 [ 349.902715] __x64_sys_mlockall+0x340/0x500 [ 349.907047] do_syscall_64+0xf9/0x620 [ 349.910859] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 349.916049] RIP: 0033:0x45c849 [ 349.919250] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 349.938161] RSP: 002b:00007fe95a5afc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 349.945984] RAX: ffffffffffffffda RBX: 00007fe95a5b06d4 RCX: 000000000045c849 [ 349.953253] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 349.960532] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 349.967799] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 349.975063] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 349.984640] Task in /syz5 killed as a result of limit of /syz5 [ 349.990944] memory: usage 307200kB, limit 307200kB, failcnt 1415 [ 349.997164] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 350.004134] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 350.010410] Memory cgroup stats for /syz5: cache:0KB rss:297176KB rss_huge:198656KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:104696KB active_anon:176KB inactive_file:0KB active_file:0KB unevictable:192332KB [ 350.032305] Memory cgroup out of memory: Kill process 12700 (syz-executor.5) score 1230 or sacrifice child [ 350.042587] Killed process 12702 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 350.055944] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 350.067292] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 350.072831] CPU: 1 PID: 12686 Comm: syz-executor.2 Not tainted 4.19.112-syzkaller #0 [ 350.080711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 350.090070] Call Trace: [ 350.092674] dump_stack+0x188/0x20d [ 350.096308] dump_header+0x159/0xa5e [ 350.100040] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 350.105165] ? ___ratelimit+0x59/0x573 [ 350.109091] oom_kill_process.cold+0x10/0x6dc [ 350.113607] ? mem_cgroup_get_max+0xa3/0x240 [ 350.118034] out_of_memory+0x349/0x1250 [ 350.122025] ? oom_killer_disable+0x270/0x270 [ 350.126522] mem_cgroup_out_of_memory+0x1c7/0x240 [ 350.131464] ? memcg_event_wake+0x210/0x210 [ 350.135791] ? do_raw_spin_unlock+0x171/0x260 [ 350.140282] try_charge+0xe22/0x1300 [ 350.143989] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 350.148823] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 350.153660] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 350.159713] mem_cgroup_try_charge+0x249/0x5c0 [ 350.164291] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 350.169215] wp_page_copy+0x3fe/0x1530 [ 350.173101] ? follow_pfn+0x260/0x260 [ 350.176895] do_wp_page+0x518/0xfa0 [ 350.180514] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 350.185177] __handle_mm_fault+0x21a4/0x3b60 [ 350.189578] ? copy_page_range+0x1e70/0x1e70 [ 350.193982] ? count_memcg_event_mm+0x279/0x4c0 [ 350.198652] handle_mm_fault+0x1a5/0x670 [ 350.202707] __get_user_pages+0x599/0x1650 [ 350.207068] ? follow_page_mask+0x1a60/0x1a60 [ 350.211569] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 350.216330] ? retint_kernel+0x2d/0x2d [ 350.220218] populate_vma_page_range+0x1fd/0x290 [ 350.224973] __mm_populate+0x1e8/0x350 [ 350.228873] ? populate_vma_page_range+0x290/0x290 [ 350.233809] ? do_mlock+0x6b0/0x6b0 [ 350.237439] __x64_sys_mlockall+0x340/0x500 [ 350.241759] do_syscall_64+0xf9/0x620 [ 350.245558] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 350.250749] RIP: 0033:0x45c849 [ 350.254005] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 350.272906] RSP: 002b:00007faa8f815c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 350.280606] RAX: ffffffffffffffda RBX: 00007faa8f8166d4 RCX: 000000000045c849 [ 350.287861] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 350.295116] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 350.302507] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 350.309776] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 350.317222] Task in /syz2 killed as a result of limit of /syz2 [ 350.323619] memory: usage 307200kB, limit 307200kB, failcnt 61 [ 350.329744] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 350.336636] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 350.342985] Memory cgroup stats for /syz2: cache:0KB rss:295716KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:268660KB active_anon:6812KB inactive_file:8KB active_file:4KB unevictable:20300KB [ 350.364903] Memory cgroup out of memory: Kill process 12684 (syz-executor.2) score 1233 or sacrifice child [ 350.375167] Killed process 12694 (syz-executor.2) total-vm:74700kB, anon-rss:18252kB, file-rss:34944kB, shmem-rss:0kB [ 350.411346] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 350.423112] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 350.428762] CPU: 0 PID: 12701 Comm: syz-executor.5 Not tainted 4.19.112-syzkaller #0 [ 350.436639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 350.445992] Call Trace: [ 350.448593] dump_stack+0x188/0x20d [ 350.452225] dump_header+0x159/0xa5e [ 350.455944] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 350.461046] ? ___ratelimit+0x59/0x573 [ 350.464937] oom_kill_process.cold+0x10/0x6dc [ 350.469436] ? task_will_free_mem+0x134/0x6d0 [ 350.473942] out_of_memory+0x349/0x1250 [ 350.477921] ? mem_cgroup_out_of_memory+0x97/0x240 [ 350.482858] ? oom_killer_disable+0x270/0x270 [ 350.487363] mem_cgroup_out_of_memory+0x1c7/0x240 [ 350.492210] ? memcg_event_wake+0x210/0x210 [ 350.496544] ? do_raw_spin_unlock+0x171/0x260 [ 350.501038] try_charge+0xe22/0x1300 [ 350.504757] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 350.509605] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 350.514458] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 350.520529] mem_cgroup_try_charge+0x249/0x5c0 [ 350.525118] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 350.530050] wp_page_copy+0x3fe/0x1530 [ 350.533948] ? follow_pfn+0x260/0x260 [ 350.537771] ? __lock_acquire+0x6ee/0x49c0 [ 350.542014] do_wp_page+0x518/0xfa0 [ 350.545645] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 350.550325] __handle_mm_fault+0x21a4/0x3b60 [ 350.554745] ? copy_page_range+0x1e70/0x1e70 [ 350.559155] ? lock_release+0x42b/0x820 [ 350.563151] handle_mm_fault+0x1a5/0x670 [ 350.567241] __get_user_pages+0x599/0x1650 [ 350.571502] ? follow_page_mask+0x1a60/0x1a60 [ 350.576004] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 350.580766] ? retint_kernel+0x2d/0x2d [ 350.584677] populate_vma_page_range+0x1fd/0x290 [ 350.589460] __mm_populate+0x1e8/0x350 [ 350.593362] ? populate_vma_page_range+0x290/0x290 [ 350.598290] ? do_mlock+0x6b0/0x6b0 [ 350.601932] __x64_sys_mlockall+0x340/0x500 [ 350.606299] do_syscall_64+0xf9/0x620 [ 350.610124] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 350.615324] RIP: 0033:0x45c849 [ 350.618523] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 350.637427] RSP: 002b:00007fe95a5afc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 350.645139] RAX: ffffffffffffffda RBX: 00007fe95a5b06d4 RCX: 000000000045c849 [ 350.652396] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 03:06:44 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) [ 350.659653] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 350.666912] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 350.674193] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 350.683688] Task in /syz5 killed as a result of limit of /syz5 [ 350.689853] memory: usage 302792kB, limit 307200kB, failcnt 1421 [ 350.696107] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 350.704163] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 350.710690] Memory cgroup stats for /syz5: cache:0KB rss:293000KB rss_huge:198656KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:100468KB active_anon:176KB inactive_file:0KB active_file:0KB unevictable:192332KB [ 350.734442] Memory cgroup out of memory: Kill process 12700 (syz-executor.5) score 1230 or sacrifice child [ 350.744731] Killed process 12700 (syz-executor.5) total-vm:74700kB, anon-rss:18204kB, file-rss:55468kB, shmem-rss:0kB [ 350.769471] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 350.826550] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 350.887182] CPU: 1 PID: 12697 Comm: syz-executor.0 Not tainted 4.19.112-syzkaller #0 [ 350.895109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 350.904465] Call Trace: [ 350.907065] dump_stack+0x188/0x20d [ 350.910700] dump_header+0x159/0xa5e [ 350.914424] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 350.919531] ? ___ratelimit+0x59/0x573 [ 350.923429] oom_kill_process.cold+0x10/0x6dc [ 350.927929] ? task_will_free_mem+0x134/0x6d0 [ 350.932429] out_of_memory+0x349/0x1250 [ 350.936416] ? oom_killer_disable+0x270/0x270 [ 350.940928] mem_cgroup_out_of_memory+0x1c7/0x240 [ 350.945774] ? memcg_event_wake+0x210/0x210 [ 350.950105] ? do_raw_spin_unlock+0x171/0x260 [ 350.954604] try_charge+0xe22/0x1300 [ 350.958327] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 350.963175] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 350.968026] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 350.974088] ? mark_held_locks+0xf0/0xf0 [ 350.978158] mem_cgroup_try_charge+0x249/0x5c0 [ 350.982748] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 350.987681] __handle_mm_fault+0x1cfb/0x3b60 [ 350.992098] ? copy_page_range+0x1e70/0x1e70 [ 350.996509] ? count_memcg_event_mm+0x279/0x4c0 [ 351.001198] handle_mm_fault+0x1a5/0x670 [ 351.005268] __get_user_pages+0x599/0x1650 [ 351.009514] ? follow_page_mask+0x1a60/0x1a60 [ 351.014018] ? lock_acquire+0x170/0x400 [ 351.018002] populate_vma_page_range+0x1fd/0x290 [ 351.022770] __mm_populate+0x1e8/0x350 [ 351.026666] ? populate_vma_page_range+0x290/0x290 [ 351.031599] ? do_mlock+0x6b0/0x6b0 [ 351.035338] __x64_sys_mlockall+0x340/0x500 [ 351.039662] do_syscall_64+0xf9/0x620 [ 351.043471] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 351.048679] RIP: 0033:0x45c849 [ 351.051908] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 351.070814] RSP: 002b:00007f1e7c42fc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 351.078528] RAX: ffffffffffffffda RBX: 00007f1e7c4306d4 RCX: 000000000045c849 [ 351.085803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 351.093072] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 351.100339] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 351.107606] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c 03:06:44 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 351.198373] Task in /syz0 killed as a result of limit of /syz0 [ 351.204656] memory: usage 307200kB, limit 307200kB, failcnt 150 03:06:44 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 351.246847] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 351.303230] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 351.348709] Memory cgroup stats for /syz0: cache:96KB rss:297000KB rss_huge:126976KB shmem:220KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:179200KB active_anon:4744KB inactive_file:0KB active_file:12KB unevictable:113092KB [ 351.989380] Memory cgroup out of memory: Kill process 12695 (syz-executor.0) score 1171 or sacrifice child [ 352.030662] Killed process 12695 (syz-executor.0) total-vm:74832kB, anon-rss:16692kB, file-rss:39080kB, shmem-rss:0kB [ 352.097213] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 352.108869] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 352.114838] CPU: 0 PID: 12712 Comm: syz-executor.5 Not tainted 4.19.112-syzkaller #0 [ 352.122722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 352.132078] Call Trace: [ 352.134679] dump_stack+0x188/0x20d [ 352.138343] dump_header+0x159/0xa5e [ 352.142078] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 352.147203] ? ___ratelimit+0x59/0x573 [ 352.151100] oom_kill_process.cold+0x10/0x6dc [ 352.155603] ? task_will_free_mem+0x134/0x6d0 [ 352.160112] out_of_memory+0x349/0x1250 [ 352.164096] ? oom_killer_disable+0x270/0x270 [ 352.168607] mem_cgroup_out_of_memory+0x1c7/0x240 [ 352.173458] ? memcg_event_wake+0x210/0x210 [ 352.177787] ? do_raw_spin_unlock+0x171/0x260 [ 352.182283] try_charge+0xe22/0x1300 [ 352.186005] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 352.190853] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 352.195171] oom_reaper: reaped process 12695 (syz-executor.0), now anon-rss:16748kB, file-rss:40056kB, shmem-rss:0kB [ 352.195701] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 352.212408] mem_cgroup_try_charge+0x249/0x5c0 [ 352.217005] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 352.221944] wp_page_copy+0x3fe/0x1530 [ 352.225846] ? follow_pfn+0x260/0x260 [ 352.229645] ? __lock_acquire+0x6ee/0x49c0 [ 352.233883] ? mark_held_locks+0xa6/0xf0 [ 352.237953] do_wp_page+0x518/0xfa0 [ 352.241590] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 352.246274] __handle_mm_fault+0x21a4/0x3b60 [ 352.250699] ? copy_page_range+0x1e70/0x1e70 [ 352.255119] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 352.260022] handle_mm_fault+0x1a5/0x670 [ 352.264101] __get_user_pages+0x599/0x1650 [ 352.268361] ? follow_page_mask+0x1a60/0x1a60 [ 352.272868] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 352.277653] ? retint_kernel+0x2d/0x2d [ 352.281563] populate_vma_page_range+0x1fd/0x290 [ 352.286343] __mm_populate+0x1e8/0x350 [ 352.290245] ? populate_vma_page_range+0x290/0x290 [ 352.295182] ? do_mlock+0x6b0/0x6b0 [ 352.298827] __x64_sys_mlockall+0x340/0x500 [ 352.303161] do_syscall_64+0xf9/0x620 [ 352.306980] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 352.312175] RIP: 0033:0x45c849 [ 352.315375] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 352.334282] RSP: 002b:00007fe95a5afc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 03:06:45 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:06:45 executing program 4: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:06:45 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, r1, 0xffff8000) [ 352.342004] RAX: ffffffffffffffda RBX: 00007fe95a5b06d4 RCX: 000000000045c849 [ 352.349286] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 352.356572] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 352.363850] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 352.371127] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 352.379675] Task in /syz5 killed as a result of limit of /syz5 [ 352.386035] memory: usage 307200kB, limit 307200kB, failcnt 1442 [ 352.392362] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 352.399265] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 352.405507] Memory cgroup stats for /syz5: cache:0KB rss:297176KB rss_huge:198656KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:104668KB active_anon:176KB inactive_file:0KB active_file:0KB unevictable:192332KB [ 352.427268] Memory cgroup out of memory: Kill process 12710 (syz-executor.5) score 1230 or sacrifice child [ 352.437549] Killed process 12713 (syz-executor.5) total-vm:74700kB, anon-rss:18252kB, file-rss:34816kB, shmem-rss:0kB [ 352.839971] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 352.851376] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 352.856931] CPU: 1 PID: 12783 Comm: syz-executor.3 Not tainted 4.19.112-syzkaller #0 [ 352.864813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 352.874151] Call Trace: [ 352.876760] dump_stack+0x188/0x20d [ 352.880391] dump_header+0x159/0xa5e [ 352.884093] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 352.889185] ? ___ratelimit+0x59/0x573 [ 352.893064] oom_kill_process.cold+0x10/0x6dc [ 352.897557] ? out_of_memory+0x2e9/0x1250 [ 352.901705] out_of_memory+0x349/0x1250 [ 352.905741] ? oom_killer_disable+0x270/0x270 [ 352.910249] mem_cgroup_out_of_memory+0x1c7/0x240 [ 352.915087] ? memcg_event_wake+0x210/0x210 [ 352.919413] ? do_raw_spin_unlock+0x171/0x260 [ 352.923902] try_charge+0xe22/0x1300 [ 352.927609] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 352.932444] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 352.937384] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 352.943438] ? __lock_acquire+0x6ee/0x49c0 [ 352.947673] mem_cgroup_try_charge+0x249/0x5c0 [ 352.952250] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 352.957200] wp_page_copy+0x3fe/0x1530 [ 352.961104] ? follow_pfn+0x260/0x260 [ 352.964927] do_wp_page+0x518/0xfa0 [ 352.968557] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 352.973231] __handle_mm_fault+0x21a4/0x3b60 [ 352.977639] ? copy_page_range+0x1e70/0x1e70 [ 352.982043] ? count_memcg_event_mm+0x279/0x4c0 [ 352.986848] handle_mm_fault+0x1a5/0x670 [ 352.990919] __get_user_pages+0x599/0x1650 [ 352.995159] ? follow_page_mask+0x1a60/0x1a60 [ 352.999646] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 353.004397] ? retint_kernel+0x2d/0x2d [ 353.008297] populate_vma_page_range+0x1fd/0x290 [ 353.013053] __mm_populate+0x1e8/0x350 [ 353.016929] ? populate_vma_page_range+0x290/0x290 [ 353.021845] ? do_mlock+0x6b0/0x6b0 [ 353.025469] __x64_sys_mlockall+0x340/0x500 [ 353.029786] do_syscall_64+0xf9/0x620 [ 353.033581] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 353.038758] RIP: 0033:0x45c849 [ 353.041938] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 353.060828] RSP: 002b:00007fb703578c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 353.068537] RAX: ffffffffffffffda RBX: 00007fb7035796d4 RCX: 000000000045c849 [ 353.075793] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 353.083049] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 353.090319] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 353.097575] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bfac [ 353.105355] Task in /syz3 killed as a result of limit of /syz3 [ 353.118073] memory: usage 307200kB, limit 307200kB, failcnt 368 [ 353.124314] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 353.131230] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 353.137525] Memory cgroup stats for /syz3: cache:0KB rss:297448KB rss_huge:188416KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:119096KB active_anon:2472KB inactive_file:24KB active_file:0KB unevictable:176076KB [ 353.159564] Memory cgroup out of memory: Kill process 12714 (syz-executor.3) score 1233 or sacrifice child [ 353.169511] Killed process 12785 (syz-executor.3) total-vm:74832kB, anon-rss:18380kB, file-rss:34816kB, shmem-rss:0kB [ 353.330327] syz-executor.3 invoked oom-killer: gfp_mask=0x6040d0(GFP_KERNEL|__GFP_COMP|__GFP_RECLAIMABLE), nodemask=(null), order=0, oom_score_adj=1000 [ 353.831770] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 353.848289] CPU: 1 PID: 12715 Comm: syz-executor.3 Not tainted 4.19.112-syzkaller #0 [ 353.856315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 353.865672] Call Trace: [ 353.868270] dump_stack+0x188/0x20d [ 353.871931] dump_header+0x159/0xa5e [ 353.875662] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 353.880770] ? ___ratelimit+0x59/0x573 [ 353.884669] oom_kill_process.cold+0x10/0x6dc [ 353.889172] ? task_will_free_mem+0x134/0x6d0 [ 353.893680] out_of_memory+0x349/0x1250 [ 353.897663] ? oom_killer_disable+0x270/0x270 [ 353.902172] mem_cgroup_out_of_memory+0x1c7/0x240 [ 353.907017] ? memcg_event_wake+0x210/0x210 [ 353.911352] ? do_raw_spin_unlock+0x171/0x260 [ 353.915860] try_charge+0xbdf/0x1300 [ 353.919590] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 353.924440] ? __lock_is_held+0xad/0x140 [ 353.928521] ? rcu_read_lock_sched_held+0x10a/0x130 [ 353.933543] ? __alloc_pages_nodemask+0x5d1/0x6a0 [ 353.938394] memcg_kmem_charge_memcg+0x7b/0x150 [ 353.943071] ? memcg_kmem_put_cache+0xb0/0xb0 [ 353.947569] ? mark_held_locks+0xa6/0xf0 [ 353.951635] ? cache_grow_begin+0x580/0x8a0 [ 353.955957] cache_grow_begin+0x3ed/0x8a0 [ 353.960116] fallback_alloc+0x205/0x2d0 [ 353.964099] kmem_cache_alloc+0x1ea/0x710 [ 353.968256] ? lookup_one_len_unlocked+0x100/0x100 [ 353.973193] alloc_inode+0xab/0x180 [ 353.976820] new_inode_pseudo+0x14/0xe0 [ 353.980800] new_inode+0x1b/0x40 [ 353.984312] debugfs_get_inode+0x1a/0x130 [ 353.988472] __debugfs_create_file+0xb6/0x400 [ 353.992984] kvm_dev_ioctl+0xa03/0x1720 [ 353.996977] ? debug_check_no_obj_freed+0x20a/0x42e [ 354.002001] ? kvm_put_kvm+0xc50/0xc50 [ 354.005898] ? kvm_put_kvm+0xc50/0xc50 [ 354.009792] do_vfs_ioctl+0xcda/0x12e0 [ 354.013686] ? selinux_file_ioctl+0x46c/0x5d0 [ 354.018186] ? selinux_file_ioctl+0x125/0x5d0 [ 354.022694] ? check_preemption_disabled+0x41/0x280 [ 354.027717] ? ioctl_preallocate+0x200/0x200 [ 354.032134] ? selinux_file_mprotect+0x600/0x600 [ 354.036891] ? __fget+0x340/0x510 [ 354.040373] ? iterate_fd+0x350/0x350 [ 354.044184] ? security_file_ioctl+0x6c/0xb0 [ 354.048599] ksys_ioctl+0x9b/0xc0 [ 354.052056] __x64_sys_ioctl+0x6f/0xb0 [ 354.055951] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 354.060564] do_syscall_64+0xf9/0x620 [ 354.064374] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 354.069571] RIP: 0033:0x45c849 [ 354.072774] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 354.091806] RSP: 002b:00007fb703599c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 354.099523] RAX: ffffffffffffffda RBX: 00007fb70359a6d4 RCX: 000000000045c849 [ 354.106805] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000003 [ 354.114087] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 354.121362] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 354.128636] R13: 000000000000038f R14: 00000000004c6057 R15: 000000000076bf0c [ 354.286515] Task in /syz3 killed as a result of limit of /syz3 [ 354.297774] memory: usage 305544kB, limit 307200kB, failcnt 430 [ 354.307581] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 354.316159] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 354.336214] Memory cgroup stats for /syz3: cache:0KB rss:296072KB rss_huge:188416KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:117496KB active_anon:2472KB inactive_file:12KB active_file:8KB unevictable:176208KB [ 354.367450] Memory cgroup out of memory: Kill process 12714 (syz-executor.3) score 1233 or sacrifice child 03:06:47 executing program 5: openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) [ 354.377714] Killed process 12715 (syz-executor.3) total-vm:74964kB, anon-rss:18512kB, file-rss:56432kB, shmem-rss:0kB [ 354.435541] oom_reaper: reaped process 12715 (syz-executor.3), now anon-rss:18512kB, file-rss:56424kB, shmem-rss:0kB 03:06:47 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:06:48 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) mlockall(0x3) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) mmap(&(0x7f00008af000/0x3000)=nil, 0x3000, 0x0, 0x80050, 0xffffffffffffffff, 0xffff8000) 03:06:48 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x5, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000000002046, 0x0) socket$inet6(0xa, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') write$P9_RMKNOD(0xffffffffffffffff, &(0x7f0000000000)={0xff06}, 0xffffff57) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000180)={'bond_slave_1\x00', @ifru_flags=0x100}) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mlockall(0x3) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x3310, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 354.944849] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 354.956257] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 354.961932] CPU: 0 PID: 12838 Comm: syz-executor.5 Not tainted 4.19.112-syzkaller #0 [ 354.969826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 354.979195] Call Trace: [ 354.981800] dump_stack+0x188/0x20d [ 354.985453] dump_header+0x159/0xa5e [ 354.989187] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 354.994312] ? ___ratelimit+0x59/0x573 [ 354.998216] oom_kill_process.cold+0x10/0x6dc [ 355.002717] ? task_will_free_mem+0x134/0x6d0 [ 355.007219] out_of_memory+0x349/0x1250 [ 355.011207] ? oom_killer_disable+0x270/0x270 [ 355.015747] mem_cgroup_out_of_memory+0x1c7/0x240 [ 355.020605] ? memcg_event_wake+0x210/0x210 [ 355.024951] ? do_raw_spin_unlock+0x171/0x260 [ 355.029467] try_charge+0xe22/0x1300 [ 355.033201] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 355.038063] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 355.042901] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 355.047476] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 355.053535] mem_cgroup_try_charge+0x249/0x5c0 [ 355.058113] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 355.063035] wp_page_copy+0x3fe/0x1530 [ 355.066914] ? mark_held_locks+0xa6/0xf0 [ 355.070969] ? follow_pfn+0x260/0x260 [ 355.074762] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 355.079515] do_wp_page+0x518/0xfa0 [ 355.083135] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 355.087795] __handle_mm_fault+0x21a4/0x3b60 [ 355.092215] ? copy_page_range+0x1e70/0x1e70 [ 355.096633] ? count_memcg_event_mm+0x279/0x4c0 [ 355.101317] handle_mm_fault+0x1a5/0x670 [ 355.105375] __get_user_pages+0x599/0x1650 [ 355.109608] ? follow_page_mask+0x1a60/0x1a60 [ 355.114093] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 355.118844] ? retint_kernel+0x2d/0x2d [ 355.122727] populate_vma_page_range+0x1fd/0x290 [ 355.127475] __mm_populate+0x1e8/0x350 [ 355.131370] ? populate_vma_page_range+0x290/0x290 [ 355.136298] ? do_mlock+0x6b0/0x6b0 [ 355.139943] __x64_sys_mlockall+0x340/0x500 [ 355.144263] do_syscall_64+0xf9/0x620 [ 355.148055] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 355.153234] RIP: 0033:0x45c849 [ 355.156416] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 355.175327] RSP: 002b:00007fe95a5afc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 355.183037] RAX: ffffffffffffffda RBX: 00007fe95a5b06d4 RCX: 000000000045c849 [ 355.190301] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 355.197565] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 355.204843] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 355.212219] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c [ 355.220553] Task in /syz5 killed as a result of limit of /syz5 [ 355.226850] memory: usage 307200kB, limit 307200kB, failcnt 1463 [ 355.233131] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 355.239944] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 355.246163] Memory cgroup stats for /syz5: cache:0KB rss:296900KB rss_huge:198656KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:104460KB active_anon:176KB inactive_file:0KB active_file:0KB unevictable:192464KB [ 355.268131] Memory cgroup out of memory: Kill process 12837 (syz-executor.5) score 1233 or sacrifice child [ 355.278411] Killed process 12842 (syz-executor.5) total-vm:74832kB, anon-rss:18384kB, file-rss:34816kB, shmem-rss:0kB [ 355.306468] syz-executor.2 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 355.317738] syz-executor.2 cpuset=syz2 mems_allowed=0-1 [ 355.323354] CPU: 1 PID: 12949 Comm: syz-executor.2 Not tainted 4.19.112-syzkaller #0 [ 355.331229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 355.340577] Call Trace: [ 355.343169] dump_stack+0x188/0x20d [ 355.346809] dump_header+0x159/0xa5e [ 355.350528] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 355.355627] ? ___ratelimit+0x59/0x573 [ 355.359519] oom_kill_process.cold+0x10/0x6dc [ 355.364019] ? task_will_free_mem+0x134/0x6d0 [ 355.368517] out_of_memory+0x349/0x1250 [ 355.372496] ? oom_killer_disable+0x270/0x270 [ 355.377001] mem_cgroup_out_of_memory+0x1c7/0x240 [ 355.381845] ? memcg_event_wake+0x210/0x210 [ 355.386175] ? do_raw_spin_unlock+0x171/0x260 [ 355.390673] try_charge+0xe22/0x1300 [ 355.394390] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 355.399235] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 355.404080] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 355.410139] ? mark_held_locks+0xf0/0xf0 [ 355.414207] mem_cgroup_try_charge+0x249/0x5c0 [ 355.418793] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 355.423722] __handle_mm_fault+0x1cfb/0x3b60 [ 355.428130] ? copy_page_range+0x1e70/0x1e70 [ 355.432537] ? count_memcg_event_mm+0x279/0x4c0 [ 355.437225] handle_mm_fault+0x1a5/0x670 [ 355.441291] __get_user_pages+0x599/0x1650 [ 355.445529] ? follow_page_mask+0x1a60/0x1a60 [ 355.450028] ? lock_acquire+0x170/0x400 [ 355.454011] populate_vma_page_range+0x1fd/0x290 [ 355.458767] __mm_populate+0x1e8/0x350 [ 355.462660] ? populate_vma_page_range+0x290/0x290 [ 355.467584] ? do_mlock+0x6b0/0x6b0 [ 355.471218] __x64_sys_mlockall+0x340/0x500 [ 355.475540] do_syscall_64+0xf9/0x620 [ 355.479350] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 355.484553] RIP: 0033:0x45c849 [ 355.487746] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 355.506647] RSP: 002b:00007faa8f7f4c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 355.514354] RAX: ffffffffffffffda RBX: 00007faa8f7f56d4 RCX: 000000000045c849 [ 355.521618] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 355.528899] RBP: 000000000076bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 355.536178] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 355.543459] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bfac [ 355.550877] Task in /syz2 killed as a result of limit of /syz2 [ 355.556873] memory: usage 307200kB, limit 307200kB, failcnt 134 [ 355.562960] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 355.569746] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 355.575883] Memory cgroup stats for /syz2: cache:0KB rss:295672KB rss_huge:8192KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:273024KB active_anon:6836KB inactive_file:8KB active_file:4KB unevictable:15984KB [ 355.597085] Memory cgroup out of memory: Kill process 12190 (syz-executor.2) score 1163 or sacrifice child [ 355.606942] Killed process 12190 (syz-executor.2) total-vm:74964kB, anon-rss:18512kB, file-rss:34816kB, shmem-rss:0kB [ 459.859235] rcu: INFO: rcu_preempt self-detected stall on CPU [ 459.865392] rcu: 0-...!: (1 GPs behind) idle=fee/1/0x4000000000000002 softirq=16788/16789 fqs=5 [ 459.874830] rcu: (t=10500 jiffies g=14461 q=451) [ 459.879781] rcu: rcu_preempt kthread starved for 10490 jiffies! g14461 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 459.890286] rcu: RCU grace-period kthread stack dump: [ 459.895479] rcu_preempt R running task 29744 10 2 0x80000000 [ 459.902686] Call Trace: [ 459.905296] ? __schedule+0x866/0x1d80 [ 459.909187] ? schedule_timeout+0x4c3/0xf20 [ 459.913512] ? firmware_map_remove+0x19a/0x19a [ 459.918105] ? _raw_spin_unlock_irqrestore+0x67/0xe0 [ 459.923226] schedule+0x8d/0x1b0 [ 459.926609] schedule_timeout+0x4d1/0xf20 [ 459.930773] ? usleep_range+0x160/0x160 [ 459.934828] ? __next_timer_interrupt+0x190/0x190 [ 459.939743] ? prepare_to_swait_exclusive+0x110/0x110 [ 459.944955] rcu_gp_kthread+0xcee/0x2060 [ 459.949051] ? rcu_blocking_is_gp+0x90/0x90 [ 459.953382] ? _raw_spin_unlock_irqrestore+0x67/0xe0 [ 459.958500] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 459.963100] ? _raw_spin_unlock_irqrestore+0xa0/0xe0 [ 459.968276] ? __kthread_parkme+0xfd/0x1b0 [ 459.972517] ? rcu_blocking_is_gp+0x90/0x90 [ 459.976847] kthread+0x34a/0x420 [ 459.980225] ? kthread_cancel_delayed_work_sync+0x20/0x20 [ 459.985789] ret_from_fork+0x24/0x30 [ 459.989523] NMI backtrace for cpu 0 [ 459.993165] CPU: 0 PID: 12838 Comm: syz-executor.5 Not tainted 4.19.112-syzkaller #0 [ 460.001038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 460.010400] Call Trace: [ 460.012987] [ 460.015144] dump_stack+0x188/0x20d [ 460.018776] nmi_cpu_backtrace.cold+0x63/0xa2 [ 460.023340] ? lapic_can_unplug_cpu.cold+0x44/0x44 [ 460.028294] nmi_trigger_cpumask_backtrace+0x1a6/0x1eb [ 460.033581] rcu_dump_cpu_stacks+0x170/0x1bb [ 460.038003] rcu_check_callbacks.cold+0x634/0xddc [ 460.042859] ? trace_hardirqs_off+0x50/0x200 [ 460.047277] update_process_times+0x2a/0x70 [ 460.051600] tick_sched_handle+0x9b/0x180 [ 460.055751] tick_sched_timer+0x42/0x130 [ 460.059813] __hrtimer_run_queues+0x2fc/0xd50 [ 460.064324] ? tick_sched_do_timer+0x1a0/0x1a0 [ 460.068925] ? hrtimer_fixup_activate+0x30/0x30 [ 460.073671] ? kvm_clock_read+0x14/0x30 [ 460.077653] ? ktime_get_update_offsets_now+0x2db/0x450 [ 460.083026] hrtimer_interrupt+0x312/0x770 [ 460.087318] smp_apic_timer_interrupt+0x10c/0x550 [ 460.092163] apic_timer_interrupt+0xf/0x20 [ 460.096403] [ 460.098664] RIP: 0010:lock_release+0x10/0x820 [ 460.103165] Code: c4 4d 00 e9 fb fe ff ff 48 c7 c7 c0 1a 7f 8b e8 46 c4 4d 00 e9 88 fd ff ff 90 48 b8 00 00 00 00 00 fc ff df 41 57 41 56 41 55 <41> 54 49 89 d4 55 48 89 fd 53 48 83 c4 80 48 c7 44 24 20 b3 8a b5 [ 460.122175] RSP: 0018:ffff8881ed26f2e8 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff13 [ 460.129887] RAX: dffffc0000000000 RBX: ffffffffffffffff RCX: ffffffff81567a3c [ 460.137159] RDX: ffffffff81a2389d RSI: 0000000000000001 RDI: ffffffff88b92960 [ 460.144438] RBP: ffff88809a9e6790 R08: ffff88801a856500 R09: ffffed1015cc4733 [ 460.151711] R10: ffffed1015cc4732 R11: ffff8880ae623993 R12: ffff8881ed26f4d0 [ 460.158991] R13: 1ffff1103da4de6a R14: ffff88809a9e6780 R15: dffffc0000000001 [ 460.166288] ? rcu_dynticks_curr_cpu_in_eqs+0x4c/0xa0 [ 460.171487] ? percpu_ref_put_many+0x8d/0x170 [ 460.175991] percpu_ref_put_many+0xa5/0x170 [ 460.180333] mem_cgroup_iter+0x973/0xb80 [ 460.184406] ? mem_cgroup_nr_lru_pages+0x80/0x80 [ 460.189173] ? shrink_node+0x3a2/0x1350 [ 460.193153] shrink_node+0x3b7/0x1350 [ 460.196985] ? shrink_node_memcg+0x14b0/0x14b0 [ 460.201584] ? kvm_clock_read+0x14/0x30 [ 460.205576] do_try_to_free_pages+0x3a3/0x1090 [ 460.210176] ? shrink_node+0x1350/0x1350 [ 460.214253] try_to_free_mem_cgroup_pages+0x2ef/0x8b0 [ 460.219466] ? try_to_free_pages+0x7c0/0x7c0 [ 460.223910] try_charge+0x4ca/0x1300 [ 460.227641] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 460.232500] ? get_mem_cgroup_from_mm+0x179/0x4f0 [ 460.237352] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 460.241945] ? __mem_cgroup_largest_soft_limit_node+0x440/0x440 [ 460.248024] mem_cgroup_try_charge+0x249/0x5c0 [ 460.252619] mem_cgroup_try_charge_delay+0x1a/0xa0 [ 460.257561] wp_page_copy+0x3fe/0x1530 [ 460.261461] ? mark_held_locks+0xa6/0xf0 [ 460.265541] ? follow_pfn+0x260/0x260 [ 460.269355] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 460.274120] do_wp_page+0x518/0xfa0 [ 460.277758] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 460.282440] __handle_mm_fault+0x21a4/0x3b60 [ 460.286854] ? copy_page_range+0x1e70/0x1e70 [ 460.291274] ? count_memcg_event_mm+0x279/0x4c0 [ 460.295962] handle_mm_fault+0x1a5/0x670 [ 460.300030] __get_user_pages+0x599/0x1650 [ 460.304277] ? follow_page_mask+0x1a60/0x1a60 [ 460.308781] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 460.313554] ? retint_kernel+0x2d/0x2d [ 460.317455] populate_vma_page_range+0x1fd/0x290 [ 460.322235] __mm_populate+0x1e8/0x350 [ 460.326147] ? populate_vma_page_range+0x290/0x290 [ 460.331078] ? do_mlock+0x6b0/0x6b0 [ 460.334717] __x64_sys_mlockall+0x340/0x500 [ 460.339043] do_syscall_64+0xf9/0x620 [ 460.342865] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 460.348055] RIP: 0033:0x45c849 [ 460.351263] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 460.370174] RSP: 002b:00007fe95a5afc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000097 [ 460.377883] RAX: ffffffffffffffda RBX: 00007fe95a5b06d4 RCX: 000000000045c849 [ 460.385148] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 460.392551] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 460.399822] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 460.407091] R13: 0000000000000735 R14: 00000000004c9f5c R15: 000000000076bf0c