[ 607.747278] CPU: 0 PID: 7744 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 607.754216] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 607.754224] Call Trace: [ 607.754250] dump_stack+0x172/0x1f0 [ 607.754271] dump_header+0x15e/0x929 [ 607.754290] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 607.778711] ? ___ratelimit+0x60/0x595 [ 607.782623] ? do_raw_spin_unlock+0x57/0x270 [ 607.782646] oom_kill_process.cold+0x10/0x6f5 [ 607.782664] ? task_will_free_mem+0x139/0x6e0 [ 607.782684] out_of_memory+0x936/0x12d0 [ 607.782707] ? oom_killer_disable+0x280/0x280 [ 607.782722] ? find_held_lock+0x35/0x130 [ 607.782749] mem_cgroup_out_of_memory+0x1d2/0x240 [ 607.782764] ? memcg_event_wake+0x230/0x230 [ 607.782783] ? do_raw_spin_unlock+0x57/0x270 [ 607.782800] ? _raw_spin_unlock+0x2d/0x50 [ 607.782816] try_charge+0x1028/0x15b0 [ 607.782829] ? find_held_lock+0x35/0x130 [ 607.782852] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 607.782867] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 607.782882] ? find_held_lock+0x35/0x130 [ 607.782897] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 607.782927] memcg_kmem_charge_memcg+0x7c/0x130 [ 607.857532] ? memcg_kmem_put_cache+0xb0/0xb0 [ 607.862064] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 607.866976] memcg_kmem_charge+0x136/0x300 [ 607.871230] __alloc_pages_nodemask+0x3c6/0x760 [ 607.875923] ? __alloc_pages_slowpath+0x2870/0x2870 [ 607.880949] ? kasan_slab_alloc+0xf/0x20 [ 607.885021] ? kmem_cache_alloc+0x12e/0x700 [ 607.889374] ? anon_vma_fork+0x1ea/0x4a0 [ 607.893452] ? __lock_acquire+0x6eb/0x48f0 [ 607.897704] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 607.903256] alloc_pages_current+0x107/0x210 [ 607.907686] get_zeroed_page+0x14/0x50 [ 607.911587] __pud_alloc+0x3b/0x250 [ 607.915223] pud_alloc+0xde/0x150 [ 607.918686] copy_page_range+0x37a/0x1f90 [ 607.922846] ? anon_vma_fork+0x371/0x4a0 [ 607.926926] ? find_held_lock+0x35/0x130 [ 607.930993] ? anon_vma_fork+0x371/0x4a0 [ 607.935062] ? copy_process.part.0+0x30ee/0x7970 [ 607.939830] ? copy_process.part.0+0x30ee/0x7970 [ 607.944604] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 607.949637] ? pmd_alloc+0x180/0x180 [ 607.953360] ? __vma_link_rb+0x279/0x370 [ 607.957457] copy_process.part.0+0x5434/0x7970 [ 607.962079] ? __cleanup_sighand+0x70/0x70 [ 607.966341] _do_fork+0x257/0xfe0 [ 607.969808] ? fork_idle+0x1d0/0x1d0 [ 607.973544] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 607.978304] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 607.983068] ? do_syscall_64+0x26/0x610 [ 607.987056] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 607.992516] ? do_syscall_64+0x26/0x610 [ 607.996521] __x64_sys_clone+0xbf/0x150 [ 608.000517] do_syscall_64+0x103/0x610 [ 608.004428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 608.009622] RIP: 0033:0x4571fa [ 608.012821] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 608.032166] RSP: 002b:00007fffea33a3f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 608.039901] RAX: ffffffffffffffda RBX: 00007fffea33a3f0 RCX: 00000000004571fa [ 608.047177] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 608.054445] RBP: 00007fffea33a430 R08: 0000000000000001 R09: 0000000000f42940 [ 608.061726] R10: 0000000000f42c10 R11: 0000000000000246 R12: 0000000000000001 [ 608.069003] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffea33a480 [ 608.089203] Task in /syz3 killed as a result of limit of /syz3 [ 608.095560] memory: usage 304880kB, limit 307200kB, failcnt 2309 [ 608.107731] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 608.114779] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 608.126872] Memory cgroup stats for /syz3: cache:88KB rss:197568KB rss_huge:151552KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:197612KB inactive_file:8KB active_file:0KB unevictable:0KB [ 608.154018] Memory cgroup out of memory: Kill process 6892 (syz-executor.3) score 124 or sacrifice child [ 608.166399] Killed process 6893 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB [ 608.247362] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 608.271204] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 608.277498] CPU: 0 PID: 6939 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 608.284356] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 608.284363] Call Trace: [ 608.284389] dump_stack+0x172/0x1f0 [ 608.284411] dump_header+0x15e/0x929 [ 608.284430] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 608.284447] ? ___ratelimit+0x60/0x595 [ 608.284463] ? do_raw_spin_unlock+0x57/0x270 [ 608.284484] oom_kill_process.cold+0x10/0x6f5 [ 608.284505] ? task_will_free_mem+0x139/0x6e0 [ 608.284536] out_of_memory+0x936/0x12d0 [ 608.284556] ? oom_killer_disable+0x280/0x280 [ 608.284572] ? find_held_lock+0x35/0x130 [ 608.284600] mem_cgroup_out_of_memory+0x1d2/0x240 [ 608.284614] ? memcg_event_wake+0x230/0x230 [ 608.284634] ? do_raw_spin_unlock+0x57/0x270 [ 608.284651] ? _raw_spin_unlock+0x2d/0x50 [ 608.284668] try_charge+0x1028/0x15b0 [ 608.284681] ? find_held_lock+0x35/0x130 [ 608.284706] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 608.284721] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 608.284738] ? find_held_lock+0x35/0x130 [ 608.284754] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 608.284780] memcg_kmem_charge_memcg+0x7c/0x130 [ 608.387741] ? memcg_kmem_put_cache+0xb0/0xb0 [ 608.392256] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 608.397116] memcg_kmem_charge+0x136/0x300 [ 608.401369] __alloc_pages_nodemask+0x3c6/0x760 [ 608.406182] ? __alloc_pages_slowpath+0x2870/0x2870 [ 608.411206] ? retint_kernel+0x2d/0x2d [ 608.415110] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 608.419886] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 608.425445] alloc_pages_current+0x107/0x210 [ 608.429899] pte_alloc_one+0x1b/0x1a0 [ 608.433709] __pte_alloc+0x2a/0x360 [ 608.437345] copy_page_range+0x151f/0x1f90 [ 608.441601] ? vma_compute_subtree_gap+0x158/0x230 [ 608.446543] ? vma_gap_callbacks_rotate+0x62/0x80 [ 608.451402] ? pmd_alloc+0x180/0x180 [ 608.455127] ? __vma_link_rb+0x279/0x370 [ 608.459203] copy_process.part.0+0x5434/0x7970 [ 608.463830] ? __cleanup_sighand+0x70/0x70 [ 608.468085] ? retint_kernel+0x2d/0x2d [ 608.471995] _do_fork+0x257/0xfe0 [ 608.475482] ? fork_idle+0x1d0/0x1d0 [ 608.479257] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 608.484069] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 608.490486] ? do_syscall_64+0x26/0x610 [ 608.496146] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 608.501519] ? do_syscall_64+0x26/0x610 [ 608.505514] __x64_sys_clone+0xbf/0x150 [ 608.509507] do_syscall_64+0x103/0x610 [ 608.513407] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 608.518599] RIP: 0033:0x458c29 [ 608.521809] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 608.540723] RSP: 002b:00007f90eb515c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 608.548438] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 608.555718] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000070000000 [ 608.562999] RBP: 000000000073c040 R08: ffffffffffffffff R09: 0000000000000000 [ 608.570268] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f90eb5166d4 [ 608.580789] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 608.602903] Task in /syz4 killed as a result of limit of /syz4 [ 608.609262] memory: usage 307200kB, limit 307200kB, failcnt 1360 [ 608.646054] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 608.670569] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 608.698415] Memory cgroup stats for /syz4: cache:20KB rss:188936KB rss_huge:131072KB shmem:16KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:188992KB inactive_file:0KB active_file:4KB unevictable:0KB [ 608.728247] Memory cgroup out of memory: Kill process 6678 (syz-executor.4) score 1113 or sacrifice child [ 608.739329] Killed process 6678 (syz-executor.4) total-vm:72716kB, anon-rss:2212kB, file-rss:35876kB, shmem-rss:0kB [ 608.793200] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 608.824183] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 608.830044] CPU: 0 PID: 6944 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 608.836904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 608.846263] Call Trace: [ 608.848867] dump_stack+0x172/0x1f0 [ 608.852521] dump_header+0x15e/0x929 [ 608.856245] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 608.861363] ? ___ratelimit+0x60/0x595 [ 608.865258] ? do_raw_spin_unlock+0x57/0x270 [ 608.869684] oom_kill_process.cold+0x10/0x6f5 [ 608.874203] ? task_will_free_mem+0x139/0x6e0 [ 608.878721] out_of_memory+0x936/0x12d0 [ 608.882717] ? oom_killer_disable+0x280/0x280 [ 608.887227] ? find_held_lock+0x35/0x130 [ 608.891312] mem_cgroup_out_of_memory+0x1d2/0x240 [ 608.896167] ? memcg_event_wake+0x230/0x230 [ 608.900512] ? do_raw_spin_unlock+0x57/0x270 [ 608.904936] ? _raw_spin_unlock+0x2d/0x50 [ 608.909101] try_charge+0x1028/0x15b0 [ 608.912920] ? find_held_lock+0x35/0x130 [ 608.913301] IPVS: ftp: loaded support on port[0] = 21 [ 608.916993] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 608.917015] ? kasan_check_read+0x11/0x20 [ 608.917033] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 608.917052] mem_cgroup_try_charge+0x24d/0x5e0 [ 608.940657] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 608.945606] __handle_mm_fault+0x1e55/0x3f80 [ 608.950032] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 608.954885] ? find_held_lock+0x35/0x130 [ 608.958954] ? handle_mm_fault+0x322/0xb30 [ 608.963211] ? kasan_check_read+0x11/0x20 [ 608.967372] handle_mm_fault+0x43f/0xb30 [ 608.971461] __do_page_fault+0x62a/0xe90 [ 608.975562] ? vmalloc_fault+0x770/0x770 [ 608.979644] ? trace_hardirqs_off_caller+0x65/0x220 [ 608.984672] ? trace_hardirqs_on_caller+0x6a/0x220 [ 608.989617] ? page_fault+0x8/0x30 [ 608.993172] do_page_fault+0x71/0x581 [ 608.993190] ? page_fault+0x8/0x30 [ 608.993204] page_fault+0x1e/0x30 [ 608.993220] RIP: 0033:0x41063f [ 609.007181] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 609.026186] RSP: 002b:00007ffe7cbd7c70 EFLAGS: 00010206 [ 609.026201] RAX: 00007f66b1f6f000 RBX: 0000000000020000 RCX: 0000000000458c7a [ 609.026208] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 609.026216] RBP: 00007ffe7cbd7d50 R08: ffffffffffffffff R09: 0000000000000000 [ 609.026222] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe7cbd7e30 [ 609.026229] R13: 00007f66b1f8f700 R14: 0000000000000005 R15: 000000000073bfac [ 609.068970] Task in /syz1 [ 609.077140] killed as a result of limit of [ 609.081662] /syz1 [ 609.088883] memory: usage 307196kB, limit 307200kB, failcnt 769 [ 609.104197] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 609.121426] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 609.131785] Memory cgroup stats for /syz1: cache:64KB rss:183688KB rss_huge:122880KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:183820KB inactive_file:0KB active_file:4KB unevictable:0KB [ 609.156205] Memory cgroup out of memory: Kill process 29867 (syz-executor.1) score 1113 or sacrifice child [ 609.168532] Killed process 29884 (syz-executor.1) total-vm:72584kB, anon-rss:2204kB, file-rss:34816kB, shmem-rss:0kB [ 609.240084] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 609.253493] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 609.259216] CPU: 0 PID: 6948 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 609.266070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 609.275454] Call Trace: [ 609.278067] dump_stack+0x172/0x1f0 [ 609.281721] dump_header+0x15e/0x929 [ 609.285473] oom_kill_process.cold+0x10/0x6f5 [ 609.289988] ? oom_badness+0x6c0/0x6c0 [ 609.293896] ? mem_cgroup_scan_tasks+0x22/0x180 [ 609.298586] out_of_memory+0x936/0x12d0 [ 609.302583] ? oom_killer_disable+0x280/0x280 [ 609.307101] mem_cgroup_out_of_memory+0x1d2/0x240 [ 609.312131] ? memcg_event_wake+0x230/0x230 [ 609.316470] ? do_raw_spin_unlock+0x57/0x270 [ 609.320897] ? _raw_spin_unlock+0x2d/0x50 [ 609.325172] try_charge+0x1028/0x15b0 [ 609.328987] ? find_held_lock+0x35/0x130 [ 609.333071] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 609.337934] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 609.342799] ? find_held_lock+0x35/0x130 [ 609.346882] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 609.351783] memcg_kmem_charge_memcg+0x7c/0x130 [ 609.356456] ? memcg_kmem_put_cache+0xb0/0xb0 [ 609.360969] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 609.365827] memcg_kmem_charge+0x136/0x300 [ 609.370064] __alloc_pages_nodemask+0x3c6/0x760 [ 609.374730] ? mark_held_locks+0xb1/0x100 [ 609.378869] ? __alloc_pages_slowpath+0x2870/0x2870 [ 609.383893] ? lockdep_hardirqs_on+0x415/0x5d0 [ 609.388500] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 609.393272] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 609.398839] alloc_pages_current+0x107/0x210 [ 609.403258] get_zeroed_page+0x14/0x50 [ 609.407163] __pud_alloc+0x3b/0x250 [ 609.410816] pud_alloc+0xde/0x150 [ 609.414272] copy_page_range+0x37a/0x1f90 [ 609.418445] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 609.423236] ? vma_compute_subtree_gap+0x158/0x230 [ 609.428168] ? vma_gap_callbacks_rotate+0x62/0x80 [ 609.433018] ? pmd_alloc+0x180/0x180 [ 609.438237] ? __vma_link_rb+0x279/0x370 [ 609.442313] copy_process.part.0+0x5434/0x7970 [ 609.446931] ? __cleanup_sighand+0x70/0x70 [ 609.451194] _do_fork+0x257/0xfe0 [ 609.454661] ? fork_idle+0x1d0/0x1d0 [ 609.458377] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 609.463266] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 609.468026] ? do_syscall_64+0x26/0x610 [ 609.472009] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 609.477389] ? do_syscall_64+0x26/0x610 [ 609.481388] __x64_sys_clone+0xbf/0x150 [ 609.485383] do_syscall_64+0x103/0x610 [ 609.489279] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 609.494470] RIP: 0033:0x458c29 [ 609.497664] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 609.516568] RSP: 002b:00007f546896ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 609.524281] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 609.531559] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000200000 [ 609.538834] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 609.546121] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546896b6d4 [ 609.553405] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 609.590973] Task in /syz3 killed as a result of limit of /syz3 [ 609.597292] memory: usage 307200kB, limit 307200kB, failcnt 2341 [ 609.630906] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 609.637857] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 609.671068] Memory cgroup stats for /syz3: cache:88KB rss:199700KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:199724KB inactive_file:0KB active_file:4KB unevictable:0KB [ 609.726480] Memory cgroup out of memory: Kill process 6892 (syz-executor.3) score 124 or sacrifice child [ 609.761160] Killed process 6892 (syz-executor.3) total-vm:72584kB, anon-rss:2216kB, file-rss:35804kB, shmem-rss:0kB [ 609.939150] syz-executor.1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 609.972282] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 609.978383] CPU: 1 PID: 6945 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 609.985240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 609.994599] Call Trace: [ 609.997206] dump_stack+0x172/0x1f0 [ 610.000856] dump_header+0x15e/0x929 [ 610.004580] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 610.009803] ? ___ratelimit+0x60/0x595 [ 610.013703] ? do_raw_spin_unlock+0x57/0x270 [ 610.018131] oom_kill_process.cold+0x10/0x6f5 [ 610.022649] out_of_memory+0x936/0x12d0 [ 610.026638] ? retint_kernel+0x2d/0x2d [ 610.030540] ? oom_killer_disable+0x280/0x280 [ 610.035058] mem_cgroup_out_of_memory+0x1d2/0x240 [ 610.039908] ? memcg_event_wake+0x230/0x230 [ 610.044250] ? do_raw_spin_unlock+0x57/0x270 [ 610.048668] ? _raw_spin_unlock+0x2d/0x50 [ 610.052834] try_charge+0x1028/0x15b0 [ 610.056654] ? find_held_lock+0x35/0x130 [ 610.060729] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 610.065576] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 610.070513] ? find_held_lock+0x35/0x130 [ 610.074793] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 610.079660] memcg_kmem_charge_memcg+0x7c/0x130 [ 610.084340] ? memcg_kmem_put_cache+0xb0/0xb0 [ 610.088857] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 610.093714] memcg_kmem_charge+0x136/0x300 [ 610.097960] __alloc_pages_nodemask+0x3c6/0x760 [ 610.102641] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 610.107502] ? __alloc_pages_slowpath+0x2870/0x2870 [ 610.112542] ? trace_hardirqs_on_caller+0x6a/0x220 [ 610.117486] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 610.122253] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 610.127807] alloc_pages_current+0x107/0x210 [ 610.132234] pte_alloc_one+0x1b/0x1a0 [ 610.136042] __pte_alloc+0x2a/0x360 [ 610.139680] copy_page_range+0x151f/0x1f90 [ 610.143946] ? vma_compute_subtree_gap+0x65/0x230 [ 610.148804] ? pmd_alloc+0x180/0x180 [ 610.152527] ? __vma_link_rb+0x279/0x370 [ 610.156618] copy_process.part.0+0x5434/0x7970 [ 610.161243] ? __cleanup_sighand+0x70/0x70 [ 610.165511] _do_fork+0x257/0xfe0 [ 610.168981] ? fork_idle+0x1d0/0x1d0 [ 610.172718] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 610.177483] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 610.182249] ? do_syscall_64+0x26/0x610 [ 610.186238] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 610.191616] ? do_syscall_64+0x26/0x610 [ 610.195604] __x64_sys_clone+0xbf/0x150 [ 610.199591] do_syscall_64+0x103/0x610 [ 610.203495] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 610.208689] RIP: 0033:0x458c29 [ 610.211889] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 610.230803] RSP: 002b:00007f66b1fafc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 610.238522] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 610.245798] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 610.253073] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 610.260353] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b1fb06d4 [ 610.267624] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 610.315039] Task in /syz1 killed as a result of limit of /syz1 [ 610.328047] memory: usage 307200kB, limit 307200kB, failcnt 811 [ 610.335106] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 610.348472] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 610.379692] Memory cgroup stats for /syz1: cache:64KB rss:183688KB rss_huge:122880KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:183796KB inactive_file:0KB active_file:4KB unevictable:0KB [ 610.428082] Memory cgroup out of memory: Kill process 29867 (syz-executor.1) score 1113 or sacrifice child [ 610.448621] Killed process 29867 (syz-executor.1) total-vm:72584kB, anon-rss:2204kB, file-rss:35800kB, shmem-rss:0kB [ 610.497444] oom_reaper: reaped process 29867 (syz-executor.1), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 610.511026] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 610.524167] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 610.529590] CPU: 0 PID: 6946 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 610.529600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 610.529606] Call Trace: [ 610.529630] dump_stack+0x172/0x1f0 [ 610.529653] dump_header+0x15e/0x929 [ 610.555745] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 610.560869] ? ___ratelimit+0x60/0x595 [ 610.564768] ? do_raw_spin_unlock+0x57/0x270 [ 610.569201] oom_kill_process.cold+0x10/0x6f5 [ 610.579881] ? task_will_free_mem+0x139/0x6e0 [ 610.584396] out_of_memory+0x936/0x12d0 [ 610.588390] ? oom_killer_disable+0x280/0x280 [ 610.593000] ? find_held_lock+0x35/0x130 [ 610.593026] mem_cgroup_out_of_memory+0x1d2/0x240 [ 610.593039] ? memcg_event_wake+0x230/0x230 [ 610.593058] ? do_raw_spin_unlock+0x57/0x270 [ 610.593078] ? _raw_spin_unlock+0x2d/0x50 [ 610.593095] try_charge+0x1028/0x15b0 [ 610.593109] ? find_held_lock+0x35/0x130 [ 610.593133] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 610.593157] ? kasan_check_read+0x11/0x20 [ 610.631872] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 610.636743] mem_cgroup_try_charge+0x24d/0x5e0 [ 610.641357] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 610.646298] wp_page_copy+0x430/0x16a0 [ 610.650214] ? follow_pfn+0x2a0/0x2a0 [ 610.654025] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 610.659140] ? kasan_check_read+0x11/0x20 [ 610.663309] ? do_raw_spin_unlock+0x57/0x270 [ 610.667575] validate_nla: 12 callbacks suppressed [ 610.667584] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 610.667728] do_wp_page+0x57d/0x10b0 [ 610.683742] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 610.688445] ? kasan_check_write+0x14/0x20 [ 610.692696] ? do_raw_spin_lock+0xc8/0x240 [ 610.696952] __handle_mm_fault+0x230a/0x3f80 [ 610.701383] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 610.706240] ? find_held_lock+0x35/0x130 [ 610.710321] ? handle_mm_fault+0x322/0xb30 [ 610.714591] ? kasan_check_read+0x11/0x20 [ 610.718751] handle_mm_fault+0x43f/0xb30 [ 610.722837] __do_page_fault+0x62a/0xe90 [ 610.723931] nla_parse: 12 callbacks suppressed [ 610.723940] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 610.726911] ? vmalloc_fault+0x770/0x770 [ 610.726930] ? trace_hardirqs_off_caller+0x65/0x220 [ 610.726942] ? trace_hardirqs_on_caller+0x6a/0x220 [ 610.726962] ? page_fault+0x8/0x30 [ 610.757527] do_page_fault+0x71/0x581 [ 610.761341] ? page_fault+0x8/0x30 [ 610.764888] page_fault+0x1e/0x30 [ 610.768345] RIP: 0033:0x40e361 [ 610.771544] Code: 31 c3 89 f8 89 c6 81 e6 ff 1f 00 00 8b 14 b5 00 00 73 00 39 d7 74 22 85 d2 74 7e 83 c0 01 41 39 c0 75 e1 89 f8 25 ff 1f 00 00 <89> 3c 85 00 00 73 00 83 c5 01 e8 00 33 ff ff 41 83 c7 01 45 39 7c [ 610.790452] RSP: 002b:00007fffea33a1e0 EFLAGS: 00010202 [ 610.795825] RAX: 0000000000000845 RBX: 0000000099fd1c35 RCX: 0000001b30920000 [ 610.803101] RDX: 000000007bec6848 RSI: 0000000000000848 RDI: 00000000f1660845 [ 610.810375] RBP: 0000000000000005 R08: 00000000f1660849 R09: 00000000000947b6 [ 610.817659] R10: 00007fffea33a360 R11: 0000000000000246 R12: 000000000073c0c8 [ 610.825040] R13: 00007f546a58d004 R14: 00007f546a58d000 R15: 0000000000000045 [ 610.833336] Task in /syz3 killed as a result of limit of /syz3 [ 610.841572] memory: usage 307200kB, limit 307200kB, failcnt 2421 [ 610.852168] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 610.859933] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 610.869202] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 610.876618] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 610.891576] Memory cgroup stats for /syz3: cache:88KB rss:199668KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:199716KB inactive_file:0KB active_file:4KB unevictable:0KB [ 610.913388] Memory cgroup out of memory: Kill process 23828 (syz-executor.3) score 124 or sacrifice child [ 610.937353] Killed process 23828 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:35808kB, shmem-rss:0kB [ 611.015415] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 611.045698] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 611.052219] CPU: 1 PID: 6947 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 611.059085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 611.068445] Call Trace: [ 611.071060] dump_stack+0x172/0x1f0 [ 611.074712] dump_header+0x15e/0x929 [ 611.078442] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 611.083556] ? ___ratelimit+0x60/0x595 [ 611.087455] ? do_raw_spin_unlock+0x57/0x270 [ 611.091880] oom_kill_process.cold+0x10/0x6f5 [ 611.096389] ? task_will_free_mem+0x139/0x6e0 [ 611.101016] out_of_memory+0x936/0x12d0 [ 611.105010] ? oom_killer_disable+0x280/0x280 [ 611.109525] ? find_held_lock+0x35/0x130 [ 611.113602] mem_cgroup_out_of_memory+0x1d2/0x240 [ 611.118450] ? memcg_event_wake+0x230/0x230 [ 611.122785] ? do_raw_spin_unlock+0x57/0x270 [ 611.127202] ? _raw_spin_unlock+0x2d/0x50 [ 611.131365] try_charge+0xd25/0x15b0 [ 611.135085] ? find_held_lock+0x35/0x130 [ 611.139171] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 611.144028] ? kasan_check_read+0x11/0x20 [ 611.148190] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 611.153044] mem_cgroup_try_charge+0x24d/0x5e0 [ 611.157642] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 611.162590] wp_page_copy+0x430/0x16a0 [ 611.166496] ? follow_pfn+0x2a0/0x2a0 [ 611.170414] ? kasan_check_read+0x11/0x20 [ 611.174570] ? do_raw_spin_unlock+0x57/0x270 [ 611.178985] do_wp_page+0x57d/0x10b0 [ 611.182709] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 611.187383] ? kasan_check_write+0x14/0x20 [ 611.191625] ? do_raw_spin_lock+0xc8/0x240 [ 611.195969] __handle_mm_fault+0x230a/0x3f80 [ 611.200394] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 611.205352] ? find_held_lock+0x35/0x130 [ 611.209419] ? handle_mm_fault+0x322/0xb30 [ 611.213693] ? kasan_check_read+0x11/0x20 [ 611.217853] handle_mm_fault+0x43f/0xb30 [ 611.222028] __do_page_fault+0x62a/0xe90 [ 611.226187] ? blkcg_print_stat+0xb90/0xb90 [ 611.230521] ? vmalloc_fault+0x770/0x770 [ 611.234594] ? trace_hardirqs_off_caller+0x65/0x220 [ 611.239619] ? trace_hardirqs_on_caller+0x6a/0x220 [ 611.244554] ? page_fault+0x8/0x30 [ 611.248115] do_page_fault+0x71/0x581 [ 611.251922] ? page_fault+0x8/0x30 [ 611.255499] page_fault+0x1e/0x30 [ 611.258954] RIP: 0033:0x404c58 [ 611.262154] Code: a4 02 00 00 80 3d 3f b8 64 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 2c b8 64 00 39 45 24 0f 84 f7 01 00 00 44 8b a5 80 00 00 00 13 d2 ff ff 48 2b 05 ac 33 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 611.281081] RSP: 002b:00007f546898bc90 EFLAGS: 00010246 [ 611.286455] RAX: 00007f546a98d000 RBX: 0000000000000b37 RCX: 0000000000458c29 [ 611.293727] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 [ 611.300998] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 611.308294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 611.315577] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 611.333986] Task in /syz3 killed as a result of limit of /syz3 [ 611.340020] memory: usage 307044kB, limit 307200kB, failcnt 2421 [ 611.347093] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 611.356807] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 611.364100] Memory cgroup stats for /syz3: cache:88KB rss:199584KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:199632KB inactive_file:4KB active_file:0KB unevictable:0KB [ 611.410485] Memory cgroup out of memory: Kill process 23996 (syz-executor.3) score 124 or sacrifice child [ 611.426455] Killed process 23996 (syz-executor.3) total-vm:72584kB, anon-rss:2216kB, file-rss:35800kB, shmem-rss:0kB [ 611.469161] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 611.492030] syz-executor.3 cpuset= [ 611.517204] syz3 mems_allowed=0-1 [ 611.526060] CPU: 1 PID: 6951 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 611.532924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 611.542275] Call Trace: [ 611.544874] dump_stack+0x172/0x1f0 [ 611.548517] dump_header+0x15e/0x929 [ 611.552246] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 611.557353] ? ___ratelimit+0x60/0x595 [ 611.561252] ? do_raw_spin_unlock+0x57/0x270 [ 611.565676] oom_kill_process.cold+0x10/0x6f5 [ 611.570179] ? task_will_free_mem+0x139/0x6e0 [ 611.574687] out_of_memory+0x936/0x12d0 [ 611.578677] ? oom_killer_disable+0x280/0x280 [ 611.583267] ? find_held_lock+0x35/0x130 [ 611.587347] mem_cgroup_out_of_memory+0x1d2/0x240 [ 611.592202] ? memcg_event_wake+0x230/0x230 [ 611.596543] ? do_raw_spin_unlock+0x57/0x270 [ 611.602443] ? _raw_spin_unlock+0x2d/0x50 [ 611.606603] try_charge+0xd25/0x15b0 [ 611.610325] ? find_held_lock+0x35/0x130 [ 611.614404] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 611.619255] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 611.624106] ? find_held_lock+0x35/0x130 [ 611.628173] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 611.633035] memcg_kmem_charge_memcg+0x7c/0x130 [ 611.637715] ? memcg_kmem_put_cache+0xb0/0xb0 [ 611.642232] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 611.647096] memcg_kmem_charge+0x136/0x300 [ 611.651344] __alloc_pages_nodemask+0x3c6/0x760 [ 611.656022] ? __alloc_pages_slowpath+0x2870/0x2870 [ 611.661050] ? __lock_acquire+0x6eb/0x48f0 [ 611.665298] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 611.670937] alloc_pages_current+0x107/0x210 [ 611.675356] pte_alloc_one+0x1b/0x1a0 [ 611.679161] __handle_mm_fault+0x3533/0x3f80 [ 611.683589] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 611.688436] ? find_held_lock+0x35/0x130 [ 611.692503] ? handle_mm_fault+0x322/0xb30 [ 611.696755] ? kasan_check_read+0x11/0x20 [ 611.700910] handle_mm_fault+0x43f/0xb30 [ 611.704983] __do_page_fault+0x62a/0xe90 [ 611.709058] ? vmalloc_fault+0x770/0x770 [ 611.713137] ? trace_hardirqs_off_caller+0x65/0x220 [ 611.718161] ? trace_hardirqs_on_caller+0x6a/0x220 [ 611.723099] ? page_fault+0x8/0x30 [ 611.726650] do_page_fault+0x71/0x581 [ 611.730453] ? page_fault+0x8/0x30 [ 611.733998] page_fault+0x1e/0x30 [ 611.737451] RIP: 0033:0x458c29 [ 611.740658] Code: Bad RIP value. [ 611.744020] RSP: 002b:00007f546896ac78 EFLAGS: 00010246 [ 611.749382] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000458c29 [ 611.756649] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000200000 [ 611.764266] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 611.771538] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546896b6d4 [ 611.778808] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 611.850924] Task in /syz3 killed as a result of limit of /syz3 [ 611.857176] memory: usage 306848kB, limit 307200kB, failcnt 2421 [ 611.863567] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 611.870499] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 611.876897] Memory cgroup stats for /syz3: cache:88KB rss:199584KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:199608KB inactive_file:4KB active_file:0KB unevictable:0KB [ 611.898127] Memory cgroup out of memory: Kill process 25093 (syz-executor.3) score 124 or sacrifice child [ 611.908241] Killed process 25093 (syz-executor.3) total-vm:72584kB, anon-rss:2216kB, file-rss:35800kB, shmem-rss:0kB [ 612.083798] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 612.146587] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 612.201141] CPU: 0 PID: 6952 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 612.208034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 612.217394] Call Trace: [ 612.219999] dump_stack+0x172/0x1f0 [ 612.223636] dump_header+0x15e/0x929 [ 612.227354] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 612.232558] ? ___ratelimit+0x60/0x595 [ 612.236444] ? do_raw_spin_unlock+0x57/0x270 [ 612.240860] oom_kill_process.cold+0x10/0x6f5 [ 612.245365] ? task_will_free_mem+0x139/0x6e0 [ 612.249870] out_of_memory+0x936/0x12d0 [ 612.253859] ? oom_killer_disable+0x280/0x280 [ 612.258356] ? find_held_lock+0x35/0x130 [ 612.262433] mem_cgroup_out_of_memory+0x1d2/0x240 [ 612.267277] ? memcg_event_wake+0x230/0x230 [ 612.271606] ? do_raw_spin_unlock+0x57/0x270 [ 612.276019] ? _raw_spin_unlock+0x2d/0x50 [ 612.280201] try_charge+0xd25/0x15b0 [ 612.283924] ? find_held_lock+0x35/0x130 [ 612.287996] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 612.292942] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 612.297788] ? find_held_lock+0x35/0x130 [ 612.301851] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 612.306708] memcg_kmem_charge_memcg+0x7c/0x130 [ 612.311384] ? memcg_kmem_put_cache+0xb0/0xb0 [ 612.315910] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 612.320758] memcg_kmem_charge+0x136/0x300 [ 612.324997] __alloc_pages_nodemask+0x3c6/0x760 [ 612.329671] ? __alloc_pages_slowpath+0x2870/0x2870 [ 612.334810] ? __lock_acquire+0x6eb/0x48f0 [ 612.339057] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 612.344607] alloc_pages_current+0x107/0x210 [ 612.349023] pte_alloc_one+0x1b/0x1a0 [ 612.352827] __handle_mm_fault+0x3533/0x3f80 [ 612.357263] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 612.362226] ? find_held_lock+0x35/0x130 [ 612.366290] ? handle_mm_fault+0x322/0xb30 [ 612.370544] ? kasan_check_read+0x11/0x20 [ 612.374701] handle_mm_fault+0x43f/0xb30 [ 612.378772] __do_page_fault+0x62a/0xe90 [ 612.382842] ? vmalloc_fault+0x770/0x770 [ 612.386908] ? trace_hardirqs_off_caller+0x65/0x220 [ 612.391927] ? trace_hardirqs_on_caller+0x6a/0x220 [ 612.396860] ? page_fault+0x8/0x30 [ 612.400409] do_page_fault+0x71/0x581 [ 612.404208] ? page_fault+0x8/0x30 [ 612.407751] page_fault+0x1e/0x30 [ 612.411204] RIP: 0033:0x458c29 [ 612.414417] Code: Bad RIP value. [ 612.417781] RSP: 002b:00007f546898bc78 EFLAGS: 00010246 [ 612.423154] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000458c29 [ 612.430515] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 612.437784] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 612.445056] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546898c6d4 [ 612.452326] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 612.610848] Task in /syz3 killed as a result of limit of /syz3 [ 612.616909] memory: usage 304652kB, limit 307200kB, failcnt 2421 [ 612.720751] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 612.727556] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 612.942753] Memory cgroup stats for /syz3: cache:88KB rss:195444KB rss_huge:149504KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:195356KB inactive_file:4KB active_file:0KB unevictable:0KB [ 613.104716] Memory cgroup out of memory: Kill process 25269 (syz-executor.3) score 124 or sacrifice child [ 613.115350] Killed process 25269 (syz-executor.3) total-vm:72584kB, anon-rss:2216kB, file-rss:35800kB, shmem-rss:0kB 01:45:40 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = syz_open_dev$usbmon(&(0x7f00000002c0)='/dev/usbmon#\x00', 0x6, 0x80) ioctl$NBD_DISCONNECT(r1, 0xab08) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) open(&(0x7f0000000080)='.\x00', 0x40, 0xd) ioctl$EVIOCGUNIQ(r2, 0x80404508, &(0x7f00000001c0)=""/199) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) setsockopt$RDS_GET_MR(r2, 0x114, 0x2, &(0x7f0000000140)={{&(0x7f0000000080)}, &(0x7f0000000100), 0x20}, 0x20) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:45:40 executing program 5: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, &(0x7f0000000400)=""/68, &(0x7f0000000540)=0x44) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, 0x0) setxattr$trusted_overlay_opaque(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000640)='trusted.overlay.opaque\x00', &(0x7f0000000680)='y\x00', 0x147, 0x0) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x78c) lsetxattr$trusted_overlay_opaque(0x0, &(0x7f0000000300)='trusted.overlay.opaque\x00', 0x0, 0x0, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80885659, &(0x7f0000000480)={0x0, @frame_sync}) ioctl$SG_GET_SCSI_ID(r2, 0x2276, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_dev$dri(&(0x7f0000000080)='/dev/dri/card#\x00', 0xba, 0x10000) sendmsg(r0, 0x0, 0x0) 01:45:40 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x4788}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:45:44 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r2, 0xc0305616, &(0x7f0000000100)={0x0, {0x0, 0x4}}) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$sock_bt_bnep_BNEPGETCONNINFO(r2, 0x800442d3, &(0x7f0000000080)={0x80, 0x6, 0x100000000, @local, 'veth1_to_bond\x00'}) getsockopt$IP_VS_SO_GET_VERSION(r1, 0x0, 0x480, &(0x7f0000000140), &(0x7f0000000200)=0x40) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r3, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:44 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x4888}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 618.435371] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 618.454171] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 618.516062] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 618.537393] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 618.570031] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 618.585113] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 618.598880] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 618.617433] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 01:45:47 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x70030000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:47 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:47 executing program 5: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r2 = syz_open_dev$video(0x0, 0x4000000000000002, 0x20200) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, &(0x7f0000000400)=""/68, &(0x7f0000000540)=0x44) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, 0x0) setxattr$trusted_overlay_opaque(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000640)='trusted.overlay.opaque\x00', &(0x7f0000000680)='y\x00', 0x147, 0x0) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, 0x0) r4 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x400788) fchmod(r4, 0x4c) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000140)={&(0x7f0000000100)='./file0\x00', 0x0, 0x8}, 0x10) lsetxattr$trusted_overlay_opaque(0x0, &(0x7f0000000300)='trusted.overlay.opaque\x00', 0x0, 0x0, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$P9_RFSYNC(r3, &(0x7f0000000080)={0x7, 0x33, 0x1}, 0x7) ioctl$TIOCGPTPEER(r3, 0x5441, 0x800) ioctl$VIDIOC_DQEVENT(r2, 0x80885659, &(0x7f0000000580)={0x0, @frame_sync}) ioctl$SG_GET_SCSI_ID(r3, 0x2276, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) r5 = syz_genetlink_get_family_id$SEG6(&(0x7f0000000200)='SEG6\x00') sendmsg$SEG6_CMD_SET_TUNSRC(r3, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x40, r5, 0x404, 0x70bd27, 0x25dfdbfc, {}, [@SEG6_ATTR_HMACKEYID={0x8, 0x3, 0xfff}, @SEG6_ATTR_SECRET={0x4}, @SEG6_ATTR_SECRETLEN={0x8, 0x5, 0x4}, @SEG6_ATTR_HMACKEYID={0x8, 0x3, 0x8}, @SEG6_ATTR_SECRET={0x10, 0x4, [0x4, 0xff, 0x5]}]}, 0x40}, 0x1, 0x0, 0x0, 0x40}, 0x10) write$eventfd(r3, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, 0x0, 0x0) 01:45:47 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x2000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:45:47 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x6488}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:45:47 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) 01:45:47 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x800e}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 621.071852] FS-Cache: Duplicate cookie detected [ 621.076741] FS-Cache: O-cookie c=00000000ccfe382e [p=000000004114b303 fl=222 nc=0 na=1] [ 621.085135] FS-Cache: O-cookie d=00000000656b88e0 n=00000000f3854f3c [ 621.092081] FS-Cache: O-key=[10] '02000200000002000000' [ 621.098001] FS-Cache: N-cookie c=00000000502070ff [p=000000004114b303 fl=2 nc=0 na=1] [ 621.106132] FS-Cache: N-cookie d=00000000656b88e0 n=00000000a2918066 01:45:47 executing program 5: r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, &(0x7f0000000400)=""/68, &(0x7f0000000540)=0x44) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, 0x0) setxattr$trusted_overlay_opaque(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000640)='trusted.overlay.opaque\x00', &(0x7f0000000680)='y\x00', 0x147, 0x0) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_GET_BEARER_NAMES(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8008}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x1c, r3, 0x11e, 0x70bd27, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x1c}}, 0x10) getpgid(0x0) epoll_create(0x78c) lsetxattr$trusted_overlay_opaque(0x0, &(0x7f0000000300)='trusted.overlay.opaque\x00', 0x0, 0x0, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video37\x00', 0x2, 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80885659, &(0x7f0000000480)={0x0, @frame_sync}) ioctl$SG_GET_SCSI_ID(r2, 0x2276, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:45:47 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x8035}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 621.111311] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 621.112811] FS-Cache: N-key=[10] '02000200000002000000' [ 621.175935] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 621.221042] CPU: 1 PID: 6987 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 621.227941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 621.231167] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 621.237318] Call Trace: [ 621.237345] dump_stack+0x172/0x1f0 [ 621.237366] dump_header+0x15e/0x929 [ 621.252649] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 621.254729] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 01:45:47 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x87400000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 621.254751] ? ___ratelimit+0x60/0x595 [ 621.264513] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 621.268442] ? do_raw_spin_unlock+0x57/0x270 [ 621.268466] oom_kill_process.cold+0x10/0x6f5 [ 621.268483] ? task_will_free_mem+0x139/0x6e0 [ 621.273013] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 621.279808] out_of_memory+0x936/0x12d0 [ 621.279830] ? lock_downgrade+0x810/0x810 [ 621.279845] ? oom_killer_disable+0x280/0x280 [ 621.279861] ? find_held_lock+0x35/0x130 [ 621.318526] mem_cgroup_out_of_memory+0x1d2/0x240 [ 621.323395] ? memcg_event_wake+0x230/0x230 [ 621.327737] ? do_raw_spin_unlock+0x57/0x270 [ 621.332159] ? _raw_spin_unlock+0x2d/0x50 [ 621.336320] try_charge+0x1028/0x15b0 [ 621.340127] ? find_held_lock+0x35/0x130 [ 621.344309] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 621.349175] ? kasan_check_read+0x11/0x20 [ 621.353512] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 621.358385] mem_cgroup_try_charge+0x24d/0x5e0 [ 621.362982] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 621.367924] wp_page_copy+0x430/0x16a0 [ 621.371774] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 621.371823] ? follow_pfn+0x2a0/0x2a0 [ 621.383060] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 621.388193] ? kasan_check_read+0x11/0x20 [ 621.392372] ? do_raw_spin_unlock+0x57/0x270 [ 621.396801] do_wp_page+0x57d/0x10b0 [ 621.400531] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 621.405219] ? kasan_check_write+0x14/0x20 [ 621.409475] ? do_raw_spin_lock+0xc8/0x240 [ 621.409723] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 621.413715] __handle_mm_fault+0x230a/0x3f80 [ 621.413737] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 621.413754] ? find_held_lock+0x35/0x130 [ 621.413766] ? handle_mm_fault+0x322/0xb30 [ 621.413794] ? kasan_check_read+0x11/0x20 [ 621.413810] handle_mm_fault+0x43f/0xb30 [ 621.450025] __do_page_fault+0x62a/0xe90 [ 621.454113] ? vmalloc_fault+0x770/0x770 [ 621.458189] ? trace_hardirqs_off_caller+0x65/0x220 [ 621.462270] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 621.463219] ? trace_hardirqs_on_caller+0x6a/0x220 [ 621.463239] ? page_fault+0x8/0x30 [ 621.463259] do_page_fault+0x71/0x581 [ 621.471502] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 621.475640] ? page_fault+0x8/0x30 [ 621.475657] page_fault+0x1e/0x30 [ 621.475670] RIP: 0033:0x40bdab [ 621.475686] Code: 74 28 41 8b 07 85 c0 0f 85 f8 00 00 00 41 83 c5 01 49 81 c4 a0 00 00 00 41 83 fd 10 75 d4 bf 05 e3 4b 00 31 c0 e8 85 5a ff ff <41> c6 44 24 f8 01 45 89 6c 24 f4 4c 89 e7 41 c6 44 24 15 00 41 c7 [ 621.475693] RSP: 002b:00007ffe7cbd7d60 EFLAGS: 00010246 [ 621.523699] FS-Cache: Duplicate cookie detected [ 621.525899] RAX: 0000000000000000 RBX: 000000000073bf0c RCX: 00007ffe7cbd7e08 [ 621.525909] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000000 [ 621.525917] RBP: 000000000073bfa0 R08: 00007ffe7cbd7e10 R09: 00000000007415c0 [ 621.525926] R10: 00007ffe7cbd7e20 R11: 0000000000000246 R12: 000000000073bfac [ 621.525935] R13: 0000000000000001 R14: 0000000000000005 R15: 000000000073bfac [ 621.531520] FS-Cache: O-cookie c=000000008939762d [p=000000004114b303 fl=222 nc=0 na=1] [ 621.545421] FS-Cache: O-cookie d=00000000656b88e0 n=000000003cbba116 [ 621.570904] Task in [ 621.575728] FS-Cache: O-key=[10] ' [ 621.582159] /syz1 [ 621.584516] 02 [ 621.588001] killed as a result of limit of /syz1 [ 621.588023] memory: usage 307200kB, limit 307200kB, failcnt 858 [ 621.588033] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 621.588046] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 621.590116] 00 [ 621.591911] Memory cgroup stats for /syz1: cache:64KB rss:183876KB rss_huge:122880KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:183872KB inactive_file:0KB active_file:0KB unevictable:0KB [ 621.592015] Memory cgroup out of memory: Kill process 30521 (syz-executor.1) score 1113 or sacrifice child [ 621.592088] Killed process 30522 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:34816kB, shmem-rss:0kB [ 621.596924] 0200000002000000' [ 621.665473] FS-Cache: N-cookie c=0000000087fab216 [p=000000004114b303 fl=2 nc=0 na=1] [ 621.673742] FS-Cache: N-cookie d=00000000656b88e0 n=000000005f68728a [ 621.680379] FS-Cache: N-key=[10] '02000200000002000000' [ 621.686297] FS-Cache: Duplicate cookie detected [ 621.691197] FS-Cache: O-cookie c=000000008939762d [p=000000004114b303 fl=222 nc=0 na=1] [ 621.699363] FS-Cache: O-cookie d= (null) n= (null) [ 621.705980] FS-Cache: O-key=[10] '02000200000002000000' [ 621.711480] FS-Cache: N-cookie c=00000000b16e7732 [p=000000004114b303 fl=2 nc=0 na=1] [ 621.719457] FS-Cache: N-cookie d=00000000656b88e0 n=00000000c5cb0729 [ 621.726072] FS-Cache: N-key=[10] '02000200000002000000' [ 621.747378] FS-Cache: Duplicate cookie detected [ 621.752308] FS-Cache: O-cookie c=000000008939762d [p=000000004114b303 fl=212 nc=0 na=0] [ 621.760585] FS-Cache: O-cookie d= (null) n= (null) [ 621.767378] FS-Cache: O-key=[10] '02000200000002000000' 01:45:48 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x8100}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 621.773437] FS-Cache: N-cookie c=000000009dc0fd63 [p=000000004114b303 fl=2 nc=0 na=1] [ 621.781593] FS-Cache: N-cookie d=00000000656b88e0 n=0000000079656268 [ 621.788158] FS-Cache: N-key=[10] '02000200000002000000' [ 621.805584] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 621.889331] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 621.911303] CPU: 1 PID: 6994 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 621.918202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 621.927562] Call Trace: [ 621.930171] dump_stack+0x172/0x1f0 [ 621.933821] dump_header+0x15e/0x929 [ 621.937549] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 621.942757] ? ___ratelimit+0x60/0x595 [ 621.946649] ? do_raw_spin_unlock+0x57/0x270 [ 621.951092] oom_kill_process.cold+0x10/0x6f5 [ 621.955731] ? out_of_memory+0xa72/0x12d0 [ 621.959893] ? mem_cgroup_get_max+0x2a/0x240 [ 621.964325] out_of_memory+0x936/0x12d0 [ 621.968323] ? oom_killer_disable+0x280/0x280 [ 621.972825] ? find_held_lock+0x35/0x130 [ 621.976911] mem_cgroup_out_of_memory+0x1d2/0x240 [ 621.981852] ? memcg_event_wake+0x230/0x230 [ 621.986197] ? do_raw_spin_unlock+0x57/0x270 01:45:48 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r2 = syz_open_dev$video(0x0, 0x3, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f0000000100)={0x2, 'bridge_slave_0\x00', 0x2}, 0x18) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) ioctl$VIDIOC_SUBDEV_S_CROP(r2, 0xc038563c, &(0x7f0000000080)={0x1, 0x0, {0x7f, 0x2, 0x2, 0x1}}) ioctl$KDDELIO(r1, 0x4b35, 0x5) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) [ 621.990623] ? _raw_spin_unlock+0x2d/0x50 [ 621.994786] try_charge+0xd25/0x15b0 [ 621.998516] ? find_held_lock+0x35/0x130 [ 622.002596] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 622.007442] ? kasan_check_read+0x11/0x20 [ 622.011599] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 622.016468] mem_cgroup_try_charge+0x24d/0x5e0 [ 622.021068] ? audit_add_tree_rule.cold+0x3d/0x3d [ 622.025926] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 622.030872] wp_page_copy+0x430/0x16a0 [ 622.034780] ? follow_pfn+0x2a0/0x2a0 [ 622.038595] ? kasan_check_read+0x11/0x20 [ 622.042758] ? do_raw_spin_unlock+0x57/0x270 [ 622.047196] do_wp_page+0x57d/0x10b0 [ 622.050925] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 622.055610] ? kasan_check_write+0x14/0x20 [ 622.059858] ? do_raw_spin_lock+0xc8/0x240 [ 622.064111] __handle_mm_fault+0x230a/0x3f80 [ 622.068537] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 622.073385] ? find_held_lock+0x35/0x130 [ 622.077433] ? handle_mm_fault+0x322/0xb30 [ 622.081664] ? kasan_check_read+0x11/0x20 [ 622.085809] handle_mm_fault+0x43f/0xb30 [ 622.089867] __do_page_fault+0x62a/0xe90 [ 622.093931] ? blkcg_print_stat+0xb90/0xb90 [ 622.098258] ? vmalloc_fault+0x770/0x770 [ 622.102330] ? trace_hardirqs_off_caller+0x65/0x220 [ 622.107336] ? trace_hardirqs_on_caller+0x6a/0x220 [ 622.112255] ? page_fault+0x8/0x30 [ 622.115819] do_page_fault+0x71/0x581 [ 622.119619] ? page_fault+0x8/0x30 [ 622.123146] page_fault+0x1e/0x30 [ 622.126594] RIP: 0033:0x404bee 01:45:48 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r3 = creat(&(0x7f0000000200)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0xffffffffffffffff) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000002c0)={0x0, 0x0, 0x0}, &(0x7f0000000300)=0xc) fcntl$F_GET_RW_HINT(r2, 0x40b, &(0x7f0000000400)) r6 = gettid() getpgid(0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f00000003c0)) r7 = getpgrp(0xffffffffffffffff) getpgid(r7) openat$selinux_create(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/create\x00', 0x2, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r3, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) r8 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$set_timeout(0xf, r8, 0x2) setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000440)={r6, r4, r5}, 0xc) [ 622.129782] Code: 48 8b 55 40 48 8b 75 38 48 8b 7d 30 ff 75 70 ff 75 68 ff 75 60 4c 8b 4d 58 4c 8b 45 50 ff d0 48 83 c4 20 48 89 c3 48 83 fb ff <48> 89 5d 78 41 8b 04 24 0f 85 d4 00 00 00 85 c0 0f 85 cc 00 00 00 [ 622.148788] RSP: 002b:00007f66b1fafc90 EFLAGS: 00010217 [ 622.154171] RAX: 0000000000000000 RBX: 0000000000000aa9 RCX: 0000000000458c29 [ 622.161517] RDX: 0000000000404ba6 RSI: 0000000000000000 RDI: 0000000000000000 [ 622.168790] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 622.176045] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b1fb06d4 [ 622.183393] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 622.202393] Task in /syz1 killed as a result of limit of /syz1 [ 622.208748] memory: usage 304940kB, limit 307200kB, failcnt 858 [ 622.228335] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 622.245036] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 622.261080] Memory cgroup stats for /syz1: cache:64KB rss:181788KB rss_huge:120832KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:181768KB inactive_file:0KB active_file:0KB unevictable:0KB [ 622.284429] Memory cgroup out of memory: Kill process 30521 (syz-executor.1) score 1113 or sacrifice child [ 622.294738] Killed process 30521 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:35808kB, shmem-rss:0kB [ 622.320592] syz-executor.1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 622.338694] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 622.344606] CPU: 0 PID: 7005 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 622.351469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 622.360834] Call Trace: [ 622.363440] dump_stack+0x172/0x1f0 [ 622.367086] dump_header+0x15e/0x929 [ 622.370816] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 622.375934] ? ___ratelimit+0x60/0x595 [ 622.379827] ? do_raw_spin_unlock+0x57/0x270 [ 622.384251] oom_kill_process.cold+0x10/0x6f5 [ 622.388771] ? task_will_free_mem+0x139/0x6e0 [ 622.393404] out_of_memory+0x936/0x12d0 [ 622.397398] ? oom_killer_disable+0x280/0x280 [ 622.401904] ? find_held_lock+0x35/0x130 [ 622.405986] mem_cgroup_out_of_memory+0x1d2/0x240 [ 622.410843] ? memcg_event_wake+0x230/0x230 [ 622.415191] ? do_raw_spin_unlock+0x57/0x270 [ 622.419602] ? _raw_spin_unlock+0x2d/0x50 [ 622.423764] try_charge+0xd25/0x15b0 [ 622.427469] ? find_held_lock+0x35/0x130 [ 622.431009] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 622.431537] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 622.431550] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 622.431569] ? find_held_lock+0x35/0x130 [ 622.439430] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 622.443928] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 622.443957] memcg_kmem_charge_memcg+0x7c/0x130 [ 622.443971] ? memcg_kmem_put_cache+0xb0/0xb0 [ 622.443988] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 622.444005] memcg_kmem_charge+0x136/0x300 [ 622.444021] __alloc_pages_nodemask+0x3c6/0x760 [ 622.444036] ? __alloc_pages_slowpath+0x2870/0x2870 [ 622.444054] ? lockdep_hardirqs_on+0x415/0x5d0 [ 622.449511] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 622.452944] ? __lock_acquire+0x6eb/0x48f0 [ 622.452961] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 622.452979] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 01:45:49 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:49 executing program 5: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, &(0x7f0000000400)=""/68, &(0x7f0000000540)=0x44) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, 0x0) ioctl$FIONREAD(r2, 0x541b, &(0x7f0000000100)) setxattr$trusted_overlay_opaque(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000640)='trusted.overlay.opaque\x00', &(0x7f0000000680)='y\x00', 0x147, 0x0) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x78c) lsetxattr$trusted_overlay_opaque(0x0, &(0x7f0000000300)='trusted.overlay.opaque\x00', 0x0, 0x0, 0x0) clone(0x4000802102001ff6, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80885659, &(0x7f0000000480)={0x0, @frame_sync}) ioctl$SG_GET_SCSI_ID(r3, 0x2276, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r3, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f0000000080)={0x5, 0x7ff, 0x81, 0x7}) 01:45:49 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x8847}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:45:49 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x8848}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 622.452998] alloc_pages_current+0x107/0x210 [ 622.453017] pte_alloc_one+0x1b/0x1a0 [ 622.453036] __handle_mm_fault+0x3533/0x3f80 [ 622.464956] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 622.466352] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 622.466370] ? find_held_lock+0x35/0x130 [ 622.466383] ? handle_mm_fault+0x322/0xb30 [ 622.466410] ? kasan_check_read+0x11/0x20 [ 622.559707] handle_mm_fault+0x43f/0xb30 [ 622.563901] __do_page_fault+0x62a/0xe90 01:45:49 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x8864}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 622.567987] ? vmalloc_fault+0x770/0x770 [ 622.572069] ? trace_hardirqs_off_caller+0x65/0x220 [ 622.577102] ? trace_hardirqs_on_caller+0x6a/0x220 [ 622.582050] ? page_fault+0x8/0x30 [ 622.585626] do_page_fault+0x71/0x581 [ 622.589449] ? page_fault+0x8/0x30 [ 622.592997] page_fault+0x1e/0x30 [ 622.596458] RIP: 0033:0x458c29 [ 622.599665] Code: Bad RIP value. [ 622.603029] RSP: 002b:00007f66b1fafc78 EFLAGS: 00010246 [ 622.608398] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000458c29 [ 622.615675] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 622.622948] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 622.630222] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b1fb06d4 [ 622.637507] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff 01:45:49 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x8906}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 622.733711] Task in /syz1 killed as a result of limit of /syz1 [ 622.758772] memory: usage 305048kB, limit 307200kB, failcnt 858 01:45:49 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0xf000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 622.780465] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 622.799707] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 622.823499] Memory cgroup stats for /syz1: cache:64KB rss:181860KB rss_huge:122880KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:181844KB inactive_file:4KB active_file:12KB unevictable:0KB 01:45:49 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0xf0ffff}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 622.883348] Memory cgroup out of memory: Kill process 903 (syz-executor.1) score 1113 or sacrifice child [ 622.902088] Killed process 903 (syz-executor.1) total-vm:72584kB, anon-rss:2204kB, file-rss:35800kB, shmem-rss:0kB [ 622.970630] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 622.984600] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 623.000983] CPU: 1 PID: 7014 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 623.007868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 623.017238] Call Trace: [ 623.019847] dump_stack+0x172/0x1f0 [ 623.023492] dump_header+0x15e/0x929 [ 623.027232] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 623.032344] ? ___ratelimit+0x60/0x595 [ 623.036242] ? do_raw_spin_unlock+0x57/0x270 [ 623.040666] oom_kill_process.cold+0x10/0x6f5 [ 623.045179] ? task_will_free_mem+0x139/0x6e0 [ 623.049695] out_of_memory+0x936/0x12d0 [ 623.053687] ? oom_killer_disable+0x280/0x280 [ 623.058184] ? find_held_lock+0x35/0x130 [ 623.062357] mem_cgroup_out_of_memory+0x1d2/0x240 [ 623.067189] ? memcg_event_wake+0x230/0x230 [ 623.071504] ? do_raw_spin_unlock+0x57/0x270 [ 623.075903] ? _raw_spin_unlock+0x2d/0x50 [ 623.080039] try_charge+0x1028/0x15b0 [ 623.083826] ? find_held_lock+0x35/0x130 [ 623.087874] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 623.092702] ? kasan_check_read+0x11/0x20 [ 623.096837] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 623.101679] mem_cgroup_try_charge+0x24d/0x5e0 [ 623.106250] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 623.111166] wp_page_copy+0x430/0x16a0 [ 623.115040] ? follow_pfn+0x2a0/0x2a0 [ 623.118829] ? kasan_check_read+0x11/0x20 [ 623.122960] ? do_raw_spin_unlock+0x57/0x270 [ 623.127367] do_wp_page+0x57d/0x10b0 [ 623.131076] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 623.135726] ? kasan_check_write+0x14/0x20 [ 623.139943] ? do_raw_spin_lock+0xc8/0x240 [ 623.144165] __handle_mm_fault+0x230a/0x3f80 [ 623.148559] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 623.153388] ? find_held_lock+0x35/0x130 [ 623.157431] ? handle_mm_fault+0x322/0xb30 [ 623.161677] ? kasan_check_read+0x11/0x20 [ 623.165902] handle_mm_fault+0x43f/0xb30 [ 623.169953] __do_page_fault+0x62a/0xe90 [ 623.174003] ? vmalloc_fault+0x770/0x770 [ 623.178050] ? trace_hardirqs_off_caller+0x65/0x220 [ 623.183056] ? trace_hardirqs_on_caller+0x6a/0x220 [ 623.187979] ? page_fault+0x8/0x30 [ 623.191507] do_page_fault+0x71/0x581 [ 623.195306] ? page_fault+0x8/0x30 [ 623.198845] page_fault+0x1e/0x30 [ 623.202282] RIP: 0033:0x401699 [ 623.205465] Code: 00 48 83 ec 08 48 8b 15 1d ee 64 00 48 8b 05 0e ee 64 00 48 39 d0 48 8d 8a 00 00 00 01 72 17 48 39 c8 73 12 48 8d 50 04 89 38 <48> 89 15 f0 ed 64 00 48 83 c4 08 c3 48 89 c6 bf c8 88 4c 00 31 c0 [ 623.224349] RSP: 002b:00007ffc0bec0150 EFLAGS: 00010287 [ 623.229697] RAX: 0000001b2c5271cc RBX: 0000000000000003 RCX: 0000001b2d520000 [ 623.236951] RDX: 0000001b2c5271d0 RSI: 0000000000000001 RDI: 000000000000000e [ 623.244209] RBP: 0000000000000000 R08: 0000000000097b13 R09: 0000000000097b13 [ 623.251562] R10: 00007ffc0bec0290 R11: 0000000000000246 R12: 000000000000002d [ 623.258814] R13: 0000000000097b3d R14: 000000000073bf00 R15: 000000000073bf0c [ 623.268724] Task in /syz4 killed as a result of limit of /syz4 [ 623.280590] memory: usage 307200kB, limit 307200kB, failcnt 1423 [ 623.287461] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 623.300220] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 623.307413] Memory cgroup stats for /syz4: cache:20KB rss:188804KB rss_huge:131072KB shmem:16KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:188952KB inactive_file:4KB active_file:8KB unevictable:0KB [ 623.336654] Memory cgroup out of memory: Kill process 23742 (syz-executor.4) score 1113 or sacrifice child [ 623.348331] Killed process 23742 (syz-executor.4) total-vm:72452kB, anon-rss:2188kB, file-rss:35804kB, shmem-rss:0kB [ 623.368917] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 623.393991] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 623.399613] CPU: 0 PID: 7018 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 623.406454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 623.415958] Call Trace: [ 623.418583] dump_stack+0x172/0x1f0 [ 623.422234] dump_header+0x15e/0x929 [ 623.425959] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 623.431069] ? ___ratelimit+0x60/0x595 [ 623.436460] ? do_raw_spin_unlock+0x57/0x270 [ 623.440875] oom_kill_process.cold+0x10/0x6f5 [ 623.445384] ? task_will_free_mem+0x139/0x6e0 [ 623.449885] out_of_memory+0x936/0x12d0 [ 623.453865] ? oom_killer_disable+0x280/0x280 [ 623.458359] ? find_held_lock+0x35/0x130 [ 623.462433] mem_cgroup_out_of_memory+0x1d2/0x240 [ 623.467285] ? memcg_event_wake+0x230/0x230 [ 623.471612] ? do_raw_spin_unlock+0x57/0x270 [ 623.476113] ? _raw_spin_unlock+0x2d/0x50 [ 623.480358] try_charge+0xd25/0x15b0 [ 623.484075] ? find_held_lock+0x35/0x130 [ 623.488245] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 623.498657] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 623.503639] ? find_held_lock+0x35/0x130 [ 623.507712] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 623.512578] memcg_kmem_charge_memcg+0x7c/0x130 [ 623.517260] ? memcg_kmem_put_cache+0xb0/0xb0 [ 623.521768] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 623.526627] memcg_kmem_charge+0x136/0x300 [ 623.530873] __alloc_pages_nodemask+0x3c6/0x760 [ 623.535556] ? __alloc_pages_slowpath+0x2870/0x2870 [ 623.540577] ? __lock_acquire+0x6eb/0x48f0 [ 623.544817] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 623.550362] alloc_pages_current+0x107/0x210 [ 623.554784] pte_alloc_one+0x1b/0x1a0 [ 623.558615] __handle_mm_fault+0x3533/0x3f80 [ 623.563032] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 623.567879] ? find_held_lock+0x35/0x130 [ 623.571940] ? handle_mm_fault+0x322/0xb30 [ 623.576190] ? kasan_check_read+0x11/0x20 [ 623.580336] handle_mm_fault+0x43f/0xb30 [ 623.584413] __do_page_fault+0x62a/0xe90 [ 623.588478] ? vmalloc_fault+0x770/0x770 [ 623.592604] ? trace_hardirqs_off_caller+0x65/0x220 [ 623.597698] ? trace_hardirqs_on_caller+0x6a/0x220 [ 623.603685] ? page_fault+0x8/0x30 [ 623.607243] do_page_fault+0x71/0x581 [ 623.611050] ? page_fault+0x8/0x30 [ 623.614598] page_fault+0x1e/0x30 [ 623.618049] RIP: 0033:0x458c29 [ 623.621255] Code: Bad RIP value. [ 623.624618] RSP: 002b:00007f90eb557c78 EFLAGS: 00010246 [ 623.629978] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000458c29 [ 623.637354] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000087400000 [ 623.644621] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 623.651988] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f90eb5586d4 [ 623.659248] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 623.667557] Task in /syz4 killed as a result of limit of /syz4 [ 623.673649] memory: usage 305152kB, limit 307200kB, failcnt 1423 [ 623.679799] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 623.686815] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 623.693074] Memory cgroup stats for /syz4: cache:20KB rss:186776KB rss_huge:129024KB shmem:16KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:186804KB inactive_file:4KB active_file:8KB unevictable:0KB [ 623.714139] Memory cgroup out of memory: Kill process 23903 (syz-executor.4) score 1113 or sacrifice child [ 623.724101] Killed process 23903 (syz-executor.4) total-vm:72452kB, anon-rss:2188kB, file-rss:35804kB, shmem-rss:0kB [ 623.736388] oom_reaper: reaped process 23903 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 623.780134] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 623.792046] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 623.797610] CPU: 0 PID: 7016 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 623.804462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 623.814020] Call Trace: [ 623.816625] dump_stack+0x172/0x1f0 [ 623.820271] dump_header+0x15e/0x929 [ 623.824092] oom_kill_process.cold+0x10/0x6f5 [ 623.828587] ? retint_kernel+0x2d/0x2d [ 623.832487] out_of_memory+0x936/0x12d0 [ 623.836492] ? oom_killer_disable+0x280/0x280 [ 623.840988] ? trace_hardirqs_on_caller+0x6a/0x220 [ 623.845931] mem_cgroup_out_of_memory+0x1d2/0x240 [ 623.850788] ? memcg_event_wake+0x230/0x230 [ 623.855113] ? retint_kernel+0x2d/0x2d [ 623.859014] try_charge+0xd25/0x15b0 [ 623.862735] ? find_held_lock+0x35/0x130 [ 623.866812] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 623.871657] ? kasan_check_read+0x11/0x20 [ 623.875824] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 623.880678] mem_cgroup_try_charge+0x24d/0x5e0 [ 623.885292] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 623.890238] wp_page_copy+0x430/0x16a0 [ 623.894149] ? follow_pfn+0x2a0/0x2a0 [ 623.897942] ? kasan_check_read+0x11/0x20 [ 623.902180] ? do_raw_spin_unlock+0x57/0x270 [ 623.906602] do_wp_page+0x57d/0x10b0 [ 623.910319] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 623.914979] ? kasan_check_write+0x14/0x20 [ 623.919214] ? do_raw_spin_lock+0xc8/0x240 [ 623.923471] __handle_mm_fault+0x230a/0x3f80 [ 623.927896] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 623.932743] ? find_held_lock+0x35/0x130 [ 623.936855] ? handle_mm_fault+0x322/0xb30 [ 623.941104] ? kasan_check_read+0x11/0x20 [ 623.945273] handle_mm_fault+0x43f/0xb30 [ 623.949458] __do_page_fault+0x62a/0xe90 [ 623.953555] ? vmalloc_fault+0x770/0x770 [ 623.957732] ? trace_hardirqs_off_caller+0x65/0x220 [ 623.962808] ? trace_hardirqs_on_caller+0x6a/0x220 [ 623.967749] ? page_fault+0x8/0x30 [ 623.971305] do_page_fault+0x71/0x581 [ 623.975120] ? page_fault+0x8/0x30 [ 623.978668] page_fault+0x1e/0x30 [ 623.982231] RIP: 0033:0x4144b3 [ 623.985431] Code: e9 4c 89 e2 ff 74 24 48 4c 8b 4c 24 10 89 ee 4c 8b 44 24 18 48 89 df e8 cb f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 48 f7 d8 <64> 89 04 25 d4 ff ff ff 48 83 c8 ff c3 48 81 ec 98 00 00 00 31 ff [ 624.004342] RSP: 002b:00007f90eb557c78 EFLAGS: 00010217 [ 624.009721] RAX: 0000000000000065 RBX: 0000000000000005 RCX: 0000000000458c29 [ 624.016995] RDX: 0000000020000380 RSI: 0000000020000180 RDI: 0000000000000000 [ 624.024267] RBP: 000000000073bf00 R08: 0000000020000000 R09: 0000000000000000 [ 624.031537] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f90eb5586d4 [ 624.038814] R13: 00000000004c4c0e R14: 00000000004d8888 R15: 00000000ffffffff [ 624.047630] Task in /syz4 killed as a result of limit of /syz4 [ 624.054244] memory: usage 302840kB, limit 307200kB, failcnt 1423 [ 624.060594] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 624.067615] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 624.073928] Memory cgroup stats for /syz4: cache:20KB rss:184628KB rss_huge:126976KB shmem:16KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:184684KB inactive_file:8KB active_file:8KB unevictable:0KB [ 624.095705] Memory cgroup out of memory: Kill process 23944 (syz-executor.4) score 1113 or sacrifice child [ 624.105889] Killed process 23944 (syz-executor.4) total-vm:72452kB, anon-rss:2188kB, file-rss:35804kB, shmem-rss:0kB 01:45:50 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x1000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:45:50 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x88000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 624.176223] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 624.190247] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 624.197343] CPU: 0 PID: 7036 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 624.204208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 624.213575] Call Trace: [ 624.216188] dump_stack+0x172/0x1f0 [ 624.219930] dump_header+0x15e/0x929 [ 624.223657] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 624.228778] ? ___ratelimit+0x60/0x595 [ 624.232676] ? do_raw_spin_unlock+0x57/0x270 [ 624.237101] oom_kill_process.cold+0x10/0x6f5 [ 624.241633] ? out_of_memory+0xaed/0x12d0 [ 624.245800] out_of_memory+0x936/0x12d0 [ 624.249792] ? oom_killer_disable+0x280/0x280 [ 624.254298] ? find_held_lock+0x35/0x130 [ 624.258388] mem_cgroup_out_of_memory+0x1d2/0x240 [ 624.263249] ? memcg_event_wake+0x230/0x230 [ 624.267589] ? do_raw_spin_unlock+0x57/0x270 [ 624.272012] ? _raw_spin_unlock+0x2d/0x50 [ 624.276176] try_charge+0x1028/0x15b0 [ 624.279985] ? find_held_lock+0x35/0x130 [ 624.284094] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 624.288956] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 624.293814] ? find_held_lock+0x35/0x130 [ 624.297886] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 624.302756] memcg_kmem_charge_memcg+0x7c/0x130 [ 624.307437] ? memcg_kmem_put_cache+0xb0/0xb0 [ 624.311950] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 624.316811] memcg_kmem_charge+0x136/0x300 [ 624.319748] validate_nla: 4 callbacks suppressed [ 624.319757] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 624.321056] __alloc_pages_nodemask+0x3c6/0x760 [ 624.321075] ? __alloc_pages_slowpath+0x2870/0x2870 [ 624.321091] ? retint_kernel+0x2d/0x2d [ 624.321125] ? alloc_pages_current+0x1c7/0x210 [ 624.321143] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 624.321162] alloc_pages_current+0x107/0x210 [ 624.321181] pte_alloc_one+0x1b/0x1a0 [ 624.321195] __pte_alloc+0x2a/0x360 [ 624.321209] copy_page_range+0x151f/0x1f90 [ 624.321225] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 624.321260] ? pmd_alloc+0x180/0x180 [ 624.333446] ? __vma_link_rb+0x279/0x370 [ 624.343230] copy_process.part.0+0x5434/0x7970 [ 624.343275] ? __cleanup_sighand+0x70/0x70 [ 624.343309] _do_fork+0x257/0xfe0 [ 624.343333] ? fork_idle+0x1d0/0x1d0 [ 624.399608] nla_parse: 4 callbacks suppressed [ 624.399616] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 624.402143] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 624.402158] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 624.402172] ? do_syscall_64+0x26/0x610 [ 624.402190] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 624.402203] ? do_syscall_64+0x26/0x610 [ 624.402224] __x64_sys_clone+0xbf/0x150 [ 624.402240] do_syscall_64+0x103/0x610 [ 624.402258] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 624.446976] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 624.451157] RIP: 0033:0x458c29 [ 624.451179] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 624.451186] RSP: 002b:00007f546898bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 624.451205] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 624.451226] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 624.451237] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 624.451246] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546898c6d4 [ 624.451254] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 624.462516] Task in [ 624.518935] /syz3 killed as a result of limit of /syz3 [ 624.531373] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 624.538811] memory: usage 307200kB, limit 307200kB, failcnt 2436 [ 624.553335] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 624.560314] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 624.569027] Memory cgroup stats for /syz3: cache:88KB rss:199652KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:199700KB inactive_file:4KB active_file:4KB unevictable:0KB [ 624.594409] Memory cgroup out of memory: Kill process 25419 (syz-executor.3) score 124 or sacrifice child [ 624.606788] Killed process 25421 (syz-executor.3) total-vm:72584kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB [ 624.636266] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 624.662679] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 624.676287] CPU: 0 PID: 7734 Comm: syz-executor.0 Not tainted 4.19.35 #3 [ 624.683146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 624.692605] Call Trace: [ 624.695186] dump_stack+0x172/0x1f0 [ 624.700547] dump_header+0x15e/0x929 [ 624.704254] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 624.709342] ? ___ratelimit+0x60/0x595 [ 624.713218] ? do_raw_spin_unlock+0x57/0x270 [ 624.717617] oom_kill_process.cold+0x10/0x6f5 [ 624.722115] ? task_will_free_mem+0x139/0x6e0 [ 624.726598] out_of_memory+0x936/0x12d0 [ 624.730657] ? oom_killer_disable+0x280/0x280 [ 624.735148] ? find_held_lock+0x35/0x130 [ 624.739227] mem_cgroup_out_of_memory+0x1d2/0x240 [ 624.744053] ? memcg_event_wake+0x230/0x230 [ 624.748366] ? do_raw_spin_unlock+0x57/0x270 [ 624.752760] ? _raw_spin_unlock+0x2d/0x50 [ 624.756892] try_charge+0x1028/0x15b0 [ 624.760679] ? find_held_lock+0x35/0x130 [ 624.764739] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 624.769566] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 624.774516] ? find_held_lock+0x35/0x130 [ 624.778563] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 624.783396] memcg_kmem_charge_memcg+0x7c/0x130 [ 624.788053] ? memcg_kmem_put_cache+0xb0/0xb0 [ 624.792541] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 624.797502] memcg_kmem_charge+0x136/0x300 [ 624.801723] __alloc_pages_nodemask+0x3c6/0x760 [ 624.806379] ? __alloc_pages_slowpath+0x2870/0x2870 [ 624.811384] ? find_held_lock+0x35/0x130 [ 624.815456] ? copy_page_range+0x124f/0x1f90 [ 624.819858] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 624.825384] alloc_pages_current+0x107/0x210 [ 624.829790] pte_alloc_one+0x1b/0x1a0 [ 624.833575] __pte_alloc+0x2a/0x360 [ 624.837188] copy_page_range+0x151f/0x1f90 [ 624.841426] ? pmd_alloc+0x180/0x180 [ 624.845125] ? __vma_link_rb+0x279/0x370 [ 624.849174] copy_process.part.0+0x5434/0x7970 [ 624.853755] ? __cleanup_sighand+0x70/0x70 [ 624.857983] _do_fork+0x257/0xfe0 [ 624.861424] ? fork_idle+0x1d0/0x1d0 [ 624.865131] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 624.869869] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 624.874628] ? do_syscall_64+0x26/0x610 [ 624.878603] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 624.883958] ? do_syscall_64+0x26/0x610 [ 624.887922] __x64_sys_clone+0xbf/0x150 [ 624.891883] do_syscall_64+0x103/0x610 [ 624.895757] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 624.901015] RIP: 0033:0x4571fa [ 624.904194] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 624.923079] RSP: 002b:00007ffea8669c70 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 624.930786] RAX: ffffffffffffffda RBX: 00007ffea8669c70 RCX: 00000000004571fa [ 624.938061] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 624.945313] RBP: 00007ffea8669cb0 R08: 0000000000000001 R09: 0000000001389940 [ 624.952655] R10: 0000000001389c10 R11: 0000000000000246 R12: 0000000000000001 [ 624.960088] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffea8669d00 [ 624.972405] Task in /syz0 killed as a result of limit of /syz0 [ 624.978472] memory: usage 307200kB, limit 307200kB, failcnt 3474 [ 624.984676] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 624.991483] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 624.997620] Memory cgroup stats for /syz0: cache:0KB rss:203212KB rss_huge:155648KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:203440KB inactive_file:4KB active_file:4KB unevictable:8KB [ 625.018410] Memory cgroup out of memory: Kill process 6781 (syz-executor.0) score 124 or sacrifice child [ 625.028204] Killed process 6781 (syz-executor.0) total-vm:72716kB, anon-rss:2212kB, file-rss:35804kB, shmem-rss:0kB [ 625.059575] syz-executor.5 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 625.090802] syz-executor.5 cpuset=syz5 mems_allowed=0-1 [ 625.096236] CPU: 0 PID: 7043 Comm: syz-executor.5 Not tainted 4.19.35 #3 [ 625.103081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 625.112438] Call Trace: [ 625.115051] dump_stack+0x172/0x1f0 [ 625.118696] dump_header+0x15e/0x929 [ 625.122432] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 625.127543] ? ___ratelimit+0x60/0x595 [ 625.131429] ? do_raw_spin_unlock+0x57/0x270 [ 625.135846] oom_kill_process.cold+0x10/0x6f5 [ 625.140348] ? task_will_free_mem+0x139/0x6e0 [ 625.144859] out_of_memory+0x936/0x12d0 [ 625.148846] ? oom_killer_disable+0x280/0x280 [ 625.153346] ? find_held_lock+0x35/0x130 01:45:51 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x5, 0x70, 0x0, 0xffff, 0x2, 0x42117767, 0x0, 0xf6, 0x0, 0x4, 0xfffffffffffffffe, 0x1, 0x842, 0x2, 0x100000001, 0x800, 0x7, 0x62, 0x7f, 0x8000, 0x6777, 0x5, 0x400, 0x4, 0x8, 0x8, 0x6, 0x400, 0x7, 0x8, 0xa0, 0x7, 0x6, 0x7, 0x4, 0x9, 0x101, 0x7, 0x0, 0x1ff, 0x0, @perf_config_ext={0x4e4, 0xffffffff}, 0x20000, 0xfffffffffffffffb, 0x6, 0x7, 0x8, 0x4, 0x3}, r1, 0xc, 0xffffffffffffffff, 0x2) 01:45:51 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0xf0d5) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x6}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x2}, &(0x7f0000000200)=0xc) getsockopt$inet_sctp6_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f00000003c0)={r3, 0x9, 0x9, 0x8, 0x5, 0x9, 0xff9, 0x2, {r4, @in6={{0xa, 0x4e20, 0x100000000, @mcast1}}, 0x8, 0x9, 0x8, 0x4, 0x9}}, &(0x7f00000002c0)=0xb0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fstat(r1, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0}) lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(r5, r6) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:51 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 625.157428] mem_cgroup_out_of_memory+0x1d2/0x240 [ 625.162282] ? memcg_event_wake+0x230/0x230 [ 625.166618] ? do_raw_spin_unlock+0x57/0x270 [ 625.171042] ? _raw_spin_unlock+0x2d/0x50 [ 625.175205] try_charge+0x1028/0x15b0 [ 625.179009] ? find_held_lock+0x35/0x130 [ 625.183093] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 625.187947] ? kasan_check_read+0x11/0x20 [ 625.192113] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 625.196968] mem_cgroup_try_charge+0x24d/0x5e0 [ 625.201564] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 625.206506] __handle_mm_fault+0x1e55/0x3f80 [ 625.210927] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 625.215870] ? find_held_lock+0x35/0x130 [ 625.219937] ? handle_mm_fault+0x322/0xb30 [ 625.224193] ? kasan_check_read+0x11/0x20 [ 625.228355] handle_mm_fault+0x43f/0xb30 [ 625.232441] __do_page_fault+0x62a/0xe90 [ 625.236611] ? vmalloc_fault+0x770/0x770 [ 625.240680] ? trace_hardirqs_off_caller+0x65/0x220 [ 625.245706] ? trace_hardirqs_on_caller+0x6a/0x220 [ 625.250644] ? page_fault+0x8/0x30 [ 625.254195] do_page_fault+0x71/0x581 [ 625.258006] ? page_fault+0x8/0x30 [ 625.261564] page_fault+0x1e/0x30 [ 625.265031] RIP: 0033:0x45b5dd [ 625.268229] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8e fb ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 625.287158] RSP: 002b:00007ffc44860768 EFLAGS: 00010202 [ 625.292528] RAX: ffffffffffffffea RBX: 00007f0dfc839700 RCX: 00007f0dfc839700 [ 625.299800] RDX: 00000000003d0f00 RSI: 00007f0dfc838db0 RDI: 000000000040fa30 [ 625.307073] RBP: 00007ffc44860970 R08: 00007f0dfc8399d0 R09: 00007f0dfc839700 [ 625.314346] R10: 00007f0dfc838dc0 R11: 0000000000000246 R12: 0000000000000000 [ 625.321634] R13: 00007ffc4486081f R14: 00007f0dfc8399c0 R15: 000000000073c04c [ 625.334911] Task in /syz5 killed as a result of limit of /syz5 [ 625.341080] memory: usage 307200kB, limit 307200kB, failcnt 6056 [ 625.347481] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 625.354320] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 625.375451] Memory cgroup stats for /syz5: cache:0KB rss:167920KB rss_huge:108544KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:168076KB inactive_file:4KB active_file:4KB unevictable:0KB [ 625.407070] Memory cgroup out of memory: Kill process 1721 (syz-executor.5) score 1110 or sacrifice child [ 625.417145] Killed process 1721 (syz-executor.5) total-vm:72584kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB 01:45:52 executing program 5: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, &(0x7f0000000400)=""/68, &(0x7f0000000540)=0x44) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, 0x0) setxattr$trusted_overlay_opaque(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000640)='trusted.overlay.opaque\x00', &(0x7f0000000680)='y\x00', 0x147, 0x0) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x78c) lsetxattr$trusted_overlay_opaque(0x0, &(0x7f0000000300)='trusted.overlay.opaque\x00', 0x0, 0x0, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_DQEVENT(r2, 0x80885659, &(0x7f0000000840)={0x0, @frame_sync}) ioctl$SG_GET_SCSI_ID(r3, 0x2276, 0x0) getsockopt$inet_sctp_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f00000001c0)={0x0, 0x9a1, 0x1, 0x401, 0xfffffffffffffffc, 0x6, 0xc3ba, 0x0, {0x0, @in={{0x2, 0x4e21, @local}}, 0x70544137, 0xffffffff, 0x1, 0x542, 0x100000000}}, &(0x7f0000000080)=0xb0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000480)={r4, @in6={{0xa, 0x4e22, 0xddec, @remote, 0x9}}, 0x3, 0xffff, 0x80000000, 0x4, 0x2}, 0x98) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r3, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, 0x0, 0x0) 01:45:52 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x94000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:52 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x2000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:45:52 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000140)='/dev/snd/pcmC#D#p\x00', 0x5, 0x100) ioctl$VIDIOC_S_OUTPUT(r1, 0xc004562f, &(0x7f0000000200)=0x6) r2 = socket$inet(0x2, 0x3, 0x1e) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$sock_int(r3, 0x1, 0x29, &(0x7f0000000080), &(0x7f0000000100)=0x4) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r3, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:52 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:52 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$GIO_SCRNMAP(r1, 0x4b40, &(0x7f0000000080)=""/38) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:45:52 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x3000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:45:52 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 625.515291] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 01:45:52 executing program 5: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008914, &(0x7f0000000100)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000400)=""/68, &(0x7f0000000540)=0x44) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, 0x0) setxattr$trusted_overlay_opaque(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000640)='trusted.overlay.opaque\x00', &(0x7f0000000680)='y\x00', 0x147, 0x0) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x78c) lsetxattr$trusted_overlay_opaque(0x0, &(0x7f0000000300)='trusted.overlay.opaque\x00', 0x0, 0x0, 0x0) ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080)={0x3, r1}) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80885659, &(0x7f0000000480)={0x0, @frame_sync}) ioctl$SG_GET_SCSI_ID(r1, 0x2276, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) [ 625.658199] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 625.669998] FS-Cache: Duplicate cookie detected [ 625.675122] FS-Cache: O-cookie c=0000000031a5b49d [p=000000004114b303 fl=222 nc=0 na=1] [ 625.683484] FS-Cache: O-cookie d=00000000656b88e0 n=000000002f18e269 [ 625.690125] FS-Cache: O-key=[10] '02000200000002000000' [ 625.696439] FS-Cache: N-cookie c=00000000bf8166dd [p=000000004114b303 fl=2 nc=0 na=1] 01:45:52 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x4000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:45:52 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 625.704635] FS-Cache: N-cookie d=00000000656b88e0 n=0000000034799b4f [ 625.707956] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 625.711311] FS-Cache: N-key=[10] '02000200000002000000' [ 625.744555] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 625.769948] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 625.771954] CPU: 0 PID: 7103 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 625.785416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 625.794782] Call Trace: [ 625.797392] dump_stack+0x172/0x1f0 [ 625.801048] dump_header+0x15e/0x929 [ 625.804780] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 625.809898] ? ___ratelimit+0x60/0x595 [ 625.813800] ? do_raw_spin_unlock+0x57/0x270 [ 625.818227] oom_kill_process.cold+0x10/0x6f5 [ 625.822741] ? task_will_free_mem+0x139/0x6e0 [ 625.827336] ? find_held_lock+0x35/0x130 [ 625.831418] out_of_memory+0x936/0x12d0 [ 625.835407] ? lock_downgrade+0x810/0x810 [ 625.839571] ? oom_killer_disable+0x280/0x280 [ 625.844075] ? find_held_lock+0x35/0x130 [ 625.848157] mem_cgroup_out_of_memory+0x1d2/0x240 [ 625.850108] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 625.853009] ? memcg_event_wake+0x230/0x230 [ 625.853031] ? do_raw_spin_unlock+0x57/0x270 [ 625.853051] ? _raw_spin_unlock+0x2d/0x50 [ 625.853068] try_charge+0x1028/0x15b0 [ 625.853084] ? find_held_lock+0x35/0x130 [ 625.881253] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 625.886113] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 625.890982] ? find_held_lock+0x35/0x130 [ 625.895055] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 625.897428] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 625.899916] memcg_kmem_charge_memcg+0x7c/0x130 [ 625.899931] ? memcg_kmem_put_cache+0xb0/0xb0 [ 625.899948] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 625.922444] memcg_kmem_charge+0x136/0x300 [ 625.926693] __alloc_pages_nodemask+0x3c6/0x760 [ 625.931375] ? __alloc_pages_slowpath+0x2870/0x2870 [ 625.936400] ? lockdep_hardirqs_on+0x415/0x5d0 [ 625.941009] ? __lock_acquire+0x6eb/0x48f0 [ 625.945343] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 625.950452] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 625.956005] alloc_pages_current+0x107/0x210 [ 625.960430] pte_alloc_one+0x1b/0x1a0 [ 625.964248] __handle_mm_fault+0x3533/0x3f80 01:45:52 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 625.968674] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 625.973529] ? find_held_lock+0x35/0x130 [ 625.977606] ? handle_mm_fault+0x322/0xb30 [ 625.981872] ? kasan_check_read+0x11/0x20 [ 625.986037] handle_mm_fault+0x43f/0xb30 [ 625.990120] __do_page_fault+0x62a/0xe90 [ 625.994206] ? vmalloc_fault+0x770/0x770 [ 625.998282] ? trace_hardirqs_off_caller+0x65/0x220 [ 626.003323] ? trace_hardirqs_on_caller+0x6a/0x220 [ 626.008219] FS-Cache: Duplicate cookie detected [ 626.008371] ? page_fault+0x8/0x30 [ 626.013085] FS-Cache: O-cookie c=00000000ab145c6c [p=000000004114b303 fl=222 nc=0 na=1] [ 626.016575] do_page_fault+0x71/0x581 [ 626.024754] FS-Cache: O-cookie d=00000000656b88e0 n=00000000b00c8ed7 [ 626.028487] ? page_fault+0x8/0x30 [ 626.034999] FS-Cache: O-key=[10] '02 [ 626.038497] page_fault+0x1e/0x30 [ 626.038513] RIP: 0033:0x4571fa [ 626.042226] 00 [ 626.045657] Code: Bad RIP value. [ 626.048813] 02 [ 626.050596] RSP: 002b:00007fffea33a3f0 EFLAGS: 00010246 [ 626.054006] 00 [ 626.055746] RAX: 0000000000000000 RBX: 00007fffea33a3f0 RCX: 00000000004571fa [ 626.055757] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 626.061113] 00 [ 626.062878] RBP: 00007fffea33a430 R08: 0000000000000001 R09: 0000000000f42940 [ 626.062889] R10: 0000000000f42c10 R11: 0000000000000246 R12: 0000000000000001 [ 626.070142] 00 [ 626.077394] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffea33a480 [ 626.092508] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 626.094482] 02 [ 626.096480] netlink: 'syz-executor.0': attribute type 29 has an invalid length. 01:45:52 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x5000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 626.103551] 000000' [ 626.103580] FS-Cache: N-cookie c=000000002678b48b [p=000000004114b303 fl=2 nc=0 na=1] [ 626.103588] FS-Cache: N-cookie d=00000000656b88e0 n=00000000aafae153 [ 626.103594] FS-Cache: N-key=[10] '020002000000020000 [ 626.126279] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 626.131789] 00' [ 626.155005] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 626.164013] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 626.310072] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 626.317960] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 626.331611] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 626.349725] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 01:45:52 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xac030000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:52 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x6000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:45:52 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:52 executing program 5: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r3 = syz_open_dev$video(0x0, 0x3, 0x0) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r4, 0x0, 0x484, &(0x7f0000000400)=""/68, &(0x7f0000000540)=0x44) ioctl$VIDIOC_SUBDEV_S_SELECTION(r3, 0xc040563e, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x6, {0xffffffff, 0x4, 0x2, 0x9}}) ioctl$IOC_PR_PREEMPT(r4, 0x401870cb, 0x0) setxattr$trusted_overlay_opaque(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000640)='trusted.overlay.opaque\x00', &(0x7f0000000680)='y\x00', 0x147, 0x0) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, 0x0) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x78c) lsetxattr$trusted_overlay_opaque(0x0, &(0x7f0000000300)='trusted.overlay.opaque\x00', 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000140)=[@in6={0xa, 0x4e23, 0xac1a, @remote, 0x2}], 0x1c) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) write$selinux_load(r5, &(0x7f0000000a80)={0xf97cff8c, 0x8, 'SE Linux', "266b971e301645cbd532f405d8d94ae82ae3eb8dbe075352362c07a64df09ad384fe99c73c1a026f3995b833097afac2302200ba1aad520f6af97fec129366c21646"}, 0x52) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80885659, &(0x7f0000000480)={0x0, @frame_sync}) vmsplice(r2, &(0x7f00000009c0)=[{&(0x7f00000001c0)="b8a5db9082510dd07e9671fa0e919f98e880c2b35e9d895c7a0d49cfe47a62f11d5911606de80eb6c534c237705e0c2e779dcd9090fd69b3f2416733440aa24268bc25430ee6b5cc8939e64c28d0973908467cb8da0face7d635e0c3ba6345b7c7d3efc63fc5bed98e3ff96053be1da8631acfe722b4d6e8589513b71b75ce36725147d735597732e9655a1e3e27adb57e5c013d2b156d3bbafbd76c923996d9bf92509ef330", 0xa6}, {&(0x7f0000000580)="11b6da0d67a9b6f203b17d8e3b80226be48b0656ab55d6788b6ba7385f94e3ab1ab914a5ce45fcdfc1c2a65ce1698452ccc226c02827a9a912f3d04bae797ab0a3a6768e45a2200bac4570b63b15c685ce1974a04273cd725d28ba55d91853a8ba45eb2e1816ad93ad014b9808de2eece8266eec99e224992e4170806b1cbc9934afcb63b07e93fc1a190901cf5ad89c394988b1e4cf23d81282604cf14389543c63b545e528508aab793002b4dd3261d47a", 0xb2}, {&(0x7f0000000100)="f70e64e33497bcf915ea135a4ddcf787345f6e639940a9b41a497ae17d0c7650c7dfcd1ddbeeccea07e310a20e015e33ecf52d0bdcd50a679eeeb5b165", 0x3d}, {&(0x7f00000006c0)="3494a9b096acf7e250e572a8458332906b5a72f78717d909eb1ebcadd0d9a99678ff56b70674b51af04e992a20cbf3077a519066bf04e5682e50c60bb0f106db1217353f7dc52295170b01452659e0565687bcc344826c9129f8b930a6d647a5ea9a0bd3ce6f7372f6ee3e5f1cb69e2801083a83d14dd203cb128830c496fb78a1a972798f386471c775f282c0e8978fc5f4977a7eee6f3b54e42817e1a6c70df1ae12245b6a913d98b605b01a42b430f0f57da8691bb158b33b3a8db689664b8be1f5663cfc8110845cc9d3", 0xcc}, {&(0x7f0000000280)="28d6e08f26979235465690f75d2a3157597851b87fc40628b86bdf7d3c18ee6b827f3e7d9aae6beb359dfa2577d5520b007654b1534febbcbf3428279bfd8d3912053dda256970bba3c9261a526cffe7784833", 0x53}, {&(0x7f00000007c0)="c6dd97e2795eb50e2397c73edc1a259f28298b0349e3ade23b40c13eeca3d73ef45e5c9b17b6202aee19b3919074377ca9db90d1d206d8b1b992762f161a0c6137b2bee3db0a6f0bb33ef15cdc9dbd515caaf49561d3ca657262f4ff7a94a52a0aad67e6772c42446a654074816a341fec1acdf51a42b5a98011bf386f068a4aca9ce9b60587cf8e6feb6a2efc5a579511a5a6041e841f25ba8527fd6252a563bef4caab5cf57f79e4a17cf91e8ef7b2d404603f7145ef41bb22354c70", 0xbd}, {&(0x7f0000000880)="17fe5203efc5a7298de1d5ec746bd288c5d683900718c6c5c9d23aa55851fffbfa5c2fbef236892d1b37345100002b83529f9af295fca25d86cb31216a200ebd2569d18edd81682f63861bd7b697c8a1667bf7e05c5bdcc284745fa70bfaf5146b12316f13ebf2ae406f2cb66bf87fac485cfd4a50c91b8aa5bb4d473a400be3748c2b75437b4b5ce349fed1a10da1243b419ddd9f89db", 0x97}, {&(0x7f0000000940)="b7f0b394a43206779a432e8cf395597adc4690e153aa1073dbb7ad83dd334b457758aac0e8fa428232d9f65f690f89d66747f4324a0db75bc5e270362ea5d615d5043ad029c709849b", 0x49}, {&(0x7f0000000140)}], 0x9, 0x2) getsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000b00)={{{@in6=@empty, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in6=@ipv4={[], [], @remote}}}, &(0x7f0000000340)=0xe8) setsockopt$packet_drop_memb(r4, 0x107, 0x2, &(0x7f0000000c00)={r6, 0x1, 0x6, @local}, 0x10) ioctl$SG_GET_SCSI_ID(r4, 0x2276, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r4, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, 0x0, 0x0) [ 626.359534] Task in /syz3 killed as a result of limit of /syz3 [ 626.359658] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 626.370150] memory: usage 307200kB, limit 307200kB, failcnt 2522 [ 626.397091] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 626.445843] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 626.462082] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 626.480887] Memory cgroup stats for /syz3: cache:88KB rss:199652KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:199652KB inactive_file:4KB active_file:0KB unevictable:0KB [ 626.573364] Memory cgroup out of memory: Kill process 25419 (syz-executor.3) score 124 or sacrifice child [ 626.589193] FS-Cache: Duplicate cookie detected [ 626.594265] FS-Cache: O-cookie c=00000000600b9cc3 [p=000000004114b303 fl=222 nc=0 na=1] [ 626.603590] FS-Cache: O-cookie d=00000000656b88e0 n=00000000d107e07c [ 626.610185] FS-Cache: O-key=[10] '02000200000002000000' [ 626.616285] FS-Cache: N-cookie c=000000008e369ecc [p=000000004114b303 fl=2 nc=0 na=1] [ 626.624568] FS-Cache: N-cookie d=00000000656b88e0 n=0000000073da341c [ 626.631275] FS-Cache: N-key=[10] '02000200000002000000' [ 626.648781] Killed process 25419 (syz-executor.3) total-vm:72584kB, anon-rss:2216kB, file-rss:35800kB, shmem-rss:0kB [ 626.693436] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 626.747490] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 626.776403] CPU: 0 PID: 7744 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 626.783387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 626.792960] Call Trace: [ 626.795567] dump_stack+0x172/0x1f0 [ 626.799327] dump_header+0x15e/0x929 [ 626.803034] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 626.808131] ? ___ratelimit+0x60/0x595 [ 626.812013] ? do_raw_spin_unlock+0x57/0x270 [ 626.816414] oom_kill_process.cold+0x10/0x6f5 [ 626.820909] ? task_will_free_mem+0x139/0x6e0 [ 626.825415] out_of_memory+0x936/0x12d0 [ 626.829384] ? oom_killer_disable+0x280/0x280 [ 626.833868] ? find_held_lock+0x35/0x130 [ 626.837934] mem_cgroup_out_of_memory+0x1d2/0x240 [ 626.842787] ? memcg_event_wake+0x230/0x230 [ 626.847133] ? do_raw_spin_unlock+0x57/0x270 [ 626.851536] ? _raw_spin_unlock+0x2d/0x50 [ 626.855672] try_charge+0xd25/0x15b0 [ 626.859385] ? find_held_lock+0x35/0x130 [ 626.863438] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 626.868269] ? kasan_check_read+0x11/0x20 [ 626.872406] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 626.877239] mem_cgroup_try_charge+0x24d/0x5e0 [ 626.881810] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 626.886727] wp_page_copy+0x430/0x16a0 [ 626.890607] ? follow_pfn+0x2a0/0x2a0 [ 626.894400] ? kasan_check_read+0x11/0x20 [ 626.898534] ? do_raw_spin_unlock+0x57/0x270 [ 626.902926] do_wp_page+0x57d/0x10b0 [ 626.906626] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 626.911282] ? kasan_check_write+0x14/0x20 [ 626.915499] ? do_raw_spin_lock+0xc8/0x240 [ 626.919722] __handle_mm_fault+0x230a/0x3f80 [ 626.924117] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 626.928942] ? find_held_lock+0x35/0x130 [ 626.932988] ? handle_mm_fault+0x322/0xb30 [ 626.937223] ? kasan_check_read+0x11/0x20 [ 626.941360] handle_mm_fault+0x43f/0xb30 [ 626.945407] __do_page_fault+0x62a/0xe90 [ 626.949452] ? blkcg_print_stat+0xb90/0xb90 [ 626.953761] ? vmalloc_fault+0x770/0x770 [ 626.957817] ? trace_hardirqs_off_caller+0x65/0x220 [ 626.962817] ? trace_hardirqs_on_caller+0x6a/0x220 [ 626.967732] ? page_fault+0x8/0x30 [ 626.971259] do_page_fault+0x71/0x581 [ 626.975042] ? page_fault+0x8/0x30 [ 626.978568] page_fault+0x1e/0x30 [ 626.982015] RIP: 0033:0x45735a [ 626.985217] Code: 48 85 db 74 b6 41 bc ca 00 00 00 eb 0c 0f 1f 00 48 8b 5b 08 48 85 db 74 a2 48 8b 3b 48 8b 47 10 48 85 c0 74 05 ff d0 48 8b 3b ff 4f 28 0f 94 c0 84 c0 74 db 8b 47 2c 85 c0 74 d4 45 31 d2 ba [ 627.004215] RSP: 002b:00007fffea33a3f0 EFLAGS: 00010246 [ 627.009565] RAX: 0000000000000000 RBX: 00007fffea33a3f0 RCX: 00000000004571fa [ 627.016816] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a54fc8 [ 627.024182] RBP: 00007fffea33a430 R08: 0000000000000001 R09: 0000000000f42940 [ 627.031434] R10: 0000000000f42c10 R11: 0000000000000246 R12: 00000000000000ca [ 627.038685] R13: 0000000000000b51 R14: 0000000000000000 R15: 00007fffea33a480 [ 627.048631] Task in /syz3 killed as a result of limit of /syz3 [ 627.056195] memory: usage 307200kB, limit 307200kB, failcnt 2535 [ 627.069356] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 627.076688] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 627.083044] Memory cgroup stats for /syz3: cache:88KB rss:199540KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:199628KB inactive_file:0KB active_file:0KB unevictable:0KB [ 627.104002] Memory cgroup out of memory: Kill process 24619 (syz-executor.3) score 124 or sacrifice child [ 627.113922] Killed process 24640 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB [ 627.129899] oom_reaper: reaped process 24640 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 627.152238] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 627.163492] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 627.168923] CPU: 1 PID: 7744 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 627.175755] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 627.185097] Call Trace: [ 627.187690] dump_stack+0x172/0x1f0 [ 627.191308] dump_header+0x15e/0x929 [ 627.195026] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 627.200113] ? ___ratelimit+0x60/0x595 [ 627.203997] ? do_raw_spin_unlock+0x57/0x270 [ 627.208406] oom_kill_process.cold+0x10/0x6f5 [ 627.212889] ? task_will_free_mem+0x139/0x6e0 [ 627.217372] out_of_memory+0x936/0x12d0 [ 627.221345] ? lock_downgrade+0x810/0x810 [ 627.225498] ? oom_killer_disable+0x280/0x280 [ 627.229995] ? find_held_lock+0x35/0x130 [ 627.234048] mem_cgroup_out_of_memory+0x1d2/0x240 [ 627.238888] ? memcg_event_wake+0x230/0x230 [ 627.243206] ? do_raw_spin_unlock+0x57/0x270 [ 627.247630] ? _raw_spin_unlock+0x2d/0x50 [ 627.251768] try_charge+0x1028/0x15b0 [ 627.255552] ? find_held_lock+0x35/0x130 [ 627.259601] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 627.264447] ? kasan_check_read+0x11/0x20 [ 627.268595] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 627.273440] mem_cgroup_try_charge+0x24d/0x5e0 [ 627.278012] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 627.282938] wp_page_copy+0x430/0x16a0 [ 627.286824] ? follow_pfn+0x2a0/0x2a0 [ 627.290619] ? kasan_check_read+0x11/0x20 [ 627.294751] ? do_raw_spin_unlock+0x57/0x270 [ 627.299159] do_wp_page+0x57d/0x10b0 [ 627.302878] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 627.307541] ? kasan_check_write+0x14/0x20 [ 627.311763] ? do_raw_spin_lock+0xc8/0x240 [ 627.315986] __handle_mm_fault+0x230a/0x3f80 [ 627.320380] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 627.325219] ? find_held_lock+0x35/0x130 [ 627.329284] ? handle_mm_fault+0x322/0xb30 [ 627.333547] ? kasan_check_read+0x11/0x20 [ 627.337682] handle_mm_fault+0x43f/0xb30 [ 627.341753] __do_page_fault+0x62a/0xe90 [ 627.345810] ? blkcg_print_stat+0xb90/0xb90 [ 627.350121] ? vmalloc_fault+0x770/0x770 [ 627.354169] ? trace_hardirqs_off_caller+0x65/0x220 [ 627.359170] ? trace_hardirqs_on_caller+0x6a/0x220 [ 627.364096] ? page_fault+0x8/0x30 [ 627.367636] do_page_fault+0x71/0x581 [ 627.371422] ? page_fault+0x8/0x30 [ 627.374947] page_fault+0x1e/0x30 [ 627.378383] RIP: 0033:0x45735a [ 627.381569] Code: 48 85 db 74 b6 41 bc ca 00 00 00 eb 0c 0f 1f 00 48 8b 5b 08 48 85 db 74 a2 48 8b 3b 48 8b 47 10 48 85 c0 74 05 ff d0 48 8b 3b ff 4f 28 0f 94 c0 84 c0 74 db 8b 47 2c 85 c0 74 d4 45 31 d2 ba [ 627.400468] RSP: 002b:00007fffea33a3f0 EFLAGS: 00010246 [ 627.405848] RAX: 0000000000000000 RBX: 00007fffea33a3f0 RCX: 00000000004571fa [ 627.413101] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000a54fc8 [ 627.420356] RBP: 00007fffea33a430 R08: 0000000000000001 R09: 0000000000f42940 [ 627.427612] R10: 0000000000f42c10 R11: 0000000000000246 R12: 00000000000000ca [ 627.436168] R13: 0000000000000b51 R14: 0000000000000000 R15: 00007fffea33a480 [ 627.443665] Task in /syz3 killed as a result of limit of /syz3 [ 627.449716] memory: usage 307048kB, limit 307200kB, failcnt 2612 [ 627.455928] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 627.462801] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 627.468937] Memory cgroup stats for /syz3: cache:88KB rss:199540KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:199612KB inactive_file:0KB active_file:0KB unevictable:0KB [ 627.489838] Memory cgroup out of memory: Kill process 24619 (syz-executor.3) score 124 or sacrifice child [ 627.499786] Killed process 24619 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:35804kB, shmem-rss:0kB [ 627.517287] oom_reaper: reaped process 24619 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 627.539300] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 627.552285] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 627.558001] CPU: 1 PID: 7190 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 627.564847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 627.574303] Call Trace: [ 627.576889] dump_stack+0x172/0x1f0 [ 627.580511] dump_header+0x15e/0x929 [ 627.584219] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 627.589317] ? ___ratelimit+0x60/0x595 [ 627.593201] oom_kill_process.cold+0x10/0x6f5 [ 627.597710] ? task_will_free_mem+0x139/0x6e0 [ 627.602680] ? find_held_lock+0x35/0x130 [ 627.606739] out_of_memory+0x936/0x12d0 [ 627.610708] ? lock_downgrade+0x810/0x810 [ 627.614874] ? oom_killer_disable+0x280/0x280 [ 627.619355] ? find_held_lock+0x35/0x130 [ 627.623413] mem_cgroup_out_of_memory+0x1d2/0x240 [ 627.628247] ? memcg_event_wake+0x230/0x230 [ 627.632564] ? do_raw_spin_unlock+0x57/0x270 [ 627.636967] ? _raw_spin_unlock+0x2d/0x50 [ 627.641107] try_charge+0x1028/0x15b0 [ 627.644895] ? find_held_lock+0x35/0x130 [ 627.649054] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 627.653886] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 627.658723] ? find_held_lock+0x35/0x130 [ 627.662773] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 627.667614] memcg_kmem_charge_memcg+0x7c/0x130 [ 627.672274] ? memcg_kmem_put_cache+0xb0/0xb0 [ 627.676760] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 627.681593] memcg_kmem_charge+0x136/0x300 [ 627.685830] __alloc_pages_nodemask+0x3c6/0x760 [ 627.690490] ? __schedule+0x81b/0x1d00 [ 627.694369] ? __alloc_pages_slowpath+0x2870/0x2870 [ 627.699379] ? find_held_lock+0x35/0x130 [ 627.703432] ? copy_page_range+0x124f/0x1f90 [ 627.707860] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 627.713392] alloc_pages_current+0x107/0x210 [ 627.717878] pte_alloc_one+0x1b/0x1a0 [ 627.721674] __pte_alloc+0x2a/0x360 [ 627.725291] copy_page_range+0x151f/0x1f90 [ 627.729531] ? pmd_alloc+0x180/0x180 [ 627.733235] ? __vma_link_rb+0x279/0x370 [ 627.737311] copy_process.part.0+0x5434/0x7970 [ 627.741903] ? __cleanup_sighand+0x70/0x70 [ 627.746139] _do_fork+0x257/0xfe0 [ 627.749588] ? fork_idle+0x1d0/0x1d0 [ 627.753298] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 627.758042] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 627.762788] ? do_syscall_64+0x26/0x610 [ 627.766759] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 627.772108] ? do_syscall_64+0x26/0x610 [ 627.776073] __x64_sys_clone+0xbf/0x150 [ 627.780039] do_syscall_64+0x103/0x610 [ 627.783928] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 627.789106] RIP: 0033:0x458c29 [ 627.792307] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 627.811195] RSP: 002b:00007f546896ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 627.818893] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 627.826162] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 627.833422] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 627.840685] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546896b6d4 [ 627.847943] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 627.857233] Task in /syz3 killed as a result of limit of /syz3 [ 627.865889] memory: usage 304744kB, limit 307200kB, failcnt 2629 [ 627.872654] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 627.879535] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 01:45:54 executing program 5: r0 = socket$inet(0x10, 0xa, 0x5) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) close(r2) syz_open_dev$video(0x0, 0x3, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, &(0x7f0000000400)=""/68, &(0x7f0000000540)=0x44) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, 0x0) setxattr$trusted_overlay_opaque(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000640)='trusted.overlay.opaque\x00', &(0x7f0000000680)='y\x00', 0x147, 0x0) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x78c) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r3, 0xc0305710, &(0x7f0000000080)={0x1, 0x100, 0x2, 0x9}) lsetxattr$trusted_overlay_opaque(0x0, &(0x7f0000000300)='trusted.overlay.opaque\x00', 0x0, 0x0, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$EVIOCGEFFECTS(r3, 0x80044584, &(0x7f00000001c0)=""/225) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80885659, &(0x7f0000000480)={0x0, @frame_sync}) ioctl$SG_GET_SCSI_ID(r3, 0x2276, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r3, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, 0x0, 0x0) 01:45:54 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x7000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:45:54 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:54 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xbc030000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:54 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000b00)={'ip_vti0\x00', 0x0}) sendmsg$can_raw(r2, &(0x7f0000000c40)={&(0x7f0000000b40)={0x1d, r3}, 0x10, &(0x7f0000000c00)={&(0x7f0000000b80)=@canfd={{0x2, 0xfffffffffffffffa, 0x7fff, 0x7}, 0x35, 0x1, 0x0, 0x0, "115e18a865d1f69b10f5686f97331dfffec9414239aeca07bdf3b2e91bd15ea02f96a63d4f66936d81c879fe464ae847517fc0dbc6a643b4ff2bdd98f7a13d2a"}, 0x48}, 0x1, 0x0, 0x0, 0x804}, 0x11) syz_open_dev$video(0x0, 0x3, 0x0) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) r5 = add_key(&(0x7f0000000080)='syzkaller\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f00000001c0)="6ba99b3eaf2629c81b4ed4322f41191ac1b913af2e3f860dd889ac065c8e90179bc31be2dd1832dd7e82b95653dc919683ede0d73b7ab3825ba40f0cf5501f3d6d8463392279eaffb07396703c9cd194c740db86d270f4dd128ca81f233f01d34a7361c975707043f7d19a5f1051e930056edff6cb23bd4b79f013e2c99c99e6fc139968459139cc756d56a459a0d1878250dca08d552b844f9088b0ff7d6cc7f3a8833622099e6a7e35596e10df4e0a19930da52bce424e1e03710932a42f5717ca8ee87c6e16efd768277157660bf4c8dcca37d75455027b0655eabdb744b27fe2b315a9", 0xe5, 0xfffffffffffffffd) sendmmsg(r4, &(0x7f0000000c80)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000140)="075d696a47ae4479460bc7d15860e46dd26169b94a39310d2c8fafb2", 0x1c}, {&(0x7f00000002c0)="08434bca49d4415567dafbb0983139ad6be7fb5bd9edec730ed04bcaa2de6ee84a561f941bbf6db26f75e22ba475a59a543535e83b9f099f2d2ef710dc42256529cb7ab10475a3605e2d985291e0edb3d555bac9aa10621887d36a85998e", 0x5e}, {&(0x7f00000003c0)="553da598d3517649820d8bfbe3bd1420b41552d37dc3f097b4eeb8d0e6266e392d89d0079fb4b895395930a322f326d81f821b207e2debd9b874994f77120bc43c95a25b801c2a4f4d92182c853117890b04a4e960c51db6d4f1e024b69e51c49040e10e4f17910d8c3287a3d850851a488c665226bc4b113baaae6a1885fff8734224dac6f1f59495d8bdaa", 0x8c}, {&(0x7f0000000340)="d96ced525fd4136aca96957257dc9da5d1a7562e1ed9d70be9fd8770afc727f5023b441369fc5364285eff89", 0x2c}, {&(0x7f0000000480)="849358f87682148698ed9ad85aeaa64ab6164e23ec83477e37b6b05a4dd440b354c07efd51370fd238e04648b9c9f0f254a5afd8533ab17cffeeee453416adc3cacb0732394c6366b5f41869ed737a65bfbe3fd79849a7e047c768bf7a0f5f1ddf8e0ab3c6c56aedff8c6848b6f8ac6df8df2e0a9c5dafbfd7f8960ca3a404eb6897486279ecbbde3d3cc2e979082e6ede2f81870f926f63e5c6e9348f2cc5ee76a9c3d77a113f051ebd875b743000562ca7ef1590719700160f79532630260e738eb8b30b9cac95cd2a6045c44277", 0xcf}, {&(0x7f0000000580)="3bc261284ccf2499c3edf0883905b29af05cc4bb86466ad0d58b5d4e211474f926a9d23574c495c32daf075262dcd00daa36e5f69c445d2132da5783aa6bb97a43787d785aefe0fe313b76a032eb66be74b78d34318bf77ec2782ba63425202722e7b79b7041df656ff6fb88934efb97f07922287b07e4daea9edd654f5a2eb2c7630b2638d6758640e20ccce163b016ddd4f357b75a4fbca99464f0b4f97115c3f3ef65cf091a2d847825f81e1297c459df0f11000f1d0591e99e8491b8c1bd51120c8a4ed36510a74883088c72", 0xce}], 0x6}, 0xfffffff800000000}, {{&(0x7f0000000700)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e21, @multicast1}, 0x4, 0x4, 0x2, 0x3}}, 0x80, &(0x7f0000000980)=[{&(0x7f0000000780)="82ed64dd1ee244761f712cdc1a75ba518fbd9f94452581a3fc3ec2b5af13ed73d9053907b8224c05d121f6b453dfa3e7f7199a11890bb3e75699cce1457008aa632dbd6752446a508376d7efe693d65ec5d3acc71762479c568e1334cf0843d9f6c87d510691737c2adceddfa5c2af885036db04e31f7be02f42d973e9dc35d4ee87aa", 0x83}, {&(0x7f0000000840)="add1c4105e9accb216987aff39ca573bd5ee110016f768a4a409baef13142afe", 0x20}, {&(0x7f0000000880)="61763d4215ea72b7469dad1ac08d00fd0b4ac5004b475c83c9f08a5f70f104c87d7a94bcfd6e4c31390a0570c8c32bad15274e838e8fc9681ade84db15e5d4bb041b6238d8c8504ebe64cd1ecceffd482c5c0c4dfb348ce530f48bc08e6706d4316f1703c3aa33b30375746f8d452a3c08a5bb08df6431fa529519a6842aa061849a36e6b06a191ac81bc9794f2263154b741de47aee1676b0cca5ad35a08111b6df9124bd2eb9789fef1f909e138ee94764c778209989f8b53071839ea8b26d2b197183f11db8d21c724f867a550840578cf432079f8096fa6dc0fa8063d802621d31f69447ef4f31", 0xe9}], 0x3, &(0x7f0000000d40)=ANY=[@ANYBLOB="90000000000000001f0100000900000057eeb7c7fe89c679429d9ccac430dcd7cab09b3f176d595871c6d563e509a8c0c0d595c872dae7aa282a4fa6760f4a2cfcb19747668a085f86619d611e620f0efe5d272213e857aa8b3e388701de2b5955012a6f86d8d8568ece602342f50dcdeaaa1f0002407d405a57eb5f14a89eaf90fee6ab73de1fdc0d03da16fa91dfb3f64a374301150f62cc177b7ef22000000008010000000000001b01000008000000910f7dd52ef1ba735cb96840117bb3c6730dc4c6913e20fa734b8937f99f9fb8b37df56b6608c7d6a88884a02e76cd0e07b0b174cd7940b1a7dd7c0d01d414330016237e3d32712846984a75960441a5f12fe1c9857164f6be0c242b71d2802729360cdfd3d6ef979a300bf6ccae67ba72ce4362a1fe3eab1c0c99516c20909304a7e53268125c645103b6ce2946261c5b8008484be176c08dad2ddd5b24176af45a39fd34765eb31ce5aca4df5076f8b4b45a9404602494fdba88121c5f680b76e8a32b397736db1e9bd9653932163314fe4e1230e24142f0f14037cc22b20961787ec05645c9a3a6b256b8346c1fd9194e0000000000008800000000000000000000000000010006142a49921036f08edc68de71269a5e1b7f2008b95e0063bebb228d3a3e4356f74f6fcb8e6ffd9f5a8e6eb8d719a804e99de8e50f8a43669a95ad069d13452f967da14076c8b43877acf4b51c51ec9a47ff503ca6d12c5ea1636c7bdcb2f0f9c0a4a3298b65c77aef8b7fbfd9d59e7a9400000000000000580000000000000014010000ff00000067d6b92b6c2b29f080af7ada686e5d53029b55198175396cd2f9934875f28b3a689a49ddfffdb358b12c57c2804f6b05d4f7f4ae89a5a7244329785a40000000000000000f01000000000000ed3801c2bcde2ad8f48dcad563d8ef000083078d41ecaffaa7711ec7bcf0d20c392062baea4496b92bd34b66000000007339b96d9e32a91971d351ad3e77ed6f83c2802e6778b3449c39ebbf994e9b0828ee75f751b049cfca548bb9a317574af8c7e0f6a0c2fb0a1b221ad0dfe44a9f28559162941cb969e8446f1c1315dfb2a83f0d3a9160b97bff1e1815c025e31cc46bad8717b0ed52f7069ae9fecb4911cf3d1a4de9136709bafa219895eecd07052ff97b3600"/846], 0x2b8}, 0x43dc}], 0x2, 0x40) keyctl$assume_authority(0x10, r5) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 01:45:54 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$bt_l2cap_L2CAP_CONNINFO(r2, 0x6, 0x2, &(0x7f0000000080), &(0x7f0000000200)=0x6) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r2, 0xc058534f, &(0x7f0000000100)={{0x6ea1b249, 0x94}, 0x1, 0x1, 0x6, {0xdb3, 0x100000000}, 0x778, 0x8}) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) syz_open_dev$rtc(&(0x7f00000002c0)='/dev/rtc#\x00', 0x4, 0x4000) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 627.886105] Memory cgroup stats for /syz3: cache:88KB rss:197528KB rss_huge:151552KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:197440KB inactive_file:0KB active_file:0KB unevictable:0KB [ 627.907056] Memory cgroup out of memory: Kill process 7103 (syz-executor.3) score 124 or sacrifice child [ 627.916906] Killed process 7103 (syz-executor.3) total-vm:72584kB, anon-rss:2216kB, file-rss:35816kB, shmem-rss:0kB 01:45:54 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_SUBDEV_DV_TIMINGS_CAP(r2, 0xc0905664, &(0x7f00000001c0)={0x0, 0x0, [], @raw_data=[0xfff, 0x100000000, 0x7a5, 0x0, 0x50, 0x30000, 0x800, 0x401, 0x0, 0x7ff, 0x4ef1e023, 0x7, 0x5, 0x80, 0x3, 0x0, 0x8, 0x0, 0x8, 0x100, 0x2, 0x7, 0xe2, 0x8, 0x8, 0x6, 0xffffffff, 0x1602, 0x0, 0x4, 0x80, 0x1]}) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) ioctl$UI_SET_SNDBIT(r2, 0x4004556a, 0x1) ioctl$sock_kcm_SIOCKCMUNATTACH(r2, 0x89e1, &(0x7f0000000100)={r1}) ioctl$SNDRV_TIMER_IOCTL_STATUS(r1, 0x80605414, &(0x7f0000000080)=""/38) [ 628.017447] FS-Cache: Duplicate cookie detected [ 628.022541] FS-Cache: O-cookie c=00000000d6cc5a54 [p=000000004114b303 fl=222 nc=0 na=1] [ 628.031411] FS-Cache: O-cookie d=00000000656b88e0 n=000000003cace7a7 [ 628.038035] FS-Cache: O-key=[10] '02000200000002000000' [ 628.044064] FS-Cache: N-cookie c=000000003e980fd4 [p=000000004114b303 fl=2 nc=0 na=1] [ 628.052849] FS-Cache: N-cookie d=00000000656b88e0 n=000000008a86d712 [ 628.059443] FS-Cache: N-key=[10] '02000200000002000000' 01:45:54 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x8000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 628.145952] FS-Cache: Duplicate cookie detected [ 628.151128] FS-Cache: O-cookie c=000000007cf1cdb9 [p=000000004114b303 fl=222 nc=0 na=1] [ 628.159351] FS-Cache: O-cookie d=00000000656b88e0 n=00000000db519015 [ 628.165990] FS-Cache: O-key=[10] '02000200000002000000' [ 628.171539] FS-Cache: N-cookie c=000000003c2d4967 [p=000000004114b303 fl=2 nc=0 na=1] [ 628.179568] FS-Cache: N-cookie d=00000000656b88e0 n=0000000048ad3a9e [ 628.186268] FS-Cache: N-key=[10] '02000200000002000000' 01:45:54 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x8060000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:45:54 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000080)='/dev/video0\x00', 0x2, 0x0) ioctl$VIDIOC_G_SELECTION(r0, 0xc040565e, &(0x7f0000000100)={0x2, 0x101, 0x4, {0x9, 0x100000001, 0x0, 0x5}}) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) bind$bt_rfcomm(r2, &(0x7f0000000140)={0x1f, {0x685f, 0x48000000000, 0x2, 0x2, 0x9, 0x6}, 0x4}, 0xa) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$VIDIOC_SUBDEV_G_CROP(r0, 0xc038563b, &(0x7f0000000280)={0x1, 0x0, {0xd1c, 0xfffffffffffffffd, 0x3, 0x1}}) ioctl$VIDIOC_QUERY_DV_TIMINGS(r2, 0x80845663, &(0x7f00000001c0)) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:45:54 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xbd010000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 628.305704] syz-executor.1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 01:45:54 executing program 0: r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x80404519, &(0x7f00000003c0)=""/208) r1 = socket$inet(0x10, 0x3, 0x0) r2 = socket$inet(0x2, 0x3, 0x1e) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0xfffffffffffffffd, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x200000000, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r3, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 628.346252] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 628.359176] CPU: 0 PID: 7200 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 628.366054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 628.375417] Call Trace: [ 628.378035] dump_stack+0x172/0x1f0 [ 628.381703] dump_header+0x15e/0x929 [ 628.385435] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 628.390562] ? ___ratelimit+0x60/0x595 [ 628.394469] ? do_raw_spin_unlock+0x57/0x270 [ 628.398903] oom_kill_process.cold+0x10/0x6f5 [ 628.399638] FS-Cache: Duplicate cookie detected [ 628.403416] ? task_will_free_mem+0x139/0x6e0 [ 628.403432] ? find_held_lock+0x35/0x130 [ 628.403452] out_of_memory+0x936/0x12d0 [ 628.403471] ? lock_downgrade+0x810/0x810 [ 628.403487] ? oom_killer_disable+0x280/0x280 [ 628.403499] ? find_held_lock+0x35/0x130 [ 628.403526] mem_cgroup_out_of_memory+0x1d2/0x240 [ 628.403541] ? memcg_event_wake+0x230/0x230 [ 628.403562] ? do_raw_spin_unlock+0x57/0x270 [ 628.403583] ? _raw_spin_unlock+0x2d/0x50 [ 628.403602] try_charge+0x1028/0x15b0 [ 628.403616] ? find_held_lock+0x35/0x130 [ 628.403641] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 628.403655] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 628.403673] ? find_held_lock+0x35/0x130 [ 628.408360] FS-Cache: O-cookie c=00000000160cd017 [p=000000004114b303 fl=222 nc=0 na=1] [ 628.412855] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 628.412882] memcg_kmem_charge_memcg+0x7c/0x130 [ 628.412897] ? memcg_kmem_put_cache+0xb0/0xb0 [ 628.412916] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 628.412935] memcg_kmem_charge+0x136/0x300 [ 628.412955] __alloc_pages_nodemask+0x3c6/0x760 [ 628.412972] ? find_held_lock+0x35/0x130 [ 628.412987] ? __alloc_pages_slowpath+0x2870/0x2870 [ 628.413010] ? lock_downgrade+0x810/0x810 [ 628.413027] ? __phys_addr+0x5c/0x120 [ 628.413051] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 628.417215] FS-Cache: O-cookie d=00000000656b88e0 n=000000005915f786 [ 628.421154] alloc_pages_current+0x107/0x210 [ 628.421173] pte_alloc_one+0x1b/0x1a0 [ 628.421189] __pte_alloc+0x2a/0x360 [ 628.421207] copy_page_range+0x151f/0x1f90 [ 628.421226] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 628.421247] ? retint_kernel+0x2d/0x2d [ 628.421273] ? vma_compute_subtree_gap+0x158/0x230 [ 628.425460] FS-Cache: O-key=[10] ' [ 628.429890] ? vma_gap_callbacks_rotate+0x62/0x80 [ 628.429910] ? pmd_alloc+0x180/0x180 [ 628.429927] ? __vma_link_rb+0x279/0x370 [ 628.434174] 02 [ 628.438913] copy_process.part.0+0x5434/0x7970 [ 628.438957] ? __cleanup_sighand+0x70/0x70 [ 628.443309] 00 [ 628.447647] _do_fork+0x257/0xfe0 [ 628.447667] ? fork_idle+0x1d0/0x1d0 [ 628.452014] 02 [ 628.455594] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 628.455607] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 628.455624] ? do_syscall_64+0x26/0x610 [ 628.459680] 00 [ 628.464502] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 628.464516] ? do_syscall_64+0x26/0x610 [ 628.464539] __x64_sys_clone+0xbf/0x150 [ 628.464558] do_syscall_64+0x103/0x610 [ 628.464577] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 628.464592] RIP: 0033:0x458c29 [ 628.469443] 00 [ 628.473470] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 628.473478] RSP: 002b:00007f66b1fafc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 628.473494] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 628.473503] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 628.473512] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 628.473521] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b1fb06d4 [ 628.473529] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 628.554412] 00 [ 628.727076] 02000000' [ 628.729532] FS-Cache: N-cookie c=00000000d50db749 [p=000000004114b303 fl=2 nc=0 na=1] [ 628.737588] FS-Cache: N-cookie d=00000000656b88e0 n=000000009279ab47 [ 628.744131] FS-Cache: N-key=[10] '02000200000002000000' 01:45:55 executing program 5: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, &(0x7f0000000400)=""/68, &(0x7f0000000540)=0x44) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, 0x0) setxattr$trusted_overlay_opaque(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000640)='trusted.overlay.opaque\x00', &(0x7f0000000680)='y\x00', 0x147, 0x0) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x78c) lsetxattr$trusted_overlay_opaque(0x0, &(0x7f0000000300)='trusted.overlay.opaque\x00', 0x0, 0x0, 0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80885659, &(0x7f0000000480)={0x0, @frame_sync}) ioctl$SG_GET_SCSI_ID(r2, 0x2276, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={0xffffffffffffffff}, 0x13f, 0xf}}, 0x20) write$RDMA_USER_CM_CMD_BIND_IP(r2, &(0x7f0000000140)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e20, 0xfffffffffffffff7, @mcast1, 0x6}, r3}}, 0x30) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, 0x0, 0x0) 01:45:55 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0xc000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 628.753919] Task in /syz1 killed as a result of limit of /syz1 [ 628.763674] memory: usage 307200kB, limit 307200kB, failcnt 894 [ 628.787297] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 628.827199] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 628.851448] Memory cgroup stats for /syz1: cache:64KB rss:182452KB rss_huge:122880KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:182516KB inactive_file:0KB active_file:0KB unevictable:0KB [ 628.885024] Memory cgroup out of memory: Kill process 4829 (syz-executor.1) score 1113 or sacrifice child [ 628.897459] Killed process 4829 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:35808kB, shmem-rss:0kB [ 628.944428] oom_reaper: reaped process 4829 (syz-executor.1), now anon-rss:0kB, file-rss:34848kB, shmem-rss:0kB [ 628.958445] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 01:45:55 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:55 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x40000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:55 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) r1 = epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) epoll_pwait(r1, &(0x7f0000000080)=[{}, {}, {}, {}], 0x4, 0x0, &(0x7f0000000100)={0x400}, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:45:55 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0xd000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:45:55 executing program 5: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, &(0x7f0000000400)=""/68, &(0x7f0000000540)=0x44) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, 0x0) setxattr$trusted_overlay_opaque(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000640)='trusted.overlay.opaque\x00', &(0x7f0000000680)='y\x00', 0x147, 0x0) ioctl$SG_GET_SG_TABLESIZE(0xffffffffffffffff, 0x227f, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f0000000b40)=ANY=[@ANYBLOB="02000000b7ce7954d44ee0a80da09fd924148744a7222eda375f97cf4ca93f4ff4cc9959224d304a423f04d94ebdbb47fd2ef9b68fee41fbfc15078bbc63d0113ba5d32b6d7e914b07d1cdc37d25976f50cacf111be6e1442367dd473a3661ed4090b896188f5e45f084833ae309d57e70352c2a4b84321c0c48256771f25463ca7452d82c67767050fdd2d2ab556c26a2e8758d33c1c70972b330c3fe7a1386ba78f06725f98b775747dde9db0161d842b16ec32468b1f61b41fadc5dc20c70cce1809c0155a4992763ce42781ffd3bc05bd0ce86329fc001fac18e8f35777cbf56ef73c25bb416980c1dd65b38e4075ca9ca3f0a2300bac76c31cfb81391dc52bd26c86e1c538f424d33069b202d4a3b974ce5b1ae9d1dbeff3c79829a2ba245f98510bd7c2f841a7827454cc6f338f9d11b1ee45aa221a91767cee6aba0c43562397490e2f716270dac336f57ab55fa58d1b70ca7b045a6253c463cbcffb9bf367a247eabd1b3cb6bdcd91e1ca0321ab4cf6cda34826a04ce26a3df4f3f95d1a611e673d09890c239d470a724d1f0b249d083f4b89b5087501f5569e8a54ade3a499548bec4eb1af313bb05bf81b0a92979296b9f53f06a069747112b4d7cbb3991615343b422732b70147800c82d491039fa0b59459defc198b5d1ea8884c7f922eac4074825eaaafd317cc920babcf3a8", @ANYRES32=0x0, @ANYRES32=0x0], &(0x7f0000000780)=0xc) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = getpgid(0x0) epoll_create(0x78c) lsetxattr$trusted_overlay_opaque(0x0, &(0x7f0000000300)='trusted.overlay.opaque\x00', 0x0, 0x0, 0x0) stat(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000001c0)={{{@in=@multicast1, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in6=@remote}}, &(0x7f00000002c0)=0xe8) setreuid(r5, r6) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ptrace$setsig(0x4203, r4, 0x71c7, &(0x7f0000000580)={0x7, 0x10000, 0xfffffffffffffffb}) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x80006, 0x1ff) ioctl$VIDIOC_DQEVENT(0xffffffffffffffff, 0x80885659, &(0x7f0000000480)={0x0, @frame_sync}) ioctl$SG_GET_SCSI_ID(r3, 0x2276, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r3, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000600)={r3, &(0x7f0000000340)="28fd0c40488a5ca23c8e14ff73e2188721a27b5556bae5a91d6af20e7c847a9af98e7cbd314481f7275d", &(0x7f00000006c0)=""/119}, 0x18) sendmsg(r0, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f00000007c0)='/dev/hwrng\x00', 0x20400, 0x0) [ 629.017354] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 629.023676] CPU: 0 PID: 7243 Comm: syz-executor.0 Not tainted 4.19.35 #3 [ 629.030565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 629.039925] Call Trace: [ 629.042532] dump_stack+0x172/0x1f0 [ 629.046188] dump_header+0x15e/0x929 [ 629.049926] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 629.055049] ? ___ratelimit+0x60/0x595 [ 629.058932] ? do_raw_spin_unlock+0x57/0x270 [ 629.063349] oom_kill_process.cold+0x10/0x6f5 01:45:55 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x28000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 629.067866] ? task_will_free_mem+0x139/0x6e0 [ 629.072382] out_of_memory+0x936/0x12d0 [ 629.076375] ? oom_killer_disable+0x280/0x280 [ 629.080877] ? find_held_lock+0x35/0x130 [ 629.084980] mem_cgroup_out_of_memory+0x1d2/0x240 [ 629.089836] ? memcg_event_wake+0x230/0x230 [ 629.094169] ? do_raw_spin_unlock+0x57/0x270 [ 629.098589] ? _raw_spin_unlock+0x2d/0x50 [ 629.102755] try_charge+0x1028/0x15b0 [ 629.106571] ? find_held_lock+0x35/0x130 [ 629.110738] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 629.115591] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 629.120453] ? find_held_lock+0x35/0x130 [ 629.124531] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 629.129399] memcg_kmem_charge_memcg+0x7c/0x130 [ 629.134085] ? memcg_kmem_put_cache+0xb0/0xb0 [ 629.138597] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 629.143454] memcg_kmem_charge+0x136/0x300 [ 629.147708] __alloc_pages_nodemask+0x3c6/0x760 [ 629.152390] ? __alloc_pages_slowpath+0x2870/0x2870 [ 629.157429] ? lockdep_hardirqs_on+0x415/0x5d0 [ 629.162031] ? trace_hardirqs_on+0x67/0x230 01:45:55 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x29000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 629.166374] copy_process.part.0+0x3e0/0x7970 [ 629.170883] ? mark_held_locks+0x100/0x100 [ 629.175138] ? __might_fault+0x12b/0x1e0 [ 629.179328] ? __cleanup_sighand+0x70/0x70 [ 629.183588] ? lock_downgrade+0x810/0x810 [ 629.187762] _do_fork+0x257/0xfe0 [ 629.191228] ? fork_idle+0x1d0/0x1d0 [ 629.194966] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 629.199732] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 629.204493] ? do_syscall_64+0x26/0x610 [ 629.208485] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 629.213853] ? do_syscall_64+0x26/0x610 01:45:55 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xbe010000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 629.217843] __x64_sys_clone+0xbf/0x150 [ 629.221828] do_syscall_64+0x103/0x610 [ 629.225725] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 629.231003] RIP: 0033:0x458c29 [ 629.231016] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 629.231023] RSP: 002b:00007fcba7dd8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 629.231044] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 629.231051] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 629.231057] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 629.231064] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcba7dd96d4 [ 629.231072] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 629.238619] Task in /syz0 killed as a result of limit of /syz0 [ 629.304356] memory: usage 307200kB, limit 307200kB, failcnt 3540 [ 629.310734] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 629.322200] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 629.328794] Memory cgroup stats for /syz0: cache:92KB rss:201912KB rss_huge:153600KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:202008KB inactive_file:0KB active_file:0KB unevictable:8KB 01:45:56 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x2b000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:45:56 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x8000, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) write$binfmt_elf64(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="7f45cdcd403ce58c4c4600006152002f13cd0100000000000000a8161ad800000d00000000130000007412c7005e19b3901d547ac202003800000000a8cf579f4a00ff0340"], 0x45) recvmmsg(r0, &(0x7f0000008880), 0x45b, 0x44000102, 0x0) [ 629.502877] validate_nla: 10 callbacks suppressed [ 629.502885] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 629.520789] Memory cgroup out of memory: Kill process 24498 (syz-executor.0) score 124 or sacrifice child [ 629.543517] Killed process 24498 (syz-executor.0) total-vm:72452kB, anon-rss:2196kB, file-rss:35796kB, shmem-rss:0kB [ 629.571204] nla_parse: 10 callbacks suppressed [ 629.571212] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 01:45:56 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000080), &(0x7f0000000100)=0x14) [ 629.597199] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 629.622614] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 629.634386] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 01:45:56 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 629.637209] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 629.651979] netlink: 'syz-executor.4': attribute type 29 has an invalid length. 01:45:56 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x2c000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 629.709871] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 629.759752] CPU: 0 PID: 7734 Comm: syz-executor.0 Not tainted 4.19.35 #3 [ 629.766687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 629.776054] Call Trace: [ 629.778670] dump_stack+0x172/0x1f0 [ 629.782318] dump_header+0x15e/0x929 [ 629.786052] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 629.791171] ? ___ratelimit+0x60/0x595 [ 629.795064] ? do_raw_spin_unlock+0x57/0x270 [ 629.799485] oom_kill_process.cold+0x10/0x6f5 [ 629.804002] ? task_will_free_mem+0x139/0x6e0 [ 629.807914] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 629.808518] out_of_memory+0x936/0x12d0 [ 629.820026] ? oom_killer_disable+0x280/0x280 [ 629.824528] ? find_held_lock+0x35/0x130 [ 629.828614] mem_cgroup_out_of_memory+0x1d2/0x240 [ 629.833482] ? memcg_event_wake+0x230/0x230 [ 629.837848] ? do_raw_spin_unlock+0x57/0x270 [ 629.839540] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 629.842266] ? _raw_spin_unlock+0x2d/0x50 [ 629.842286] try_charge+0xd25/0x15b0 [ 629.842300] ? find_held_lock+0x35/0x130 [ 629.842321] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 629.842335] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 629.842350] ? find_held_lock+0x35/0x130 [ 629.842366] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 629.842393] memcg_kmem_charge_memcg+0x7c/0x130 [ 629.842409] ? memcg_kmem_put_cache+0xb0/0xb0 [ 629.842429] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 629.842447] memcg_kmem_charge+0x136/0x300 [ 629.842464] __alloc_pages_nodemask+0x3c6/0x760 [ 629.842481] ? __alloc_pages_slowpath+0x2870/0x2870 [ 629.842500] ? find_held_lock+0x35/0x130 [ 629.842517] ? copy_page_range+0x124f/0x1f90 [ 629.842536] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 629.842555] alloc_pages_current+0x107/0x210 [ 629.842578] pte_alloc_one+0x1b/0x1a0 [ 629.879624] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 629.881527] __pte_alloc+0x2a/0x360 [ 629.881544] copy_page_range+0x151f/0x1f90 [ 629.881580] ? pmd_alloc+0x180/0x180 [ 629.881596] ? __vma_link_rb+0x279/0x370 [ 629.881624] copy_process.part.0+0x5434/0x7970 [ 629.881662] ? __cleanup_sighand+0x70/0x70 [ 629.927799] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 629.927936] _do_fork+0x257/0xfe0 [ 629.932024] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 629.940211] ? fork_idle+0x1d0/0x1d0 [ 629.940239] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 629.946381] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 629.948182] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 629.948198] ? do_syscall_64+0x26/0x610 [ 629.948216] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 629.948227] ? do_syscall_64+0x26/0x610 [ 629.948248] __x64_sys_clone+0xbf/0x150 [ 629.952876] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 629.956011] do_syscall_64+0x103/0x610 [ 629.956033] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 629.956046] RIP: 0033:0x4571fa [ 629.956062] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 629.956069] RSP: 002b:00007ffea8669c70 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 630.069553] RAX: ffffffffffffffda RBX: 00007ffea8669c70 RCX: 00000000004571fa [ 630.076838] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 630.084114] RBP: 00007ffea8669cb0 R08: 0000000000000001 R09: 0000000001389940 [ 630.091480] R10: 0000000001389c10 R11: 0000000000000246 R12: 0000000000000001 [ 630.098735] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffea8669d00 [ 630.110883] Task in /syz0 killed as a result of limit of /syz0 [ 630.116922] memory: usage 305088kB, limit 307200kB, failcnt 3540 [ 630.123238] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 630.129998] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 630.162397] Memory cgroup stats for /syz0: cache:92KB rss:199864KB rss_huge:151552KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:199876KB inactive_file:0KB active_file:0KB unevictable:8KB [ 630.186514] Memory cgroup out of memory: Kill process 25200 (syz-executor.0) score 124 or sacrifice child [ 630.197843] Killed process 25200 (syz-executor.0) total-vm:72452kB, anon-rss:2196kB, file-rss:35796kB, shmem-rss:0kB [ 630.212404] oom_reaper: reaped process 25200 (syz-executor.0), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 01:45:56 executing program 0: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x80, 0x0) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r0, 0x10f, 0x84, &(0x7f0000000140), &(0x7f0000000200)=0x4) r1 = socket$inet(0x10, 0x3, 0x0) r2 = socket$inet(0x2, 0x3, 0x1e) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r3, &(0x7f0000000340)=0x80000000, 0x8) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r3, 0x80045300, &(0x7f0000000080)) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 630.312450] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 630.320195] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 630.331451] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 630.339033] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 01:45:56 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:56 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x2f000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:45:56 executing program 5: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f0000000040)) r1 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x0) 01:45:56 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0xb, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r1 = syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$evdev(r1, &(0x7f00000001c0)=[{{0x0, 0x2710}, 0x17, 0x0, 0x7fffffff}], 0x18) getpgid(0x0) epoll_create(0xffffffffffffffff) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) getsockname$netrom(r2, &(0x7f0000000100)={{0x3, @netrom}, [@netrom, @rose, @bcast, @rose, @netrom, @null, @netrom, @rose]}, &(0x7f0000000080)=0x48) 01:45:56 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xc2020000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:57 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 630.555680] FS-Cache: Duplicate cookie detected [ 630.560574] FS-Cache: O-cookie c=00000000853614d5 [p=000000004114b303 fl=222 nc=0 na=1] [ 630.569796] FS-Cache: O-cookie d=00000000656b88e0 n=0000000048617a5b [ 630.576600] FS-Cache: O-key=[10] '02000200000002000000' [ 630.582719] FS-Cache: N-cookie c=0000000053ddca3f [p=000000004114b303 fl=2 nc=0 na=1] [ 630.590853] FS-Cache: N-cookie d=00000000656b88e0 n=000000001c7c7b6e [ 630.597670] FS-Cache: N-key=[10] '02000200000002000000' 01:45:57 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x33000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:45:57 executing program 5: r0 = socket$inet6(0xa, 0x22000000002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c) 01:45:57 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(0xffffffffffffff9c, 0x84, 0x7c, &(0x7f0000000080)={0x0, 0x763390b1, 0x7dc}, &(0x7f0000000100)=0x8) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000140)={r3}, &(0x7f0000000200)=0x8) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:57 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x3b000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 630.776303] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 630.796909] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 630.815155] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 01:45:57 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 630.827443] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 631.009786] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 631.025002] IPVS: ftp: loaded support on port[0] = 21 01:45:57 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(r2, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x12240110}, 0xc, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="300000001cf981ab540bc0eae26cfdb6cca47e0ef03e13fa55d71c7e94cfef97ff6bb9732a82649f42ae8ecd4bb31f0bf4fb15859b980e13b213abaf71863d007cc98bca5f60260a5ff77b136faa092563f7521e810b0fdad402a36b966b902ce4d99058c415baa5411bb18598736237544dbd503fae1a6d2fe99b951adb4395f4", @ANYRES16=r3, @ANYBLOB="04002cbd7000fcdbdf2501000000000000000c4100000014001462726f6164636173742d6c696e6b0000"], 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x1) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r4, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r4, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00') getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000800)={{{@in6=@loopback, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@local}, 0x0, @in=@dev}}, &(0x7f0000000900)=0xe8) syz_mount_image$msdos(&(0x7f0000000140)='msdos\x00', &(0x7f0000000500)='./file0\x00', 0x78, 0x2, &(0x7f00000007c0)=[{&(0x7f0000000640)="37f03f95bd59cae0ee878ca33e0c45f822135c9dbc930ebb8c9b03c75ceb33f361039d04f5913422f670cad44adc20e268b852023963615e2045f03a977dd2b8769fe76a063afbb479c7c673cce6c1327a2e4acd75d780f3ec7dd7bb12123c2895bbedc3dcf753a82bea53f63a2ee18a7d7cfad164e15521736580bdc6d8ac266d5d5021449d9162910975f153e66072be5b90d89ddc37c30823b461ecc41baf83627007d87b2ab286519cb3a066bfe2fa672f14ed8f3be96cf0f4f93cc8abd93d8f9a0ba48417a6cc7a60d9d2d95c92167e35a3a6ee5fc133939aa4498d50259552da9c6908981a", 0xe8, 0x8}, {&(0x7f0000000740)="edd3408633b09ab31047bec3b1625d4cb7177c83fd04f8c9d22e5fb9c96ed3439293b35c700beab7a05cfb201934092a66f7a91117c482ba0f2861091d37a6e658eaa7e6743113497da2cea2db6b18eebf8ed5ad88dc13be610d07569024a4ae7998cd4f7c5f08dbdc58301caba94bba5173", 0x72, 0x1}], 0x0, &(0x7f0000000940)={[{@nodots='nodots'}, {@fat=@tz_utc='tz=UTC'}, {@nodots='nodots'}], [{@smackfshat={'smackfshat', 0x3d, 'lo'}}, {@subj_role={'subj_role', 0x3d, 'eth0}&usermime_type'}}, {@dont_appraise='dont_appraise'}, {@euid_gt={'euid>', r6}}]}) sendmsg$TIPC_NL_MON_SET(r2, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x48, r5, 0x400, 0x70bd2b, 0x25dfdbfd, {}, [@TIPC_NLA_SOCK={0x34, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x35b}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x80000001}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x3}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1f}]}]}, 0x48}}, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r4, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:57 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x3c000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 631.121491] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 631.171185] CPU: 1 PID: 7323 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 631.178089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 631.187451] Call Trace: [ 631.190056] dump_stack+0x172/0x1f0 [ 631.193717] dump_header+0x15e/0x929 [ 631.197555] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 631.202669] ? ___ratelimit+0x60/0x595 [ 631.206565] ? do_raw_spin_unlock+0x57/0x270 [ 631.210988] oom_kill_process.cold+0x10/0x6f5 [ 631.215504] ? task_will_free_mem+0x139/0x6e0 [ 631.220003] ? find_held_lock+0x35/0x130 [ 631.224079] out_of_memory+0x936/0x12d0 [ 631.228068] ? lock_downgrade+0x810/0x810 [ 631.232239] ? oom_killer_disable+0x280/0x280 [ 631.236740] ? find_held_lock+0x35/0x130 [ 631.240824] mem_cgroup_out_of_memory+0x1d2/0x240 [ 631.245766] ? memcg_event_wake+0x230/0x230 [ 631.250103] ? do_raw_spin_unlock+0x57/0x270 [ 631.254526] ? _raw_spin_unlock+0x2d/0x50 [ 631.258689] try_charge+0x1028/0x15b0 [ 631.262504] ? find_held_lock+0x35/0x130 [ 631.266580] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 631.271429] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 631.276281] ? find_held_lock+0x35/0x130 [ 631.280352] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 631.285302] memcg_kmem_charge_memcg+0x7c/0x130 [ 631.289978] ? memcg_kmem_put_cache+0xb0/0xb0 [ 631.294486] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 631.299377] memcg_kmem_charge+0x136/0x300 [ 631.303631] __alloc_pages_nodemask+0x3c6/0x760 [ 631.308311] ? __alloc_pages_slowpath+0x2870/0x2870 [ 631.313431] ? lockdep_hardirqs_on+0x415/0x5d0 [ 631.318019] ? trace_hardirqs_on+0x67/0x230 [ 631.322355] ? kasan_check_read+0x11/0x20 [ 631.326539] copy_process.part.0+0x3e0/0x7970 [ 631.331052] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 631.336161] ? delayacct_end+0x5c/0x100 [ 631.340176] ? __delayacct_freepages_end+0xe0/0x140 [ 631.345207] ? __lock_acquire+0x6eb/0x48f0 [ 631.349459] ? __cleanup_sighand+0x70/0x70 [ 631.353717] ? mark_held_locks+0x100/0x100 [ 631.357979] _do_fork+0x257/0xfe0 [ 631.361453] ? fork_idle+0x1d0/0x1d0 [ 631.365185] ? blkcg_print_stat+0xb90/0xb90 [ 631.369522] ? kasan_check_read+0x11/0x20 [ 631.373683] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 631.378452] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 631.383219] ? do_syscall_64+0x26/0x610 [ 631.387209] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 631.392581] ? do_syscall_64+0x26/0x610 [ 631.396573] __x64_sys_clone+0xbf/0x150 [ 631.400562] do_syscall_64+0x103/0x610 [ 631.404464] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 631.409754] RIP: 0033:0x45b5f9 [ 631.412951] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 631.433226] RSP: 002b:00007fffea33a168 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 631.440961] RAX: ffffffffffffffda RBX: 00007f546894a700 RCX: 000000000045b5f9 [ 631.448242] RDX: 00007f546894a9d0 RSI: 00007f5468949db0 RDI: 00000000003d0f00 [ 631.455517] RBP: 00007fffea33a370 R08: 00007f546894a700 R09: 00007f546894a700 [ 631.462883] R10: 00007f546894a9d0 R11: 0000000000000202 R12: 0000000000000000 01:45:57 executing program 0: r0 = socket$inet(0x10, 0x4, 0x2) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:45:58 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x43050000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 631.470157] R13: 00007fffea33a21f R14: 00007f546894a9c0 R15: 000000000073c04c [ 631.666072] IPVS: ftp: loaded support on port[0] = 21 [ 632.131326] Task in /syz3 killed as a result of limit of /syz3 [ 632.137717] memory: usage 307200kB, limit 307200kB, failcnt 2650 [ 632.144769] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 632.152144] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 632.158518] Memory cgroup stats for /syz3: cache:88KB rss:198304KB rss_huge:151552KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:198392KB inactive_file:0KB active_file:0KB unevictable:0KB [ 632.180982] Memory cgroup out of memory: Kill process 24753 (syz-executor.3) score 124 or sacrifice child [ 632.191369] Killed process 24753 (syz-executor.3) total-vm:72584kB, anon-rss:2216kB, file-rss:35796kB, shmem-rss:0kB [ 632.205746] oom_reaper: reaped process 24753 (syz-executor.3), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB 01:45:58 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) preadv(r1, &(0x7f0000000200)=[{&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f0000000080)=""/5, 0x5}, {&(0x7f0000000100)=""/36, 0x24}, {&(0x7f00000013c0)=""/4096, 0x1000}, {&(0x7f0000000140)=""/38, 0x26}, {&(0x7f00000001c0)=""/42, 0x2a}], 0x6, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:03 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xd0030000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:03 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x800e0000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:03 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 636.738687] validate_nla: 4 callbacks suppressed [ 636.738696] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 636.769051] nla_parse: 4 callbacks suppressed [ 636.769058] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 636.791280] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 636.815216] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 636.816525] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 636.833586] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 636.849981] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 636.865835] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 636.868793] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 636.895225] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 636.906972] CPU: 0 PID: 7385 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 636.913857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 636.923220] Call Trace: [ 636.925830] dump_stack+0x172/0x1f0 [ 636.929483] dump_header+0x15e/0x929 [ 636.933216] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 636.938348] ? ___ratelimit+0x60/0x595 [ 636.942254] ? do_raw_spin_unlock+0x57/0x270 [ 636.946683] oom_kill_process.cold+0x10/0x6f5 [ 636.951197] ? task_will_free_mem+0x139/0x6e0 [ 636.955713] out_of_memory+0x936/0x12d0 [ 636.959706] ? lock_downgrade+0x810/0x810 [ 636.963871] ? oom_killer_disable+0x280/0x280 [ 636.968440] ? find_held_lock+0x35/0x130 [ 636.972522] mem_cgroup_out_of_memory+0x1d2/0x240 [ 636.977371] ? memcg_event_wake+0x230/0x230 [ 636.981703] ? do_raw_spin_unlock+0x57/0x270 [ 636.986127] ? _raw_spin_unlock+0x2d/0x50 [ 636.990287] try_charge+0x1028/0x15b0 [ 636.994094] ? find_held_lock+0x35/0x130 [ 636.998175] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 637.003044] ? kasan_check_read+0x11/0x20 [ 637.007211] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 637.012070] mem_cgroup_try_charge+0x24d/0x5e0 [ 637.016780] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 637.021721] wp_page_copy+0x430/0x16a0 [ 637.025629] ? follow_pfn+0x2a0/0x2a0 [ 637.029444] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 637.034561] ? kasan_check_read+0x11/0x20 [ 637.038719] ? do_raw_spin_unlock+0x57/0x270 [ 637.043136] do_wp_page+0x57d/0x10b0 [ 637.046865] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 637.051545] ? kasan_check_write+0x14/0x20 [ 637.055789] ? do_raw_spin_lock+0xc8/0x240 [ 637.060042] __handle_mm_fault+0x230a/0x3f80 [ 637.064467] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 637.069325] ? find_held_lock+0x35/0x130 [ 637.073399] ? handle_mm_fault+0x322/0xb30 [ 637.077659] ? kasan_check_read+0x11/0x20 [ 637.081823] handle_mm_fault+0x43f/0xb30 [ 637.085902] __do_page_fault+0x62a/0xe90 [ 637.089994] ? vmalloc_fault+0x770/0x770 [ 637.094067] ? trace_hardirqs_off_caller+0x65/0x220 [ 637.099096] ? trace_hardirqs_on_caller+0x6a/0x220 [ 637.104037] ? page_fault+0x8/0x30 [ 637.107594] do_page_fault+0x71/0x581 [ 637.111406] ? page_fault+0x8/0x30 [ 637.114954] page_fault+0x1e/0x30 [ 637.118423] RIP: 0033:0x40de98 [ 637.121621] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 2c e2 4b 00 31 c0 e8 83 3a ff ff 31 ff e8 cc 36 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ce 25 64 00 [ 637.140531] RSP: 002b:00007ffe7cbd7c90 EFLAGS: 00010246 [ 637.145913] RAX: 00000000ddc5d7cf RBX: 00000000204ccfbb RCX: 0000001b30420000 [ 637.153196] RDX: 0000000000000000 RSI: 00000000000017cf RDI: ffffffffddc5d7ce [ 637.160485] RBP: 0000000000000002 R08: 00000000ddc5d7ce R09: 00000000ddc5d7d2 [ 637.167764] R10: 00007ffe7cbd7e20 R11: 0000000000000246 R12: 000000000073bf88 [ 637.175041] R13: 0000000080000000 R14: 00007f66b3fb1008 R15: 000000000000004e [ 637.190916] Task in /syz1 killed as a result of limit of /syz1 [ 637.197711] memory: usage 307200kB, limit 307200kB, failcnt 928 [ 637.215185] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 637.227665] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 637.245426] Memory cgroup stats for /syz1: cache:64KB rss:181068KB rss_huge:120832KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:181212KB inactive_file:0KB active_file:0KB unevictable:0KB [ 637.269648] Memory cgroup out of memory: Kill process 5396 (syz-executor.1) score 1113 or sacrifice child [ 637.285483] Killed process 5396 (syz-executor.1) total-vm:72584kB, anon-rss:2204kB, file-rss:35800kB, shmem-rss:0kB 01:46:04 executing program 5: r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="11dc86055e0bceec7be070") mq_timedreceive(r0, &(0x7f0000000840)=""/1, 0x4ebd23f3ae694bd0, 0x0, &(0x7f0000000880)) 01:46:04 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") pipe2(&(0x7f0000000200), 0x80000) syz_open_dev$cec(&(0x7f00000007c0)='/dev/cec#\x00', 0x0, 0x2) syz_open_dev$dmmidi(&(0x7f0000000800)='/dev/dmmidi#\x00', 0x218b85db, 0x200000) open(&(0x7f0000000840)='./file0\x00', 0x200, 0x80) openat$zero(0xffffffffffffff9c, &(0x7f0000000880)='/dev/zero\x00', 0x200000, 0x0) openat$vcs(0xffffffffffffff9c, &(0x7f00000008c0)='/dev/vcs\x00', 0x400, 0x0) syz_open_dev$dspn(&(0x7f0000000900)='/dev/dsp#\x00', 0x5, 0x2) syz_open_dev$admmidi(&(0x7f0000000940)='/dev/admmidi#\x00', 0x10001, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000980)='/dev/vga_arbiter\x00', 0x200, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000009c0)='/dev/sequencer2\x00', 0x0, 0x0) openat$autofs(0xffffffffffffff9c, &(0x7f0000000a00)='/dev/autofs\x00', 0x0, 0x0) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000a40)='/dev/cachefiles\x00', 0x8080, 0x0) openat$dsp(0xffffffffffffff9c, &(0x7f0000000a80)='/dev/dsp\x00', 0x4100, 0x0) dup2(r1, r1) syz_open_dev$admmidi(&(0x7f0000000ac0)='/dev/admmidi#\x00', 0x1, 0x200000) openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000b00)='/selinux/avc/cache_stats\x00', 0x0, 0x0) syz_open_dev$adsp(&(0x7f0000000b40)='/dev/adsp#\x00', 0x1, 0x60a41) openat$zero(0xffffffffffffff9c, &(0x7f0000000b80)='/dev/zero\x00', 0x200000, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000bc0)='/dev/null\x00', 0x30000, 0x0) syz_open_dev$radio(&(0x7f0000000c00)='/dev/radio#\x00', 0x3, 0x2) r2 = creat(&(0x7f0000000c40)='./file0\x00', 0x10) r3 = openat$cgroup_ro(r2, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) ioctl$EVIOCGSW(r3, 0x8040451b, &(0x7f0000000140)=""/37) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r4, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r4, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r4, &(0x7f0000000340)=0x80000000, 0x8) clone(0x8200000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r5 = getuid() syz_mount_image$ext4(&(0x7f0000000080)='ext2\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x4, &(0x7f00000004c0)=[{&(0x7f00000003c0)="297984ae4538f5e36d210ced1a4c60c74f765a4f923e2bf20718af5b0bad1a8c0000bd9068e38fc4a62497139662d115439f91d6a88186d4d173f3825968ec231c8de66ad8620dd62ae9c963e5d45bb7ef44dc65d0af6b72e19e249242b472012e31025891347d80117747cf2af6a0572664dc86db2daeed9434d568291c9bfe71e925697c5a109e093f8a6121b72cc69b0ce8a89070f2f00909c4c767bd6378bb2745f395c7eabc664191f6727a419838a9f22c1bdec666412b803439194ecb111ca934acc3747a4b95e36dcfddd83c355a1e53bcfe30c4ed15a6f4fcd2", 0xde, 0x4498d5e4}, {&(0x7f0000000580)="98a25960432adbaab68f5a27f808ea713d72ff54ec1eb927631c76a4eea59f803bf1280c978b583bbb9003e3e8dfe3432f559f88be95ed17750bac2a2ea8338b21a0141ae52f90feedd4fe179b942977b66b55d648c42f61fab60d59a6857e9ea4a2523c23d6c067af2099c7486df78eca45c584fe0964e2553b8576e773ee2cf0c6859c60eb18e8861ca93e056590ca8f1915710562b945e6f3b233640ac2abf541ddbfb9413fadea82f2b8f9b91879e598ba7dcc617880ec80fb586e", 0xbd, 0x6}, {&(0x7f0000000640)="7db8a119101b757b84a53f0dc5a1b34ded80c30b06321da2a5119b1b64646238bbb87f7adbb2993e10d0ff8be4f026ccb0b7b3aab0a0c1d0d486459d37a5a84562517f8bc12ce020bbd6ce1bcab72760ca9a494f5ad79cbcace412f740f6cd88475114f5fdbfbea681a8d9f1e395ddad616c74b733e7b595cb9f31811476c633a02c6a44c7fbc80a64c18e4f93e6309e8fd00325f2e5b71871d0e82f87165d37c6c34d0d49049a0e740f1aa34c4f600bbb01ff39eb5d66d2bc2cdb199ab86011e4c658db3ca5cec4a1d97b07dc4cd233b6eceb19a516848dcdca0cb561", 0xdd, 0x9}, {&(0x7f00000002c0)="d7bc9b33ba39db369e789b45abdd5ecc93555a55c5cfe30243497e8ed98450bc5d5151aac4e12672ac928b654f7ee6d21b69ada9f804b6b65595cbaaed44a727e88d0e4b5093a6cff1cd8d7fd3b92969a0442ef34eafda3e", 0x58, 0x8}], 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="6e6f646973636172642c6d61785f62617463685f74696d653d307830301ae6f3c9303030303030653331359aa17569643c", @ANYRESDEC=r5, @ANYBLOB=',\x00']) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:04 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$CAPI_MANUFACTURER_CMD(r1, 0xc0104320, &(0x7f0000000100)={0x7, &(0x7f0000000080)="8d6f467b354f25315627691c85802c93d154b693f0d5af73d872fcaef6da7300"}) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000000200)={@remote, @dev, 0x0}, &(0x7f0000000240)=0xc) bind$packet(r2, &(0x7f0000000280)={0x11, 0x0, r3, 0x1, 0xffffffffffffe154, 0x6, @local}, 0x14) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:04 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x80350000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:04 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xd4030000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:04 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:04 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$PPPIOCATTCHAN(r2, 0x40047438, &(0x7f0000000080)=0x3) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:04 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r3, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REMOVE(r2, 0xc0405519, &(0x7f0000000080)={0x3, 0x7, 0x6, 0x0, '\x00', 0x5}) 01:46:04 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x81000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 638.223730] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 638.265760] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 638.328757] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 638.340890] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 01:46:05 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x86ddffff}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 638.396709] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 638.511334] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 638.568427] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 638.611458] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 01:46:05 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x88470000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:05 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:05 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xb, 0x81, 0x7, 0x5, 0x1}, 0xcc) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={r0, &(0x7f0000000000), 0x0, 0x3}, 0x20) 01:46:05 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xee030000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:05 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x88480000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 638.896567] syz-executor.1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 638.919150] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 638.927155] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 638.938405] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 638.956131] CPU: 0 PID: 7443 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 638.963004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 638.972360] Call Trace: [ 638.974973] dump_stack+0x172/0x1f0 [ 638.979585] dump_header+0x15e/0x929 [ 638.983452] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 638.988573] ? ___ratelimit+0x60/0x595 [ 638.992476] ? do_raw_spin_unlock+0x57/0x270 [ 638.996908] oom_kill_process.cold+0x10/0x6f5 [ 639.001427] ? task_will_free_mem+0x139/0x6e0 01:46:05 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = syz_open_dev$amidi(&(0x7f00000001c0)='/dev/amidi#\x00', 0x7, 0x101000) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffff9c, 0x84, 0x6, &(0x7f0000000200)={0x0, @in={{0x2, 0x4e21, @rand_addr=0x400}}}, &(0x7f00000002c0)=0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000300)={r1, 0x0, 0x30}, &(0x7f0000000340)=0xc) r2 = socket$inet(0x2, 0x3, 0x1e) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$RDS_CONG_MONITOR(r4, 0x114, 0x6, &(0x7f0000000140)=0x1, 0x4) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) ioctl$TIOCGISO7816(r3, 0x80285442, &(0x7f0000000080)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_S_AUDOUT(r3, 0x40345632, &(0x7f00000003c0)={0x4, "f53c19b6537760f3efe9c58098d0307cad2c4e3356ee4a07d9783780fb23057b", 0x3}) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BLKREPORTZONE(r4, 0xc0101282, &(0x7f0000000400)={0x0, 0x5, 0x0, [{0x20, 0x6, 0x1, 0xcbb, 0x40, 0x1, 0x6}, {0x9, 0x48f0, 0x20, 0x6, 0x8ae1, 0x9, 0x3}, {0x2, 0x7fffffff, 0x0, 0x1, 0x8, 0x3f, 0x8}, {0xffff, 0x9, 0x6, 0x59, 0xffffffff, 0x80000001, 0xbd}, {0x3, 0x2, 0x2, 0x2, 0x1000, 0x3, 0xff}]}) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) clock_getres(0x3, &(0x7f0000000100)) write$eventfd(0xffffffffffffffff, 0x0, 0xfffffffffffffe0e) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) [ 639.005938] ? find_held_lock+0x35/0x130 [ 639.010018] out_of_memory+0x936/0x12d0 [ 639.014004] ? lock_downgrade+0x810/0x810 [ 639.018164] ? oom_killer_disable+0x280/0x280 [ 639.022676] ? find_held_lock+0x35/0x130 [ 639.026761] mem_cgroup_out_of_memory+0x1d2/0x240 [ 639.031614] ? memcg_event_wake+0x230/0x230 [ 639.035952] ? do_raw_spin_unlock+0x57/0x270 [ 639.040374] ? _raw_spin_unlock+0x2d/0x50 [ 639.044538] try_charge+0x1028/0x15b0 [ 639.048346] ? find_held_lock+0x35/0x130 [ 639.052420] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 639.057256] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 639.057270] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 639.064703] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 639.064723] ? find_held_lock+0x35/0x130 [ 639.064740] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 639.064764] memcg_kmem_charge_memcg+0x7c/0x130 [ 639.064779] ? memcg_kmem_put_cache+0xb0/0xb0 [ 639.064795] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 639.064819] memcg_kmem_charge+0x136/0x300 [ 639.105248] __alloc_pages_nodemask+0x3c6/0x760 [ 639.109941] ? __alloc_pages_slowpath+0x2870/0x2870 [ 639.114971] ? lockdep_hardirqs_on+0x415/0x5d0 [ 639.119568] ? __lock_acquire+0x6eb/0x48f0 [ 639.123816] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 639.128931] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 639.134481] alloc_pages_current+0x107/0x210 [ 639.138905] pte_alloc_one+0x1b/0x1a0 [ 639.142719] __handle_mm_fault+0x3533/0x3f80 [ 639.147145] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 639.152134] ? find_held_lock+0x35/0x130 01:46:05 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) setsockopt$inet_group_source_req(r0, 0x0, 0x2f, &(0x7f00000001c0)={0x18, {{0x2, 0x4e20, @empty}}, {{0x2, 0x4e23, @multicast2}}}, 0x108) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x80000200, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) [ 639.156212] ? handle_mm_fault+0x322/0xb30 [ 639.160469] ? kasan_check_read+0x11/0x20 [ 639.164626] handle_mm_fault+0x43f/0xb30 [ 639.168703] __do_page_fault+0x62a/0xe90 [ 639.172819] ? vmalloc_fault+0x770/0x770 [ 639.176892] ? trace_hardirqs_off_caller+0x65/0x220 [ 639.181917] ? trace_hardirqs_on_caller+0x6a/0x220 [ 639.186853] ? page_fault+0x8/0x30 [ 639.190411] do_page_fault+0x71/0x581 [ 639.194220] ? page_fault+0x8/0x30 [ 639.197773] page_fault+0x1e/0x30 [ 639.201240] RIP: 0033:0x4571fa [ 639.204447] Code: Bad RIP value. [ 639.207823] RSP: 002b:00007ffe7cbd7eb0 EFLAGS: 00010246 [ 639.213194] RAX: 0000000000000000 RBX: 00007ffe7cbd7eb0 RCX: 00000000004571fa [ 639.220472] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 639.227748] RBP: 00007ffe7cbd7ef0 R08: 0000000000000001 R09: 00000000027d7940 [ 639.235024] R10: 00000000027d7c10 R11: 0000000000000246 R12: 0000000000000001 [ 639.242300] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe7cbd7f40 [ 639.254160] Task in /syz1 killed as a result of limit of /syz1 [ 639.260302] memory: usage 307032kB, limit 307200kB, failcnt 995 [ 639.260313] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 639.260322] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 639.260328] Memory cgroup stats for /syz1: cache:64KB rss:181176KB rss_huge:120832KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:181156KB inactive_file:0KB active_file:0KB unevictable:0KB 01:46:05 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xf0030000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 639.308830] FS-Cache: Duplicate cookie detected [ 639.313645] FS-Cache: O-cookie c=0000000045d22362 [p=000000004114b303 fl=222 nc=0 na=1] [ 639.321881] FS-Cache: O-cookie d=00000000656b88e0 n=0000000009003441 [ 639.328383] FS-Cache: O-key=[10] '02000200000002000000' [ 639.333889] FS-Cache: N-cookie c=00000000b3ee089b [p=000000004114b303 fl=2 nc=0 na=1] [ 639.341962] FS-Cache: N-cookie d=00000000656b88e0 n=000000009bd5ff42 [ 639.348468] FS-Cache: N-key=[10] '02000200000002000000' 01:46:06 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x88640000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 639.454228] Memory cgroup out of memory: Kill process 5477 (syz-executor.1) score 1113 or sacrifice child [ 639.533693] Killed process 5477 (syz-executor.1) total-vm:72584kB, anon-rss:2204kB, file-rss:35800kB, shmem-rss:0kB 01:46:06 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e24, @local}], 0x10) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:06 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x88a8ffff}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:06 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xf2000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:06 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:06 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x10000200, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) [ 640.280990] FS-Cache: Duplicate cookie detected [ 640.285740] FS-Cache: O-cookie c=00000000f1ba8b5a [p=000000004114b303 fl=222 nc=0 na=1] [ 640.294125] FS-Cache: O-cookie d=00000000656b88e0 n=000000001853da73 [ 640.300627] FS-Cache: O-key=[10] '02000200000002000000' [ 640.306102] FS-Cache: N-cookie c=000000001a271906 [p=000000004114b303 fl=2 nc=0 na=1] [ 640.314136] FS-Cache: N-cookie d=00000000656b88e0 n=00000000f3060f04 [ 640.320826] FS-Cache: N-key=[10] '02000200000002000000' [ 640.354987] FS-Cache: Duplicate cookie detected [ 640.359898] FS-Cache: O-cookie c=00000000f1ba8b5a [p=000000004114b303 fl=222 nc=0 na=1] [ 640.368268] FS-Cache: O-cookie d=00000000656b88e0 n=000000001853da73 [ 640.375008] FS-Cache: O-key=[10] '02000200000002000000' [ 640.380933] FS-Cache: N-cookie c=000000009ffad441 [p=000000004114b303 fl=2 nc=0 na=1] [ 640.389103] FS-Cache: N-cookie d=00000000656b88e0 n=00000000bbb4aefb [ 640.395967] FS-Cache: N-key=[10] '02000200000002000000' [ 640.600582] syz-executor.1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 640.631784] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 640.637451] CPU: 0 PID: 7500 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 640.644301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 640.653762] Call Trace: [ 640.656370] dump_stack+0x172/0x1f0 [ 640.660033] dump_header+0x15e/0x929 [ 640.663888] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 640.669012] ? ___ratelimit+0x60/0x595 [ 640.672919] ? do_raw_spin_unlock+0x57/0x270 [ 640.676061] IPVS: ftp: loaded support on port[0] = 21 [ 640.677341] oom_kill_process.cold+0x10/0x6f5 [ 640.677364] ? task_will_free_mem+0x139/0x6e0 [ 640.677381] ? find_held_lock+0x35/0x130 [ 640.677402] out_of_memory+0x936/0x12d0 [ 640.677421] ? lock_downgrade+0x810/0x810 [ 640.703828] ? oom_killer_disable+0x280/0x280 [ 640.708338] ? find_held_lock+0x35/0x130 [ 640.712424] mem_cgroup_out_of_memory+0x1d2/0x240 [ 640.717275] ? memcg_event_wake+0x230/0x230 [ 640.721614] ? do_raw_spin_unlock+0x57/0x270 [ 640.726041] ? _raw_spin_unlock+0x2d/0x50 [ 640.730226] try_charge+0x1028/0x15b0 [ 640.734047] ? find_held_lock+0x35/0x130 [ 640.738235] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 640.743088] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 640.747946] ? find_held_lock+0x35/0x130 [ 640.752028] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 640.756899] memcg_kmem_charge_memcg+0x7c/0x130 [ 640.761601] ? memcg_kmem_put_cache+0xb0/0xb0 [ 640.766117] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 640.770980] memcg_kmem_charge+0x136/0x300 [ 640.775237] __alloc_pages_nodemask+0x3c6/0x760 [ 640.779921] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 640.784699] ? __alloc_pages_slowpath+0x2870/0x2870 [ 640.789730] ? trace_hardirqs_on_caller+0x6a/0x220 [ 640.794687] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 640.799459] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 640.805010] alloc_pages_current+0x107/0x210 [ 640.809440] pte_alloc_one+0x1b/0x1a0 [ 640.809461] __pte_alloc+0x2a/0x360 [ 640.816879] copy_page_range+0x151f/0x1f90 [ 640.821127] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 640.825904] ? copy_process.part.0+0x30ee/0x7970 [ 640.830687] ? pmd_alloc+0x180/0x180 [ 640.834431] ? __vma_link_rb+0x279/0x370 [ 640.838511] copy_process.part.0+0x5434/0x7970 [ 640.843136] ? __cleanup_sighand+0x70/0x70 [ 640.843174] _do_fork+0x257/0xfe0 [ 640.843194] ? fork_idle+0x1d0/0x1d0 [ 640.854613] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 640.859389] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 640.859406] ? do_syscall_64+0x26/0x610 [ 640.859425] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 640.859439] ? do_syscall_64+0x26/0x610 [ 640.859460] __x64_sys_clone+0xbf/0x150 [ 640.859479] do_syscall_64+0x103/0x610 [ 640.859498] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 640.859515] RIP: 0033:0x458c29 [ 640.877560] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 640.877569] RSP: 002b:00007f66b1fafc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 640.877586] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 640.877595] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 640.877603] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 640.877616] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b1fb06d4 [ 640.893813] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 641.050831] Task in /syz1 killed as a result of limit of /syz1 [ 641.057092] memory: usage 307200kB, limit 307200kB, failcnt 1030 [ 641.086860] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 641.094516] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 641.107094] Memory cgroup stats for /syz1: cache:64KB rss:181160KB rss_huge:120832KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:181224KB inactive_file:0KB active_file:0KB unevictable:0KB [ 641.136109] Memory cgroup out of memory: Kill process 25453 (syz-executor.1) score 1113 or sacrifice child [ 641.147075] Killed process 25462 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:34816kB, shmem-rss:0kB [ 641.187454] oom_reaper: reaped process 25462 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 641.203952] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 641.273534] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 641.289191] CPU: 1 PID: 7487 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 641.296165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 641.296172] Call Trace: [ 641.296195] dump_stack+0x172/0x1f0 [ 641.296219] dump_header+0x15e/0x929 [ 641.296238] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 641.296254] ? ___ratelimit+0x60/0x595 [ 641.296269] ? do_raw_spin_unlock+0x57/0x270 [ 641.296288] oom_kill_process.cold+0x10/0x6f5 [ 641.296307] ? task_will_free_mem+0x139/0x6e0 [ 641.296326] out_of_memory+0x936/0x12d0 [ 641.296348] ? oom_killer_disable+0x280/0x280 [ 641.296362] ? find_held_lock+0x35/0x130 [ 641.296388] mem_cgroup_out_of_memory+0x1d2/0x240 [ 641.296403] ? memcg_event_wake+0x230/0x230 [ 641.296421] ? do_raw_spin_unlock+0x57/0x270 [ 641.296436] ? _raw_spin_unlock+0x2d/0x50 [ 641.296453] try_charge+0x1028/0x15b0 [ 641.296474] ? find_held_lock+0x35/0x130 [ 641.333551] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 641.333574] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 641.342036] ? find_held_lock+0x35/0x130 [ 641.342051] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 641.342077] memcg_kmem_charge_memcg+0x7c/0x130 [ 641.342094] ? memcg_kmem_put_cache+0xb0/0xb0 [ 641.342111] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 641.342127] memcg_kmem_charge+0x136/0x300 [ 641.342144] __alloc_pages_nodemask+0x3c6/0x760 [ 641.342162] ? __alloc_pages_slowpath+0x2870/0x2870 [ 641.359942] ? lockdep_hardirqs_on+0x415/0x5d0 [ 641.359963] ? trace_hardirqs_on+0x67/0x230 [ 641.368522] ? kasan_check_read+0x11/0x20 [ 641.368547] copy_process.part.0+0x3e0/0x7970 [ 641.368569] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 641.368591] ? delayacct_end+0x5c/0x100 [ 641.376525] ? __delayacct_freepages_end+0xe0/0x140 [ 641.376546] ? __lock_acquire+0x6eb/0x48f0 [ 641.376571] ? __cleanup_sighand+0x70/0x70 [ 641.376592] ? mark_held_locks+0x100/0x100 [ 641.386277] _do_fork+0x257/0xfe0 [ 641.395154] ? fork_idle+0x1d0/0x1d0 [ 641.395174] ? blkcg_print_stat+0xb90/0xb90 [ 641.395190] ? kasan_check_read+0x11/0x20 [ 641.395207] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 641.395221] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 641.395236] ? do_syscall_64+0x26/0x610 [ 641.395252] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 641.395264] ? do_syscall_64+0x26/0x610 [ 641.395283] __x64_sys_clone+0xbf/0x150 [ 641.395301] do_syscall_64+0x103/0x610 [ 641.395319] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 641.395331] RIP: 0033:0x45b5f9 [ 641.395346] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 641.395354] RSP: 002b:00007ffc0bec0098 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 641.395369] RAX: ffffffffffffffda RBX: 00007f90eb516700 RCX: 000000000045b5f9 [ 641.395381] RDX: 00007f90eb5169d0 RSI: 00007f90eb515db0 RDI: 00000000003d0f00 [ 641.409340] RBP: 00007ffc0bec02a0 R08: 00007f90eb516700 R09: 00007f90eb516700 [ 641.409348] R10: 00007f90eb5169d0 R11: 0000000000000202 R12: 0000000000000000 [ 641.409356] R13: 00007ffc0bec014f R14: 00007f90eb5169c0 R15: 000000000073c04c [ 641.416027] Task in [ 641.427734] /syz4 [ 641.436127] killed as a result of limit of [ 641.462799] /syz4 [ 641.487763] memory: usage 307184kB, limit 307200kB, failcnt 1455 [ 641.499026] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 641.506716] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 641.513063] Memory cgroup stats for /syz4: cache:20KB rss:187408KB rss_huge:129024KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:187532KB inactive_file:0KB active_file:0KB unevictable:0KB [ 641.513179] Memory cgroup out of memory: Kill process 7081 (syz-executor.4) score 1113 or sacrifice child [ 641.513248] Killed process 7081 (syz-executor.4) total-vm:72584kB, anon-rss:2204kB, file-rss:35808kB, shmem-rss:0kB [ 641.563147] syz-executor.1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 641.606077] syz-executor.1 cpuset= [ 641.616914] syz1 [ 641.678493] mems_allowed=0-1 [ 641.687533] CPU: 1 PID: 7500 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 641.694402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 641.694409] Call Trace: [ 641.694438] dump_stack+0x172/0x1f0 [ 641.694460] dump_header+0x15e/0x929 [ 641.714186] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 641.719288] ? ___ratelimit+0x60/0x595 [ 641.723167] ? do_raw_spin_unlock+0x57/0x270 [ 641.727571] oom_kill_process.cold+0x10/0x6f5 [ 641.732070] ? task_will_free_mem+0x139/0x6e0 [ 641.736562] out_of_memory+0x936/0x12d0 [ 641.740551] ? oom_killer_disable+0x280/0x280 [ 641.745041] ? find_held_lock+0x35/0x130 [ 641.749104] mem_cgroup_out_of_memory+0x1d2/0x240 [ 641.753950] ? memcg_event_wake+0x230/0x230 [ 641.758278] ? do_raw_spin_unlock+0x57/0x270 [ 641.762678] ? _raw_spin_unlock+0x2d/0x50 [ 641.766818] try_charge+0x1028/0x15b0 [ 641.770608] ? find_held_lock+0x35/0x130 [ 641.774761] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 641.779601] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 641.784437] ? find_held_lock+0x35/0x130 [ 641.788492] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 641.793334] memcg_kmem_charge_memcg+0x7c/0x130 [ 641.797994] ? memcg_kmem_put_cache+0xb0/0xb0 [ 641.802480] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 641.807402] memcg_kmem_charge+0x136/0x300 [ 641.811632] __alloc_pages_nodemask+0x3c6/0x760 [ 641.816295] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 641.821057] ? __alloc_pages_slowpath+0x2870/0x2870 [ 641.826066] ? trace_hardirqs_on_caller+0x6a/0x220 [ 641.830988] ? find_held_lock+0x35/0x130 [ 641.835040] ? copy_page_range+0x124f/0x1f90 [ 641.839444] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 641.844990] alloc_pages_current+0x107/0x210 [ 641.849398] pte_alloc_one+0x1b/0x1a0 [ 641.853366] __pte_alloc+0x2a/0x360 [ 641.856987] copy_page_range+0x151f/0x1f90 [ 641.861213] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 641.865977] ? pmd_alloc+0x180/0x180 [ 641.869701] ? __vma_link_rb+0x279/0x370 [ 641.873757] copy_process.part.0+0x5434/0x7970 [ 641.878440] ? __cleanup_sighand+0x70/0x70 [ 641.882699] _do_fork+0x257/0xfe0 [ 641.886162] ? fork_idle+0x1d0/0x1d0 [ 641.889872] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 641.894703] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 641.899448] ? do_syscall_64+0x26/0x610 [ 641.903432] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 641.908784] ? do_syscall_64+0x26/0x610 [ 641.912766] __x64_sys_clone+0xbf/0x150 [ 641.916750] do_syscall_64+0x103/0x610 [ 641.920808] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 641.925990] RIP: 0033:0x458c29 [ 641.929174] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 641.948067] RSP: 002b:00007f66b1fafc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 641.955766] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 641.963042] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 641.970298] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 641.977567] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b1fb06d4 [ 641.985456] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 642.004734] IPVS: ftp: loaded support on port[0] = 21 [ 642.021539] Task in /syz1 killed as a result of limit of /syz1 [ 642.028289] memory: usage 307048kB, limit 307200kB, failcnt 1054 [ 642.045196] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 642.059613] audit: type=1400 audit(1555638368.640:102): avc: denied { map } for pid=7511 comm="syz-executor.5" path="/root/syz-executor.5" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 642.063964] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 642.088104] audit: type=1400 audit(1555638368.670:103): avc: denied { map } for pid=7511 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=84 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 642.098568] Memory cgroup stats for /syz1: cache:64KB rss:181160KB rss_huge:120832KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:181160KB inactive_file:0KB active_file:0KB unevictable:0KB [ 642.155720] Memory cgroup out of memory: Kill process 25453 (syz-executor.1) score 1113 or sacrifice child [ 642.187307] Killed process 25453 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:35804kB, shmem-rss:0kB [ 642.296434] validate_nla: 12 callbacks suppressed [ 642.296445] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 642.336693] nla_parse: 12 callbacks suppressed [ 642.336702] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 642.886387] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 642.894575] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 642.916265] IPVS: ftp: loaded support on port[0] = 21 [ 643.768770] chnl_net:caif_netlink_parms(): no params data found [ 643.974321] bridge0: port 1(bridge_slave_0) entered blocking state [ 643.981324] bridge0: port 1(bridge_slave_0) entered disabled state [ 643.988315] device bridge_slave_0 entered promiscuous mode [ 644.117847] bridge0: port 2(bridge_slave_1) entered blocking state [ 644.124399] bridge0: port 2(bridge_slave_1) entered disabled state [ 644.131914] device bridge_slave_1 entered promiscuous mode [ 644.161115] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 644.282871] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 644.437134] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 644.445150] team0: Port device team_slave_0 added [ 644.450988] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 644.458419] team0: Port device team_slave_1 added [ 644.464324] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 644.472542] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 644.523319] device bridge_slave_1 left promiscuous mode [ 644.528870] bridge0: port 2(bridge_slave_1) entered disabled state [ 644.591926] device bridge_slave_0 left promiscuous mode [ 644.598385] bridge0: port 1(bridge_slave_0) entered disabled state [ 651.172762] device hsr_slave_1 left promiscuous mode [ 651.234163] device hsr_slave_0 left promiscuous mode [ 651.295471] team0 (unregistering): Port device team_slave_1 removed [ 651.306943] team0 (unregistering): Port device team_slave_0 removed [ 651.318422] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 651.384900] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 651.465475] bond0 (unregistering): Released all slaves [ 651.603835] device hsr_slave_0 entered promiscuous mode [ 651.661257] device hsr_slave_1 entered promiscuous mode [ 651.701529] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 651.708602] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 651.738469] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 651.822960] 8021q: adding VLAN 0 to HW filter on device bond0 [ 651.884869] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 651.895064] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 651.907645] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 651.915695] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 651.931872] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 651.937966] 8021q: adding VLAN 0 to HW filter on device team0 [ 651.948442] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 651.956122] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 651.965141] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 651.973466] bridge0: port 1(bridge_slave_0) entered blocking state [ 651.979824] bridge0: port 1(bridge_slave_0) entered forwarding state [ 651.992883] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 652.006999] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 652.014881] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 652.028790] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 652.037502] bridge0: port 2(bridge_slave_1) entered blocking state [ 652.043926] bridge0: port 2(bridge_slave_1) entered forwarding state [ 652.059457] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 652.076428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 652.088487] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 652.118895] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 652.141858] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 652.149015] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 652.161427] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 652.169253] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 652.210158] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 652.218161] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 652.246973] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 652.257721] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 652.286855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 652.295752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 652.331592] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 652.351160] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 652.357244] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 652.391686] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 652.426245] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 652.447415] 8021q: adding VLAN 0 to HW filter on device batadv0 01:46:19 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet(0x10, 0x3, 0x40000000000010) sendmsg(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000000)="240000001d0003fffd3cc0023da2830101faffffff86c436271d8568b51ba3a2d188737e", 0x24}], 0x1}, 0x0) 01:46:19 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x88caffff}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:19 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$RTC_PLL_SET(r3, 0x40207012, &(0x7f0000000080)={0xa42, 0x4, 0x1, 0x80000000, 0x0, 0xff, 0x4}) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612) 01:46:19 executing program 3: r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000080)='/proc/capi/capi20ncci\x00', 0x4000, 0x0) ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000100)={@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, 0xe, 0x1, 0x5, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}]}) socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$bt_hci_HCI_TIME_STAMP(r2, 0x0, 0x3, &(0x7f00000001c0)=0x7, 0x4) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:19 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, 0x0, &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 652.877368] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 652.905145] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.5'. 01:46:19 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x89060000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 652.931464] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 652.986750] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 653.065962] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 653.096557] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 653.141198] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 653.147002] CPU: 0 PID: 7532 Comm: syz-executor.0 Not tainted 4.19.35 #3 [ 653.153858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 653.163220] Call Trace: [ 653.165845] dump_stack+0x172/0x1f0 [ 653.169491] dump_header+0x15e/0x929 [ 653.173221] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 653.178338] ? ___ratelimit+0x60/0x595 [ 653.182237] ? do_raw_spin_unlock+0x57/0x270 [ 653.186660] oom_kill_process.cold+0x10/0x6f5 [ 653.191174] ? task_will_free_mem+0x139/0x6e0 [ 653.195702] out_of_memory+0x936/0x12d0 [ 653.199688] ? lock_downgrade+0x810/0x810 [ 653.203859] ? oom_killer_disable+0x280/0x280 [ 653.208362] ? find_held_lock+0x35/0x130 [ 653.212443] mem_cgroup_out_of_memory+0x1d2/0x240 [ 653.217299] ? memcg_event_wake+0x230/0x230 [ 653.221653] ? do_raw_spin_unlock+0x57/0x270 [ 653.226073] ? _raw_spin_unlock+0x2d/0x50 [ 653.230236] try_charge+0x1028/0x15b0 [ 653.234047] ? find_held_lock+0x35/0x130 [ 653.238122] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 653.242976] ? kasan_check_read+0x11/0x20 [ 653.247138] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 653.251996] mem_cgroup_try_charge+0x24d/0x5e0 [ 653.256603] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 653.261545] wp_page_copy+0x430/0x16a0 [ 653.265453] ? follow_pfn+0x2a0/0x2a0 [ 653.269258] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 653.274369] ? kasan_check_read+0x11/0x20 [ 653.278523] ? do_raw_spin_unlock+0x57/0x270 [ 653.282944] do_wp_page+0x57d/0x10b0 [ 653.286665] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 653.291339] ? kasan_check_write+0x14/0x20 [ 653.295591] ? do_raw_spin_lock+0xc8/0x240 [ 653.299841] __handle_mm_fault+0x230a/0x3f80 [ 653.304263] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 653.309115] ? find_held_lock+0x35/0x130 [ 653.313181] ? handle_mm_fault+0x322/0xb30 [ 653.317432] ? kasan_check_read+0x11/0x20 [ 653.321600] handle_mm_fault+0x43f/0xb30 [ 653.325686] __do_page_fault+0x62a/0xe90 [ 653.329766] ? vmalloc_fault+0x770/0x770 [ 653.333834] ? trace_hardirqs_off_caller+0x65/0x220 [ 653.338855] ? trace_hardirqs_on_caller+0x6a/0x220 [ 653.343797] ? page_fault+0x8/0x30 [ 653.347353] do_page_fault+0x71/0x581 [ 653.351160] ? page_fault+0x8/0x30 [ 653.354704] page_fault+0x1e/0x30 [ 653.358157] RIP: 0033:0x40de50 [ 653.361353] Code: 89 f8 89 c6 81 e6 ff 1f 00 00 8b 14 b5 00 00 73 00 41 39 d0 74 23 85 d2 74 58 83 c0 01 41 39 c1 75 e0 48 89 f8 25 ff 1f 00 00 <89> 3c 85 00 00 73 00 83 c5 01 e8 11 38 ff ff 41 83 c7 01 45 39 7c [ 653.380262] RSP: 002b:00007ffea8669a50 EFLAGS: 00010206 01:46:20 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) sendto$x25(r1, &(0x7f00000001c0)="e76bb4dfb5c16bf6d7fc756d8f04cd2f3801d3ec7afe0069cb975e77d1061fefef0dca891635034027e83105c5a37f0c869b358006525b8aa7adea51920df6f55fa01c1971ecc6cf41f47624b15fdff7b2113296859f9b3b142f73db5f120226282d7c0a58663c399f8a7ebc419c8c3a5add436bb3742da0361708434a4f15851906f59c19fae7259fc303294482cd2fc65d50b0e8f8f78dc0ae9c12593a15a5a73a", 0xa2, 0x4000090, &(0x7f0000000080)={0x9, @null=' \x00'}, 0x12) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:20 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x82) r2 = memfd_create(0x0, 0x0) ioctl$LOOP_CHANGE_FD(r1, 0x4c00, r2) sendfile(r1, r1, 0x0, 0x20002000005) dup3(r0, r1, 0x0) 01:46:20 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x89ffffff}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 653.385640] RAX: 0000000000000ecc RBX: 0000000099fd1c35 RCX: 0000001b30120000 [ 653.392923] RDX: 000000000197cecf RSI: 0000000000000ecf RDI: ffffffffe0648ecc [ 653.400191] RBP: 0000000000000004 R08: 00000000e0648ecc R09: 00000000e0648ed0 [ 653.407457] R10: 00007ffea8669be0 R11: 0000000000000246 R12: 000000000073c028 [ 653.414740] R13: 0000000080000000 R14: 00007fcba9bfb008 R15: 0000000000000022 [ 653.513719] Task in /syz0 killed as a result of limit of /syz0 [ 653.520447] memory: usage 307200kB, limit 307200kB, failcnt 3601 01:46:20 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xf5ffffff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:20 executing program 5: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c64, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x3, 0x19) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000300)=ANY=[@ANYBLOB="e0000002ac1414aa00c7f5d20418eb0a895ed13307c1935919127366b6ed3f1d53d92d833d4531f63f52e31f9eb2903f090e8fcade91879814b86c7ef713bd631819b2075336d28837fedea60367503a0b584ce19e62"], 0x1) 01:46:20 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, 0x0, &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:20 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x8dffffff}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 653.674746] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 653.702557] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 653.744436] Memory cgroup stats for /syz0: cache:92KB rss:200688KB rss_huge:151552KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:200768KB inactive_file:4KB active_file:0KB unevictable:8KB 01:46:20 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f0000000280)={{{@in6=@remote, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@remote}, 0x0, @in6=@initdev}}, &(0x7f00000003c0)=0xe8) quotactl(0x2d16, &(0x7f0000000240)='./file0\x00', r2, &(0x7f0000000400)="035fb089f8f28f0c3860521e979b5379e2fa1611154e0b6d01") getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r1, 0x84, 0x7c, &(0x7f0000000440)={0x0, 0xeb, 0x8001}, &(0x7f0000000480)=0x8) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000004c0)={r3, 0xc10}, 0x8) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r1, 0x0, 0x486, &(0x7f0000000080), &(0x7f0000000100)=0xc) getpgid(0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r4 = epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f0000000140)={0x0, 0x3}, &(0x7f00000001c0)=0x8) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f0000000200)=@sack_info={r5, 0x7, 0x400}, 0xc) [ 653.826924] Memory cgroup out of memory: Kill process 25265 (syz-executor.0) score 124 or sacrifice child [ 653.827451] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 653.840477] Killed process 25265 (syz-executor.0) total-vm:72452kB, anon-rss:2196kB, file-rss:35796kB, shmem-rss:0kB [ 653.865016] oom_reaper: reaped process 25265 (syz-executor.0), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 653.889365] syz-executor.1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 653.897435] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 653.924620] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 653.935428] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 653.962238] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 653.983751] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 654.000031] CPU: 1 PID: 7577 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 654.006912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 654.016274] Call Trace: [ 654.018894] dump_stack+0x172/0x1f0 [ 654.022535] dump_header+0x15e/0x929 [ 654.026256] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 654.030805] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 654.031366] ? ___ratelimit+0x60/0x595 [ 654.043839] ? do_raw_spin_unlock+0x57/0x270 [ 654.048257] oom_kill_process.cold+0x10/0x6f5 [ 654.052763] ? task_will_free_mem+0x139/0x6e0 [ 654.057277] out_of_memory+0x936/0x12d0 [ 654.061276] ? oom_killer_disable+0x280/0x280 [ 654.065771] ? find_held_lock+0x35/0x130 [ 654.069880] mem_cgroup_out_of_memory+0x1d2/0x240 [ 654.074817] ? memcg_event_wake+0x230/0x230 [ 654.079149] ? do_raw_spin_unlock+0x57/0x270 [ 654.083562] ? _raw_spin_unlock+0x2d/0x50 [ 654.087717] try_charge+0x1028/0x15b0 [ 654.091529] ? find_held_lock+0x35/0x130 [ 654.095604] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 654.100454] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 654.105302] ? find_held_lock+0x35/0x130 [ 654.109370] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 654.114228] memcg_kmem_charge_memcg+0x7c/0x130 [ 654.118915] ? memcg_kmem_put_cache+0xb0/0xb0 [ 654.123424] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 654.128270] memcg_kmem_charge+0x136/0x300 [ 654.132615] __alloc_pages_nodemask+0x3c6/0x760 [ 654.137383] ? __alloc_pages_slowpath+0x2870/0x2870 [ 654.142408] ? find_held_lock+0x35/0x130 [ 654.146473] ? copy_page_range+0x124f/0x1f90 [ 654.150905] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 654.156448] alloc_pages_current+0x107/0x210 [ 654.160870] pte_alloc_one+0x1b/0x1a0 [ 654.164670] __pte_alloc+0x2a/0x360 [ 654.168301] copy_page_range+0x151f/0x1f90 [ 654.172565] ? pmd_alloc+0x180/0x180 [ 654.176282] ? __vma_link_rb+0x279/0x370 [ 654.180357] copy_process.part.0+0x5434/0x7970 [ 654.184982] ? __cleanup_sighand+0x70/0x70 [ 654.189237] _do_fork+0x257/0xfe0 [ 654.192701] ? fork_idle+0x1d0/0x1d0 [ 654.196426] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 654.201183] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 654.205941] ? do_syscall_64+0x26/0x610 [ 654.209917] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 654.215288] ? do_syscall_64+0x26/0x610 [ 654.219283] __x64_sys_clone+0xbf/0x150 [ 654.223263] do_syscall_64+0x103/0x610 [ 654.227159] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 654.232355] RIP: 0033:0x458c29 [ 654.235551] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 654.254455] RSP: 002b:00007f66b1fafc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 654.262175] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 654.269445] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 654.276722] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 654.283997] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b1fb06d4 [ 654.291358] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 654.310235] Task in /syz1 killed as a result of limit of /syz1 [ 654.317349] memory: usage 307200kB, limit 307200kB, failcnt 1080 [ 654.335343] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 654.344349] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 01:46:21 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x805, 0x200020000001e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$VT_RESIZE(r2, 0x5609, &(0x7f0000000080)={0x200, 0x5, 0xf90f}) syz_open_dev$video(0x0, 0x0, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r3, &(0x7f0000000340)=0x80000000, 0x8) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f00000003c0)={@in6={{0xa, 0x4e23, 0x6, @mcast2, 0x3}}, 0x0, 0x8, 0x0, "09f92323792c08041b0f866eee284a0402da987c0bfb5bca8d566734aa792c33ee1f56305a81a5c8bf2e83122cbe2a2d589c1d70d9168cc5f9dcaba0c9193cca5a8fc3f935f7b0f6d9d72cdca906269f"}, 0xd8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) timerfd_settime(r2, 0x1, &(0x7f0000000100)={{}, {0x77359400}}, &(0x7f0000000140)) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 654.351385] Memory cgroup stats for /syz1: cache:64KB rss:181096KB rss_huge:120832KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:181264KB inactive_file:0KB active_file:4KB unevictable:0KB [ 654.367323] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 654.381155] Memory cgroup out of memory: Kill process 25509 (syz-executor.1) score 1113 or sacrifice child [ 654.386355] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 654.393077] Killed process 25512 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:34816kB, shmem-rss:0kB 01:46:21 executing program 5: perf_event_open(&(0x7f0000000580)={0x2, 0x70, 0x5c65, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$loop(&(0x7f0000000000)='/dev/loop#\x00', 0x0, 0x0) r0 = syz_open_dev$mice(0x0, 0x0, 0x0) ioctl$TIOCSRS485(r0, 0x542f, 0x0) 01:46:21 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0xf5ffffff}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:21 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xf8030000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 654.423318] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 01:46:21 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0xffffa888}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 654.483344] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 654.540845] CPU: 0 PID: 7744 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 654.547739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 654.557108] Call Trace: [ 654.559718] dump_stack+0x172/0x1f0 [ 654.563368] dump_header+0x15e/0x929 [ 654.567099] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 654.572223] ? ___ratelimit+0x60/0x595 [ 654.576121] ? do_raw_spin_unlock+0x57/0x270 [ 654.580547] oom_kill_process.cold+0x10/0x6f5 [ 654.585074] ? task_will_free_mem+0x139/0x6e0 [ 654.589591] out_of_memory+0x936/0x12d0 [ 654.592274] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 654.593581] ? oom_killer_disable+0x280/0x280 [ 654.593599] ? find_held_lock+0x35/0x130 [ 654.593624] mem_cgroup_out_of_memory+0x1d2/0x240 [ 654.593639] ? memcg_event_wake+0x230/0x230 [ 654.609833] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 654.610077] ? do_raw_spin_unlock+0x57/0x270 [ 654.610096] ? _raw_spin_unlock+0x2d/0x50 [ 654.617197] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 654.619253] try_charge+0x1028/0x15b0 [ 654.619272] ? find_held_lock+0x35/0x130 [ 654.619293] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 654.619309] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 654.661284] ? find_held_lock+0x35/0x130 [ 654.665364] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 654.670231] memcg_kmem_charge_memcg+0x7c/0x130 [ 654.674916] ? memcg_kmem_put_cache+0xb0/0xb0 [ 654.679423] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 654.684287] memcg_kmem_charge+0x136/0x300 [ 654.686933] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 654.688534] __alloc_pages_nodemask+0x3c6/0x760 [ 654.688554] ? __alloc_pages_slowpath+0x2870/0x2870 [ 654.688576] ? find_held_lock+0x35/0x130 [ 654.688594] ? copy_page_range+0x124f/0x1f90 [ 654.715201] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 654.720762] alloc_pages_current+0x107/0x210 [ 654.725192] pte_alloc_one+0x1b/0x1a0 [ 654.729006] __pte_alloc+0x2a/0x360 [ 654.732649] copy_page_range+0x151f/0x1f90 [ 654.736925] ? pmd_alloc+0x180/0x180 [ 654.740736] ? __vma_link_rb+0x279/0x370 [ 654.744813] copy_process.part.0+0x5434/0x7970 [ 654.749427] ? __cleanup_sighand+0x70/0x70 [ 654.753701] _do_fork+0x257/0xfe0 [ 654.757176] ? fork_idle+0x1d0/0x1d0 [ 654.760918] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 654.765686] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 654.770463] ? do_syscall_64+0x26/0x610 [ 654.774461] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 654.779837] ? do_syscall_64+0x26/0x610 [ 654.783832] __x64_sys_clone+0xbf/0x150 [ 654.787823] do_syscall_64+0x103/0x610 [ 654.791728] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 654.796928] RIP: 0033:0x4571fa [ 654.800139] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 654.819060] RSP: 002b:00007fffea33a3f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 654.826789] RAX: ffffffffffffffda RBX: 00007fffea33a3f0 RCX: 00000000004571fa [ 654.834070] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 01:46:21 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xfe000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 654.841483] RBP: 00007fffea33a430 R08: 0000000000000001 R09: 0000000000f42940 [ 654.848763] R10: 0000000000f42c10 R11: 0000000000000246 R12: 0000000000000001 [ 654.856047] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffea33a480 01:46:21 executing program 5: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f00000000c0)=0x2c, 0x4) connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @broadcast}, 0x10) setsockopt$sock_linger(r0, 0x1, 0x35, &(0x7f0000000080)={0x1}, 0x8) 01:46:21 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0xffffca88}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 654.890974] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 654.903405] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 654.924366] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 655.054927] FS-Cache: Duplicate cookie detected [ 655.059816] FS-Cache: O-cookie c=000000000fbb0698 [p=000000004114b303 fl=222 nc=0 na=1] [ 655.068541] FS-Cache: O-cookie d=00000000656b88e0 n=00000000bf4a013c [ 655.075397] FS-Cache: O-key=[10] '02000200000002000000' [ 655.081471] FS-Cache: N-cookie c=00000000a4b5983c [p=000000004114b303 fl=2 nc=0 na=1] [ 655.089553] FS-Cache: N-cookie d=00000000656b88e0 n=000000008f82a94e [ 655.096542] FS-Cache: N-key=[10] '02000200000002000000' 01:46:21 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) unshare(0x100000040600) r1 = fcntl$dupfd(r0, 0x0, r0) timerfd_gettime(r1, 0x0) [ 655.230836] Task in /syz3 killed as a result of limit of /syz3 [ 655.236947] memory: usage 307200kB, limit 307200kB, failcnt 2698 [ 655.292539] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 655.306465] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 655.313565] Memory cgroup stats for /syz3: cache:88KB rss:197044KB rss_huge:149504KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:197140KB inactive_file:8KB active_file:0KB unevictable:0KB [ 655.351005] Memory cgroup out of memory: Kill process 24872 (syz-executor.3) score 124 or sacrifice child [ 655.360999] Killed process 24872 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:35804kB, shmem-rss:0kB [ 655.375010] oom_reaper: reaped process 24872 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 655.377018] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 655.407573] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 655.413445] CPU: 0 PID: 7569 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 655.420308] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 655.431167] Call Trace: [ 655.433776] dump_stack+0x172/0x1f0 [ 655.437428] dump_header+0x15e/0x929 [ 655.441158] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 655.446274] ? ___ratelimit+0x60/0x595 [ 655.450174] ? do_raw_spin_unlock+0x57/0x270 [ 655.454600] oom_kill_process.cold+0x10/0x6f5 [ 655.459117] ? task_will_free_mem+0x139/0x6e0 [ 655.463630] out_of_memory+0x936/0x12d0 [ 655.467619] ? oom_killer_disable+0x280/0x280 [ 655.472121] ? find_held_lock+0x35/0x130 [ 655.476199] mem_cgroup_out_of_memory+0x1d2/0x240 [ 655.481045] ? memcg_event_wake+0x230/0x230 [ 655.485382] ? do_raw_spin_unlock+0x57/0x270 [ 655.489801] ? _raw_spin_unlock+0x2d/0x50 [ 655.493958] try_charge+0x1028/0x15b0 [ 655.497767] ? find_held_lock+0x35/0x130 [ 655.501844] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 655.506708] ? kasan_check_read+0x11/0x20 [ 655.510853] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 655.515688] mem_cgroup_try_charge+0x24d/0x5e0 [ 655.520265] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 655.525187] wp_page_copy+0x430/0x16a0 [ 655.529069] ? follow_pfn+0x2a0/0x2a0 [ 655.532871] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 655.537962] ? kasan_check_read+0x11/0x20 [ 655.542100] ? do_raw_spin_unlock+0x57/0x270 [ 655.546504] do_wp_page+0x57d/0x10b0 [ 655.550210] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 655.554867] ? kasan_check_write+0x14/0x20 [ 655.559089] ? do_raw_spin_lock+0xc8/0x240 [ 655.563335] __handle_mm_fault+0x230a/0x3f80 [ 655.567756] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 655.572589] ? find_held_lock+0x35/0x130 [ 655.576640] ? handle_mm_fault+0x322/0xb30 [ 655.580888] ? kasan_check_read+0x11/0x20 [ 655.585028] handle_mm_fault+0x43f/0xb30 [ 655.589086] __do_page_fault+0x62a/0xe90 [ 655.593142] ? vmalloc_fault+0x770/0x770 [ 655.599064] ? trace_hardirqs_off_caller+0x65/0x220 [ 655.604071] ? trace_hardirqs_on_caller+0x6a/0x220 [ 655.608992] ? page_fault+0x8/0x30 [ 655.612526] do_page_fault+0x71/0x581 [ 655.616316] ? page_fault+0x8/0x30 [ 655.619854] page_fault+0x1e/0x30 [ 655.623295] RIP: 0033:0x40de50 [ 655.626479] Code: 89 f8 89 c6 81 e6 ff 1f 00 00 8b 14 b5 00 00 73 00 41 39 d0 74 23 85 d2 74 58 83 c0 01 41 39 c1 75 e0 48 89 f8 25 ff 1f 00 00 <89> 3c 85 00 00 73 00 83 c5 01 e8 11 38 ff ff 41 83 c7 01 45 39 7c [ 655.645374] RSP: 002b:00007ffe7cbd7c90 EFLAGS: 00010202 [ 655.650731] RAX: 0000000000001bd3 RBX: 00000000fa57a607 RCX: 0000001b30420000 [ 655.657986] RDX: 0000000022241bd6 RSI: 0000000000001bd6 RDI: ffffffff783a9bd3 [ 655.665241] RBP: 0000000000000022 R08: 00000000783a9bd3 R09: 00000000783a9bd7 [ 655.672501] R10: 00007ffe7cbd7e20 R11: 0000000000000246 R12: 000000000073bf88 [ 655.679760] R13: 0000000080000000 R14: 00007f66b3fb1008 R15: 00000000000007e5 [ 655.704929] Task in /syz1 killed as a result of limit of /syz1 [ 655.712561] memory: usage 307016kB, limit 307200kB, failcnt 1106 [ 655.719595] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 655.726620] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 655.733002] Memory cgroup stats for /syz1: cache:64KB rss:181228KB rss_huge:120832KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:181248KB inactive_file:0KB active_file:0KB unevictable:0KB 01:46:22 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, 0x0, &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:22 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0xffffdd86}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:22 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xfffffe00, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:22 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) socket$inet6_dccp(0xa, 0x6, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f0000000140)={r1, 0x0, 0xfffffffffffffff9, 0x1f, 0xdb2}) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:22 executing program 5: r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000469ffc)=0x7fe, 0x4) setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f00000001c0)=0x15a, 0x4) 01:46:22 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) openat$autofs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/autofs\x00', 0x4000, 0x0) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) [ 655.758038] Memory cgroup out of memory: Kill process 25509 (syz-executor.1) score 1113 or sacrifice child [ 655.768259] Killed process 25509 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:35804kB, shmem-rss:0kB 01:46:22 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0xfffff000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:22 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xfffffff5, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:22 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:22 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) unshare(0x100000040600) gettid() timer_settime(0x0, 0x0, 0x0, 0x0) creat(0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 655.927127] FS-Cache: Duplicate cookie detected [ 655.932098] FS-Cache: O-cookie c=00000000d1a5b87a [p=000000004114b303 fl=222 nc=0 na=1] [ 655.940396] FS-Cache: O-cookie d=00000000656b88e0 n=00000000d68b5205 [ 655.947292] FS-Cache: O-key=[10] '02000200000002000000' [ 655.953494] FS-Cache: N-cookie c=00000000b4d45c1d [p=000000004114b303 fl=2 nc=0 na=1] [ 655.961674] FS-Cache: N-cookie d=00000000656b88e0 n=0000000094908ff1 [ 655.968285] FS-Cache: N-key=[10] '02000200000002000000' 01:46:22 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0xffffff89}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 656.122146] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 656.185246] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 656.221152] CPU: 0 PID: 8586 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 656.228129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 656.237497] Call Trace: [ 656.240107] dump_stack+0x172/0x1f0 [ 656.243757] dump_header+0x15e/0x929 [ 656.247484] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 656.252599] ? ___ratelimit+0x60/0x595 [ 656.256511] ? do_raw_spin_unlock+0x57/0x270 [ 656.260935] oom_kill_process.cold+0x10/0x6f5 [ 656.265448] ? task_will_free_mem+0x139/0x6e0 [ 656.269970] ? find_held_lock+0x35/0x130 [ 656.274055] out_of_memory+0x936/0x12d0 [ 656.278046] ? lock_downgrade+0x810/0x810 [ 656.282206] ? oom_killer_disable+0x280/0x280 [ 656.286706] ? find_held_lock+0x35/0x130 [ 656.290791] mem_cgroup_out_of_memory+0x1d2/0x240 [ 656.295646] ? memcg_event_wake+0x230/0x230 [ 656.299986] ? do_raw_spin_unlock+0x57/0x270 [ 656.304405] ? _raw_spin_unlock+0x2d/0x50 [ 656.308565] try_charge+0x1028/0x15b0 [ 656.312377] ? find_held_lock+0x35/0x130 [ 656.316456] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 656.321319] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 656.326180] ? find_held_lock+0x35/0x130 [ 656.330252] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 656.335119] memcg_kmem_charge_memcg+0x7c/0x130 [ 656.339798] ? memcg_kmem_put_cache+0xb0/0xb0 [ 656.344314] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 656.349179] memcg_kmem_charge+0x136/0x300 [ 656.353426] __alloc_pages_nodemask+0x3c6/0x760 [ 656.358113] ? __alloc_pages_slowpath+0x2870/0x2870 [ 656.363144] ? find_held_lock+0x35/0x130 [ 656.367208] ? copy_page_range+0x124f/0x1f90 [ 656.371630] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 656.377186] alloc_pages_current+0x107/0x210 [ 656.381615] pte_alloc_one+0x1b/0x1a0 01:46:22 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0xffffff8d}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 656.385427] __pte_alloc+0x2a/0x360 [ 656.389060] copy_page_range+0x151f/0x1f90 [ 656.393339] ? pmd_alloc+0x180/0x180 [ 656.397060] ? __vma_link_rb+0x279/0x370 [ 656.401125] copy_process.part.0+0x5434/0x7970 [ 656.401164] ? __cleanup_sighand+0x70/0x70 [ 656.401196] _do_fork+0x257/0xfe0 [ 656.413452] ? fork_idle+0x1d0/0x1d0 [ 656.417186] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 656.421952] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 656.426718] ? do_syscall_64+0x26/0x610 [ 656.430702] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 656.436183] ? do_syscall_64+0x26/0x610 [ 656.440166] __x64_sys_clone+0xbf/0x150 [ 656.444152] do_syscall_64+0x103/0x610 [ 656.448052] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 656.453245] RIP: 0033:0x4571fa [ 656.456444] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 656.475357] RSP: 002b:00007ffc0bec0320 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 01:46:23 executing program 5: r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000180)={0x0, 0x10, &(0x7f0000000140)=[@in={0x2, 0x0, @loopback=0xac14140b}]}, 0x0) 01:46:23 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$NBD_SET_SOCK(r2, 0xab00, r0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, 0x0, 0x0) [ 656.483085] RAX: ffffffffffffffda RBX: 00007ffc0bec0320 RCX: 00000000004571fa [ 656.490359] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 656.497634] RBP: 00007ffc0bec0360 R08: 0000000000000001 R09: 0000000001af6940 [ 656.504941] R10: 0000000001af6c10 R11: 0000000000000246 R12: 0000000000000001 [ 656.512214] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc0bec03b0 [ 656.548081] Task in /syz4 killed as a result of limit of /syz4 [ 656.555063] memory: usage 307200kB, limit 307200kB, failcnt 1494 [ 656.568244] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 656.589397] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 01:46:23 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000080)=0x0) getpgid(r4) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r3, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0xffffffffffffff31, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) ioctl$sock_bt_cmtp_CMTPCONNADD(r2, 0x400443c8, &(0x7f0000000100)={r0, 0x4}) 01:46:23 executing program 5: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000100)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0x50000}]}) r0 = inotify_init1(0x0) mmap(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x0, 0x10, r0, 0x0) [ 656.596841] Memory cgroup stats for /syz4: cache:20KB rss:187472KB rss_huge:129024KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:187572KB inactive_file:12KB active_file:0KB unevictable:0KB [ 656.636718] Memory cgroup out of memory: Kill process 7600 (syz-executor.4) score 1113 or sacrifice child 01:46:23 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0xfffffff5}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 656.649729] Killed process 7600 (syz-executor.4) total-vm:72716kB, anon-rss:2212kB, file-rss:35816kB, shmem-rss:0kB [ 656.696679] oom_reaper: reaped process 7600 (syz-executor.4), now anon-rss:0kB, file-rss:34856kB, shmem-rss:0kB [ 656.767907] syz-executor.1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 01:46:23 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0xf0ffffffffffff}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 656.846622] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 656.871390] CPU: 0 PID: 7677 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 656.878370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 656.887728] Call Trace: [ 656.890332] dump_stack+0x172/0x1f0 [ 656.893979] dump_header+0x15e/0x929 [ 656.897715] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 656.902838] ? ___ratelimit+0x60/0x595 [ 656.906746] ? do_raw_spin_unlock+0x57/0x270 [ 656.911179] oom_kill_process.cold+0x10/0x6f5 [ 656.915721] ? task_will_free_mem+0x139/0x6e0 [ 656.920231] out_of_memory+0x936/0x12d0 [ 656.924231] ? oom_killer_disable+0x280/0x280 [ 656.928739] ? find_held_lock+0x35/0x130 [ 656.932823] mem_cgroup_out_of_memory+0x1d2/0x240 [ 656.937685] ? memcg_event_wake+0x230/0x230 [ 656.942032] ? do_raw_spin_unlock+0x57/0x270 [ 656.946478] ? _raw_spin_unlock+0x2d/0x50 [ 656.950642] try_charge+0x1028/0x15b0 [ 656.954452] ? find_held_lock+0x35/0x130 [ 656.958537] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 656.963391] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 656.968251] ? find_held_lock+0x35/0x130 [ 656.972324] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 656.977190] memcg_kmem_charge_memcg+0x7c/0x130 [ 656.981869] ? memcg_kmem_put_cache+0xb0/0xb0 [ 656.986378] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 656.991243] memcg_kmem_charge+0x136/0x300 [ 656.995487] __alloc_pages_nodemask+0x3c6/0x760 [ 657.000175] ? __alloc_pages_slowpath+0x2870/0x2870 [ 657.005204] ? retint_kernel+0x2d/0x2d [ 657.009115] ? find_held_lock+0x35/0x130 [ 657.013190] ? copy_page_range+0x124f/0x1f90 [ 657.017623] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 657.023178] alloc_pages_current+0x107/0x210 [ 657.027608] pte_alloc_one+0x1b/0x1a0 [ 657.031421] __pte_alloc+0x2a/0x360 [ 657.035060] copy_page_range+0x151f/0x1f90 [ 657.039319] ? pmd_alloc+0x180/0x180 [ 657.043046] ? __vma_link_rb+0x279/0x370 [ 657.047128] copy_process.part.0+0x5434/0x7970 [ 657.051759] ? __cleanup_sighand+0x70/0x70 [ 657.056026] _do_fork+0x257/0xfe0 [ 657.059492] ? fork_idle+0x1d0/0x1d0 [ 657.063244] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 657.068013] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 657.072797] ? do_syscall_64+0x26/0x610 [ 657.076784] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 657.082159] ? do_syscall_64+0x26/0x610 [ 657.086150] __x64_sys_clone+0xbf/0x150 [ 657.090138] do_syscall_64+0x103/0x610 01:46:23 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) getpgid(0x0) ioctl$sock_x25_SIOCADDRT(r2, 0x890b, &(0x7f0000000700)={@remote={[], 0x2}, 0x5, 'nlmon0\x00'}) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r3, &(0x7f0000000340)=0x80000000, 0x8) r4 = semget(0x0, 0x3, 0x84) semctl$IPC_STAT(r4, 0x0, 0x2, &(0x7f0000000580)=""/122) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000500)={0x2b, 0x96d, 0xa, 0x8, 0x2, 0x100, 0x7ff, 0x9, 0x0}, &(0x7f0000000640)=0x20) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x73, &(0x7f0000000680)={r5, 0xf26, 0x10, 0x80000001, 0xd7}, &(0x7f00000006c0)=0x18) sendmsg(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0xffffffffffffffbf}], 0x1}, 0x0) fstat(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet6_IPV6_IPSEC_POLICY(r1, 0x29, 0x22, &(0x7f00000003c0)={{{@in6=@initdev, @in6=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@remote}}, &(0x7f00000004c0)=0xe8) mount$9p_virtio(&(0x7f0000000100)='%system/\x00', &(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000200)='9p\x00', 0x1001088, &(0x7f0000000800)=ANY=[@ANYBLOB="7472616e3b750746f0aa42326b8ebf733d76697274696f2c6c6f6f73325229ea3acaa248a1ae24a35231d649652c63616368653d667363616368652c706f73697861636c2c6d73697a653d3078303030303030303030303030653239372c6e6f6465766d61702c61707072616973652c666f776e65723c", @ANYRESDEC=r6, @ANYBLOB=',euid>', @ANYRESDEC=r7, @ANYBLOB=',\x00']) ioctl$UI_SET_KEYBIT(r2, 0x40045565, 0x131) [ 657.094132] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 657.099330] RIP: 0033:0x458c29 [ 657.102534] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 657.121448] RSP: 002b:00007f66b1fafc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 657.129181] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 657.136462] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 657.143746] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 657.151028] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b1fb06d4 [ 657.158307] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 657.172249] Task in /syz1 killed as a result of limit of /syz1 [ 657.179099] memory: usage 307200kB, limit 307200kB, failcnt 1135 [ 657.186582] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 657.204039] FS-Cache: Duplicate cookie detected [ 657.208759] FS-Cache: O-cookie c=00000000cf69af9d [p=000000004114b303 fl=222 nc=0 na=1] [ 657.217001] FS-Cache: O-cookie d=00000000656b88e0 n=00000000da5058b1 [ 657.223564] FS-Cache: O-key=[10] '02000200000002000000' [ 657.229015] FS-Cache: N-cookie c=000000007f49bf6a [p=000000004114b303 fl=2 nc=0 na=1] [ 657.237063] FS-Cache: N-cookie d=00000000656b88e0 n=00000000609e53bb [ 657.243707] FS-Cache: N-key=[10] '02000200000002000000' 01:46:23 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x4087ffffffff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 657.250106] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 657.258103] Memory cgroup stats for /syz1: cache:64KB rss:181216KB rss_huge:120832KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:181304KB inactive_file:8KB active_file:0KB unevictable:0KB [ 657.317107] Memory cgroup out of memory: Kill process 7666 (syz-executor.1) score 1113 or sacrifice child [ 657.341818] Killed process 7666 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:35808kB, shmem-rss:0kB 01:46:24 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:24 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/commit_pending_bools\x00', 0x1, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:24 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x100000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:24 executing program 5: mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000740)='\x00\a\x00\x00\x00\x00\x00\x00\x00G\xe3U:Q<\x16%\x98\xff\xf2\xbe\xeb\x88i\x16\x02\xb5\x83\x19\xf3w\x18\xd7\x96\x05\x00y\x93\xd3W\xc4-l\xcf\xa5R\xf4RF\xf2>Ihm\xe2\x86\xd2\xf1\xd6\xb6\xff<\xa4}\xcb\x99\x9fq\x1dF\xe0\x90\xb3\xe3\x05Y\xfex\x0f\x17\xf7s\xd51\xdf\xeb\xa5\x03\xf7\xaf\xb0\x1d@p5\x9c|\xd3\xdc\xa8\x025\x87tT&|i\xc9\xa8\x95\\\xf2\xb5\ay\xc8\xc8R\x92\xf1#\x9bsm\xf6F\x83\xd7\x13L\x94\xf8}\xc7m>\xe4]\xde\xfa=d\xc5\xf7\x115\xd7!w\xda\xd3H\x06c)\xb4\xf3\xbc\x0f\xe3V\x9d\xf8\x8b|1\r\xd4X\xae\\\xd5\x9a4J\n\xac\xd1\x9f\a\xa0\xf6\x97zr\x0f\x04\x00\x00\x00\x1f\xe0\f,\x9e\x13\xdf\xf4\xc3)mzB\xe0Y\xc3n|M\xc5\xf7\xd0\x94\xfb\x19\x9b\xefS\xf8zi0\xb5v\xde\xed\xccl\xe9\x0e-\xef\x9dN&%\x80A\xacn\x8c~7\x18\x94\x94\xd9\x8f\xd1\xe13\xd9\xa6\xb3\xa7\xf3\xcf\xb3,\x9b\xd8x\x94\xb7\x8f\xcf?\xda\v\xe7\xd2!\x8c\xa8\xe3F\x81\xee\x1c\x1c\xa7\xbcnU!R\xbc,T\xbeA\xe3\x15E\x15:f0\"\x9fJ\xc1Z\xeeu\'\x7f\xc1\x1c\xcb\x04\xf34F[\xf7\xc8VK\xad\x90') getdents(r0, &(0x7f0000000180)=""/106, 0x6a) getdents64(r0, &(0x7f00000000c0)=""/184, 0x401) getdents(r0, &(0x7f0000000ea9)=""/407, 0x197) 01:46:24 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r3, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_NAMED_QUEUE(r2, 0xc08c5336, &(0x7f00000003c0)={0x81, 0x5, 0xfffffffffffffffa, 'queue0\x00', 0x8}) 01:46:24 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x1000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:24 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000004c0)={0x5, 0x0, [{0xf000, 0x85, &(0x7f00000001c0)=""/133}, {0xf000, 0xbb, &(0x7f0000000280)=""/187}, {0x0, 0xfa, &(0x7f00000003c0)=""/250}, {0x2, 0x36, &(0x7f0000000080)=""/54}, {0xf002, 0x36, &(0x7f0000000100)=""/54}]}) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:24 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r3 = fcntl$getown(r2, 0x9) r4 = gettid() setpgid(r3, r4) r5 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r5, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r5, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r5, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:24 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x200000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:24 executing program 5: r0 = socket$inet(0x2, 0x3, 0x2) sendto$inet(r0, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x10) setsockopt$sock_int(r0, 0x1, 0x1d, &(0x7f00000001c0)=0x15a, 0x4) recvmsg(r0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=""/156, 0x9c}, 0x0) 01:46:24 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:24 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x300000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:24 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) r1 = syz_open_dev$vbi(&(0x7f0000000100)='/dev/vbi#\x00', 0x2, 0x2) getsockopt$bt_l2cap_L2CAP_CONNINFO(r1, 0x6, 0x2, &(0x7f0000000140), &(0x7f00000001c0)=0x6) r2 = socket$inet(0x2, 0x3, 0x1e) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GETVERSION(r0, 0x80087601, &(0x7f0000000200)) getpgid(0x0) epoll_create(0x0) ioctl$sock_rose_SIOCRSCLRRT(r3, 0x89e4) setsockopt$packet_int(r3, 0x107, 0x1a, &(0x7f0000000080)=0x5, 0x4) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) [ 657.775230] syz-executor.1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 01:46:24 executing program 5: sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) openat$cgroup(0xffffffffffffffff, 0x0, 0x200002, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f000095bffc)={0x0, 0x0, 0xfffffffffffffffc}, 0x4) r1 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffff9c, 0x89e2, 0x0) socket$inet(0x2, 0x0, 0x0) listen(r1, 0x5eb857) r2 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r2, &(0x7f00000000c0)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) r3 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg(r3, &(0x7f0000000c00), 0x4000000000001e6, 0x0) [ 657.832895] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 657.848287] CPU: 0 PID: 7738 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 657.855185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 657.864606] Call Trace: [ 657.867216] dump_stack+0x172/0x1f0 [ 657.870864] dump_header+0x15e/0x929 [ 657.874595] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 657.879717] ? ___ratelimit+0x60/0x595 [ 657.883617] ? do_raw_spin_unlock+0x57/0x270 [ 657.888039] oom_kill_process.cold+0x10/0x6f5 [ 657.892550] ? task_will_free_mem+0x139/0x6e0 [ 657.897057] ? find_held_lock+0x35/0x130 [ 657.901139] out_of_memory+0x936/0x12d0 [ 657.905138] ? lock_downgrade+0x810/0x810 [ 657.909307] ? oom_killer_disable+0x280/0x280 [ 657.913809] ? find_held_lock+0x35/0x130 [ 657.917887] mem_cgroup_out_of_memory+0x1d2/0x240 [ 657.922754] ? memcg_event_wake+0x230/0x230 [ 657.927092] ? do_raw_spin_unlock+0x57/0x270 01:46:24 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x4000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 657.931508] ? _raw_spin_unlock+0x2d/0x50 [ 657.935668] try_charge+0x1028/0x15b0 [ 657.939486] ? find_held_lock+0x35/0x130 [ 657.943576] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 657.944217] validate_nla: 18 callbacks suppressed [ 657.944226] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 657.948432] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 657.965542] ? find_held_lock+0x35/0x130 [ 657.969700] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 657.974562] memcg_kmem_charge_memcg+0x7c/0x130 [ 657.979326] ? memcg_kmem_put_cache+0xb0/0xb0 [ 657.983827] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 657.988687] memcg_kmem_charge+0x136/0x300 [ 657.992934] __alloc_pages_nodemask+0x3c6/0x760 [ 657.997618] ? __alloc_pages_slowpath+0x2870/0x2870 [ 658.002646] ? find_held_lock+0x35/0x130 [ 658.006715] ? copy_page_range+0x124f/0x1f90 [ 658.011140] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 658.016703] alloc_pages_current+0x107/0x210 [ 658.021123] pte_alloc_one+0x1b/0x1a0 [ 658.024942] __pte_alloc+0x2a/0x360 [ 658.027207] nla_parse: 19 callbacks suppressed [ 658.027216] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 658.028578] copy_page_range+0x151f/0x1f90 [ 658.028613] ? pmd_alloc+0x180/0x180 [ 658.039033] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 658.041663] ? __vma_link_rb+0x279/0x370 [ 658.041684] copy_process.part.0+0x5434/0x7970 [ 658.041723] ? __cleanup_sighand+0x70/0x70 [ 658.041752] _do_fork+0x257/0xfe0 [ 658.041770] ? fork_idle+0x1d0/0x1d0 [ 658.041795] ? trace_hardirqs_on_thunk+0x1a/0x1c 01:46:24 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x400000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:24 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x500000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 658.041808] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 658.041820] ? do_syscall_64+0x26/0x610 [ 658.041837] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 658.041847] ? do_syscall_64+0x26/0x610 [ 658.041861] __x64_sys_clone+0xbf/0x150 [ 658.041875] do_syscall_64+0x103/0x610 [ 658.041890] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 658.041901] RIP: 0033:0x4571fa [ 658.041915] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 658.041921] RSP: 002b:00007ffe7cbd7eb0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 658.041936] RAX: ffffffffffffffda RBX: 00007ffe7cbd7eb0 RCX: 00000000004571fa [ 658.041942] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 658.041950] RBP: 00007ffe7cbd7ef0 R08: 0000000000000001 R09: 00000000027d7940 [ 658.041958] R10: 00000000027d7c10 R11: 0000000000000246 R12: 0000000000000001 [ 658.041965] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe7cbd7f40 [ 658.095817] Task in [ 658.125395] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 658.191419] /syz1 killed as a result of limit of /syz1 [ 658.191465] memory: usage 307200kB, limit 307200kB, failcnt 1176 [ 658.191474] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 658.191482] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 01:46:24 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x600000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 658.191495] Memory cgroup stats for /syz1: cache:64KB rss:181236KB rss_huge:120832KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:181328KB inactive_file:4KB active_file:0KB unevictable:0KB [ 658.264591] Memory cgroup out of memory: Kill process 25572 (syz-executor.1) score 1113 or sacrifice child 01:46:24 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = getpgrp(0xffffffffffffffff) getpgid(r3) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 658.320165] Killed process 25573 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:34816kB, shmem-rss:0kB [ 658.364419] oom_reaper: reaped process 25573 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 658.378713] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 658.442508] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 658.447970] CPU: 1 PID: 7811 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 658.454823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 658.464190] Call Trace: [ 658.466807] dump_stack+0x172/0x1f0 [ 658.470462] dump_header+0x15e/0x929 [ 658.474229] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 658.479358] ? ___ratelimit+0x60/0x595 [ 658.486532] ? do_raw_spin_unlock+0x57/0x270 [ 658.491656] oom_kill_process.cold+0x10/0x6f5 [ 658.496172] ? task_will_free_mem+0x139/0x6e0 [ 658.500691] out_of_memory+0x936/0x12d0 [ 658.504684] ? oom_killer_disable+0x280/0x280 [ 658.509192] ? find_held_lock+0x35/0x130 [ 658.513274] mem_cgroup_out_of_memory+0x1d2/0x240 [ 658.518135] ? memcg_event_wake+0x230/0x230 [ 658.522475] ? do_raw_spin_unlock+0x57/0x270 [ 658.526908] ? _raw_spin_unlock+0x2d/0x50 [ 658.531113] try_charge+0xd25/0x15b0 [ 658.534834] ? find_held_lock+0x35/0x130 01:46:25 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x700000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 658.538916] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 658.543774] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 658.548753] ? find_held_lock+0x35/0x130 [ 658.552822] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 658.557687] memcg_kmem_charge_memcg+0x7c/0x130 [ 658.562372] ? memcg_kmem_put_cache+0xb0/0xb0 [ 658.566883] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 658.571738] memcg_kmem_charge+0x136/0x300 [ 658.575984] __alloc_pages_nodemask+0x3c6/0x760 [ 658.580669] ? __alloc_pages_slowpath+0x2870/0x2870 [ 658.585712] ? lockdep_hardirqs_on+0x415/0x5d0 01:46:25 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x800000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 658.590310] ? trace_hardirqs_on+0x67/0x230 [ 658.594654] copy_process.part.0+0x3e0/0x7970 [ 658.599652] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 658.604765] ? delayacct_end+0x5c/0x100 [ 658.608757] ? __delayacct_freepages_end+0xe0/0x140 [ 658.613783] ? __lock_acquire+0x6eb/0x48f0 [ 658.618040] ? __cleanup_sighand+0x70/0x70 [ 658.622289] ? mark_held_locks+0x100/0x100 [ 658.626551] _do_fork+0x257/0xfe0 [ 658.630020] ? fork_idle+0x1d0/0x1d0 [ 658.633750] ? blkcg_print_stat+0xb90/0xb90 [ 658.638084] ? kasan_check_read+0x11/0x20 01:46:25 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x806000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 658.642255] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 658.647027] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 658.651791] ? do_syscall_64+0x26/0x610 [ 658.655785] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 658.661161] ? do_syscall_64+0x26/0x610 [ 658.665149] __x64_sys_clone+0xbf/0x150 [ 658.669140] do_syscall_64+0x103/0x610 [ 658.673043] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 658.678007] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 658.678230] RIP: 0033:0x45b5f9 [ 658.678246] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 658.678254] RSP: 002b:00007fffea33a168 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 658.699167] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 658.708033] RAX: ffffffffffffffda RBX: 00007f546894a700 RCX: 000000000045b5f9 [ 658.708044] RDX: 00007f546894a9d0 RSI: 00007f5468949db0 RDI: 00000000003d0f00 [ 658.708052] RBP: 00007fffea33a370 R08: 00007f546894a700 R09: 00007f546894a700 [ 658.708059] R10: 00007f546894a9d0 R11: 0000000000000202 R12: 0000000000000000 [ 658.708066] R13: 00007fffea33a21f R14: 00007f546894a9c0 R15: 000000000073c04c [ 658.717212] Task in [ 658.748873] /syz3 [ 658.775402] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 658.795096] killed as a result of limit of /syz3 [ 658.800551] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 658.805468] memory: usage 307200kB, limit 307200kB, failcnt 2736 [ 658.815790] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 658.823061] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 658.829232] Memory cgroup stats for /syz3: cache:88KB rss:195744KB rss_huge:147456KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:195824KB inactive_file:4KB active_file:0KB unevictable:0KB [ 658.878770] Memory cgroup out of memory: Kill process 25028 (syz-executor.3) score 124 or sacrifice child [ 658.900453] Killed process 25028 (syz-executor.3) total-vm:72584kB, anon-rss:2216kB, file-rss:35796kB, shmem-rss:0kB [ 658.919038] oom_reaper: reaped process 25028 (syz-executor.3), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 658.933645] syz-executor.1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 658.957171] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 658.965813] CPU: 0 PID: 7738 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 658.972803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 658.982164] Call Trace: [ 658.984766] dump_stack+0x172/0x1f0 [ 658.988415] dump_header+0x15e/0x929 [ 658.992149] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 658.997265] ? ___ratelimit+0x60/0x595 [ 659.001163] ? do_raw_spin_unlock+0x57/0x270 [ 659.005586] oom_kill_process.cold+0x10/0x6f5 [ 659.010109] ? task_will_free_mem+0x139/0x6e0 [ 659.014622] out_of_memory+0x936/0x12d0 [ 659.018618] ? oom_killer_disable+0x280/0x280 [ 659.023121] ? find_held_lock+0x35/0x130 [ 659.027203] mem_cgroup_out_of_memory+0x1d2/0x240 [ 659.032065] ? memcg_event_wake+0x230/0x230 [ 659.036405] ? do_raw_spin_unlock+0x57/0x270 [ 659.040830] ? _raw_spin_unlock+0x2d/0x50 [ 659.044986] try_charge+0x1028/0x15b0 [ 659.048796] ? find_held_lock+0x35/0x130 [ 659.052875] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 659.057728] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 659.062671] ? find_held_lock+0x35/0x130 [ 659.066745] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 659.071611] memcg_kmem_charge_memcg+0x7c/0x130 [ 659.076288] ? memcg_kmem_put_cache+0xb0/0xb0 [ 659.080794] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 659.085653] memcg_kmem_charge+0x136/0x300 [ 659.089910] __alloc_pages_nodemask+0x3c6/0x760 [ 659.094590] ? find_held_lock+0x35/0x130 [ 659.098668] ? __alloc_pages_slowpath+0x2870/0x2870 [ 659.103709] ? lock_downgrade+0x810/0x810 [ 659.107876] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 659.113439] alloc_pages_current+0x107/0x210 [ 659.117860] pte_alloc_one+0x1b/0x1a0 [ 659.121672] __pte_alloc+0x2a/0x360 [ 659.125313] copy_page_range+0x151f/0x1f90 [ 659.129557] ? anon_vma_fork+0x371/0x4a0 [ 659.133635] ? find_held_lock+0x35/0x130 [ 659.137702] ? anon_vma_fork+0x371/0x4a0 [ 659.141784] ? vma_compute_subtree_gap+0x158/0x230 [ 659.146724] ? vma_gap_callbacks_rotate+0x62/0x80 [ 659.151586] ? pmd_alloc+0x180/0x180 [ 659.155312] ? __vma_link_rb+0x279/0x370 [ 659.159394] copy_process.part.0+0x5434/0x7970 [ 659.164025] ? __cleanup_sighand+0x70/0x70 [ 659.168302] _do_fork+0x257/0xfe0 [ 659.171773] ? fork_idle+0x1d0/0x1d0 [ 659.175505] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 659.180357] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 659.185118] ? do_syscall_64+0x26/0x610 [ 659.189104] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 659.194473] ? do_syscall_64+0x26/0x610 [ 659.198460] __x64_sys_clone+0xbf/0x150 [ 659.202441] do_syscall_64+0x103/0x610 [ 659.206341] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 659.211531] RIP: 0033:0x4571fa [ 659.214725] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 659.233632] RSP: 002b:00007ffe7cbd7eb0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 659.241364] RAX: ffffffffffffffda RBX: 00007ffe7cbd7eb0 RCX: 00000000004571fa [ 659.248642] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 659.255914] RBP: 00007ffe7cbd7ef0 R08: 0000000000000001 R09: 00000000027d7940 [ 659.263188] R10: 00000000027d7c10 R11: 0000000000000246 R12: 0000000000000001 [ 659.270464] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffe7cbd7f40 [ 659.292254] Task in /syz1 killed as a result of limit of /syz1 [ 659.298489] memory: usage 307048kB, limit 307200kB, failcnt 1194 [ 659.305027] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 659.312446] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 659.318634] Memory cgroup stats for /syz1: cache:64KB rss:181236KB rss_huge:120832KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:181296KB inactive_file:0KB active_file:0KB unevictable:0KB [ 659.339814] Memory cgroup out of memory: Kill process 25572 (syz-executor.1) score 1113 or sacrifice child [ 659.350091] Killed process 25572 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:35804kB, shmem-rss:0kB [ 659.380622] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 659.393625] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 659.399263] CPU: 0 PID: 7842 Comm: syz-executor.0 Not tainted 4.19.35 #3 [ 659.406252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 659.415618] Call Trace: [ 659.418232] dump_stack+0x172/0x1f0 [ 659.421881] dump_header+0x15e/0x929 [ 659.425612] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 659.432207] ? ___ratelimit+0x60/0x595 [ 659.436107] ? do_raw_spin_unlock+0x57/0x270 [ 659.440535] oom_kill_process.cold+0x10/0x6f5 [ 659.445056] ? task_will_free_mem+0x139/0x6e0 [ 659.449566] out_of_memory+0x936/0x12d0 [ 659.453559] ? oom_killer_disable+0x280/0x280 [ 659.458070] ? find_held_lock+0x35/0x130 [ 659.462151] mem_cgroup_out_of_memory+0x1d2/0x240 [ 659.467007] ? memcg_event_wake+0x230/0x230 [ 659.471358] ? do_raw_spin_unlock+0x57/0x270 [ 659.475785] ? _raw_spin_unlock+0x2d/0x50 [ 659.479945] try_charge+0x1028/0x15b0 [ 659.483838] ? find_held_lock+0x35/0x130 [ 659.487918] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 659.492789] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 659.497667] ? find_held_lock+0x35/0x130 [ 659.501737] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 659.506588] memcg_kmem_charge_memcg+0x7c/0x130 [ 659.511256] ? memcg_kmem_put_cache+0xb0/0xb0 [ 659.515764] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 659.520721] memcg_kmem_charge+0x136/0x300 [ 659.524958] __alloc_pages_nodemask+0x3c6/0x760 [ 659.529614] ? save_stack+0xa9/0xd0 [ 659.533232] ? __alloc_pages_slowpath+0x2870/0x2870 [ 659.538239] ? copy_process.part.0+0x34dc/0x7970 [ 659.543002] ? mark_held_locks+0x100/0x100 [ 659.547251] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 659.552353] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 659.557904] alloc_pages_current+0x107/0x210 [ 659.562324] pte_alloc_one+0x1b/0x1a0 [ 659.566132] __pte_alloc+0x2a/0x360 [ 659.569756] copy_page_range+0x151f/0x1f90 [ 659.573983] ? anon_vma_fork+0x371/0x4a0 [ 659.578040] ? find_held_lock+0x35/0x130 [ 659.582102] ? anon_vma_fork+0x371/0x4a0 [ 659.586231] ? lock_downgrade+0x810/0x810 [ 659.590381] ? pmd_alloc+0x180/0x180 [ 659.594096] ? __vma_link_rb+0x279/0x370 [ 659.599625] copy_process.part.0+0x5434/0x7970 [ 659.604244] ? __cleanup_sighand+0x70/0x70 [ 659.608505] _do_fork+0x257/0xfe0 [ 659.611968] ? fork_idle+0x1d0/0x1d0 [ 659.615693] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 659.620555] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 659.625304] ? do_syscall_64+0x26/0x610 [ 659.629277] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 659.634641] ? do_syscall_64+0x26/0x610 [ 659.638618] __x64_sys_clone+0xbf/0x150 [ 659.642602] do_syscall_64+0x103/0x610 [ 659.646495] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 659.651684] RIP: 0033:0x458c29 [ 659.654876] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 659.673785] RSP: 002b:00007fcba7df9c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 659.681496] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 659.688765] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 659.696029] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 659.703295] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcba7dfa6d4 [ 659.710563] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 659.720116] Task in /syz0 killed as a result of limit of /syz0 [ 659.728950] memory: usage 307200kB, limit 307200kB, failcnt 3669 [ 659.736483] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 659.745664] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 659.753447] Memory cgroup stats for /syz0: cache:92KB rss:199532KB rss_huge:149504KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:199568KB inactive_file:0KB active_file:4KB unevictable:8KB [ 659.777844] Memory cgroup out of memory: Kill process 25412 (syz-executor.0) score 124 or sacrifice child [ 659.787711] Killed process 25412 (syz-executor.0) total-vm:72452kB, anon-rss:2196kB, file-rss:35796kB, shmem-rss:0kB [ 659.802722] oom_reaper: reaped process 25412 (syz-executor.0), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 659.824936] syz-executor.1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 659.843382] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 659.846835] syz-executor.1 cpuset= [ 659.851139] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 659.851671] syz1 [ 659.854921] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 659.869248] mems_allowed=0-1 [ 659.872746] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 659.896111] CPU: 0 PID: 7862 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 659.902991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 659.912358] Call Trace: [ 659.914960] dump_stack+0x172/0x1f0 [ 659.918611] dump_header+0x15e/0x929 [ 659.922353] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 659.927469] ? ___ratelimit+0x60/0x595 [ 659.931374] oom_kill_process.cold+0x10/0x6f5 [ 659.935885] ? task_will_free_mem+0x139/0x6e0 [ 659.936816] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 659.940397] out_of_memory+0x936/0x12d0 [ 659.951818] ? oom_killer_disable+0x280/0x280 [ 659.956323] ? find_held_lock+0x35/0x130 [ 659.959429] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 659.960407] mem_cgroup_out_of_memory+0x1d2/0x240 [ 659.969475] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 659.973710] ? memcg_event_wake+0x230/0x230 [ 659.973733] ? do_raw_spin_unlock+0x57/0x270 [ 659.973751] ? _raw_spin_unlock+0x2d/0x50 [ 659.973772] try_charge+0x1028/0x15b0 [ 659.981282] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 659.985525] ? find_held_lock+0x35/0x130 [ 660.010353] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 660.015182] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 660.020026] ? find_held_lock+0x35/0x130 [ 660.024084] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 660.028921] memcg_kmem_charge_memcg+0x7c/0x130 [ 660.033578] ? memcg_kmem_put_cache+0xb0/0xb0 [ 660.038072] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 660.042908] memcg_kmem_charge+0x136/0x300 [ 660.047146] __alloc_pages_nodemask+0x3c6/0x760 [ 660.051806] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 660.056548] ? __alloc_pages_slowpath+0x2870/0x2870 [ 660.061553] ? find_held_lock+0x35/0x130 [ 660.065601] ? copy_page_range+0x124f/0x1f90 [ 660.070022] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 660.075552] alloc_pages_current+0x107/0x210 [ 660.079947] pte_alloc_one+0x1b/0x1a0 [ 660.083741] __pte_alloc+0x2a/0x360 [ 660.087367] copy_page_range+0x151f/0x1f90 [ 660.091599] ? pmd_alloc+0x180/0x180 [ 660.095301] ? __vma_link_rb+0x279/0x370 [ 660.099355] copy_process.part.0+0x5434/0x7970 [ 660.103940] ? __cleanup_sighand+0x70/0x70 [ 660.108173] _do_fork+0x257/0xfe0 [ 660.111617] ? fork_idle+0x1d0/0x1d0 [ 660.115384] ? __x64_sys_clock_gettime+0x1c5/0x250 [ 660.120299] ? __x64_sys_clock_gettime+0x172/0x250 [ 660.125224] ? __sanitizer_cov_trace_pc+0x20/0x50 [ 660.130055] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 660.134809] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 660.139553] ? do_syscall_64+0x26/0x610 [ 660.143518] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 660.148868] ? do_syscall_64+0x26/0x610 [ 660.152840] __x64_sys_clone+0xbf/0x150 [ 660.156803] do_syscall_64+0x103/0x610 [ 660.160696] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 660.165893] RIP: 0033:0x458c29 [ 660.169084] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 660.187977] RSP: 002b:00007f66b1fafc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 660.195801] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 660.203065] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 660.210435] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 660.217721] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b1fb06d4 [ 660.225088] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 660.236697] Task in /syz1 killed as a result of limit of /syz1 [ 660.243639] memory: usage 307100kB, limit 307200kB, failcnt 1208 [ 660.249998] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 660.256920] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 660.263352] Memory cgroup stats for /syz1: cache:64KB rss:181272KB rss_huge:120832KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:181284KB inactive_file:4KB active_file:4KB unevictable:0KB [ 660.284901] Memory cgroup out of memory: Kill process 25577 (syz-executor.1) score 1113 or sacrifice child [ 660.295174] Killed process 25578 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:34944kB, shmem-rss:0kB 01:46:26 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, 0x0) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:26 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0xc00000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:26 executing program 5: r0 = memfd_create(&(0x7f0000000340)='\xb7\x98\x99\xe3(\xc6i\xe2\xdb\xe0Nm\x90\x7f\x82(\xf4\x84)\xe1\x00\x9b\x00\"\xaa\x9c\n\xd4\xae2\x059\xc0\xda3\xe4\xac\xb3ps\xff\xf0p\xe0\xc4\x90w\x02P\x8b\xcc0\xe4\xbf\xbe\xf94\x14\xbf\xf5\x9a\xb8\xf14a\xd5\x05W\xd2\x84S\x9bTo\x16\x92\x88\xd6\xe1\x0e|\xe2\x1a\xd1G\xb6\a\xa2 }\x99.\x80\xa2D\x9c<\x80\xae\fc\x19\xd1\x97\xb8y\x80\x16\xe7\xbb\x8e\xae\xf1\xaf\xfb\x948\x1a\xcc\x02\x91\x95\xa2\x1f\xea\xa8\xeb\x14O\xba\x93\xad\xe3\n\xccP\xa3]\x02\xbdJ\x87\x85\xd7\x91:\xf9E\xf7\x00\xe5DG\xed\x9a#l\xe7c\xdb3\x83\r\xe5(\xefy\xceQ\x93\xd7\x1a\x91a;gs\xf8\x80\"\x90s-]*\xe9\xb9iL\x91\x1e}\xd5\x8c\xeb1\xb9\x84\xc7\x83\xe5c\xa3\xfc\xdb#\x1a\xfe\a\xdb\t\t', 0x3) write$binfmt_script(r0, &(0x7f0000000040)=ANY=[@ANYPTR=&(0x7f00000002c0)=ANY=[]], 0x4) execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) 01:46:26 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x20000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:26 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1d) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:27 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000003c0)={{{@in6, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@multicast1}}, &(0x7f0000000100)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(r4, 0x0, 0x10, &(0x7f0000000580)={{{@in=@dev, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in6=@local}}, &(0x7f0000000140)=0xe8) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000200)={0x0, 0x0, 0x0}, &(0x7f00000002c0)=0xc) getgroups(0x6, &(0x7f0000000300)=[0x0, 0x0, 0xee00, 0xee00, 0x0, 0x0]) fsetxattr$system_posix_acl(r3, &(0x7f0000000080)='system.posix_acl_default\x00', &(0x7f00000004c0)={{}, {0x1, 0x4}, [{0x2, 0x7, r5}, {0x2, 0x6, r6}], {0x4, 0x2}, [{0x8, 0x4, r7}, {0x8, 0x4, r8}], {0x10, 0x7}, {0x20, 0x6}}, 0x44, 0x2) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r3, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 660.351909] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 660.359509] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 660.371095] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 660.378670] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 660.488218] FS-Cache: Duplicate cookie detected [ 660.494111] FS-Cache: O-cookie c=0000000014772077 [p=000000004114b303 fl=222 nc=0 na=1] [ 660.502482] FS-Cache: O-cookie d=00000000656b88e0 n=0000000074b90862 [ 660.509088] FS-Cache: O-key=[10] '02000200000002000000' [ 660.515418] FS-Cache: N-cookie c=00000000bd98bf24 [p=000000004114b303 fl=2 nc=0 na=1] [ 660.523665] FS-Cache: N-cookie d=00000000656b88e0 n=00000000012ee033 01:46:27 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0xd00000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:27 executing program 5: r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, 0x0) r1 = dup(r0) getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) write$P9_RXATTRCREATE(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_tcp_TCP_QUEUE_SEQ(0xffffffffffffffff, 0x6, 0x15, 0x0, 0x0) write$P9_RMKDIR(r1, 0x0, 0x0) [ 660.524947] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 660.530218] FS-Cache: N-key=[10] '02000200000002000000' 01:46:27 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xfeffff00000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 660.676837] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 660.711752] CPU: 0 PID: 7884 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 660.718753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 660.728115] Call Trace: [ 660.730719] dump_stack+0x172/0x1f0 [ 660.734359] dump_header+0x15e/0x929 [ 660.738093] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 660.743208] ? ___ratelimit+0x60/0x595 [ 660.747104] ? do_raw_spin_unlock+0x57/0x270 [ 660.751529] oom_kill_process.cold+0x10/0x6f5 [ 660.756147] ? task_will_free_mem+0x139/0x6e0 [ 660.760657] out_of_memory+0x936/0x12d0 [ 660.764644] ? lock_downgrade+0x810/0x810 [ 660.768807] ? oom_killer_disable+0x280/0x280 [ 660.773313] ? find_held_lock+0x35/0x130 [ 660.777400] mem_cgroup_out_of_memory+0x1d2/0x240 [ 660.782255] ? memcg_event_wake+0x230/0x230 [ 660.786601] ? do_raw_spin_unlock+0x57/0x270 [ 660.791027] ? _raw_spin_unlock+0x2d/0x50 [ 660.795181] try_charge+0x1028/0x15b0 [ 660.798969] ? find_held_lock+0x35/0x130 [ 660.803037] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 660.807892] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 660.812846] ? find_held_lock+0x35/0x130 [ 660.816927] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 660.821790] memcg_kmem_charge_memcg+0x7c/0x130 01:46:27 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000100)='TIPC\x00') sendmsg$TIPC_CMD_GET_LINKS(r2, &(0x7f0000000300)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0xa1000000}, 0xff7fd830b7b59de3, &(0x7f0000000200)={&(0x7f0000000140)={0x24, r3, 0x81d3f556ef42bdf8, 0x70bd2c, 0x25dfdbfc, {{}, 0x0, 0x4, 0x0, {0x8, 0x11, 0x7}}, ["", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x40000) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sysfs$3(0x3) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:27 executing program 5: clone(0x804007ff8, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0x102102001fea, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) getrandom(&(0x7f0000000080)=""/44, 0xfd30, 0x0) r0 = memfd_create(&(0x7f0000000e40)='\x00\x00\x00\x00\x00\x00r%\xf7\x83\x80\x80}\xdePS`\x18A\xa0\xd0\xf8+t7HR\xb0\x1f\x12Y\x97b-\xc4\xa5\xe7\x1d,\xe5\xac2\xff\x90\x82O\xa2^Y\a\x04\x89M\xa7@\xf7\xe9\xc0\xff\xb4,5j\x1f([\xfc\x8f\v\x8cor\xef\x15\x1d\xabL\\*Zu\x1f\x04\xbf\xc6\x9a\xc5\xc3\xb5\x16\x8am\x13\xd8&\xb1\xed\fu\'\xd5\x8fT\xad\xc1/\xca\x1f%\xc8\xfc%\x86\xeaM\x90\xf8M\xab\xcd\xec)\x1f\xb7\x80\xa3\x9a\x11}\x12\xb0\x89;\x18 \x98\xdc\xee\xd3;\"*\x1dA7\t\xae5]M)\x7f\xe4,]N\x9d\x8b\xbd\x9d\fp\x9c\xaeG\xe8\x8f\x8a\xa2\xaaP[>\x99[P\x1f\r7S\xcd5\x10\xe8t6a+@\x13\x05\xf3\x16\x17\x7fmMLp\xfd\x9d&!\xc3pz\xd8\x8d\xa7\x85%\x96\xd8\x9aY\xcbtP^gZ\xc6\xeb\xc0?\xaa>\xe9\x98\x89\x17kW\x115\x03\x1a\xfc\x97\xce\xc4]\"\xfdh\xc5\xbd\f\x9d\xce\tby(A\x1b\x83\xf6\x8b\xf7\xbeK!\xfd\xf0\x03<\xf9I\xb8\xa7j\xa6]h\xad\x88Yg\xc2\xcc<-`\xect\xfc\xf5\xde\x16,\x94\xff\xe3\xe1Wu\xc1\xa1\xcf\xd9\x81\x8dL\x17\xa2\xf8\xd0\xa70%8\xf0y\xe7\xb1(\xef\x12<\x8b\xb9\t\x00\x00\x00\x00\x00\x00\x008\x14\xc2\xae\xa8l5\xfb\xf4$Jdc]2\xff\x12\xe4\xdc\xb3\xdfV\xe5\xd5\xd3\x88*\x99\x84\x99?\x8a\x7f\xefr\xd8u\xd2\x1c\x1e;\xb2\xbc>ny\xa2\xb6\xd3\"\xf7\x10\xf07\x8a\xbc \x95\xd3!9\xe3\x9f2#\xdb\x99a0\x92\x95\xe4\xc3\xc8\xe1\xb0\x00\x1d\xd7W\xaa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\b\xec\xa8\f{\f\x00\x00\x00', 0x0) execveat(r0, &(0x7f0000000000)='\x00', 0x0, &(0x7f00000001c0), 0x1000) tkill(0x0, 0x16) ptrace(0x10, 0x0) [ 660.826468] ? memcg_kmem_put_cache+0xb0/0xb0 [ 660.830968] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 660.830988] memcg_kmem_charge+0x136/0x300 [ 660.831006] __alloc_pages_nodemask+0x3c6/0x760 [ 660.831023] ? __alloc_pages_slowpath+0x2870/0x2870 [ 660.840081] ? save_stack+0x45/0xd0 [ 660.853371] ? kasan_kmalloc+0xce/0xf0 [ 660.857302] ? kasan_slab_alloc+0xf/0x20 [ 660.861376] ? __lock_acquire+0x6eb/0x48f0 [ 660.865623] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 660.871179] alloc_pages_current+0x107/0x210 [ 660.875606] pte_alloc_one+0x1b/0x1a0 [ 660.879419] copy_huge_pmd+0x7d/0x720 [ 660.883240] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 660.888792] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 660.894345] copy_page_range+0x7a1/0x1f90 [ 660.898498] ? anon_vma_fork+0x371/0x4a0 [ 660.902572] ? find_held_lock+0x35/0x130 [ 660.906640] ? anon_vma_fork+0x371/0x4a0 [ 660.910725] ? vma_compute_subtree_gap+0x158/0x230 [ 660.915675] ? vma_gap_callbacks_rotate+0x62/0x80 [ 660.920534] ? pmd_alloc+0x180/0x180 [ 660.924261] ? __vma_link_rb+0x279/0x370 [ 660.928337] copy_process.part.0+0x5434/0x7970 [ 660.932968] ? __cleanup_sighand+0x70/0x70 [ 660.937243] _do_fork+0x257/0xfe0 [ 660.940719] ? fork_idle+0x1d0/0x1d0 [ 660.944455] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 660.949326] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 660.954088] ? do_syscall_64+0x26/0x610 [ 660.958069] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 660.963439] ? do_syscall_64+0x26/0x610 [ 660.967426] __x64_sys_clone+0xbf/0x150 [ 660.971409] do_syscall_64+0x103/0x610 [ 660.975308] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 660.980501] RIP: 0033:0x458c29 [ 660.983702] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 661.002610] RSP: 002b:00007f546898bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 661.010329] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 661.017606] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 01:46:27 executing program 0: r0 = socket$inet(0x10, 0x80000fffffff, 0xff) r1 = gettid() r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/self/net/pfkey\x00', 0x40000, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x1, 0x6, 0x1, 0x6, 0x0, 0x1, 0x48120, 0x0, 0x8, 0xffffffffffff8000, 0x4, 0x1, 0x7ff, 0x7, 0xffffffff80000001, 0x5, 0x4, 0x82ce, 0x7, 0x80, 0x10000, 0x8e89698, 0x8000, 0x7fffffff, 0x3, 0x1f, 0x7, 0x1, 0x0, 0x5, 0x3, 0x100000000, 0x1, 0x1, 0x100000000, 0x0, 0x0, 0x2, 0x2, @perf_config_ext={0x4, 0x2}, 0x2000, 0x1, 0x5, 0x2, 0x4, 0x6, 0xe6f}, r1, 0xf, r2, 0x1) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) tkill(r1, 0x31) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) sendmsg$unix(r0, &(0x7f0000000200)={&(0x7f0000000100)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000080)=[{&(0x7f00000003c0)="5a3761fe3e440896585832f2e198ee8400bffb95d0a88078cb71385003e29233e91dd30810b61a6f1ffd6ed35bd2658685d224c1197cfcbea16d586917ff7bb6a02205647fdbc27ab2437e91655d11795fa8fd94a15903f7be17206bf3ab281a7ac7f27d4ce84ef96aaf458632dfe8413ac3598ada3890a5af179d555b3d6bc275f7ddb51396267fad6f13e10d19791157d94ea99efcf461d9b67cfcfb56ca4956612e55044760e1bd44f375446c8b338bf233dc1769037ec1aed9ba1b9204e14342cb07c3a9d22297d6ddcd8a5756b075ce22e7be0fdc48a56c97c15545282f00869cb654a1b81561a24b3ce4", 0xed}], 0x1, 0x0, 0x0, 0x4}, 0x40000) write$eventfd(r3, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 661.024890] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 661.032163] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546898c6d4 [ 661.039440] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 661.069556] Task in /syz3 killed as a result of limit of /syz3 [ 661.084151] memory: usage 307200kB, limit 307200kB, failcnt 2756 [ 661.104651] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 661.118446] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 661.128722] Memory cgroup stats for /syz3: cache:88KB rss:195804KB rss_huge:147456KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:195812KB inactive_file:4KB active_file:0KB unevictable:0KB [ 661.149912] Memory cgroup out of memory: Kill process 6046 (syz-executor.3) score 124 or sacrifice child [ 661.159685] Killed process 6047 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB [ 661.172190] oom_reaper: reaped process 6047 (syz-executor.3), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 661.186590] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 661.200806] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 661.206268] CPU: 0 PID: 7883 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 661.213110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 661.222469] Call Trace: [ 661.225066] dump_stack+0x172/0x1f0 [ 661.228686] dump_header+0x15e/0x929 [ 661.232409] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 661.237522] ? ___ratelimit+0x60/0x595 [ 661.241411] ? do_raw_spin_unlock+0x57/0x270 [ 661.245933] oom_kill_process.cold+0x10/0x6f5 [ 661.250428] ? task_will_free_mem+0x139/0x6e0 [ 661.254939] out_of_memory+0x936/0x12d0 [ 661.258919] ? oom_killer_disable+0x280/0x280 [ 661.263414] ? find_held_lock+0x35/0x130 [ 661.267483] mem_cgroup_out_of_memory+0x1d2/0x240 [ 661.272348] ? memcg_event_wake+0x230/0x230 [ 661.276673] ? do_raw_spin_unlock+0x57/0x270 [ 661.281086] ? _raw_spin_unlock+0x2d/0x50 [ 661.285240] try_charge+0x1028/0x15b0 [ 661.289030] ? find_held_lock+0x35/0x130 [ 661.293095] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 661.297954] ? kasan_check_read+0x11/0x20 [ 661.302123] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 661.306971] mem_cgroup_try_charge+0x24d/0x5e0 [ 661.311562] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 661.316505] __handle_mm_fault+0x1e55/0x3f80 [ 661.320919] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 661.325768] ? find_held_lock+0x35/0x130 [ 661.329827] ? handle_mm_fault+0x322/0xb30 [ 661.334078] ? kasan_check_read+0x11/0x20 [ 661.338221] handle_mm_fault+0x43f/0xb30 [ 661.342297] __do_page_fault+0x62a/0xe90 [ 661.346356] ? blkcg_print_stat+0xb90/0xb90 [ 661.350681] ? vmalloc_fault+0x770/0x770 [ 661.354751] ? trace_hardirqs_off_caller+0x65/0x220 [ 661.359762] ? trace_hardirqs_on_caller+0x6a/0x220 [ 661.364696] ? page_fault+0x8/0x30 [ 661.368316] do_page_fault+0x71/0x581 [ 661.372118] ? page_fault+0x8/0x30 [ 661.375656] page_fault+0x1e/0x30 [ 661.379187] RIP: 0033:0x40bf5d [ 661.382399] Code: 48 18 8b 4c 24 4c 89 48 24 31 c0 48 8b 8c 04 10 01 00 00 48 89 8c 02 30 bf 73 00 48 83 c0 08 48 83 f8 48 75 e6 e8 83 72 ff ff <83> 05 a0 40 53 00 01 80 7c 24 35 00 74 0b f6 44 24 30 01 0f 84 68 [ 661.401309] RSP: 002b:00007ffe7cbd7d60 EFLAGS: 00010207 [ 661.406680] RAX: 0000000000000001 RBX: 0000000000000064 RCX: 0000000000458c29 [ 661.414065] RDX: 0000000000000000 RSI: 0000000000000081 RDI: 000000000073bf08 [ 661.421335] RBP: 000000000073bf00 R08: 00007f66b1fb0700 R09: 00000000000a1428 [ 661.428610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000909 [ 661.435881] R13: 0000000000000000 R14: 0000000000000003 R15: 000000000073bf0c [ 661.444027] Task in /syz1 killed as a result of limit of /syz1 [ 661.450050] memory: usage 307200kB, limit 307200kB, failcnt 1259 [ 661.456362] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 661.463177] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 661.469324] Memory cgroup stats for /syz1: cache:64KB rss:181272KB rss_huge:120832KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:181376KB inactive_file:4KB active_file:0KB unevictable:0KB [ 661.490290] Memory cgroup out of memory: Kill process 7863 (syz-executor.1) score 1113 or sacrifice child [ 661.500100] Killed process 7863 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:35820kB, shmem-rss:0kB [ 661.513252] oom_reaper: reaped process 7863 (syz-executor.1), now anon-rss:0kB, file-rss:34860kB, shmem-rss:0kB [ 661.527547] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 661.563986] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 661.569430] CPU: 1 PID: 8586 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 661.576262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 661.585742] Call Trace: [ 661.588337] dump_stack+0x172/0x1f0 [ 661.591980] dump_header+0x15e/0x929 [ 661.595705] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 661.603246] ? ___ratelimit+0x60/0x595 [ 661.607132] ? do_raw_spin_unlock+0x57/0x270 [ 661.611547] oom_kill_process.cold+0x10/0x6f5 [ 661.616036] ? task_will_free_mem+0x139/0x6e0 [ 661.620526] out_of_memory+0x936/0x12d0 [ 661.624495] ? oom_killer_disable+0x280/0x280 [ 661.628984] ? find_held_lock+0x35/0x130 [ 661.633130] mem_cgroup_out_of_memory+0x1d2/0x240 [ 661.637961] ? memcg_event_wake+0x230/0x230 [ 661.642279] ? do_raw_spin_unlock+0x57/0x270 [ 661.646703] ? _raw_spin_unlock+0x2d/0x50 [ 661.650871] try_charge+0x1028/0x15b0 [ 661.654663] ? find_held_lock+0x35/0x130 [ 661.658720] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 661.663570] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 661.668425] ? find_held_lock+0x35/0x130 [ 661.672480] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 661.677343] memcg_kmem_charge_memcg+0x7c/0x130 [ 661.682008] ? memcg_kmem_put_cache+0xb0/0xb0 [ 661.686590] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 661.691434] memcg_kmem_charge+0x136/0x300 [ 661.695662] __alloc_pages_nodemask+0x3c6/0x760 [ 661.700348] ? find_held_lock+0x35/0x130 [ 661.704398] ? __alloc_pages_slowpath+0x2870/0x2870 [ 661.709415] ? lock_downgrade+0x810/0x810 [ 661.713559] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 661.719096] alloc_pages_current+0x107/0x210 [ 661.723518] pte_alloc_one+0x1b/0x1a0 [ 661.727328] __pte_alloc+0x2a/0x360 [ 661.730954] copy_page_range+0x151f/0x1f90 [ 661.735188] ? vma_compute_subtree_gap+0x158/0x230 [ 661.740117] ? vma_gap_callbacks_rotate+0x62/0x80 [ 661.744968] ? pmd_alloc+0x180/0x180 [ 661.748673] ? __vma_link_rb+0x279/0x370 [ 661.752731] copy_process.part.0+0x5434/0x7970 [ 661.757350] ? __cleanup_sighand+0x70/0x70 [ 661.761586] _do_fork+0x257/0xfe0 [ 661.765048] ? fork_idle+0x1d0/0x1d0 [ 661.768772] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 661.773520] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 661.778267] ? do_syscall_64+0x26/0x610 [ 661.782251] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 661.787601] ? do_syscall_64+0x26/0x610 [ 661.791569] __x64_sys_clone+0xbf/0x150 [ 661.795544] do_syscall_64+0x103/0x610 [ 661.799434] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 661.804627] RIP: 0033:0x4571fa [ 661.807927] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 661.826828] RSP: 002b:00007ffc0bec0320 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 661.834529] RAX: ffffffffffffffda RBX: 00007ffc0bec0320 RCX: 00000000004571fa [ 661.841803] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 661.849069] RBP: 00007ffc0bec0360 R08: 0000000000000001 R09: 0000000001af6940 [ 661.856331] R10: 0000000001af6c10 R11: 0000000000000246 R12: 0000000000000001 [ 661.863603] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc0bec03b0 [ 661.871257] Task in /syz4 killed as a result of limit of /syz4 [ 661.877443] memory: usage 307200kB, limit 307200kB, failcnt 1557 [ 661.885325] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 661.895641] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 661.901888] Memory cgroup stats for /syz4: cache:20KB rss:186220KB rss_huge:126976KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:186260KB inactive_file:12KB active_file:0KB unevictable:0KB [ 661.924170] Memory cgroup out of memory: Kill process 23967 (syz-executor.4) score 1113 or sacrifice child [ 661.934297] Killed process 23967 (syz-executor.4) total-vm:72452kB, anon-rss:2188kB, file-rss:35804kB, shmem-rss:0kB [ 661.948087] oom_reaper: reaped process 23967 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 661.961047] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 661.979388] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 661.984978] CPU: 1 PID: 7884 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 661.991917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 662.001280] Call Trace: [ 662.003881] dump_stack+0x172/0x1f0 [ 662.007526] dump_header+0x15e/0x929 [ 662.011260] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 662.016382] ? ___ratelimit+0x60/0x595 [ 662.020281] ? do_raw_spin_unlock+0x57/0x270 [ 662.024704] oom_kill_process.cold+0x10/0x6f5 [ 662.029219] ? task_will_free_mem+0x139/0x6e0 [ 662.033734] out_of_memory+0x936/0x12d0 [ 662.037728] ? oom_killer_disable+0x280/0x280 [ 662.042330] ? find_held_lock+0x35/0x130 [ 662.046410] mem_cgroup_out_of_memory+0x1d2/0x240 [ 662.051269] ? memcg_event_wake+0x230/0x230 [ 662.055602] ? do_raw_spin_unlock+0x57/0x270 [ 662.060015] ? _raw_spin_unlock+0x2d/0x50 [ 662.064178] try_charge+0x1028/0x15b0 [ 662.067990] ? find_held_lock+0x35/0x130 [ 662.072069] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 662.076924] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 662.081890] ? find_held_lock+0x35/0x130 [ 662.085964] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 662.090834] memcg_kmem_charge_memcg+0x7c/0x130 [ 662.095513] ? memcg_kmem_put_cache+0xb0/0xb0 [ 662.100096] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 662.104935] memcg_kmem_charge+0x136/0x300 [ 662.109165] __alloc_pages_nodemask+0x3c6/0x760 [ 662.113831] ? __alloc_pages_slowpath+0x2870/0x2870 [ 662.118845] ? find_held_lock+0x35/0x130 [ 662.122911] ? copy_page_range+0x124f/0x1f90 [ 662.127342] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 662.132877] alloc_pages_current+0x107/0x210 [ 662.137287] pte_alloc_one+0x1b/0x1a0 [ 662.141096] __pte_alloc+0x2a/0x360 [ 662.144726] copy_page_range+0x151f/0x1f90 [ 662.148966] ? pmd_alloc+0x180/0x180 [ 662.152674] ? __vma_link_rb+0x279/0x370 [ 662.156733] copy_process.part.0+0x5434/0x7970 [ 662.161340] ? __cleanup_sighand+0x70/0x70 [ 662.165594] _do_fork+0x257/0xfe0 [ 662.169056] ? fork_idle+0x1d0/0x1d0 [ 662.172796] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 662.177557] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 662.182308] ? do_syscall_64+0x26/0x610 [ 662.186276] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 662.191682] ? do_syscall_64+0x26/0x610 [ 662.195684] __x64_sys_clone+0xbf/0x150 [ 662.199654] do_syscall_64+0x103/0x610 [ 662.203546] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 662.208733] RIP: 0033:0x458c29 [ 662.211922] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 662.230826] RSP: 002b:00007f546898bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 662.238528] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 662.245793] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 662.253050] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 662.260398] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546898c6d4 [ 662.267660] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 662.275310] Task in /syz3 killed as a result of limit of /syz3 [ 662.281419] memory: usage 307048kB, limit 307200kB, failcnt 2774 [ 662.287561] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 662.294387] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 662.300551] Memory cgroup stats for /syz3: cache:88KB rss:195804KB rss_huge:147456KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:195780KB inactive_file:0KB active_file:0KB unevictable:0KB [ 662.321727] Memory cgroup out of memory: Kill process 6046 (syz-executor.3) score 124 or sacrifice child [ 662.331506] Killed process 6046 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:35804kB, shmem-rss:0kB [ 662.344837] oom_reaper: reaped process 6046 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 662.391913] syz-executor.1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 662.413183] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 662.418747] CPU: 1 PID: 7885 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 662.425581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 662.434946] Call Trace: [ 662.437541] dump_stack+0x172/0x1f0 [ 662.441180] dump_header+0x15e/0x929 [ 662.444902] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 662.449999] ? ___ratelimit+0x60/0x595 [ 662.453894] ? do_raw_spin_unlock+0x57/0x270 [ 662.458469] oom_kill_process.cold+0x10/0x6f5 [ 662.462976] out_of_memory+0x936/0x12d0 [ 662.466948] ? oom_killer_disable+0x280/0x280 [ 662.471446] ? find_held_lock+0x35/0x130 [ 662.475714] mem_cgroup_out_of_memory+0x1d2/0x240 [ 662.492880] ? memcg_event_wake+0x230/0x230 [ 662.497208] ? do_raw_spin_unlock+0x57/0x270 [ 662.501630] ? _raw_spin_unlock+0x2d/0x50 [ 662.505792] try_charge+0x1028/0x15b0 [ 662.509584] ? find_held_lock+0x35/0x130 [ 662.513659] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 662.518503] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 662.523347] ? find_held_lock+0x35/0x130 [ 662.527405] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 662.532258] memcg_kmem_charge_memcg+0x7c/0x130 [ 662.536927] ? memcg_kmem_put_cache+0xb0/0xb0 [ 662.541422] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 662.546274] memcg_kmem_charge+0x136/0x300 [ 662.550499] __alloc_pages_nodemask+0x3c6/0x760 [ 662.555172] ? __alloc_pages_slowpath+0x2870/0x2870 [ 662.560197] copy_process.part.0+0x3e0/0x7970 [ 662.564708] ? mark_held_locks+0x100/0x100 [ 662.569146] ? __might_fault+0x12b/0x1e0 [ 662.573227] ? __cleanup_sighand+0x70/0x70 [ 662.577589] ? lock_downgrade+0x810/0x810 [ 662.581768] _do_fork+0x257/0xfe0 [ 662.585215] ? fork_idle+0x1d0/0x1d0 [ 662.588920] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 662.593683] ? retint_kernel+0x2d/0x2d [ 662.597575] __x64_sys_clone+0xbf/0x150 [ 662.601557] ? __x64_sys_clone+0x1/0x150 [ 662.605628] do_syscall_64+0x103/0x610 [ 662.609528] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 662.614899] RIP: 0033:0x458c29 [ 662.618121] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 662.637374] RSP: 002b:00007f66b1fafc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 662.645102] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 662.652376] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000802102001ffc [ 662.659666] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 662.666935] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b1fb06d4 [ 662.674208] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 662.685110] Task in /syz1 killed as a result of limit of /syz1 [ 662.692566] memory: usage 307196kB, limit 307200kB, failcnt 1295 [ 662.698781] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 662.705804] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 662.715020] Memory cgroup stats for /syz1: cache:64KB rss:181272KB rss_huge:120832KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:181376KB inactive_file:8KB active_file:0KB unevictable:0KB [ 662.737270] Memory cgroup out of memory: Kill process 25577 (syz-executor.1) score 1113 or sacrifice child [ 662.747537] Killed process 25577 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:35804kB, shmem-rss:0kB [ 662.774186] syz-executor.1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 662.787242] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 662.793391] CPU: 0 PID: 7915 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 662.800262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 662.809622] Call Trace: [ 662.812224] dump_stack+0x172/0x1f0 [ 662.815842] dump_header+0x15e/0x929 [ 662.819565] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 662.824673] ? ___ratelimit+0x60/0x595 [ 662.828552] ? do_raw_spin_unlock+0x57/0x270 [ 662.832953] oom_kill_process.cold+0x10/0x6f5 [ 662.837442] ? task_will_free_mem+0x139/0x6e0 [ 662.841943] out_of_memory+0x936/0x12d0 [ 662.845919] ? oom_killer_disable+0x280/0x280 [ 662.850416] ? find_held_lock+0x35/0x130 [ 662.854475] mem_cgroup_out_of_memory+0x1d2/0x240 [ 662.859315] ? memcg_event_wake+0x230/0x230 [ 662.863633] ? do_raw_spin_unlock+0x57/0x270 [ 662.868031] ? _raw_spin_unlock+0x2d/0x50 [ 662.872179] try_charge+0xd25/0x15b0 [ 662.875884] ? find_held_lock+0x35/0x130 [ 662.879981] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 662.884822] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 662.889657] ? find_held_lock+0x35/0x130 [ 662.893759] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 662.898614] memcg_kmem_charge_memcg+0x7c/0x130 [ 662.903285] ? memcg_kmem_put_cache+0xb0/0xb0 [ 662.907874] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 662.912736] memcg_kmem_charge+0x136/0x300 [ 662.916963] __alloc_pages_nodemask+0x3c6/0x760 [ 662.921621] ? __pud_alloc+0x1d3/0x250 [ 662.925496] ? __alloc_pages_slowpath+0x2870/0x2870 [ 662.930584] ? __pud_alloc+0x1d3/0x250 [ 662.934479] ? lock_downgrade+0x810/0x810 [ 662.938627] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 662.944159] alloc_pages_current+0x107/0x210 [ 662.948556] ? do_raw_spin_unlock+0x57/0x270 [ 662.952963] __pmd_alloc+0x41/0x460 [ 662.956583] ? __pmd+0x60/0x60 [ 662.959769] pmd_alloc+0x10c/0x180 [ 662.963309] copy_page_range+0x633/0x1f90 [ 662.967456] ? anon_vma_fork+0x371/0x4a0 [ 662.971519] ? find_held_lock+0x35/0x130 [ 662.975571] ? anon_vma_fork+0x371/0x4a0 [ 662.979710] ? vma_compute_subtree_gap+0x158/0x230 [ 662.984634] ? vma_gap_callbacks_rotate+0x62/0x80 [ 662.989480] ? pmd_alloc+0x180/0x180 [ 662.993196] ? __vma_link_rb+0x279/0x370 [ 662.997260] copy_process.part.0+0x5434/0x7970 [ 663.001848] ? __cleanup_sighand+0x70/0x70 [ 663.006099] _do_fork+0x257/0xfe0 [ 663.009553] ? fork_idle+0x1d0/0x1d0 [ 663.013267] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 663.018040] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 663.022805] ? do_syscall_64+0x26/0x610 [ 663.026767] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 663.032118] ? do_syscall_64+0x26/0x610 [ 663.036091] __x64_sys_clone+0xbf/0x150 [ 663.040055] do_syscall_64+0x103/0x610 [ 663.044048] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 663.049234] RIP: 0033:0x458c29 [ 663.052425] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 663.071326] RSP: 002b:00007f66b1f6dc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 663.079033] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 663.086304] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 663.093561] RBP: 000000000073c040 R08: ffffffffffffffff R09: 0000000000000000 [ 663.100821] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b1f6e6d4 [ 663.108117] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 663.116643] Task in /syz1 killed as a result of limit of /syz1 [ 663.122780] memory: usage 304920kB, limit 307200kB, failcnt 1295 [ 663.128925] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 663.135759] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 663.141994] Memory cgroup stats for /syz1: cache:64KB rss:179204KB rss_huge:118784KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:179232KB inactive_file:8KB active_file:0KB unevictable:0KB [ 663.163118] Memory cgroup out of memory: Kill process 26776 (syz-executor.1) score 1113 or sacrifice child [ 663.173092] Killed process 26776 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:35804kB, shmem-rss:0kB 01:46:29 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, 0x0) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:29 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x2800000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:29 executing program 5: r0 = socket$unix(0x1, 0x1, 0x0) getgid() readlink(0x0, 0x0, 0x0) ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, 0x0) pipe2(0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0x0) r1 = gettid() setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, 0x0, 0x1ea) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, 0x0, 0xfffffffffffffd0f) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) getsockname(0xffffffffffffffff, 0x0, 0x0) tkill(r1, 0x2001000000000016) 01:46:29 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$sock_x25_SIOCADDRT(r2, 0x890b, &(0x7f0000000680)={@null=' \x00', 0x8, 'syzkaller1\x00'}) setsockopt$inet6_MCAST_JOIN_GROUP(r2, 0x29, 0x2a, &(0x7f0000000480)={0x6, {{0xa, 0x4e20, 0x1ff, @local, 0x80000000}}}, 0x88) r3 = syz_open_dev$media(&(0x7f0000000100)='/dev/media#\x00', 0x4, 0x101440) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f0000000080)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) timer_create(0x4, &(0x7f0000000140)={0x0, 0x1a, 0x2, @thr={&(0x7f00000003c0)="d0ab0ecb7d4f61b9a353bce27593ef38698fc0bec42c2b25e1ca52cacb153f3fb1868619eb86bd8706086b4a955d9cef7b5dcbe145ba7d923736bb06324300c4734a243c45ca352433255c5039e01ced7f4f783b8ab757df19360236009486bdc72e99e94cc84f217ff6f8efa2269f113f8e03bd654651d68639169c13417af74854321b52df2d4f1994bd5ec47c484cff0f4989c23f687f", &(0x7f0000000580)="b6bf1d7db0c7aefe8533fa9bdfcdc642082e55372f2c7be5e26895779d19f3a767a956e86cf92722939c1aa0c13631d872732ad714141ed7bbccb606b0f0126b8c8946790b4a1f510701a8d7898717b2608ba4570f355514b155345aba98381cdb7d8c569ffd4733eca85a14f4ae57dc9902c62463e8dce5b10bab9491d4fd6ba83eaee84df9dfb16d300b74b4911b94f1ca0de58590c6e77a937bb6f535d8bd4b24962eb6b750b9efe0b47789aa80c4af1c97ba023255de8643c70c8ba2d09158e81917b9cca5242066f09d8c613b819faacd0ebb41fe86ecbdb5fb4f7c1371e66b94322a814d6e37b52559c67910"}}, &(0x7f00000001c0)=0x0) timer_delete(r4) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) write$cgroup_subtree(r2, &(0x7f0000000200)={[{0x2f, 'cpu'}, {0x2b, 'memory'}]}, 0xd) 01:46:29 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x100000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:29 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$DRM_IOCTL_AGP_INFO(r3, 0x80386433, &(0x7f00000001c0)=""/185) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) getsockopt$inet_sctp_SCTP_AUTOCLOSE(r0, 0x84, 0x4, &(0x7f0000000100), &(0x7f0000000140)=0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$IP_VS_SO_SET_EDIT(r3, 0x0, 0x483, &(0x7f0000000080)={0x3e, @loopback, 0x4e24, 0x2, 'rr\x00', 0x1, 0x401, 0x7a}, 0x2c) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000280)=0x1, 0x4) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_ADD(r3, 0x4c80, r4) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) [ 663.186867] oom_reaper: reaped process 26776 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 663.194147] validate_nla: 6 callbacks suppressed [ 663.194157] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 663.209783] nla_parse: 6 callbacks suppressed [ 663.209792] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 663.223177] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 663.230640] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 01:46:29 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x2900000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 663.343630] FS-Cache: Duplicate cookie detected [ 663.348617] FS-Cache: O-cookie c=00000000bd3e536c [p=000000004114b303 fl=222 nc=0 na=1] [ 663.357181] FS-Cache: O-cookie d=00000000656b88e0 n=00000000a609ef62 [ 663.364076] FS-Cache: O-key=[10] '02000200000002000000' [ 663.370196] FS-Cache: N-cookie c=00000000bc03c919 [p=000000004114b303 fl=2 nc=0 na=1] [ 663.378645] FS-Cache: N-cookie d=00000000656b88e0 n=0000000032998f32 [ 663.385528] FS-Cache: N-key=[10] '02000200000002000000' 01:46:30 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") epoll_pwait(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) [ 663.457780] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 663.511573] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 01:46:30 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x2b00000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:30 executing program 0: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x4, 0x1f) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) setsockopt$bt_hci_HCI_TIME_STAMP(r1, 0x0, 0x3, &(0x7f0000000240)=0x1ff, 0x4) syz_open_dev$video(0x0, 0x4a, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000580)={{{@in=@empty, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in=@dev}}, &(0x7f0000000500)=0xe8) setsockopt$inet6_IPV6_PKTINFO(r2, 0x29, 0x32, &(0x7f0000000680)={@rand_addr="15990e294536f29cf3f2609d44ae3459", r3}, 0x14) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000000080)=@assoc_id=0x0, &(0x7f0000000100)=0x4) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000140)={r4, 0x7, 0x7, [0xd8, 0x1ff, 0x40, 0x0, 0x8, 0x7ff, 0x1]}, &(0x7f0000000200)=0x16) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000300)='TIPCv2\x00') sendmsg$TIPC_NL_PUBL_GET(r1, &(0x7f00000004c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x200082}, 0xc, &(0x7f0000000480)={&(0x7f00000003c0)={0xa0, r5, 0x204, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0x3c, 0x6, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x42}]}, @TIPC_NLA_LINK={0x38, 0x4, [@TIPC_NLA_LINK_PROP={0xc, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}]}, @TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x100}]}]}, @TIPC_NLA_NET={0x18, 0x7, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x2}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0xfffffffffffffff9}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) sendmsg(r1, &(0x7f0000000000)={0x0, 0xfffffeba, &(0x7f0000000040)=[{&(0x7f0000000740)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x28c}, 0x0) getsockopt$inet_sctp_SCTP_NODELAY(r2, 0x84, 0x3, &(0x7f00000006c0), &(0x7f0000000700)=0x4) [ 663.558238] netlink: 'syz-executor.4': attribute type 29 has an invalid length. 01:46:30 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x2c00000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 663.604523] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 663.616307] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 663.636722] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 01:46:30 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x2f00000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 663.658615] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 663.690218] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 663.710831] CPU: 0 PID: 7932 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 663.717723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 663.727090] Call Trace: [ 663.729700] dump_stack+0x172/0x1f0 [ 663.733349] dump_header+0x15e/0x929 [ 663.737089] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 663.742210] ? ___ratelimit+0x60/0x595 [ 663.746109] ? do_raw_spin_unlock+0x57/0x270 [ 663.750541] oom_kill_process.cold+0x10/0x6f5 [ 663.755058] ? task_will_free_mem+0x139/0x6e0 [ 663.759577] out_of_memory+0x936/0x12d0 [ 663.763569] ? lock_downgrade+0x810/0x810 [ 663.767732] ? oom_killer_disable+0x280/0x280 [ 663.772238] ? find_held_lock+0x35/0x130 [ 663.776319] mem_cgroup_out_of_memory+0x1d2/0x240 [ 663.781171] ? memcg_event_wake+0x230/0x230 [ 663.785501] ? do_raw_spin_unlock+0x57/0x270 [ 663.789962] ? _raw_spin_unlock+0x2d/0x50 [ 663.794120] try_charge+0x1028/0x15b0 [ 663.797930] ? find_held_lock+0x35/0x130 [ 663.802013] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 663.806870] ? kasan_check_read+0x11/0x20 [ 663.811142] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 663.816002] mem_cgroup_try_charge+0x24d/0x5e0 [ 663.820597] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 663.825534] wp_page_copy+0x430/0x16a0 [ 663.829434] ? follow_pfn+0x2a0/0x2a0 [ 663.833246] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 663.838361] ? kasan_check_read+0x11/0x20 [ 663.842520] ? do_raw_spin_unlock+0x57/0x270 [ 663.846943] do_wp_page+0x57d/0x10b0 [ 663.850678] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 663.855353] ? kasan_check_write+0x14/0x20 [ 663.859601] ? do_raw_spin_lock+0xc8/0x240 [ 663.863850] __handle_mm_fault+0x230a/0x3f80 [ 663.868272] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 663.873130] ? find_held_lock+0x35/0x130 [ 663.874095] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 663.877198] ? handle_mm_fault+0x322/0xb30 [ 663.877229] ? kasan_check_read+0x11/0x20 [ 663.877253] handle_mm_fault+0x43f/0xb30 [ 663.885481] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 663.888931] __do_page_fault+0x62a/0xe90 01:46:30 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, 0x0) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:30 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x200000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:30 executing program 5: mmap(&(0x7f0000002000/0x2000)=nil, 0x2000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000740)='\x00\a\x00\x00\x00\x00\x00\x00\x00G\xe3U:Q<\x16%\x98\xff\xf2\xbe\xeb\x88i\x16\x02\xb5\x83\x19\xf3w\x18\xd7\x96\x05\x00y\x93\xd3W\xc4-l\xcf\xa5R\xf4RF\xf2>Ihm\xe2\x86\xd2\xf1\xd6\xb6\xff<\xa4}\xcb\x99\x9fq\x1dF\xe0\x90\xb3\xe3\x05Y\xfex\x0f\x17\xf7s\xd51\xdf\xeb\xa5\x03\xf7\xaf\xb0\x1d@p5\x9c|\xd3\xdc\xa8\x025\x87tT&|i\xc9\xa8\x95\\\xf2\xb5\ay\xc8\xc8R\x92\xf1#\x9bsm\xf6F\x83\xd7\x13L\x94\xf8}\xc7m>\xe4]\xde\xfa=d\xc5\xf7\x115\xd7!w\xda\xd3H\x06c)\xb4\xf3\xbc\x0f\xe3V\x9d\xf8\x8b|1\r\xd4X\xae\\\xd5\x9a4J\n\xac\xd1\x9f\a\xa0\xf6\x97zr\x0f\x04\x00\x00\x00\x1f\xe0\f,\x9e\x13\xdf\xf4\xc3)mzB\xe0Y\xc3n|M\xc5\xf7\xd0\x94\xfb\x19\x9b\xefS\xf8zi0\xb5v\xde\xed\xccl\xe9\x0e-\xef\x9dN&%\x80A\xacn\x8c~7\x18\x94\x94\xd9\x8f\xd1\xe13\xd9\xa6\xb3\xa7\xf3\xcf\xb3,\x9b\xd8x\x94\xb7\x8f\xcf?\xda\v\xe7\xd2!\x8c\xa8\xe3F\x81\xee\x1c\x1c\xa7\xbcnU!R\xbc,T\xbeA\xe3\x15E\x15:f0\"\x9fJ\xc1Z\xeeu\'\x7f\xc1\x1c\xcb\x04\xf34F[\xf7\xc8VK\xad\x90') getdents64(r0, &(0x7f0000000980)=""/184, 0x76eae5066a8e28c6) 01:46:30 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") r2 = syz_open_dev$midi(&(0x7f0000000080)='/dev/midi#\x00', 0x3, 0x6000) r3 = syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0x0, 0x8000) openat$cgroup_ro(r3, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r4, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r4, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x800000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r4, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) getsockopt$EBT_SO_GET_INIT_INFO(r2, 0x0, 0x82, &(0x7f00000002c0)={'filter\x00'}, &(0x7f0000000140)=0x78) 01:46:30 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x3300000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 663.888955] ? vmalloc_fault+0x770/0x770 [ 663.888972] ? trace_hardirqs_off_caller+0x65/0x220 [ 663.889046] ? trace_hardirqs_on_caller+0x6a/0x220 [ 663.923795] ? page_fault+0x8/0x30 [ 663.927359] do_page_fault+0x71/0x581 [ 663.931175] ? page_fault+0x8/0x30 [ 663.934734] page_fault+0x1e/0x30 [ 663.938201] RIP: 0033:0x40e361 [ 663.941401] Code: 31 c3 89 f8 89 c6 81 e6 ff 1f 00 00 8b 14 b5 00 00 73 00 39 d7 74 22 85 d2 74 7e 83 c0 01 41 39 c0 75 e1 89 f8 25 ff 1f 00 00 <89> 3c 85 00 00 73 00 83 c5 01 e8 00 33 ff ff 41 83 c7 01 45 39 7c [ 663.960304] RSP: 002b:00007fffea33a1e0 EFLAGS: 00010206 [ 663.965676] RAX: 000000000000175c RBX: 0000000070f499d3 RCX: 0000001b30920000 [ 663.972956] RDX: 000000003a6fd75f RSI: 000000000000175f RDI: 00000000511dd75c [ 663.980243] RBP: 0000000000000002 R08: 00000000511dd760 R09: 00000000000a1eca [ 663.987612] R10: 00007fffea33a360 R11: 0000000000000246 R12: 000000000073c028 [ 663.994905] R13: 00007f546a78d004 R14: 00007f546a78d000 R15: 000000000000000c [ 664.006771] Task in /syz3 killed as a result of limit of /syz3 [ 664.013570] memory: usage 307200kB, limit 307200kB, failcnt 2838 [ 664.030739] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 664.046373] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 664.054100] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 664.060254] Memory cgroup stats for /syz3: cache:88KB rss:195796KB rss_huge:147456KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:195832KB inactive_file:0KB active_file:0KB unevictable:0KB [ 664.170760] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 664.204618] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 664.215290] Memory cgroup out of memory: Kill process 7218 (syz-executor.3) score 124 or sacrifice child [ 664.233023] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 664.242374] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 664.249861] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 664.259801] Killed process 7219 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB [ 664.303204] FS-Cache: Duplicate cookie detected [ 664.308094] FS-Cache: O-cookie c=00000000c3e95a0b [p=000000004114b303 fl=222 nc=0 na=1] [ 664.316670] FS-Cache: O-cookie d=00000000656b88e0 n=00000000409a8a71 [ 664.324160] FS-Cache: O-key=[10] '02000200000002000000' [ 664.329969] FS-Cache: N-cookie c=000000002c96a5e5 [p=000000004114b303 fl=2 nc=0 na=1] [ 664.338130] FS-Cache: N-cookie d=00000000656b88e0 n=0000000055033c72 [ 664.342807] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 664.344770] FS-Cache: N-key=[10] '02000200000002000000' [ 664.359858] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 664.392471] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 664.421791] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 664.427248] CPU: 0 PID: 7943 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 664.434205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 664.443566] Call Trace: [ 664.446185] dump_stack+0x172/0x1f0 [ 664.449837] dump_header+0x15e/0x929 [ 664.453563] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 664.453592] ? ___ratelimit+0x60/0x595 [ 664.453609] ? do_raw_spin_unlock+0x57/0x270 [ 664.453633] oom_kill_process.cold+0x10/0x6f5 [ 664.462621] ? task_will_free_mem+0x139/0x6e0 [ 664.462641] out_of_memory+0x936/0x12d0 [ 664.462661] ? oom_killer_disable+0x280/0x280 [ 664.462674] ? find_held_lock+0x35/0x130 [ 664.462699] mem_cgroup_out_of_memory+0x1d2/0x240 [ 664.493401] ? memcg_event_wake+0x230/0x230 [ 664.497751] ? do_raw_spin_unlock+0x57/0x270 [ 664.502183] ? _raw_spin_unlock+0x2d/0x50 [ 664.506349] try_charge+0xd25/0x15b0 [ 664.510055] ? find_held_lock+0x35/0x130 [ 664.514113] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 664.518951] ? kasan_check_read+0x11/0x20 [ 664.523092] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 664.527936] mem_cgroup_try_charge+0x24d/0x5e0 [ 664.532518] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 664.537439] wp_page_copy+0x430/0x16a0 [ 664.541323] ? follow_pfn+0x2a0/0x2a0 [ 664.545125] ? kasan_check_read+0x11/0x20 [ 664.549361] ? do_raw_spin_unlock+0x57/0x270 [ 664.553762] do_wp_page+0x57d/0x10b0 [ 664.557480] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 664.562139] ? kasan_check_write+0x14/0x20 [ 664.573651] ? do_raw_spin_lock+0xc8/0x240 [ 664.577881] __handle_mm_fault+0x230a/0x3f80 [ 664.582281] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 664.587110] ? find_held_lock+0x35/0x130 [ 664.591160] ? handle_mm_fault+0x322/0xb30 [ 664.595391] ? kasan_check_read+0x11/0x20 [ 664.599529] handle_mm_fault+0x43f/0xb30 [ 664.603592] __do_page_fault+0x62a/0xe90 [ 664.607642] ? blkcg_print_stat+0xb90/0xb90 [ 664.611956] ? vmalloc_fault+0x770/0x770 [ 664.616018] ? trace_hardirqs_off_caller+0x65/0x220 [ 664.621022] ? trace_hardirqs_on_caller+0x6a/0x220 [ 664.625952] ? page_fault+0x8/0x30 [ 664.629486] do_page_fault+0x71/0x581 [ 664.633274] ? page_fault+0x8/0x30 [ 664.636802] page_fault+0x1e/0x30 [ 664.640254] RIP: 0033:0x404c58 [ 664.643451] Code: a4 02 00 00 80 3d 3f b8 64 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 2c b8 64 00 39 45 24 0f 84 f7 01 00 00 44 8b a5 80 00 00 00 13 d2 ff ff 48 2b 05 ac 33 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 664.662341] RSP: 002b:00007f546898bc90 EFLAGS: 00010246 [ 664.667694] RAX: 00007f546a98d000 RBX: 0000000000000bd1 RCX: 0000000000458c29 [ 664.674962] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 664.682220] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 664.689473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 664.696730] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 664.710536] Task in /syz3 killed as a result of limit of /syz3 [ 664.717594] memory: usage 306992kB, limit 307200kB, failcnt 2839 [ 664.724972] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 664.732846] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 664.739879] Memory cgroup stats for /syz3: cache:88KB rss:195796KB rss_huge:147456KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:195828KB inactive_file:0KB active_file:0KB unevictable:0KB [ 664.762896] Memory cgroup out of memory: Kill process 7218 (syz-executor.3) score 124 or sacrifice child [ 664.797189] Killed process 7218 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:35804kB, shmem-rss:0kB [ 664.831416] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 664.844586] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 664.850100] CPU: 1 PID: 7960 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 664.856938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 664.866374] Call Trace: [ 664.868972] dump_stack+0x172/0x1f0 [ 664.872611] dump_header+0x15e/0x929 [ 664.876330] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 664.881437] ? ___ratelimit+0x60/0x595 [ 664.885330] ? do_raw_spin_unlock+0x57/0x270 [ 664.889738] oom_kill_process.cold+0x10/0x6f5 [ 664.894244] ? task_will_free_mem+0x139/0x6e0 [ 664.898846] out_of_memory+0x936/0x12d0 [ 664.902832] ? oom_killer_disable+0x280/0x280 [ 664.907326] ? find_held_lock+0x35/0x130 [ 664.911407] mem_cgroup_out_of_memory+0x1d2/0x240 [ 664.916253] ? memcg_event_wake+0x230/0x230 [ 664.920578] ? do_raw_spin_unlock+0x57/0x270 [ 664.924982] ? _raw_spin_unlock+0x2d/0x50 [ 664.929123] try_charge+0xd25/0x15b0 [ 664.932836] ? find_held_lock+0x35/0x130 [ 664.936914] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 664.941767] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 664.946614] ? find_held_lock+0x35/0x130 [ 664.950671] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 664.955518] memcg_kmem_charge_memcg+0x7c/0x130 [ 664.960212] ? memcg_kmem_put_cache+0xb0/0xb0 [ 664.964703] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 664.969556] memcg_kmem_charge+0x136/0x300 [ 664.973802] __alloc_pages_nodemask+0x3c6/0x760 [ 664.978480] ? __alloc_pages_slowpath+0x2870/0x2870 [ 664.983492] ? lockdep_hardirqs_on+0x415/0x5d0 [ 664.988069] ? __lock_acquire+0x6eb/0x48f0 [ 664.992304] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 664.997416] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 665.002950] alloc_pages_current+0x107/0x210 [ 665.007359] pte_alloc_one+0x1b/0x1a0 [ 665.011159] __handle_mm_fault+0x3533/0x3f80 [ 665.015578] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 665.020413] ? find_held_lock+0x35/0x130 [ 665.024471] ? handle_mm_fault+0x322/0xb30 [ 665.028712] ? kasan_check_read+0x11/0x20 [ 665.032864] handle_mm_fault+0x43f/0xb30 [ 665.036930] __do_page_fault+0x62a/0xe90 [ 665.041140] ? vmalloc_fault+0x770/0x770 [ 665.045205] ? trace_hardirqs_off_caller+0x65/0x220 [ 665.050209] ? trace_hardirqs_on_caller+0x6a/0x220 [ 665.055135] ? page_fault+0x8/0x30 [ 665.058670] do_page_fault+0x71/0x581 [ 665.062471] ? page_fault+0x8/0x30 [ 665.066012] page_fault+0x1e/0x30 [ 665.070582] RIP: 0033:0x458c29 [ 665.073786] Code: Bad RIP value. [ 665.077146] RSP: 002b:00007f546898bc78 EFLAGS: 00010246 [ 665.082507] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000458c29 [ 665.089782] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 665.097041] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 665.104316] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546898c6d4 [ 665.111591] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 665.121896] Task in /syz3 killed as a result of limit of /syz3 [ 665.127924] memory: usage 304684kB, limit 307200kB, failcnt 2839 [ 665.134335] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 665.141206] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 665.147346] Memory cgroup stats for /syz3: cache:88KB rss:193760KB rss_huge:145408KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:193692KB inactive_file:0KB active_file:0KB unevictable:0KB [ 665.168666] Memory cgroup out of memory: Kill process 23861 (syz-executor.3) score 124 or sacrifice child [ 665.178666] Killed process 23861 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:35800kB, shmem-rss:0kB [ 665.218393] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 665.229941] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 665.235799] CPU: 1 PID: 7936 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 665.242643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 665.251996] Call Trace: [ 665.254609] dump_stack+0x172/0x1f0 [ 665.258253] dump_header+0x15e/0x929 [ 665.261968] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 665.267063] ? ___ratelimit+0x60/0x595 [ 665.270960] oom_kill_process.cold+0x10/0x6f5 [ 665.275470] ? task_will_free_mem+0x139/0x6e0 [ 665.279974] out_of_memory+0x936/0x12d0 [ 665.283946] ? oom_killer_disable+0x280/0x280 [ 665.288433] ? find_held_lock+0x35/0x130 [ 665.292515] mem_cgroup_out_of_memory+0x1d2/0x240 [ 665.297360] ? memcg_event_wake+0x230/0x230 [ 665.301731] ? do_raw_spin_unlock+0x57/0x270 [ 665.306144] ? _raw_spin_unlock+0x2d/0x50 [ 665.310298] try_charge+0xd25/0x15b0 [ 665.314016] ? find_held_lock+0x35/0x130 [ 665.318099] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 665.322956] ? kasan_check_read+0x11/0x20 [ 665.327107] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 665.331958] mem_cgroup_try_charge+0x24d/0x5e0 [ 665.336563] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 665.341493] wp_page_copy+0x430/0x16a0 [ 665.345421] ? follow_pfn+0x2a0/0x2a0 [ 665.349234] ? kasan_check_read+0x11/0x20 [ 665.353394] ? do_raw_spin_unlock+0x57/0x270 [ 665.357814] do_wp_page+0x57d/0x10b0 [ 665.361537] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 665.366197] ? kasan_check_write+0x14/0x20 [ 665.370426] ? do_raw_spin_lock+0xc8/0x240 [ 665.374665] __handle_mm_fault+0x230a/0x3f80 [ 665.379103] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 665.383958] ? find_held_lock+0x35/0x130 [ 665.388017] ? handle_mm_fault+0x322/0xb30 [ 665.392262] ? kasan_check_read+0x11/0x20 [ 665.396420] handle_mm_fault+0x43f/0xb30 [ 665.400517] __do_page_fault+0x62a/0xe90 [ 665.404580] ? vmalloc_fault+0x770/0x770 [ 665.408634] ? trace_hardirqs_off_caller+0x65/0x220 [ 665.413655] ? trace_hardirqs_on_caller+0x6a/0x220 [ 665.418587] ? page_fault+0x8/0x30 [ 665.422121] do_page_fault+0x71/0x581 [ 665.425925] ? page_fault+0x8/0x30 [ 665.430671] page_fault+0x1e/0x30 [ 665.434129] RIP: 0033:0x4144b3 [ 665.437331] Code: e9 4c 89 e2 ff 74 24 48 4c 8b 4c 24 10 89 ee 4c 8b 44 24 18 48 89 df e8 cb f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 48 f7 d8 <64> 89 04 25 d4 ff ff ff 48 83 c8 ff c3 48 81 ec 98 00 00 00 31 ff [ 665.456253] RSP: 002b:00007f546898bc78 EFLAGS: 00010217 [ 665.462846] RAX: 0000000000000065 RBX: 0000000000000005 RCX: 0000000000458c29 [ 665.470111] RDX: 0000000020000380 RSI: 0000000020000180 RDI: 0000000000000000 [ 665.477382] RBP: 000000000073bf00 R08: 0000000020000000 R09: 0000000000000000 [ 665.484644] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546898c6d4 [ 665.491917] R13: 00000000004c4c0e R14: 00000000004d8888 R15: 00000000ffffffff [ 665.501439] Task in /syz3 killed as a result of limit of /syz3 [ 665.508028] memory: usage 302368kB, limit 307200kB, failcnt 2839 [ 665.515639] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 665.522807] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 665.529083] Memory cgroup stats for /syz3: cache:88KB rss:191584KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:191544KB inactive_file:0KB active_file:0KB unevictable:0KB [ 665.550820] Memory cgroup out of memory: Kill process 23942 (syz-executor.3) score 124 or sacrifice child 01:46:32 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(&(0x7f0000000200)=ANY=[@ANYBLOB="2f6465762f736730009791823eff22ee71a16c46979d77bc99d5b4a3ea2759facd99071edb55e224547bbc3911f2067eb43b1d1898e155b47a03c1b558266cd381f9c2699a9501738529b88f67c9cf10599b617ccf3540e1dae2b03a2c935348cfa563bb6782f5a3e699f43bf144e5f58d680756b8ce7f10ad3c215e839eb21efc69888f9d33124a8035c071ce0a533a0cd4e8f618115edeecd41d40fe345e86dbc671fff758f7f703c70e10b473b9e8f2b0ae8d7f770adb17161eb0c6e0ca36b8a823ce06312754"], &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='nsfs\x00', 0x1000000, &(0x7f00000001c0)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4') getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000500)=ANY=[@ANYRES32=0x0, @ANYBLOB="b80000009df1dfb3757af6c06afb91afb3b2fe22761ce42dc503a8a94397c163980a2fde3dd5b1450076b249efedd3e28f49431c58f31ff033799ef708d514978cfac374ef135340783a1372bc16d8afc426b73afb3d88aabfdbcc35e81350eafb4b01f9ec63617776ed51744c00000000000096d700e8eb086eea1e47a2b15af6dcadac35cbf1b599d6c7123a7b4adfbf78dbaa22e75b5843ce167bd340dbb0d9ecada0d5ffe643558ec68f1d47426d697378b1ea8c5390a0cdb49ce0eb47e195a89ef9d3b0e005e999bd4323adaa130bbd708d2c5edffa9211d8867f1fc2474275c0e247fed405054e4152363e5f5299e55c9e5f56527b551a04d755bc3e"], &(0x7f0000000080)=0xc0) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000300)={0x8, 0x4, 0x7f, 0x5, r3}, 0x10) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) [ 665.561102] Killed process 23942 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:35800kB, shmem-rss:0kB [ 665.586339] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 665.601892] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 665.607502] CPU: 0 PID: 7997 Comm: syz-executor.4 Not tainted 4.19.35 #3 01:46:32 executing program 5: getrandom(&(0x7f0000000040)=""/44, 0x52a1, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x73380100, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x38, 0x10, 0x501, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x18, 0x12, @sit={{0x8, 0x1, 'sit\x00'}, {0xc, 0x2, [@tunl_policy=[@IFLA_IPTUN_ENCAP_FLAGS={0x8, 0x3}]]}}}]}, 0x38}}, 0x0) 01:46:32 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x3b00000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:32 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:32 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x40, 0x10, 0x409, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @gretap={{0xc, 0x1, 'gretap\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}], @gre_common_policy=[@IFLA_GRE_ENCAP_TYPE={0x8}]]}}}]}, 0x40}}, 0x0) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000140)=0x73) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f0000000500)={0x1f, 0x0, 0x289f}) ioctl$SNDRV_TIMER_IOCTL_START(r4, 0x54a0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r4, 0xc1205531, &(0x7f00000003c0)={0x8, 0x6, 0x4, 0x2, [], [], [], 0x4000000000000000, 0x2, 0x12b, 0x0, "88ed872add0966b0ec4e50829ee774d9"}) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000080)=0x9d, 0x4) r5 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7215c1e9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1000000000004c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000100)={0x0, 0x80000, r4}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000200)={r6, 0x80000, r5}) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r4, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$UFFDIO_UNREGISTER(r4, 0x8010aa01, &(0x7f00000002c0)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}) prctl$PR_SET_PDEATHSIG(0x1, 0x3f) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 665.614353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 665.623720] Call Trace: [ 665.626326] dump_stack+0x172/0x1f0 [ 665.629971] dump_header+0x15e/0x929 [ 665.633788] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 665.638905] ? ___ratelimit+0x60/0x595 [ 665.642808] ? do_raw_spin_unlock+0x57/0x270 [ 665.647251] oom_kill_process.cold+0x10/0x6f5 [ 665.651769] ? task_will_free_mem+0x139/0x6e0 [ 665.656289] out_of_memory+0x936/0x12d0 [ 665.660287] ? oom_killer_disable+0x280/0x280 [ 665.664792] ? find_held_lock+0x35/0x130 01:46:32 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x3c00000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 665.668877] mem_cgroup_out_of_memory+0x1d2/0x240 [ 665.673850] ? memcg_event_wake+0x230/0x230 [ 665.678184] ? do_raw_spin_unlock+0x57/0x270 [ 665.678202] ? _raw_spin_unlock+0x2d/0x50 [ 665.678221] try_charge+0x1028/0x15b0 [ 665.686762] ? find_held_lock+0x35/0x130 [ 665.686788] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 665.686804] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 665.704340] ? find_held_lock+0x35/0x130 [ 665.708423] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 665.713296] memcg_kmem_charge_memcg+0x7c/0x130 01:46:32 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x40000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) [ 665.717984] ? memcg_kmem_put_cache+0xb0/0xb0 [ 665.722511] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 665.727384] memcg_kmem_charge+0x136/0x300 [ 665.731638] __alloc_pages_nodemask+0x3c6/0x760 [ 665.736326] ? __alloc_pages_slowpath+0x2870/0x2870 [ 665.741360] ? find_held_lock+0x35/0x130 [ 665.745432] ? copy_page_range+0x124f/0x1f90 [ 665.749862] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 665.755524] alloc_pages_current+0x107/0x210 [ 665.759953] pte_alloc_one+0x1b/0x1a0 [ 665.763770] __pte_alloc+0x2a/0x360 01:46:32 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x4305000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 665.767412] copy_page_range+0x151f/0x1f90 [ 665.771690] ? pmd_alloc+0x180/0x180 [ 665.775414] ? __vma_link_rb+0x279/0x370 [ 665.779501] copy_process.part.0+0x5434/0x7970 [ 665.784130] ? __cleanup_sighand+0x70/0x70 [ 665.788400] _do_fork+0x257/0xfe0 [ 665.791873] ? fork_idle+0x1d0/0x1d0 [ 665.795606] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 665.800386] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 665.805176] ? do_syscall_64+0x26/0x610 [ 665.809171] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 665.814542] ? do_syscall_64+0x26/0x610 [ 665.818533] __x64_sys_clone+0xbf/0x150 [ 665.822523] do_syscall_64+0x103/0x610 [ 665.826428] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 665.831632] RIP: 0033:0x458c29 [ 665.834837] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 665.853755] RSP: 002b:00007f90eb536c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 665.861496] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 665.868780] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0200000000000000 [ 665.876067] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 665.883347] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f90eb5376d4 [ 665.890626] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 665.903797] Task in /syz4 killed as a result of limit of /syz4 [ 665.923398] memory: usage 307200kB, limit 307200kB, failcnt 1595 [ 665.945754] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 666.006404] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 666.020970] Memory cgroup stats for /syz4: cache:20KB rss:184620KB rss_huge:124928KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:184808KB inactive_file:4KB active_file:4KB unevictable:0KB [ 666.048901] Memory cgroup out of memory: Kill process 24185 (syz-executor.4) score 1113 or sacrifice child [ 666.072978] IPVS: ftp: loaded support on port[0] = 21 [ 666.087460] Killed process 24185 (syz-executor.4) total-vm:72452kB, anon-rss:2188kB, file-rss:35804kB, shmem-rss:0kB [ 666.146621] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 01:46:32 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x800000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:32 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x800e000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:32 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:32 executing program 5: [ 666.186848] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 666.219204] CPU: 1 PID: 8017 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 666.226119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 666.235493] Call Trace: [ 666.238102] dump_stack+0x172/0x1f0 [ 666.241750] dump_header+0x15e/0x929 [ 666.245493] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 666.250616] ? ___ratelimit+0x60/0x595 [ 666.254508] ? do_raw_spin_unlock+0x57/0x270 [ 666.258921] oom_kill_process.cold+0x10/0x6f5 [ 666.263440] ? task_will_free_mem+0x139/0x6e0 [ 666.267949] out_of_memory+0x936/0x12d0 [ 666.271947] ? oom_killer_disable+0x280/0x280 [ 666.276465] ? find_held_lock+0x35/0x130 [ 666.280550] mem_cgroup_out_of_memory+0x1d2/0x240 [ 666.285407] ? memcg_event_wake+0x230/0x230 [ 666.289758] ? do_raw_spin_unlock+0x57/0x270 [ 666.294216] ? _raw_spin_unlock+0x2d/0x50 [ 666.298376] try_charge+0x1028/0x15b0 [ 666.302187] ? find_held_lock+0x35/0x130 [ 666.306262] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 666.311130] ? kasan_check_read+0x11/0x20 [ 666.315295] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 666.320141] mem_cgroup_try_charge+0x24d/0x5e0 [ 666.324738] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 666.329682] wp_page_copy+0x430/0x16a0 [ 666.333589] ? follow_pfn+0x2a0/0x2a0 01:46:32 executing program 0: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x0, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$bt_rfcomm(r2, &(0x7f0000000080)={0x1f, {0x0, 0x95, 0x1, 0x5d0, 0x5, 0x5e6b}, 0x7bdd}, 0xa) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:32 executing program 5: [ 666.337400] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 666.342521] ? kasan_check_read+0x11/0x20 [ 666.346677] ? do_raw_spin_unlock+0x57/0x270 [ 666.351098] do_wp_page+0x57d/0x10b0 [ 666.354821] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 666.359499] ? kasan_check_write+0x14/0x20 [ 666.363744] ? do_raw_spin_lock+0xc8/0x240 [ 666.367994] __handle_mm_fault+0x230a/0x3f80 [ 666.372430] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 666.377290] ? find_held_lock+0x35/0x130 [ 666.381364] ? handle_mm_fault+0x322/0xb30 [ 666.385620] ? kasan_check_read+0x11/0x20 [ 666.389782] handle_mm_fault+0x43f/0xb30 [ 666.393859] __do_page_fault+0x62a/0xe90 [ 666.397937] ? vmalloc_fault+0x770/0x770 [ 666.402011] ? trace_hardirqs_off_caller+0x65/0x220 [ 666.407049] ? trace_hardirqs_on_caller+0x6a/0x220 [ 666.411996] ? page_fault+0x8/0x30 [ 666.415562] do_page_fault+0x71/0x581 [ 666.419374] ? page_fault+0x8/0x30 [ 666.422933] page_fault+0x1e/0x30 [ 666.426389] RIP: 0033:0x4323be 01:46:33 executing program 5: [ 666.429591] Code: 15 db 2b 62 00 4c 89 c0 85 d2 0f 85 74 01 00 00 48 83 c4 08 5b 5d 41 5c 41 5d c3 90 be 01 00 00 00 83 3d 8c 43 62 00 00 74 08 0f b1 33 75 07 eb 1b 0f b1 33 74 16 48 8d 3b 48 81 ec 80 00 00 [ 666.448491] RSP: 002b:00007fffea33a160 EFLAGS: 00010202 [ 666.453853] RAX: 0000000000000000 RBX: 0000000000713640 RCX: 0000000000458c7a [ 666.453861] RDX: 0000000000000011 RSI: 0000000000000001 RDI: 0000000000000011 [ 666.453867] RBP: 0000000000000110 R08: ffffffffffffffff R09: 0000000000000000 [ 666.453874] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffea33a370 01:46:33 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x8035000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 666.453880] R13: 00007f546894a700 R14: 0000000000000003 R15: 000000000073c04c 01:46:33 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x8100000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:33 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xa02000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 666.700174] Task in /syz3 killed as a result of limit of /syz3 [ 666.720910] memory: usage 307200kB, limit 307200kB, failcnt 2905 [ 666.727121] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 666.741827] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 666.748022] Memory cgroup stats for /syz3: cache:88KB rss:195796KB rss_huge:147456KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:195880KB inactive_file:0KB active_file:0KB unevictable:0KB [ 666.769694] Memory cgroup out of memory: Kill process 7943 (syz-executor.3) score 124 or sacrifice child [ 666.779906] Killed process 7960 (syz-executor.3) total-vm:72584kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB [ 666.808107] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 666.821636] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 666.827065] CPU: 1 PID: 8030 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 666.833912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 666.843278] Call Trace: [ 666.845891] dump_stack+0x172/0x1f0 [ 666.849548] dump_header+0x15e/0x929 [ 666.853287] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 666.858413] ? ___ratelimit+0x60/0x595 [ 666.862310] ? do_raw_spin_unlock+0x57/0x270 [ 666.866734] oom_kill_process.cold+0x10/0x6f5 [ 666.871256] ? task_will_free_mem+0x139/0x6e0 [ 666.875772] out_of_memory+0x936/0x12d0 [ 666.879771] ? oom_killer_disable+0x280/0x280 [ 666.884278] ? find_held_lock+0x35/0x130 [ 666.888361] mem_cgroup_out_of_memory+0x1d2/0x240 [ 666.893219] ? memcg_event_wake+0x230/0x230 [ 666.897559] ? do_raw_spin_unlock+0x57/0x270 [ 666.901981] ? _raw_spin_unlock+0x2d/0x50 [ 666.906164] try_charge+0xd25/0x15b0 [ 666.909892] ? find_held_lock+0x35/0x130 [ 666.914065] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 666.918923] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 666.923778] ? find_held_lock+0x35/0x130 [ 666.927854] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 666.932722] memcg_kmem_charge_memcg+0x7c/0x130 [ 666.937407] ? memcg_kmem_put_cache+0xb0/0xb0 [ 666.942015] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 666.946871] memcg_kmem_charge+0x136/0x300 [ 666.951114] __alloc_pages_nodemask+0x3c6/0x760 [ 666.955794] ? __alloc_pages_slowpath+0x2870/0x2870 [ 666.960824] ? __lock_acquire+0x6eb/0x48f0 [ 666.960845] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 666.960865] alloc_pages_current+0x107/0x210 [ 666.960884] pte_alloc_one+0x1b/0x1a0 [ 666.960900] __handle_mm_fault+0x3533/0x3f80 [ 666.960917] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 666.970671] ? find_held_lock+0x35/0x130 [ 666.992147] ? handle_mm_fault+0x322/0xb30 [ 666.996412] ? kasan_check_read+0x11/0x20 [ 667.000573] handle_mm_fault+0x43f/0xb30 [ 667.004649] __do_page_fault+0x62a/0xe90 [ 667.008726] ? vmalloc_fault+0x770/0x770 [ 667.012804] ? trace_hardirqs_off_caller+0x65/0x220 [ 667.017830] ? trace_hardirqs_on_caller+0x6a/0x220 [ 667.022765] ? page_fault+0x8/0x30 [ 667.026315] do_page_fault+0x71/0x581 [ 667.030109] ? page_fault+0x8/0x30 [ 667.033649] page_fault+0x1e/0x30 [ 667.037099] RIP: 0033:0x458c29 [ 667.040292] Code: Bad RIP value. [ 667.043654] RSP: 002b:00007f546896ac78 EFLAGS: 00010246 [ 667.049022] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000458c29 [ 667.056286] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 667.063554] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 667.070818] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546896b6d4 [ 667.078088] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 667.086696] Task in /syz3 killed as a result of limit of /syz3 [ 667.092956] memory: usage 307080kB, limit 307200kB, failcnt 2905 [ 667.099101] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 667.106002] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 667.112201] Memory cgroup stats for /syz3: cache:88KB rss:195796KB rss_huge:147456KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:195784KB inactive_file:0KB active_file:0KB unevictable:0KB [ 667.133168] Memory cgroup out of memory: Kill process 7943 (syz-executor.3) score 124 or sacrifice child [ 667.142926] Killed process 7943 (syz-executor.3) total-vm:72716kB, anon-rss:2224kB, file-rss:35824kB, shmem-rss:0kB [ 667.157256] oom_reaper: reaped process 7943 (syz-executor.3), now anon-rss:0kB, file-rss:34864kB, shmem-rss:0kB [ 667.164402] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 667.184690] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 667.190157] CPU: 0 PID: 8026 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 667.196991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 667.206333] Call Trace: [ 667.208934] dump_stack+0x172/0x1f0 [ 667.212566] dump_header+0x15e/0x929 [ 667.216274] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 667.221374] ? ___ratelimit+0x60/0x595 [ 667.225268] ? do_raw_spin_unlock+0x57/0x270 [ 667.229679] oom_kill_process.cold+0x10/0x6f5 [ 667.234187] ? task_will_free_mem+0x139/0x6e0 [ 667.238683] out_of_memory+0x936/0x12d0 [ 667.242665] ? oom_killer_disable+0x280/0x280 [ 667.247170] ? find_held_lock+0x35/0x130 [ 667.251245] mem_cgroup_out_of_memory+0x1d2/0x240 [ 667.256134] ? memcg_event_wake+0x230/0x230 [ 667.260450] ? do_raw_spin_unlock+0x57/0x270 [ 667.264859] ? _raw_spin_unlock+0x2d/0x50 [ 667.269000] try_charge+0xd25/0x15b0 [ 667.272791] ? find_held_lock+0x35/0x130 [ 667.276856] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 667.281696] ? kasan_check_read+0x11/0x20 [ 667.285838] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 667.290680] mem_cgroup_try_charge+0x24d/0x5e0 [ 667.295272] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 667.300206] wp_page_copy+0x430/0x16a0 [ 667.304098] ? follow_pfn+0x2a0/0x2a0 [ 667.307892] ? kasan_check_read+0x11/0x20 [ 667.312045] ? do_raw_spin_unlock+0x57/0x270 [ 667.316458] do_wp_page+0x57d/0x10b0 [ 667.320180] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 667.324872] ? kasan_check_write+0x14/0x20 [ 667.329125] ? do_raw_spin_lock+0xc8/0x240 [ 667.333377] __handle_mm_fault+0x230a/0x3f80 [ 667.337784] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 667.342639] ? find_held_lock+0x35/0x130 [ 667.346706] ? handle_mm_fault+0x322/0xb30 [ 667.350957] ? kasan_check_read+0x11/0x20 [ 667.355298] handle_mm_fault+0x43f/0xb30 [ 667.359366] __do_page_fault+0x62a/0xe90 [ 667.363419] ? blkcg_print_stat+0xb90/0xb90 [ 667.367744] ? vmalloc_fault+0x770/0x770 [ 667.371796] ? trace_hardirqs_off_caller+0x65/0x220 [ 667.376818] ? trace_hardirqs_on_caller+0x6a/0x220 [ 667.381752] ? page_fault+0x8/0x30 [ 667.385291] do_page_fault+0x71/0x581 [ 667.389083] ? page_fault+0x8/0x30 [ 667.392614] page_fault+0x1e/0x30 [ 667.396056] RIP: 0033:0x404c58 [ 667.399248] Code: a4 02 00 00 80 3d 3f b8 64 00 00 c6 85 84 00 00 00 00 74 0f 8b 05 2c b8 64 00 39 45 24 0f 84 f7 01 00 00 44 8b a5 80 00 00 00 13 d2 ff ff 48 2b 05 ac 33 33 00 8b 75 00 49 89 d8 45 89 e1 4c [ 667.418164] RSP: 002b:00007f546896ac90 EFLAGS: 00010246 [ 667.423646] RAX: 00007f546a78d000 RBX: 0000000000000bd9 RCX: 0000000000458c29 [ 667.430912] RDX: 000000000003ffff RSI: 0000000000000000 RDI: 0000000000000000 [ 667.438185] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 667.445474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 667.454766] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 667.467298] Task in /syz3 killed as a result of limit of /syz3 [ 667.473955] memory: usage 304744kB, limit 307200kB, failcnt 2905 [ 667.480110] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 667.490351] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 667.496601] Memory cgroup stats for /syz3: cache:88KB rss:193624KB rss_huge:145408KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:193636KB inactive_file:0KB active_file:0KB unevictable:0KB [ 667.521221] Memory cgroup out of memory: Kill process 8014 (syz-executor.3) score 124 or sacrifice child [ 667.533877] Killed process 8014 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:35804kB, shmem-rss:0kB [ 667.584623] syz-executor.3 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=0 [ 667.599876] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 667.606218] CPU: 0 PID: 8018 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 667.613087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 667.622615] Call Trace: [ 667.625208] dump_stack+0x172/0x1f0 [ 667.628853] dump_header+0x15e/0x929 [ 667.632565] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 667.637675] ? ___ratelimit+0x60/0x595 [ 667.641559] ? do_raw_spin_unlock+0x57/0x270 [ 667.645973] oom_kill_process.cold+0x10/0x6f5 [ 667.650480] ? retint_kernel+0x2d/0x2d [ 667.654379] out_of_memory+0x936/0x12d0 [ 667.658350] ? oom_killer_disable+0x280/0x280 [ 667.662843] ? find_held_lock+0x35/0x130 [ 667.667080] mem_cgroup_out_of_memory+0x1d2/0x240 [ 667.671914] ? memcg_event_wake+0x230/0x230 [ 667.676231] ? do_raw_spin_unlock+0x57/0x270 [ 667.680636] ? _raw_spin_unlock+0x2d/0x50 [ 667.684792] try_charge+0xd25/0x15b0 [ 667.688537] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 667.693382] ? rcu_read_lock_sched_held+0x110/0x130 [ 667.698399] ? __alloc_pages_nodemask+0x63e/0x760 [ 667.703230] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 667.708000] memcg_kmem_charge_memcg+0x7c/0x130 [ 667.712667] ? memcg_kmem_put_cache+0xb0/0xb0 [ 667.717161] cache_grow_begin+0x25f/0x8c0 [ 667.721309] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 667.726838] ? __cpuset_node_allowed+0x136/0x540 [ 667.731594] fallback_alloc+0x1fd/0x2d0 [ 667.735569] ____cache_alloc_node+0x1be/0x1e0 [ 667.740054] kmem_cache_alloc+0x1f3/0x700 [ 667.744194] ? inet6_create+0x2ea/0xf80 [ 667.748163] sk_prot_alloc+0x67/0x2e0 [ 667.751954] ? lock_downgrade+0x810/0x810 [ 667.756093] sk_alloc+0x39/0xf70 [ 667.759462] inet6_create+0x360/0xf80 [ 667.763258] __sock_create+0x3e6/0x750 [ 667.767140] sock_create_kern+0x3b/0x50 [ 667.771192] inet_ctl_sock_create+0x9d/0x1f0 [ 667.775591] ? inet_current_timestamp+0xc0/0xc0 [ 667.780287] ? register_net_sysctl+0x29/0x30 [ 667.784716] tcpv6_net_init+0x2b/0x30 [ 667.788513] ? tcpv6_net_exit+0x80/0x80 [ 667.792477] ops_init+0xb6/0x410 [ 667.795835] setup_net+0x2d3/0x740 [ 667.799365] ? lock_acquire+0x16f/0x3f0 [ 667.803328] ? ops_init+0x410/0x410 [ 667.806952] copy_net_ns+0x1df/0x340 [ 667.810671] create_new_namespaces+0x400/0x7b0 [ 667.815250] copy_namespaces+0x351/0x3f0 [ 667.819308] copy_process.part.0+0x391d/0x7970 [ 667.823899] ? __cleanup_sighand+0x70/0x70 [ 667.828135] _do_fork+0x257/0xfe0 [ 667.831580] ? fork_idle+0x1d0/0x1d0 [ 667.835318] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 667.840058] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 667.844801] ? do_syscall_64+0x26/0x610 [ 667.848761] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 667.854110] ? do_syscall_64+0x26/0x610 [ 667.858081] __x64_sys_clone+0xbf/0x150 [ 667.862058] do_syscall_64+0x103/0x610 [ 667.865938] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 667.871116] RIP: 0033:0x458c29 [ 667.874305] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 667.893204] RSP: 002b:00007f546898bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 667.900901] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 667.908160] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000040000000 [ 667.915418] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 667.922676] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546898c6d4 [ 667.929933] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 667.948512] Task in /syz3 killed as a result of limit of /syz3 [ 667.957255] memory: usage 304852kB, limit 307200kB, failcnt 2905 [ 667.969142] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 667.976642] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 667.988759] Memory cgroup stats for /syz3: cache:88KB rss:195604KB rss_huge:147456KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:195692KB inactive_file:0KB active_file:0KB unevictable:0KB [ 667.990905] IPVS: ftp: loaded support on port[0] = 21 [ 668.017259] Memory cgroup out of memory: Kill process 23978 (syz-executor.3) score 124 or sacrifice child [ 668.029659] Killed process 23978 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:35800kB, shmem-rss:0kB [ 668.089016] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 668.111201] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 668.119235] CPU: 1 PID: 8039 Comm: syz-executor.0 Not tainted 4.19.35 #3 [ 668.126105] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 668.126112] Call Trace: [ 668.126141] dump_stack+0x172/0x1f0 [ 668.126161] dump_header+0x15e/0x929 [ 668.126179] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 668.126194] ? ___ratelimit+0x60/0x595 [ 668.126209] ? do_raw_spin_unlock+0x57/0x270 [ 668.126227] oom_kill_process.cold+0x10/0x6f5 [ 668.126247] ? task_will_free_mem+0x139/0x6e0 [ 668.126275] out_of_memory+0x936/0x12d0 [ 668.126297] ? oom_killer_disable+0x280/0x280 [ 668.126312] ? find_held_lock+0x35/0x130 [ 668.126339] mem_cgroup_out_of_memory+0x1d2/0x240 [ 668.126353] ? memcg_event_wake+0x230/0x230 [ 668.126370] ? do_raw_spin_unlock+0x57/0x270 [ 668.126385] ? _raw_spin_unlock+0x2d/0x50 [ 668.126404] try_charge+0x1028/0x15b0 [ 668.126417] ? find_held_lock+0x35/0x130 [ 668.126437] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 668.126457] ? kasan_check_read+0x11/0x20 [ 668.138414] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 668.138436] mem_cgroup_try_charge+0x24d/0x5e0 [ 668.138460] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 668.138478] wp_page_copy+0x430/0x16a0 [ 668.138500] ? follow_pfn+0x2a0/0x2a0 [ 668.145852] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 668.145874] ? kasan_check_read+0x11/0x20 [ 668.145893] ? do_raw_spin_unlock+0x57/0x270 [ 668.154874] do_wp_page+0x57d/0x10b0 [ 668.154894] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 668.154911] ? kasan_check_write+0x14/0x20 [ 668.154924] ? do_raw_spin_lock+0xc8/0x240 [ 668.154943] __handle_mm_fault+0x230a/0x3f80 [ 668.163842] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 668.163857] ? find_held_lock+0x35/0x130 [ 668.163869] ? handle_mm_fault+0x322/0xb30 [ 668.163897] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 668.163909] ? sync_mm_rss+0xa4/0x1c0 [ 668.163928] handle_mm_fault+0x43f/0xb30 [ 668.163952] __do_page_fault+0x62a/0xe90 [ 668.163975] ? vmalloc_fault+0x770/0x770 [ 668.163993] ? trace_hardirqs_off_caller+0x65/0x220 [ 668.164006] ? trace_hardirqs_on_caller+0x6a/0x220 [ 668.164024] ? page_fault+0x8/0x30 [ 668.164042] do_page_fault+0x71/0x581 [ 668.176975] ? page_fault+0x8/0x30 [ 668.176993] page_fault+0x1e/0x30 [ 668.177005] RIP: 0033:0x42fdb6 [ 668.177021] Code: 1f 44 00 00 48 29 e8 31 c9 48 81 fb 40 36 71 00 0f 95 c1 48 8d 34 2a 48 83 cd 01 48 c1 e1 02 48 83 c8 01 48 09 e9 48 89 73 58 <48> 89 4a 08 48 89 46 08 48 8d 4a 10 8b 05 ac 51 62 00 85 c0 0f 84 [ 668.185897] RSP: 002b:00007ffea8669910 EFLAGS: 00010206 [ 668.185912] RAX: 0000000000020371 RBX: 0000000000713640 RCX: 0000000000000121 [ 668.185921] RDX: 000000000138ab70 RSI: 000000000138ac90 RDI: 0000000000000000 [ 668.185930] RBP: 0000000000000121 R08: ffffffffffffffff R09: 0000000000000000 [ 668.185938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000713698 [ 668.185950] R13: 0000000000713698 R14: 0000000000000003 R15: 0000000000002710 [ 668.200861] Task in [ 668.222970] /syz0 [ 668.240801] killed as a result of limit of [ 668.249787] /syz0 [ 668.275612] memory: usage 307180kB, limit 307200kB, failcnt 3746 [ 668.281916] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 668.289480] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 668.303264] Memory cgroup stats for [ 668.316660] /syz0 [ 668.325416] : [ 668.337718] cache:92KB [ 668.359002] rss:198064KB rss_huge:147456KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:198264KB inactive_file:4KB active_file:0KB unevictable:8KB [ 668.464267] Memory cgroup out of memory: Kill process 5980 (syz-executor.0) score 120 or sacrifice child [ 668.477587] Killed process 5980 (syz-executor.0) total-vm:72848kB, anon-rss:2220kB, file-rss:34816kB, shmem-rss:0kB [ 668.505403] oom_reaper: reaped process 5980 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 668.521954] validate_nla: 13 callbacks suppressed [ 668.521963] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 668.527010] nla_parse: 12 callbacks suppressed [ 668.527020] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 668.594549] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 668.602300] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 668.741855] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 668.757317] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 668.877330] netlink: 'syz-executor.0': attribute type 29 has an invalid length. [ 668.889614] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. 01:46:43 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000140), 0xc}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) getsockopt$XDP_STATISTICS(r1, 0x11b, 0x7, &(0x7f0000000080), &(0x7f0000000100)=0x18) 01:46:43 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:43 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x86ddffff00000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:43 executing program 5: 01:46:43 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x3f00000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:43 executing program 0: 01:46:43 executing program 0: 01:46:43 executing program 5: 01:46:43 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x8847000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:43 executing program 0: 01:46:43 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) setsockopt$inet_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000080)=0xffffffffffffffff, 0x4) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) [ 677.079002] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 677.095717] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 01:46:43 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x8848000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:43 executing program 5: [ 677.182025] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 677.190422] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 01:46:43 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:43 executing program 5: 01:46:43 executing program 0: [ 677.328186] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 677.384506] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 677.398573] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 677.417262] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 677.541371] FS-Cache: Duplicate cookie detected [ 677.546526] FS-Cache: O-cookie c=0000000070ca9ad9 [p=000000004114b303 fl=222 nc=0 na=1] [ 677.555031] FS-Cache: O-cookie d=00000000656b88e0 n=00000000172f2d11 [ 677.561619] FS-Cache: O-key=[10] '02000200000002000000' [ 677.567088] FS-Cache: N-cookie c=000000005d4922a8 [p=000000004114b303 fl=2 nc=0 na=1] [ 677.575421] FS-Cache: N-cookie d=00000000656b88e0 n=0000000014f18808 [ 677.577283] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 677.582012] FS-Cache: N-key=[10] '02000200000002000000' [ 677.625171] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. [ 677.713220] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 677.729604] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 01:46:44 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x8864000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:44 executing program 5: 01:46:44 executing program 0: 01:46:44 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000001c0)='./file0\x00', 0x100) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getsockopt$IPT_SO_GET_REVISION_MATCH(r1, 0x0, 0x42, &(0x7f0000000080)={'icmp6\x00'}, &(0x7f0000000100)=0x1e) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:44 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x4000000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:44 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:44 executing program 0: 01:46:44 executing program 5: 01:46:44 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x88a8ffff00000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 677.955182] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 678.069482] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 01:46:44 executing program 0: 01:46:44 executing program 5: 01:46:44 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x88caffff00000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 678.165513] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 678.176577] netlink: 'syz-executor.1': attribute type 29 has an invalid length. [ 678.216803] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 678.233871] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 678.261077] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.1'. 01:46:44 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:44 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x8906000000000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:44 executing program 0: [ 678.294530] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 678.313415] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 678.344504] CPU: 1 PID: 8148 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 678.351417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 678.360788] Call Trace: [ 678.363405] dump_stack+0x172/0x1f0 [ 678.366731] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 678.367048] dump_header+0x15e/0x929 [ 678.379257] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 678.384404] ? ___ratelimit+0x60/0x595 [ 678.388311] ? do_raw_spin_unlock+0x57/0x270 [ 678.392742] oom_kill_process.cold+0x10/0x6f5 [ 678.397260] ? task_will_free_mem+0x139/0x6e0 [ 678.401779] out_of_memory+0x936/0x12d0 [ 678.405768] ? lock_downgrade+0x810/0x810 [ 678.409937] ? oom_killer_disable+0x280/0x280 [ 678.414439] ? find_held_lock+0x35/0x130 [ 678.418519] mem_cgroup_out_of_memory+0x1d2/0x240 [ 678.423396] ? memcg_event_wake+0x230/0x230 [ 678.427736] ? do_raw_spin_unlock+0x57/0x270 [ 678.432161] ? _raw_spin_unlock+0x2d/0x50 [ 678.436333] try_charge+0x1028/0x15b0 [ 678.440158] ? find_held_lock+0x35/0x130 [ 678.444249] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 678.449100] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 678.453959] ? find_held_lock+0x35/0x130 [ 678.458043] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 678.462914] memcg_kmem_charge_memcg+0x7c/0x130 [ 678.467693] ? memcg_kmem_put_cache+0xb0/0xb0 [ 678.472218] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 678.477085] memcg_kmem_charge+0x136/0x300 [ 678.485334] __alloc_pages_nodemask+0x3c6/0x760 [ 678.494198] ? __alloc_pages_slowpath+0x2870/0x2870 [ 678.499240] ? lockdep_hardirqs_on+0x415/0x5d0 [ 678.499264] ? trace_hardirqs_on+0x67/0x230 [ 678.508148] ? kasan_check_read+0x11/0x20 [ 678.508172] copy_process.part.0+0x3e0/0x7970 [ 678.508195] ? mark_held_locks+0x100/0x100 [ 678.521161] ? __might_fault+0x12b/0x1e0 [ 678.525279] ? __cleanup_sighand+0x70/0x70 [ 678.529536] ? lock_downgrade+0x810/0x810 [ 678.533719] _do_fork+0x257/0xfe0 [ 678.537194] ? fork_idle+0x1d0/0x1d0 [ 678.540942] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 678.545716] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 678.550485] ? do_syscall_64+0x26/0x610 [ 678.554466] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 678.554479] ? do_syscall_64+0x26/0x610 [ 678.554499] __x64_sys_clone+0xbf/0x150 [ 678.554518] do_syscall_64+0x103/0x610 [ 678.554537] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 678.554549] RIP: 0033:0x458c29 [ 678.554562] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 678.554573] RSP: 002b:00007f546896ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 678.607335] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 678.607357] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000802102001ffc [ 678.621887] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 678.621895] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546896b6d4 [ 678.621903] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 678.667466] Task in /syz3 killed as a result of limit of /syz3 [ 678.678449] memory: usage 307200kB, limit 307200kB, failcnt 2930 [ 678.706495] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 678.716098] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 678.726736] Memory cgroup stats for /syz3: cache:88KB rss:195808KB rss_huge:147456KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:195832KB inactive_file:4KB active_file:0KB unevictable:0KB [ 678.748801] Memory cgroup out of memory: Kill process 8128 (syz-executor.3) score 124 or sacrifice child [ 678.758912] Killed process 8128 (syz-executor.3) total-vm:72716kB, anon-rss:2224kB, file-rss:35812kB, shmem-rss:0kB [ 678.773972] oom_reaper: reaped process 8128 (syz-executor.3), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB [ 678.779132] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 678.797007] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 678.803051] CPU: 0 PID: 7738 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 678.809905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 678.819269] Call Trace: [ 678.821966] dump_stack+0x172/0x1f0 [ 678.825618] dump_header+0x15e/0x929 [ 678.829363] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 678.834479] ? ___ratelimit+0x60/0x595 [ 678.838488] ? do_raw_spin_unlock+0x57/0x270 [ 678.843021] oom_kill_process.cold+0x10/0x6f5 [ 678.847548] ? task_will_free_mem+0x139/0x6e0 [ 678.852066] out_of_memory+0x936/0x12d0 [ 678.856147] ? oom_killer_disable+0x280/0x280 [ 678.860650] ? find_held_lock+0x35/0x130 [ 678.864734] mem_cgroup_out_of_memory+0x1d2/0x240 [ 678.869589] ? memcg_event_wake+0x230/0x230 [ 678.874014] ? do_raw_spin_unlock+0x57/0x270 [ 678.878450] ? _raw_spin_unlock+0x2d/0x50 [ 678.882616] try_charge+0x1028/0x15b0 [ 678.886436] ? find_held_lock+0x35/0x130 [ 678.890517] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 678.895381] ? kasan_check_read+0x11/0x20 [ 678.899546] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 678.904404] mem_cgroup_try_charge+0x24d/0x5e0 [ 678.908993] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 678.913931] wp_page_copy+0x430/0x16a0 01:46:45 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) fcntl$F_SET_FILE_RW_HINT(r0, 0x40e, &(0x7f0000000080)=0x5) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000100)={0x7, 0x70, 0x4, 0x6, 0x8, 0x7, 0x0, 0x0, 0x80000, 0x4, 0x6, 0x9, 0xffff, 0x800, 0xaee, 0x7164c0f8, 0x0, 0x100000000, 0x5, 0x9, 0xce1, 0x0, 0x4, 0x4, 0x8001, 0x80, 0x7, 0x2, 0xff, 0x6, 0x39c8, 0x20, 0x6, 0x3, 0x9, 0x6, 0x6, 0x3, 0x0, 0x3, 0x4, @perf_config_ext={0x3, 0xe8c}, 0x2, 0x5, 0x766, 0x0, 0x70, 0x14, 0x80}, 0x0, 0x8, 0xffffffffffffffff, 0x1) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:45 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340), 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:45 executing program 5: 01:46:45 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x89ffffff00000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:45 executing program 0: 01:46:45 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x5403000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 678.917837] ? follow_pfn+0x2a0/0x2a0 [ 678.921655] ? kasan_check_read+0x11/0x20 [ 678.925822] ? do_raw_spin_unlock+0x57/0x270 [ 678.930242] do_wp_page+0x57d/0x10b0 [ 678.934076] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 678.938762] ? kasan_check_write+0x14/0x20 [ 678.943009] ? do_raw_spin_lock+0xc8/0x240 [ 678.947266] __handle_mm_fault+0x230a/0x3f80 [ 678.951699] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 678.956750] ? find_held_lock+0x35/0x130 [ 678.960825] ? handle_mm_fault+0x322/0xb30 [ 678.965090] ? kasan_check_read+0x11/0x20 [ 678.969253] handle_mm_fault+0x43f/0xb30 [ 678.973337] __do_page_fault+0x62a/0xe90 [ 678.977420] ? vmalloc_fault+0x770/0x770 [ 678.981498] ? trace_hardirqs_off_caller+0x65/0x220 [ 678.986540] ? trace_hardirqs_on_caller+0x6a/0x220 [ 678.991500] ? page_fault+0x8/0x30 [ 678.995055] do_page_fault+0x71/0x581 [ 678.998865] ? page_fault+0x8/0x30 [ 679.002533] page_fault+0x1e/0x30 [ 679.005989] RIP: 0033:0x404559 [ 679.009197] Code: e7 c7 44 24 0c 78 00 00 00 e8 13 72 05 00 85 c0 0f 85 8d 01 00 00 4d 8d 75 88 ba 78 00 00 00 48 89 ee c7 44 24 70 00 00 00 00 <49> c7 45 f8 00 00 00 00 4c 89 f7 49 c7 45 b8 00 00 00 00 49 c7 45 [ 679.028111] RSP: 002b:00007ffe7cbd7820 EFLAGS: 00010246 [ 679.033493] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045b75a [ 679.040778] RDX: 0000000000000078 RSI: 00007ffe7cbd7830 RDI: 0000000000000003 [ 679.048173] RBP: 00007ffe7cbd7830 R08: 00007ffe7cbd782c R09: 000000000000000a [ 679.055455] R10: 00007ffe7cbd7830 R11: 0000000000000246 R12: 0000000000000003 [ 679.062732] R13: 000000000070d160 R14: 000000000070d0e8 R15: 0000000000000000 01:46:45 executing program 5: 01:46:45 executing program 0: 01:46:45 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x8dffffff00000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 679.105217] Task in /syz1 killed as a result of limit of /syz1 [ 679.120340] memory: usage 307200kB, limit 307200kB, failcnt 1365 [ 679.127071] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 679.138600] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 679.144903] Memory cgroup stats for /syz1: cache:64KB rss:180020KB rss_huge:118784KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:180136KB inactive_file:4KB active_file:4KB unevictable:0KB 01:46:45 executing program 5: 01:46:45 executing program 0: 01:46:45 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000080)='nfs\x00\xef\xf12\f\xd5\x0f$\x87\xa7p3') write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) [ 679.210280] Memory cgroup out of memory: Kill process 7955 (syz-executor.1) score 1113 or sacrifice child [ 679.235555] Killed process 7963 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:34816kB, shmem-rss:0kB 01:46:45 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0xf5ffffff00000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 679.295734] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 679.343540] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 679.354458] CPU: 0 PID: 8586 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 679.361365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 679.370729] Call Trace: [ 679.373339] dump_stack+0x172/0x1f0 [ 679.376996] dump_header+0x15e/0x929 [ 679.380734] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 679.385860] ? ___ratelimit+0x60/0x595 [ 679.389810] ? do_raw_spin_unlock+0x57/0x270 [ 679.394244] oom_kill_process.cold+0x10/0x6f5 [ 679.398774] ? task_will_free_mem+0x139/0x6e0 [ 679.403307] out_of_memory+0x936/0x12d0 [ 679.407314] ? oom_killer_disable+0x280/0x280 [ 679.411998] ? find_held_lock+0x35/0x130 [ 679.416091] mem_cgroup_out_of_memory+0x1d2/0x240 [ 679.420950] ? memcg_event_wake+0x230/0x230 [ 679.425294] ? do_raw_spin_unlock+0x57/0x270 [ 679.431616] ? _raw_spin_unlock+0x2d/0x50 [ 679.435788] try_charge+0x1028/0x15b0 [ 679.439731] ? find_held_lock+0x35/0x130 [ 679.443810] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 679.448670] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 679.453531] ? find_held_lock+0x35/0x130 [ 679.457712] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 679.462574] memcg_kmem_charge_memcg+0x7c/0x130 [ 679.462588] ? memcg_kmem_put_cache+0xb0/0xb0 [ 679.462605] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 679.462620] memcg_kmem_charge+0x136/0x300 [ 679.462642] __alloc_pages_nodemask+0x3c6/0x760 [ 679.462657] ? __alloc_pages_slowpath+0x2870/0x2870 [ 679.462678] ? find_held_lock+0x35/0x130 [ 679.462692] ? copy_page_range+0x124f/0x1f90 [ 679.462708] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 679.462725] alloc_pages_current+0x107/0x210 [ 679.462743] pte_alloc_one+0x1b/0x1a0 [ 679.509084] __pte_alloc+0x2a/0x360 [ 679.516508] copy_page_range+0x151f/0x1f90 [ 679.520793] ? pmd_alloc+0x180/0x180 [ 679.520811] ? __vma_link_rb+0x279/0x370 [ 679.520832] copy_process.part.0+0x5434/0x7970 [ 679.520872] ? __cleanup_sighand+0x70/0x70 [ 679.520900] _do_fork+0x257/0xfe0 [ 679.520917] ? fork_idle+0x1d0/0x1d0 [ 679.520941] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 679.549428] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 679.554205] ? do_syscall_64+0x26/0x610 [ 679.558190] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 679.563563] ? do_syscall_64+0x26/0x610 [ 679.567554] __x64_sys_clone+0xbf/0x150 [ 679.571539] do_syscall_64+0x103/0x610 [ 679.575521] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 679.580698] RIP: 0033:0x4571fa [ 679.584195] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 679.604527] RSP: 002b:00007ffc0bec0320 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 679.612230] RAX: ffffffffffffffda RBX: 00007ffc0bec0320 RCX: 00000000004571fa [ 679.619498] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 679.626754] RBP: 00007ffc0bec0360 R08: 0000000000000001 R09: 0000000001af6940 [ 679.634011] R10: 0000000001af6c10 R11: 0000000000000246 R12: 0000000000000001 [ 679.641280] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc0bec03b0 [ 679.649442] Task in /syz4 killed as a result of limit of /syz4 [ 679.655526] memory: usage 307200kB, limit 307200kB, failcnt 1616 [ 679.661748] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 679.668794] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 679.675196] Memory cgroup stats for /syz4: cache:20KB rss:183272KB rss_huge:122880KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:183408KB inactive_file:12KB active_file:4KB unevictable:0KB [ 679.696523] Memory cgroup out of memory: Kill process 24196 (syz-executor.4) score 1113 or sacrifice child [ 679.706430] Killed process 24196 (syz-executor.4) total-vm:72452kB, anon-rss:2188kB, file-rss:35804kB, shmem-rss:0kB [ 679.719908] oom_reaper: reaped process 24196 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 679.721894] syz-executor.1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 679.747653] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 679.753608] CPU: 0 PID: 8204 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 679.760463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 679.769822] Call Trace: [ 679.772418] dump_stack+0x172/0x1f0 [ 679.776043] dump_header+0x15e/0x929 [ 679.779749] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 679.784857] ? ___ratelimit+0x60/0x595 [ 679.788733] ? do_raw_spin_unlock+0x57/0x270 [ 679.793226] oom_kill_process.cold+0x10/0x6f5 [ 679.797724] ? task_will_free_mem+0x139/0x6e0 [ 679.802218] out_of_memory+0x936/0x12d0 [ 679.806201] ? oom_killer_disable+0x280/0x280 [ 679.810706] ? find_held_lock+0x35/0x130 [ 679.814767] mem_cgroup_out_of_memory+0x1d2/0x240 [ 679.819603] ? memcg_event_wake+0x230/0x230 [ 679.823918] ? do_raw_spin_unlock+0x57/0x270 [ 679.828318] ? _raw_spin_unlock+0x2d/0x50 [ 679.832478] try_charge+0x1028/0x15b0 [ 679.836270] ? find_held_lock+0x35/0x130 [ 679.840328] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 679.845163] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 679.849997] ? find_held_lock+0x35/0x130 [ 679.854047] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 679.858886] memcg_kmem_charge_memcg+0x7c/0x130 [ 679.863729] ? memcg_kmem_put_cache+0xb0/0xb0 [ 679.868215] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 679.873056] memcg_kmem_charge+0x136/0x300 [ 679.877282] __alloc_pages_nodemask+0x3c6/0x760 [ 679.881942] ? __alloc_pages_slowpath+0x2870/0x2870 [ 679.887038] ? lockdep_hardirqs_on+0x415/0x5d0 [ 679.891618] ? trace_hardirqs_on+0x67/0x230 [ 679.895953] copy_process.part.0+0x3e0/0x7970 [ 679.900441] ? lock_downgrade+0x810/0x810 [ 679.904579] ? migration_entry_to_page+0x320/0x320 [ 679.909496] ? lru_cache_add+0x21c/0x590 [ 679.913564] ? kasan_check_read+0x11/0x20 [ 679.917706] ? do_raw_spin_unlock+0x57/0x270 [ 679.922109] ? _raw_spin_unlock+0x2d/0x50 [ 679.926274] ? __cleanup_sighand+0x70/0x70 [ 679.930497] ? find_held_lock+0x35/0x130 [ 679.934555] ? __do_page_fault+0x676/0xe90 [ 679.938779] ? find_held_lock+0x35/0x130 [ 679.942832] ? __do_page_fault+0x676/0xe90 [ 679.947089] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 679.952624] _do_fork+0x257/0xfe0 [ 679.956068] ? fork_idle+0x1d0/0x1d0 [ 679.959772] ? __do_page_fault+0x484/0xe90 [ 679.964000] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 679.968743] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 679.973490] ? do_syscall_64+0x26/0x610 [ 679.977557] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 679.982912] ? do_syscall_64+0x26/0x610 [ 679.986876] __x64_sys_clone+0xbf/0x150 [ 679.990841] do_syscall_64+0x103/0x610 [ 679.994718] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 679.999895] RIP: 0033:0x45b5f9 [ 680.003081] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 680.022059] RSP: 002b:00007ffe7cbd7c28 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 680.029759] RAX: ffffffffffffffda RBX: 00007f66b1fb0700 RCX: 000000000045b5f9 [ 680.037017] RDX: 00007f66b1fb09d0 RSI: 00007f66b1fafdb0 RDI: 00000000003d0f00 [ 680.044276] RBP: 00007ffe7cbd7e30 R08: 00007f66b1fb0700 R09: 00007f66b1fb0700 [ 680.051532] R10: 00007f66b1fb09d0 R11: 0000000000000202 R12: 0000000000000000 [ 680.058788] R13: 00007ffe7cbd7cdf R14: 00007f66b1fb09c0 R15: 000000000073bf0c [ 680.074692] Task in /syz1 killed as a result of limit of /syz1 [ 680.085501] memory: usage 307200kB, limit 307200kB, failcnt 1374 [ 680.100450] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 680.111279] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 680.117901] Memory cgroup stats for /syz1: cache:64KB rss:180020KB rss_huge:118784KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:180120KB inactive_file:0KB active_file:4KB unevictable:0KB [ 680.139581] Memory cgroup out of memory: Kill process 7955 (syz-executor.1) score 1113 or sacrifice child 01:46:46 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340), 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:46 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0xfffffffffffffffd, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r1, 0x0) 01:46:46 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) prctl$PR_SET_FP_MODE(0x2d, 0x0) getpriority(0x2, 0x0) 01:46:46 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0xfffffffffffff000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:46 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) mlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000080)={0x6, 0x1, 0x8, 0x5, 0x0}, &(0x7f0000000100)=0x10) getsockopt$inet_sctp_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000140)={r3, 0x9, 0x3, [0xfffffffffffff000, 0x80000001, 0x80000001]}, &(0x7f00000001c0)=0xe) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) r4 = request_key(&(0x7f0000000200)='id_resolver\x00', &(0x7f0000000240)={'syz', 0x2}, &(0x7f0000000340)='nfs\x00\xef\x10\xa0{f\xe5\xca\xa8\x8e\x14^', 0xfffffffffffffffb) keyctl$read(0xb, r4, &(0x7f00000002c0)=""/113, 0x71) 01:46:46 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x5c01000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 680.149586] Killed process 7955 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:35812kB, shmem-rss:0kB [ 680.164303] oom_reaper: reaped process 7955 (syz-executor.1), now anon-rss:0kB, file-rss:34852kB, shmem-rss:0kB [ 680.236517] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 01:46:46 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/avc/cache_stats\x00', 0x0, 0x0) pipe2(&(0x7f0000000340), 0x800) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/qat_adf_ctl\x00', 0x101080, 0x0) openat$cgroup_ro(r2, 0x0, 0x275a, 0x0) setxattr$security_evm(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='security.evm\x00', &(0x7f0000000480)=ANY=[@ANYBLOB="040f2234fc63bd599ad7ba0ddca18acf86ebd80000"], 0x15, 0x2) syz_open_dev$video(0x0, 0x3, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) ioctl$CAPI_GET_SERIAL(r3, 0xc0044308, &(0x7f0000000080)=0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) setsockopt$RDS_GET_MR_FOR_DEST(r3, 0x114, 0x7, &(0x7f0000000280)={@generic={0x5, "011a3e0c0fa8819116a9f34b1400bdf5908ad233783f662df5024b66609c614b648319f6c36c51c7acb8350159ffe744b70a7fe3bdb29baa3d581784ff7702f5c7fe8e435078695523ce86325a65760a9c6f39261b164c933430d5af34e952461bd92568cf405a2285e700111d0ed832377a39b2d64bdb33f430c8baa033"}, {&(0x7f00000001c0)=""/137, 0x89}, &(0x7f0000000100)}, 0xa0) epoll_create(0x0) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f00000004c0)={0x0, 0xc6}, &(0x7f0000000500)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DELETE_KEY(r3, 0x84, 0x19, &(0x7f0000000540)={r4, 0x7fffffff}, 0x8) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:46 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 680.284379] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 680.333079] CPU: 1 PID: 8586 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 680.339980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 680.349432] Call Trace: [ 680.352040] dump_stack+0x172/0x1f0 [ 680.355691] dump_header+0x15e/0x929 [ 680.359546] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 680.364668] ? ___ratelimit+0x60/0x595 [ 680.368566] ? do_raw_spin_unlock+0x57/0x270 [ 680.372994] oom_kill_process.cold+0x10/0x6f5 [ 680.377513] ? task_will_free_mem+0x139/0x6e0 [ 680.382019] ? find_held_lock+0x35/0x130 [ 680.386098] out_of_memory+0x936/0x12d0 [ 680.390095] ? lock_downgrade+0x810/0x810 [ 680.394394] ? oom_killer_disable+0x280/0x280 [ 680.398910] ? find_held_lock+0x35/0x130 [ 680.403078] mem_cgroup_out_of_memory+0x1d2/0x240 [ 680.407917] ? memcg_event_wake+0x230/0x230 [ 680.412264] ? do_raw_spin_unlock+0x57/0x270 [ 680.416684] ? _raw_spin_unlock+0x2d/0x50 [ 680.420847] try_charge+0x1028/0x15b0 [ 680.424651] ? find_held_lock+0x35/0x130 [ 680.428719] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 680.433568] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 680.438415] ? find_held_lock+0x35/0x130 [ 680.442484] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 680.447365] memcg_kmem_charge_memcg+0x7c/0x130 [ 680.452053] ? memcg_kmem_put_cache+0xb0/0xb0 [ 680.456558] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 680.461429] memcg_kmem_charge+0x136/0x300 [ 680.465678] __alloc_pages_nodemask+0x3c6/0x760 [ 680.470363] ? __alloc_pages_slowpath+0x2870/0x2870 [ 680.475398] ? find_held_lock+0x35/0x130 [ 680.479469] ? copy_page_range+0x124f/0x1f90 [ 680.483882] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 680.489440] alloc_pages_current+0x107/0x210 [ 680.493863] pte_alloc_one+0x1b/0x1a0 [ 680.497672] __pte_alloc+0x2a/0x360 [ 680.501308] copy_page_range+0x151f/0x1f90 [ 680.505573] ? pmd_alloc+0x180/0x180 [ 680.509295] ? __vma_link_rb+0x279/0x370 [ 680.513370] copy_process.part.0+0x5434/0x7970 [ 680.517987] ? __cleanup_sighand+0x70/0x70 [ 680.522249] _do_fork+0x257/0xfe0 [ 680.525711] ? fork_idle+0x1d0/0x1d0 [ 680.529449] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 680.534215] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 680.538980] ? do_syscall_64+0x26/0x610 [ 680.542962] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 680.548369] ? do_syscall_64+0x26/0x610 [ 680.552487] __x64_sys_clone+0xbf/0x150 [ 680.556471] do_syscall_64+0x103/0x610 [ 680.560546] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 680.576202] RIP: 0033:0x4571fa [ 680.581144] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 680.600562] RSP: 002b:00007ffc0bec0320 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 680.608298] RAX: ffffffffffffffda RBX: 00007ffc0bec0320 RCX: 00000000004571fa [ 680.615582] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 680.622865] RBP: 00007ffc0bec0360 R08: 0000000000000001 R09: 0000000001af6940 01:46:47 executing program 5: ioctl$TIOCGETD(0xffffffffffffffff, 0x5424, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0) ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x0) shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffb000/0x4000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = creat(&(0x7f0000000280)='./file0\x00', 0x0) fallocate(r0, 0x0, 0x0, 0x8200003) 01:46:47 executing program 0: write$P9_RLOCK(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000540)='/dev/vsock\x00', 0x204300, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9313, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000001080)}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x52) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) write$eventfd(r1, &(0x7f0000000080), 0xfffffe5e) 01:46:47 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340), 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:47 executing program 5: pselect6(0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x0}) syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) syz_genetlink_get_family_id$tipc(0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, 0x0, 0x0) r0 = open(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) fchdir(r0) ioctl$TIOCGISO7816(r0, 0x80285442, &(0x7f00000000c0)) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1fe, 0x0) chmod(&(0x7f0000000080)='./bus\x00', 0x98) write$binfmt_aout(r1, &(0x7f0000000640)=ANY=[@ANYBLOB="a40000f85adcd416bbb11c93204b7fdbe33956c498d74d1bf75400"/36], 0x24) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000100)=[@timestamp, @sack_perm], 0x2) perf_event_open(&(0x7f0000000800)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r1, &(0x7f0000000000), 0x8080fffffffe) r2 = open(&(0x7f00000001c0)='./bus\x00', 0x141042, 0x0) write$P9_RREADLINK(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="f2eeabac1fe028a1c7a61c8258000000000000000000"], 0x16) creat(0x0, 0x10) [ 680.630150] R10: 0000000001af6c10 R11: 0000000000000246 R12: 0000000000000001 [ 680.637436] R13: 0000000000000000 R14: 0000000000000000 R15: 00007ffc0bec03b0 [ 680.720924] Task in /syz4 killed as a result of limit of /syz4 [ 680.727324] memory: usage 307192kB, limit 307200kB, failcnt 1645 [ 680.757986] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 01:46:47 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 680.775762] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 680.800375] Memory cgroup stats for /syz4: cache:20KB rss:183324KB rss_huge:122880KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:183408KB inactive_file:12KB active_file:0KB unevictable:0KB 01:46:47 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x4}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:47 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = getpgrp(0xffffffffffffffff) syz_open_procfs(r1, &(0x7f0000000080)='net/packet\x00') openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) [ 680.890602] Memory cgroup out of memory: Kill process 8213 (syz-executor.4) score 1113 or sacrifice child [ 680.930938] Killed process 8213 (syz-executor.4) total-vm:72452kB, anon-rss:2196kB, file-rss:35808kB, shmem-rss:0kB 01:46:47 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = syz_open_dev$loop(&(0x7f0000000200)='/dev/loop#\x00', 0x0, 0x82) sendfile(r1, r1, 0x0, 0x20002000005) 01:46:47 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x5}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:47 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x6c03000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:47 executing program 3: socket$inet(0x10, 0x13, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x7fffffff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:47 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000580)={'nr0\x01\x00', 0x1000000802}) r1 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000001c0)='nr0\x01\x00`\x00\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb96\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\x97\x80\xe9\xa1S\f\xc7?\xa6\x95I\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~\xff\xff\x00\x00#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xd5\x1b\xca\xa9\xc7[\xa2\xef\xacM\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xb4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\x04R\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xafh_\x9c\x91\xc1q_|L\x11\x03\x94\xc0\t=\x17\x95P\xd7\xcdH\x1c8^ARL\x9b\x1f\xf6P\rSj\x95\xd9o\x03\xd4\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x13\x82Rk\x9cAz\xab\rT\xadLO\f\x17Y\x1dg\x10\xe3LL\x1fC\xfa\xd9\xb0\xfb\xb4\xf3[\xdf\xd0\xd6\x82\xf6~0\xb8\xf4\xb0X\xfew\xbdY\n\xd6\x105\x9c\xb7\xe5F\xc1:9\xb8\xc2\x85\b\xfd\x92\xb0k\x93\xd7\xc40J\xc2\xf0=p\xd6\xe3\xe4W:\xd2\xf6\xfc\x83\xb1\xcb\xd1K\xb9(\"9(~\xf4\xf4\x94`\xe8\xa61\x12\x91 \xd7\x92\xc0\xd0s\xa9\xe4\x18:\x97e\xa7\x1f\xbfD\x1e\x903V#\x10\x90_\xf7\xd3=M\x80cCn=\xf2\xe1u\x83=\'\xa4\xa1V\xe47y}\xd9\xf1\xa7p\xea\x86W\xd1\x00'/591) 01:46:47 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x6}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:47 executing program 1: socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r0, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r0, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:48 executing program 1: socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r0, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r0, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 681.684462] FS-Cache: Duplicate cookie detected [ 681.689350] FS-Cache: O-cookie c=000000007dfa3c1b [p=000000004114b303 fl=222 nc=0 na=1] [ 681.698105] FS-Cache: O-cookie d=00000000656b88e0 n=000000002206ca77 [ 681.704970] FS-Cache: O-key=[10] '02000200000002000000' [ 681.711079] FS-Cache: N-cookie c=00000000d2b8f02f [p=000000004114b303 fl=2 nc=0 na=1] [ 681.719203] FS-Cache: N-cookie d=00000000656b88e0 n=00000000de91e1de [ 681.726120] FS-Cache: N-key=[10] '02000200000002000000' 01:46:48 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000840)={0x2, 0x0, @local}, 0x10) r2 = openat$full(0xffffffffffffff9c, 0x0, 0x40200, 0x0) ioctl$PPPIOCSNPMODE(r2, 0x4008744b, &(0x7f0000000600)={0x2b, 0x2}) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000c25000/0x4000)=nil, 0x4000, 0x0, 0x40010, r0, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f0000000880)={'broute\x00', 0x0, 0x0, 0x0, [], 0x3, &(0x7f0000000640)=[{}, {}], 0x0, [{}, {}, {}]}, 0xa8) ppoll(&(0x7f0000000000)=[{r3, 0x4}], 0x1, 0x0, 0x0, 0x7c) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000002c0)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000a00000/0x600000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000a5f000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ec0000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ce7000/0x2000)=nil, &(0x7f0000000140)="29d27ac698da01f2418607daa48790b406f33af041e5f85882fc4bcd52538edefc6c0f799b9b4323a488a54aab8dd86d08cb19ba75ffe0cb3bf98f4e165d78a3d97c57f79f685d312dbf39953a373d17d9030f38cf", 0x55, r3}, 0x68) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[]}}, 0xfffffffffffffffc) ioctl$EVIOCSABS20(r2, 0x401845e0, &(0x7f0000000040)={0x3, 0x3, 0x4, 0x2, 0x100000000, 0x4}) rename(0x0, &(0x7f00000001c0)='./file0\x00') syz_mount_image$f2fs(&(0x7f0000000240)='f2fs\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000000c0)="1020f5f20100070009000000030000000c0000000900000001000000020000000000000000300000000000000e00000016000000020000000200000002000000020000000e000000000400000004000000080000000c00000010000000140000030000000100000002", 0x69, 0x1400}], 0x0, 0x0) 01:46:48 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x7}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:48 executing program 0: r0 = socket(0x10, 0x2, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/mcfilter\x00') sendfile(r0, r1, 0x0, 0x149) 01:46:48 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x6e03000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:48 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_GET_REG_LIST(r1, 0xc008aeb0, &(0x7f0000000080)={0x1, [0x7]}) 01:46:48 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x8}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:48 executing program 0: socket$netlink(0x10, 0x3, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') ioctl$BLKPG(r0, 0x1269, &(0x7f0000000000)={0x8, 0x96f, 0x11a, &(0x7f0000000240)}) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) gettid() r1 = socket$inet(0x10, 0x2000000000000003, 0x0) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000180)={'ip6tnl0\x00\x00\x00\x00\x00r\xed\x02\x00', @ifru_flags=0x2}) 01:46:48 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xc}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 682.145175] f2fs_msg: 12 callbacks suppressed [ 682.145233] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 682.206172] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock 01:46:48 executing program 1: socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r0, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r0, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r0, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 682.265684] attempt to access beyond end of device [ 682.278309] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 682.305276] loop5: rw=12288, want=8200, limit=20 [ 682.339392] validate_nla: 10 callbacks suppressed [ 682.339403] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 682.351336] attempt to access beyond end of device [ 682.357662] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 682.364821] loop5: rw=12288, want=12296, limit=20 [ 682.365117] F2FS-fs (loop5): Failed to get valid F2FS checkpoint [ 682.369969] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 682.394261] CPU: 1 PID: 8330 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 682.401134] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 682.401141] Call Trace: [ 682.401166] dump_stack+0x172/0x1f0 [ 682.401192] dump_header+0x15e/0x929 [ 682.401213] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 682.401239] ? ___ratelimit+0x60/0x595 [ 682.416800] ? do_raw_spin_unlock+0x57/0x270 [ 682.416826] oom_kill_process.cold+0x10/0x6f5 [ 682.416858] out_of_memory+0x936/0x12d0 [ 682.433962] ? retint_kernel+0x2d/0x2d [ 682.433982] ? trace_hardirqs_on_caller+0x6a/0x220 [ 682.434001] ? lock_downgrade+0x810/0x810 [ 682.442461] ? oom_killer_disable+0x280/0x280 [ 682.442488] mem_cgroup_out_of_memory+0x1d2/0x240 [ 682.442504] ? memcg_event_wake+0x230/0x230 [ 682.442526] ? do_raw_spin_unlock+0x57/0x270 [ 682.442543] ? _raw_spin_unlock+0x2d/0x50 [ 682.446651] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 682.451417] try_charge+0x1028/0x15b0 [ 682.451433] ? find_held_lock+0x35/0x130 [ 682.451457] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 682.451472] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 682.451489] ? find_held_lock+0x35/0x130 [ 682.451506] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 682.451534] memcg_kmem_charge_memcg+0x7c/0x130 [ 682.451551] ? memcg_kmem_put_cache+0xb0/0xb0 [ 682.461215] attempt to access beyond end of device [ 682.465038] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 682.465062] memcg_kmem_charge+0x136/0x300 [ 682.465081] __alloc_pages_nodemask+0x3c6/0x760 [ 682.465101] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 682.474287] loop5: rw=12288, want=8200, limit=20 [ 682.477964] ? __alloc_pages_slowpath+0x2870/0x2870 [ 682.477986] ? trace_hardirqs_on_caller+0x6a/0x220 [ 682.478016] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 682.478040] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 682.478061] alloc_pages_current+0x107/0x210 [ 682.478080] pte_alloc_one+0x1b/0x1a0 01:46:49 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xd}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:49 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x28}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 682.507443] __pte_alloc+0x2a/0x360 [ 682.507464] copy_page_range+0x151f/0x1f90 [ 682.507483] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 682.507516] ? pmd_alloc+0x180/0x180 [ 682.526104] ? __vma_link_rb+0x279/0x370 [ 682.526129] copy_process.part.0+0x5434/0x7970 [ 682.526172] ? __cleanup_sighand+0x70/0x70 [ 682.545097] _do_fork+0x257/0xfe0 [ 682.545120] ? fork_idle+0x1d0/0x1d0 [ 682.545149] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 682.545165] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 682.555845] attempt to access beyond end of device 01:46:49 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, 0x0, 0x0) [ 682.558976] ? do_syscall_64+0x26/0x610 [ 682.559006] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 682.559020] ? do_syscall_64+0x26/0x610 [ 682.559044] __x64_sys_clone+0xbf/0x150 [ 682.568907] do_syscall_64+0x103/0x610 [ 682.568932] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 682.568946] RIP: 0033:0x458c29 [ 682.568962] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 682.568969] RSP: 002b:00007f546898bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 682.581656] loop5: rw=12288, want=12296, limit=20 [ 682.584190] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 682.584200] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 682.584210] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 682.584219] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546898c6d4 [ 682.584228] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 682.593306] nla_parse: 10 callbacks suppressed [ 682.593315] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 682.638054] Task in [ 682.709529] /syz3 [ 682.722118] F2FS-fs (loop5): Failed to get valid F2FS checkpoint [ 682.748905] killed as a result of limit of /syz3 [ 682.800309] memory: usage 307200kB, limit 307200kB, failcnt 2983 [ 682.818901] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 682.824054] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 682.851769] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 682.856469] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 682.858440] Memory cgroup stats for /syz3: cache:88KB rss:194372KB rss_huge:145408KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:194448KB inactive_file:0KB active_file:4KB unevictable:12KB [ 682.926604] Memory cgroup out of memory: Kill process 8097 (syz-executor.3) score 124 or sacrifice child [ 682.937199] Killed process 8099 (syz-executor.3) total-vm:72584kB, anon-rss:2216kB, file-rss:34816kB, shmem-rss:0kB [ 682.988783] syz-executor.1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 683.026247] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 683.038817] CPU: 0 PID: 8366 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 683.045715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 683.055075] Call Trace: [ 683.055103] dump_stack+0x172/0x1f0 [ 683.055125] dump_header+0x15e/0x929 [ 683.055143] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 683.055157] ? ___ratelimit+0x60/0x595 [ 683.055171] ? do_raw_spin_unlock+0x57/0x270 [ 683.055188] oom_kill_process.cold+0x10/0x6f5 [ 683.055207] ? task_will_free_mem+0x139/0x6e0 [ 683.087530] out_of_memory+0x936/0x12d0 [ 683.091534] ? oom_killer_disable+0x280/0x280 [ 683.096050] ? find_held_lock+0x35/0x130 [ 683.100142] mem_cgroup_out_of_memory+0x1d2/0x240 [ 683.105038] ? memcg_event_wake+0x230/0x230 [ 683.109402] ? do_raw_spin_unlock+0x57/0x270 [ 683.113815] ? _raw_spin_unlock+0x2d/0x50 [ 683.118086] try_charge+0x1028/0x15b0 [ 683.121982] ? find_held_lock+0x35/0x130 [ 683.126049] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 683.130890] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 683.135732] ? find_held_lock+0x35/0x130 [ 683.139973] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 683.144930] memcg_kmem_charge_memcg+0x7c/0x130 [ 683.149742] ? memcg_kmem_put_cache+0xb0/0xb0 [ 683.154231] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 683.159086] memcg_kmem_charge+0x136/0x300 [ 683.163338] __alloc_pages_nodemask+0x3c6/0x760 [ 683.168008] ? free_transhuge_page+0x230/0x310 [ 683.172592] ? __alloc_pages_slowpath+0x2870/0x2870 [ 683.177632] ? __put_compound_page+0x96/0xe0 [ 683.182057] ? put_page+0xe7/0x130 [ 683.185605] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 683.191166] alloc_pages_current+0x107/0x210 [ 683.195583] pte_alloc_one+0x1b/0x1a0 [ 683.199387] __pte_alloc+0x2a/0x360 [ 683.203024] __handle_mm_fault+0x3416/0x3f80 [ 683.207436] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 683.212281] ? find_held_lock+0x35/0x130 [ 683.216348] ? handle_mm_fault+0x322/0xb30 [ 683.220584] ? kasan_check_read+0x11/0x20 [ 683.224736] handle_mm_fault+0x43f/0xb30 [ 683.228802] __do_page_fault+0x62a/0xe90 [ 683.232866] ? vmalloc_fault+0x770/0x770 [ 683.236927] ? trace_hardirqs_off_caller+0x65/0x220 [ 683.241953] ? trace_hardirqs_on_caller+0x6a/0x220 [ 683.246889] ? page_fault+0x8/0x30 [ 683.250423] do_page_fault+0x71/0x581 [ 683.254223] ? page_fault+0x8/0x30 [ 683.257751] page_fault+0x1e/0x30 [ 683.261198] RIP: 0033:0x43ff59 [ 683.264398] Code: b7 0e 66 89 0f 48 83 c6 02 48 83 c7 02 0f 1f 40 00 f6 c2 04 74 0c 8b 0e 89 0f 48 83 c6 04 48 83 c7 04 f6 c2 08 74 0e 48 8b 0e <48> 89 0f 48 83 c6 08 48 83 c7 08 81 e2 f0 00 00 00 74 1f 0f 1f 40 [ 683.283327] RSP: 002b:00007ffe7cbd7d58 EFLAGS: 00010202 [ 683.288813] RAX: 00000000200000c0 RBX: 0000000000740198 RCX: 0030656c69662f2e [ 683.296100] RDX: 0000000000000008 RSI: 00000000007401b8 RDI: 00000000200000c0 [ 683.303369] RBP: 00000000007401a0 R08: 00000000ab1156b8 R09: 00000000ab1156bc [ 683.310648] R10: 00007ffe7cbd7e20 R11: 0000000000000246 R12: fffffffffffffffe [ 683.317940] R13: 00000000000a6ada R14: 00000000000a6b07 R15: 000000000073bf0c [ 683.332116] Task in /syz1 killed as a result of limit of /syz1 [ 683.338396] memory: usage 307200kB, limit 307200kB, failcnt 1400 01:46:49 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000840)={0x2, 0x0, @local}, 0x10) r2 = openat$full(0xffffffffffffff9c, 0x0, 0x40200, 0x0) ioctl$PPPIOCSNPMODE(r2, 0x4008744b, &(0x7f0000000600)={0x2b, 0x2}) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000c25000/0x4000)=nil, 0x4000, 0x0, 0x40010, r0, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f0000000880)={'broute\x00', 0x0, 0x0, 0x0, [], 0x3, &(0x7f0000000640)=[{}, {}], 0x0, [{}, {}, {}]}, 0xa8) ppoll(&(0x7f0000000000)=[{r3, 0x4}], 0x1, 0x0, 0x0, 0x7c) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000002c0)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000a00000/0x600000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000a5f000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ec0000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ce7000/0x2000)=nil, &(0x7f0000000140)="29d27ac698da01f2418607daa48790b406f33af041e5f85882fc4bcd52538edefc6c0f799b9b4323a488a54aab8dd86d08cb19ba75ffe0cb3bf98f4e165d78a3d97c57f79f685d312dbf39953a373d17d9030f38cf", 0x55, r3}, 0x68) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[]}}, 0xfffffffffffffffc) ioctl$EVIOCSABS20(r2, 0x401845e0, &(0x7f0000000040)={0x3, 0x3, 0x4, 0x2, 0x100000000, 0x4}) rename(0x0, &(0x7f00000001c0)='./file0\x00') syz_mount_image$f2fs(&(0x7f0000000240)='f2fs\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000000c0)="1020f5f20100070009000000030000000c0000000900000001000000020000000000000000300000000000000e00000016000000020000000200000002000000020000000e000000000400000004000000080000000c00000010000000140000030000000100000002", 0x69, 0x1400}], 0x0, 0x0) 01:46:49 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x29}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:49 executing program 0: perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x8, 0x2, 0x9, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x4000000, 0x0, @perf_config_ext, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000b40)={0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x1}, 0x20) r0 = syz_open_dev$binder(&(0x7f0000000000)='/dev/binder#\x00', 0xffffffffffffffff, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000440)={0x8, 0x0, &(0x7f0000000300)=ANY=[@ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00']], 0x0, 0x0, 0x0}) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000080), 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000003c0)={0x16, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0033e975474e6915383c65604882b600000000000000"], 0x0, 0x0, 0x0}) 01:46:49 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet_int(r0, 0x0, 0xa, &(0x7f00000002c0)=0x5, 0x4) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000080)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) fcntl$notify(r3, 0x402, 0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r2, 0x84, 0x70, &(0x7f00000001c0)={0x0, @in={{0x2, 0x4e21, @multicast1}}, [0x6, 0x7ff, 0x7, 0xffffffffffffff96, 0x7, 0xffffffffffffff81, 0x4, 0xffffffffffffba6d, 0x2, 0x4ada, 0x1ff, 0xfffffffffffffff7, 0x5, 0x7, 0x4e]}, &(0x7f0000000080)=0x100) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000100)={r4, 0x3}, &(0x7f0000000140)=0x8) r5 = syz_genetlink_get_family_id$nbd(&(0x7f0000000340)='nbd\x00') sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000480)={&(0x7f00000003c0)=ANY=[@ANYBLOB="84000000", @ANYRES16=r5, @ANYBLOB="00012dbd7000ffdbdf25020000005400070008000100", @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r2, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="08000100", @ANYRES32=r1, @ANYBLOB="08000100000000000c00020057560000000000000800010000000000"], 0x84}, 0x1, 0x0, 0x0, 0x40040}, 0x90) 01:46:49 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x7000000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 683.360834] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 683.367624] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 683.410534] Memory cgroup stats for /syz1: cache:64KB rss:178600KB rss_huge:116736KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:178676KB inactive_file:8KB active_file:0KB unevictable:0KB 01:46:50 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2b}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:50 executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dc86055e0bceec7be070") r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000140)=[{&(0x7f0000000180)="580000001400192340834b80040d8c560a0676ffffff81004e220000000058000b4824ca944f64009400050028925aa8000000000000008000f0fffeffff09000000fff5dd00000010000100000c0900fcff0000040e05a5", 0x58}], 0x1) [ 683.471241] Memory cgroup out of memory: Kill process 30031 (syz-executor.1) score 1113 or sacrifice child [ 683.510074] Killed process 30035 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:34816kB, shmem-rss:0kB [ 683.560126] oom_reaper: reaped process 30035 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 683.592327] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 683.659251] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 683.687464] CPU: 0 PID: 8337 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 683.694368] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 683.703729] Call Trace: 01:46:50 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2c}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 683.706378] dump_stack+0x172/0x1f0 [ 683.710021] dump_header+0x15e/0x929 [ 683.713753] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 683.718868] ? ___ratelimit+0x60/0x595 [ 683.722917] ? do_raw_spin_unlock+0x57/0x270 [ 683.727341] oom_kill_process.cold+0x10/0x6f5 [ 683.731868] ? task_will_free_mem+0x139/0x6e0 [ 683.736385] out_of_memory+0x936/0x12d0 [ 683.740374] ? oom_killer_disable+0x280/0x280 [ 683.744865] ? find_held_lock+0x35/0x130 [ 683.744897] mem_cgroup_out_of_memory+0x1d2/0x240 [ 683.744912] ? memcg_event_wake+0x230/0x230 [ 683.744931] ? do_raw_spin_unlock+0x57/0x270 [ 683.744946] ? _raw_spin_unlock+0x2d/0x50 [ 683.744963] try_charge+0x1028/0x15b0 [ 683.744976] ? find_held_lock+0x35/0x130 [ 683.744999] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 683.745011] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 683.745024] ? find_held_lock+0x35/0x130 [ 683.745040] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 683.793654] memcg_kmem_charge_memcg+0x7c/0x130 [ 683.798333] ? memcg_kmem_put_cache+0xb0/0xb0 [ 683.802857] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 683.807729] memcg_kmem_charge+0x136/0x300 [ 683.812068] __alloc_pages_nodemask+0x3c6/0x760 [ 683.816745] ? __alloc_pages_slowpath+0x2870/0x2870 [ 683.821774] ? lockdep_hardirqs_on+0x415/0x5d0 [ 683.826360] ? trace_hardirqs_on+0x67/0x230 [ 683.830695] ? kasan_check_read+0x11/0x20 [ 683.834854] copy_process.part.0+0x3e0/0x7970 [ 683.839373] ? mark_held_locks+0x100/0x100 [ 683.843630] ? __might_fault+0x12b/0x1e0 [ 683.847702] ? __cleanup_sighand+0x70/0x70 [ 683.851943] ? lock_downgrade+0x810/0x810 [ 683.856102] _do_fork+0x257/0xfe0 [ 683.859565] ? fork_idle+0x1d0/0x1d0 [ 683.863289] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 683.868043] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 683.872800] ? do_syscall_64+0x26/0x610 [ 683.876785] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 683.882146] ? do_syscall_64+0x26/0x610 [ 683.886122] __x64_sys_clone+0xbf/0x150 [ 683.890103] do_syscall_64+0x103/0x610 [ 683.893994] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 683.899184] RIP: 0033:0x458c29 [ 683.902381] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 683.921301] RSP: 002b:00007f546898bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 683.929019] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 683.936418] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 683.943701] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 683.950971] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546898c6d4 01:46:50 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf6\x17s\'C\xe3\x97\xb8\x9f&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000000000000000000000100000000000000000000a6af"], 0x19) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7fffff, 0x12, r0, 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0xc020660b, &(0x7f0000000000)) 01:46:50 executing program 5: unshare(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000140)=0xb, 0x4) sendmmsg(r0, &(0x7f0000000b40)=[{{&(0x7f0000000000)=@caif=@rfm={0x25, 0x4, "cd63ac6de8bd3c404654eaf9280cc6d3"}, 0x80, 0x0}}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0) 01:46:50 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, 0x0, 0x0) [ 683.958247] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 683.979448] Task in /syz3 killed as a result of limit of /syz3 [ 683.989688] memory: usage 307200kB, limit 307200kB, failcnt 3028 [ 684.002202] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 01:46:50 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2f}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 684.019332] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 684.026030] Memory cgroup stats for /syz3: cache:88KB rss:194372KB rss_huge:145408KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:194524KB inactive_file:8KB active_file:0KB unevictable:12KB [ 684.047546] Memory cgroup out of memory: Kill process 8097 (syz-executor.3) score 124 or sacrifice child [ 684.058829] Killed process 8097 (syz-executor.3) total-vm:72584kB, anon-rss:2216kB, file-rss:35804kB, shmem-rss:0kB 01:46:50 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.current\x00', 0x275a, 0x0) write$binfmt_aout(r0, &(0x7f0000000180), 0x20) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7fffff, 0x12, r0, 0x0) writev(r0, &(0x7f0000000080)=[{&(0x7f00000001c0)="ae55375693751736c2f76b4dae2613f13a93c2b65b8326aa0d10a6e50744513b58cc9b3765d6be2aea06b299da2ffc832f9a03c25266424743a12a94ac6590c8720471d58a3bcb395f1d4814a35f28dd0cb1521f3ff2acbc855480ca0e1e20d983dad763bcd754619b0cd9e6ba9a3945c6d2982ed2c7fbdf389dbaa5096d049736480e4a5cf4ba7093e26517ecc4641682a0406dc456c8b4c42f6238db2bf14ac782af94ab7b960a587a3d9be199cf141784b093b6e4b51100e35fba5af53a25b5543ea1e354b2603831f51bc8aee58d458b59b9525b76bf1e4009dc3faa854da918603dab855de2bdb0155c980de1393755b9e18c0873199155092f71fe5c18ec86f830c7b507b0beb71bff69538b64b7145728920fbde30d6980f19fba949a4df32b9a9b492da8e5d6eb2a7353a414d9abdaa64ea0662198af55eb7f191fd40195aa4d1f41574dac0b377bb87aecd4b9740c8b6cb32448af300d8ccdcad42108fa0cc5c82e3e7573acd16d87723f857424079986f7349bcc8f1262ab36c24c763322d04802d680afaf9d7d650cc57816aa88a3caabbea0e4f503e1b397993b5f2ada79b296a71559fa4fdbbff7f93a319f4018bcfe7d911170183ab4e8944d16533151addd842c2974f6ca1d16099e73e80c5c621753f7dfcd5907593dd651acac5bbf63b63cfdfc572acf8e75b959a0465977729b44e79803c477d29e35d407525fb2776a91e0b4e74a3045b918f901af317a9d2e1d33e4b4de66e4933d49944605300801bef2d740730aa2c1f35ecd847385984bde96cf2a45ba654cd4d0c9af38e3a4127cd66a5e910c988943187311aee0d4cff44d8bbac5c90edf8d9b2af0caa00184e9e73f1a7dbcb2e1bb0fb5cab16848efd94c861991d9b1d9ae9851105b6d7044211ea17f29ed91a7baf2e67af675378b491a21da4349e2f5d5387c888013de96e41dbe2c0aa641dc75a6ecb24a196c5f532c6adac45dfae0d17c140903fdef115f189dea56d3d4ed2e5a1faf820318a9bcbcc9e319003722ad3fe6813269511d87e6d945e445ccbd5459f1ed1a1f152c6b002c5e9005fb7fc080dc50db05f208a59c61d69ea610a2b24c59b7e616962c7c92c414a2a5267fdfce4e3f5115ce508f5565d9cfa614c92183d4ed00588c7fc1dd33e01cb2b5270e9d762dc21e0bf52d9c46e486dec747860c258291c4eb172b0d2c738d030af5a12f9e6c427596dc7fb204a6ba2e1d994345b081195dafbe67f750c00c1c77467b0902e1654cb27697be227144052d56ed88432cb6a90dd666bacef66ba807b17bbb8791c715b68ed8f5255956fcc4cfca8ead8914ecc703de934dcbb9d87016fe7da0f9771248abd4c6d93b474bd0396545a01ba38af424ad2ba7b04d010a963aa58e4280cb06ef296c6c67617e0dfd9ac4ea6e24fc140fbe6cdcdc2698dd66f8b484cb66cdb6bd41c4fa7b3a4ffdf4b9f1201c6898036f9ab60c7a10538fa5efc9a08a0893f31b59a506bbdebfbb2f1d52b65b9bb32c22476e22bee128e4eb1acd3030ac630fc87dbe355db0ab276f81afe3d0a435b94fdcc69f0b5c597dfc1b8d5f8535082f7df8dff476a3d2bd23eea3dfd0e6dfa4b30f6367e30c9ec15be3d78cb6b2225f6eb13e38c3cbaede6ba4488e7567fd97900d66e9682ba9520226b6377c0f5bbc89add018600204324bc9eecd35719ce5aadc63b0ea2264db526bf47f782a1571b0ea1daecb886bb92b25b3485162c00221f75be06a15f9257ed1b755fc8913ce16434eaad09edea8c489211f84b8b75650094b47b0b14374e235174c6a820392f92c7c98e6826874530ce567cee5d32c09eaab9fbed93430ce70cdfa231a58aa638838a1634ee441bd000f79238e213cb0d823891fbb16e2696e04d4e8c4edd1b40921b30704ade639450cba4b50c28f7ac8a91cc563ab2ae8ef5dffbfd5973d5fec3e9c3eb26cfb30497445459bcc35ab0fbcf3961cc9529cf13ce330e6b5303309753d37892167e3deb8c48c0e3fa1214be41f547680d5ec081b76509473f3c52c544b6f47f3f0d80e4c39c941fb73e796d944a6640df9d47b685b0fab0878645de10a6b1840fe1e971b7698d5dad4d8a83bdebae7ffb234352895ad9e143799e01acc24704350120615e30ca696ea35d112451579a590248010b3e7996e452f452fa49dac76133e71e3a160574907718d7a4852bef37e72d0addedfe12d7e01d0c3e7e70aaa6d951411e99dae0f7c578e2fe8ee65587b7b628e51f9ee9410661d448bea9ec8137c2d5973f8e5d8fc8f20e5fddaa0e214deedc9d72118077fd13fc325571560a0e3d9107a6857d907d816f9b8ad914212eafaeaff4ed98fe78f511678d256d7f970efa7977fe412d778a22c331e606d0d82b00ee871f01d071edf8041d0ff9ef0569cecec1b854dc3d08ccb60a7c9c5ef0c656dd16ed270796bc78b50e8792130e8775a3841ef50bb88c8c5c41709da9be1f623d228ba35488517e0fea969c66a577dc39efcab35a44500c983f8cec24577c83e91f36862209806e9724719abf05a134e4625837e192192f61ac70188c87e33f05bcb76c8faf18f3b46d0bd771fa42619fe40a0e34f755cb02efce02f293f4c6a0d72b17d26bfa539ff86cd0e1d049d821309b045e41ab264f43d2e13aa49947ac3f5fc78d2280bb9cb8042153520c45598bdf44410697cde81ff8b452f11b1d43494c0013c8f10b75d0691d2ff12f9730d8d6f1540bfb3db3633e838416774c3905c6cb6c7e099563338cc46a6528e6b5939338098d0c8fc45a47c2a86e0b39babc1b2c3adaf0f29091214c4f63981abb36d3b081c8928ba216cb2cbbe21255b8b1ef61f83c4fd05fc4d3871be799abab0e0685c5793693635752a3eb27372f414326f9ffbd1994b39cbecbe9a53c30208d2efdb4ab7714a90d754137f6cc26e5df22dfce377039d61320700a65f9aa98931a64aa1a22d6df62dd06fac54ccbbc69c55d77d309029d59e3f304230553077b4099cb2f7d1ea4f782c5d329e155069ad78f6742a495701a1b341521b2c35db1b3e03e95fa3540b8974c08706cea23479eb7245e12c63c58ca9f9db43229b71e2a33d58cbbff8a5c25f0d4e62a14b6cfc21807c5d043ec5d4fbfcb56fc1e7bc75356846e7c59630d41be025941c668c7240b251d793ee535a041c0e5ff02d04029bba9bc3a9c7d69b5426aff02380f98cfc22976e9fa08d7844ab3badc9bdda6f31ce9826f031245dba46f36e88832ca1fe6f7b3613ab0635131a954f5f5e0f9a80326f879df9f30290dcca00c19570db4268471142c13309f985fbf7c6fbaf4d42e885ac3cc7b56b0da3e19d836cd24466eecfb8832c1660f33ac62a176bb771d2f91c7df91322a36185a70a6ee623df162a34b8e1443268241db845ec5c75ed2c92180720631e03297bbf850c870151e438f5789ae924c9019365ae1fcce3d45c3ae7a1915a60a6bcd23828ae300d235fc9fcfe04be7f72d07c11ece5b4551d41069a2ec2f87bf3e8a64649ea84ddb8ed079152a0911773e95101e9e9b42380b6511cceb615edde9f342ec03324c2c404d74aac7a06ce686e5439a864300e68a23de24b49d5d475b08613b07059194626f8af317c246af0a3619882dae2bc5f2197404433594f836099fa49eb0b20c25d2de27eb0a70c07c787154bab7502abe35ff270cc642ee5d4b7a72052521aa66cc6ad83b23914eeddcb1c7c58344d3aa1bd8139efb9a1409ea6ae391e2c9d2710cdcbb6c833de0e62fbd96b0d77b912bb60e1a503711b877ba4897ab34a4ea2ea0f091ba582962603d0da592e96b9a79b85db23e59117f438aee7316ae66939acda6a78cb67f9a0d7fe028d5825e417bf12c0cee85337acd0021b273c4f61ce13b630e385c3992e343ac2737fc5a01bbcd76634a6ac1b8b347157cf8c1d2d0ef3fc3249327ca196d77b77505ba50665015ca309a51fc82d75bcb7daf4d02d30e81e9ae6890eaad07266f5d4982dcf4eaf6ce075c8acf885d1c8f5b4e86654fc12736fd33286b3549f6ef8eb77ef0ebc7cf9f08b468742602e767738cca401ffce7bcd911159dc73900f6570dd2dc14b7504ec9eb5d796cf34d13aa5ff84d54ba91cf495e4f6efb45b34f60d982dc61e59805568afbb366fea2dfc9a007d52fb7b03722467377a140c779c50766397908b70bc46e25aeda4c9e56d5ec500da1f956b3e5f4ffcf10b2fffd8ff9c21583c33c957648bed0b5a257f0971747c05fb41f3caa1121bbc5cc988480883b23d8d602bbd5047a4c7c3a9f4bfcffb81168554b24f011eca751d1f991f779c70f28a49db9ec3a492225e6910a3258169c8662ffe5aa7c8249299aa87a89c8f4aee6e36834d5cdf04029276b8b0df5975e6bc5540be8006df20e2d6d2b2de680be70b4d2e4125e81f655388cd2e2c0f39b41293c6a56b9114efb0b5681edc69da0da43cb1c61667e5cf8df9a4c0d6caf774e844243668c220c83a30cd531487bbe3f7e3e96027ee33794f4d567ee119b9f0244c3bff050fbcc3fdf6ff79a7100229355b6d733f89961c4eccb397efa2900a045739f46e7ff748cb70e661c592133a7bdd17a42d18f03d90b2dd39f72c3a49690afe7f1f986afb6d56feea16e92d8ec05c2399ce132ea238005203fc52d155279d694762d3decbca93844dee65b428b20a2fd5359235bfaecb07cb895e05a99f64b453692b9d33f95c6b9efb4b65808878f0cc43fb00d1639cc5aee5ebf11801256667d320793337cd392b2fa5f990a394bb75642d216b54532ea13efc961ada077f7873a28ab63dce001e8ad2169fb66f37d04a8b5a42646d6c4313ad960af6c3d7984f2511b641f4ee785803994523542499fe15bba5990325813b7bdbb8f66a52bd93aea18819be4641f5d127756c1e3cc7468d521cf2736e38454c1202f8b128ff85986609ad5e3124751c63dc7f0944d7a94516c67c9caa8b6049685ee498d1ac892308a499c5a8ebd125f259a2e95f662fdbced9e59b5299ea943b290ac3ce4801068d43afaf9da27960e962e0985aaf29bcc18295b000e313ee3fd3be1e488e24328441efaea40768abb642dc68bb18de5636f8597866dd13785060c17c4392df5fb85c9aece4ce3197287e782de2b7ae78e83cdd2b8d0826b1bb7f", 0xe41}], 0x1) [ 684.088763] oom_reaper: reaped process 8097 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 684.123787] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 684.222383] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 684.248227] CPU: 1 PID: 7744 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 684.255141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 684.264516] Call Trace: [ 684.267138] dump_stack+0x172/0x1f0 [ 684.270794] dump_header+0x15e/0x929 [ 684.274537] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 684.279659] ? ___ratelimit+0x60/0x595 [ 684.283565] ? do_raw_spin_unlock+0x57/0x270 [ 684.287994] oom_kill_process.cold+0x10/0x6f5 [ 684.292508] ? task_will_free_mem+0x139/0x6e0 [ 684.297024] out_of_memory+0x936/0x12d0 [ 684.301017] ? oom_killer_disable+0x280/0x280 [ 684.305522] ? find_held_lock+0x35/0x130 [ 684.309613] mem_cgroup_out_of_memory+0x1d2/0x240 [ 684.314468] ? memcg_event_wake+0x230/0x230 01:46:50 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x33}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:50 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3b}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 684.314489] ? do_raw_spin_unlock+0x57/0x270 [ 684.314508] ? _raw_spin_unlock+0x2d/0x50 [ 684.314525] try_charge+0xd25/0x15b0 [ 684.314543] ? find_held_lock+0x35/0x130 [ 684.323284] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 684.323299] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 684.323314] ? find_held_lock+0x35/0x130 [ 684.323328] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 684.323356] memcg_kmem_charge_memcg+0x7c/0x130 [ 684.358730] ? memcg_kmem_put_cache+0xb0/0xb0 [ 684.363253] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 684.368123] memcg_kmem_charge+0x136/0x300 [ 684.372417] __alloc_pages_nodemask+0x3c6/0x760 [ 684.377103] ? __alloc_pages_slowpath+0x2870/0x2870 [ 684.382135] ? find_held_lock+0x35/0x130 [ 684.386205] ? copy_page_range+0x124f/0x1f90 [ 684.390624] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 684.396175] alloc_pages_current+0x107/0x210 [ 684.400605] pte_alloc_one+0x1b/0x1a0 [ 684.404415] __pte_alloc+0x2a/0x360 [ 684.408034] copy_page_range+0x151f/0x1f90 [ 684.412276] ? pmd_alloc+0x180/0x180 [ 684.415995] ? __vma_link_rb+0x279/0x370 [ 684.420059] copy_process.part.0+0x5434/0x7970 [ 684.424648] ? __cleanup_sighand+0x70/0x70 [ 684.428901] _do_fork+0x257/0xfe0 [ 684.432364] ? fork_idle+0x1d0/0x1d0 [ 684.436084] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 684.440840] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 684.445752] ? do_syscall_64+0x26/0x610 [ 684.449718] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 684.455070] ? do_syscall_64+0x26/0x610 [ 684.459124] __x64_sys_clone+0xbf/0x150 [ 684.463091] do_syscall_64+0x103/0x610 [ 684.466971] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 684.472153] RIP: 0033:0x4571fa [ 684.475359] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 684.494364] RSP: 002b:00007fffea33a3f0 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 684.502067] RAX: ffffffffffffffda RBX: 00007fffea33a3f0 RCX: 00000000004571fa [ 684.509327] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 684.516585] RBP: 00007fffea33a430 R08: 0000000000000001 R09: 0000000000f42940 [ 684.523849] R10: 0000000000f42c10 R11: 0000000000000246 R12: 0000000000000001 [ 684.531281] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffea33a480 [ 684.545325] Task in /syz3 killed as a result of limit of /syz3 [ 684.571810] memory: usage 304844kB, limit 307200kB, failcnt 3028 [ 684.586269] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 684.593862] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 684.600329] Memory cgroup stats for /syz3: cache:88KB rss:192352KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:192364KB inactive_file:8KB active_file:0KB unevictable:12KB [ 684.622563] Memory cgroup out of memory: Kill process 24696 (syz-executor.3) score 124 or sacrifice child [ 684.633058] Killed process 24701 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB [ 684.653975] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 684.670899] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 684.676361] CPU: 0 PID: 8398 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 684.683205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 684.692565] Call Trace: [ 684.695195] dump_stack+0x172/0x1f0 [ 684.698846] dump_header+0x15e/0x929 [ 684.702577] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 684.709533] ? ___ratelimit+0x60/0x595 [ 684.713437] ? do_raw_spin_unlock+0x57/0x270 [ 684.717869] oom_kill_process.cold+0x10/0x6f5 01:46:51 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x40000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0xffdffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x82c4, 0x2}, 0x0, 0x0, r1, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000080)=0x1, 0x4) [ 684.722420] ? task_will_free_mem+0x139/0x6e0 [ 684.727022] out_of_memory+0x936/0x12d0 [ 684.731009] ? oom_killer_disable+0x280/0x280 [ 684.735516] ? find_held_lock+0x35/0x130 [ 684.739605] mem_cgroup_out_of_memory+0x1d2/0x240 [ 684.744459] ? memcg_event_wake+0x230/0x230 [ 684.748798] ? do_raw_spin_unlock+0x57/0x270 [ 684.753220] ? _raw_spin_unlock+0x2d/0x50 [ 684.757375] try_charge+0x1028/0x15b0 [ 684.761191] ? find_held_lock+0x35/0x130 [ 684.765273] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 684.770132] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 684.775019] ? find_held_lock+0x35/0x130 [ 684.779075] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 684.783922] memcg_kmem_charge_memcg+0x7c/0x130 [ 684.788655] ? memcg_kmem_put_cache+0xb0/0xb0 [ 684.793288] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 684.798148] memcg_kmem_charge+0x136/0x300 [ 684.813223] __alloc_pages_nodemask+0x3c6/0x760 [ 684.819978] ? __alloc_pages_slowpath+0x2870/0x2870 [ 684.825000] ? find_held_lock+0x35/0x130 [ 684.829078] ? copy_page_range+0x124f/0x1f90 [ 684.833495] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 684.839032] alloc_pages_current+0x107/0x210 [ 684.843447] pte_alloc_one+0x1b/0x1a0 [ 684.847249] __pte_alloc+0x2a/0x360 [ 684.850872] copy_page_range+0x151f/0x1f90 [ 684.855133] ? pmd_alloc+0x180/0x180 [ 684.858849] ? __vma_link_rb+0x279/0x370 [ 684.862904] copy_process.part.0+0x5434/0x7970 [ 684.867495] ? __cleanup_sighand+0x70/0x70 [ 684.871741] _do_fork+0x257/0xfe0 [ 684.875202] ? fork_idle+0x1d0/0x1d0 [ 684.878913] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 684.883662] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 684.888407] ? do_syscall_64+0x26/0x610 [ 684.892374] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 684.897726] ? do_syscall_64+0x26/0x610 [ 684.901802] __x64_sys_clone+0xbf/0x150 [ 684.905769] do_syscall_64+0x103/0x610 [ 684.909656] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 684.914840] RIP: 0033:0x458c29 [ 684.918033] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 684.936929] RSP: 002b:00007f90eb557c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 684.944636] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 684.951926] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 7000000000000000 [ 684.959190] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 684.966917] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f90eb5586d4 [ 684.974281] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 684.996012] Task in /syz4 killed as a result of limit of /syz4 [ 685.006880] memory: usage 307136kB, limit 307200kB, failcnt 1684 [ 685.017931] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 685.025756] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 685.032044] Memory cgroup stats for /syz4: cache:20KB rss:181988KB rss_huge:120832KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:182048KB inactive_file:4KB active_file:0KB unevictable:0KB [ 685.053303] Memory cgroup out of memory: Kill process 24216 (syz-executor.4) score 1113 or sacrifice child [ 685.063345] Killed process 24216 (syz-executor.4) total-vm:72452kB, anon-rss:2188kB, file-rss:35804kB, shmem-rss:0kB [ 685.075494] oom_reaper: reaped process 24216 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 685.089226] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 685.102872] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 685.110387] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 685.118922] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 685.118961] CPU: 1 PID: 7744 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 685.118969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 685.118974] Call Trace: [ 685.118999] dump_stack+0x172/0x1f0 [ 685.119022] dump_header+0x15e/0x929 [ 685.119038] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 685.119057] ? ___ratelimit+0x60/0x595 [ 685.135738] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 685.140591] ? do_raw_spin_unlock+0x57/0x270 [ 685.140614] oom_kill_process.cold+0x10/0x6f5 [ 685.143789] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 685.146814] ? task_will_free_mem+0x139/0x6e0 [ 685.146835] out_of_memory+0x936/0x12d0 [ 685.192885] ? oom_killer_disable+0x280/0x280 [ 685.197399] ? find_held_lock+0x35/0x130 [ 685.201574] mem_cgroup_out_of_memory+0x1d2/0x240 [ 685.206429] ? memcg_event_wake+0x230/0x230 [ 685.210749] ? do_raw_spin_unlock+0x57/0x270 [ 685.210775] ? _raw_spin_unlock+0x2d/0x50 [ 685.210793] try_charge+0x1028/0x15b0 [ 685.210809] ? find_held_lock+0x35/0x130 [ 685.227312] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 685.232167] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 685.237024] ? find_held_lock+0x35/0x130 [ 685.241099] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 685.245961] memcg_kmem_charge_memcg+0x7c/0x130 [ 685.250644] ? memcg_kmem_put_cache+0xb0/0xb0 [ 685.255259] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 685.260121] memcg_kmem_charge+0x136/0x300 [ 685.264494] __alloc_pages_nodemask+0x3c6/0x760 [ 685.269172] ? __alloc_pages_slowpath+0x2870/0x2870 [ 685.274196] ? save_stack+0xa9/0xd0 [ 685.277832] ? kmem_cache_alloc+0x12e/0x700 [ 685.282165] ? vm_area_dup+0x21/0x170 [ 685.285971] ? copy_process.part.0+0x33fe/0x7970 [ 685.285983] ? _do_fork+0x257/0xfe0 [ 685.285999] ? __x64_sys_clone+0xbf/0x150 [ 685.298512] ? do_syscall_64+0x103/0x610 [ 685.298535] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 685.308216] alloc_pages_current+0x107/0x210 [ 685.312645] get_zeroed_page+0x14/0x50 [ 685.316541] __pud_alloc+0x3b/0x250 [ 685.320179] pud_alloc+0xde/0x150 [ 685.323648] copy_page_range+0x37a/0x1f90 [ 685.327817] ? copy_process.part.0+0x30ee/0x7970 [ 685.332587] ? vma_compute_subtree_gap+0x158/0x230 [ 685.337540] ? vma_gap_callbacks_rotate+0x62/0x80 [ 685.341663] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 685.342394] ? pmd_alloc+0x180/0x180 [ 685.342413] ? __vma_link_rb+0x279/0x370 [ 685.342436] copy_process.part.0+0x5434/0x7970 [ 685.342472] ? __cleanup_sighand+0x70/0x70 [ 685.358464] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 685.362356] _do_fork+0x257/0xfe0 [ 685.362377] ? fork_idle+0x1d0/0x1d0 [ 685.362403] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 685.362420] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 685.379619] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 685.387119] ? do_syscall_64+0x26/0x610 [ 685.387140] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 685.387151] ? do_syscall_64+0x26/0x610 [ 685.387173] __x64_sys_clone+0xbf/0x150 [ 685.401036] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 685.403361] do_syscall_64+0x103/0x610 [ 685.403386] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 685.403399] RIP: 0033:0x4571fa [ 685.403423] Code: f7 d8 64 89 04 25 d4 02 00 00 64 4c 8b 0c 25 10 00 00 00 31 d2 4d 8d 91 d0 02 00 00 31 f6 bf 11 00 20 01 b8 38 00 00 00 0f 05 <48> 3d 00 f0 ff ff 0f 87 f5 00 00 00 85 c0 41 89 c5 0f 85 fc 00 00 [ 685.416727] RSP: 002b:00007fffea33a3f0 EFLAGS: 00000246 [ 685.438806] ORIG_RAX: 0000000000000038 [ 685.438816] RAX: ffffffffffffffda RBX: 00007fffea33a3f0 RCX: 00000000004571fa 01:46:51 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x7003000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:51 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000580)={'nr0\x01\x00', 0x1000000802}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x300) r1 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000001c0)='nr0\x01\x00`\x00\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb96\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\x97\x80\xe9\xa1S\f\xc7?\xa6\x95I\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~\xff\xff\x00\x00#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xd5\x1b\xca\xa9\xc7[\xa2\xef\xacM\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xb4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\x04R\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xafh_\x9c\x91\xc1q_|L\x11\x03\x94\xc0\t=\x17\x95P\xd7\xcdH\x1c8^ARL\x9b\x1f\xf6P\rSj\x95\xd9o\x03\xd4\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x13\x82Rk\x9cAz\xab\rT\xadLO\f\x17Y\x1dg\x10\xe3LL\x1fC\xfa\xd9\xb0\xfb\xb4\xf3[\xdf\xd0\xd6\x82\xf6~0\xb8\xf4\xb0X\xfew\xbdY\n\xd6\x105\x9c\xb7\xe5F\xc1:9\xb8\xc2\x85\b\xfd\x92\xb0k\x93\xd7\xc40J\xc2\xf0=p\xd6\xe3\xe4W:\xd2\xf6\xfc\x83\xb1\xcb\xd1K\xb9(\"9(~\xf4\xf4\x94`\xe8\xa61\x12\x91 \xd7\x92\xc0\xd0s\xa9\xe4\x18:\x97e\xa7\x1f\xbfD\x1e\x903V#\x10\x90_\xf7\xd3=M\x80cCn=\xf2\xe1u\x83=\'\xa4\xa1V\xe47y}\xd9\xf1\xa7p\xea\x86W\xd1\x00'/591) 01:46:51 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3c}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:51 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, 0x0, 0x0) 01:46:51 executing program 5: unshare(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000140)=0xb, 0x4) sendmmsg(r0, &(0x7f0000000b40)=[{{&(0x7f0000000000)=@caif=@rfm={0x25, 0x4, "cd63ac6de8bd3c404654eaf9280cc6d3"}, 0x80, 0x0}}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0) 01:46:51 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf0}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:52 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x300}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:52 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x8000000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 685.438824] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001200011 [ 685.438836] RBP: 00007fffea33a430 R08: 0000000000000001 R09: 0000000000f42940 [ 685.489075] R10: 0000000000f42c10 R11: 0000000000000246 R12: 0000000000000001 [ 685.496466] R13: 0000000000000000 R14: 0000000000000000 R15: 00007fffea33a480 [ 685.518638] Task in /syz3 killed as a result of limit of /syz3 [ 685.531696] memory: usage 307184kB, limit 307200kB, failcnt 3087 [ 685.554302] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 01:46:52 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x500}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:52 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 01:46:52 executing program 5: unshare(0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x14, &(0x7f0000000140)=0xb, 0x4) sendmmsg(r0, &(0x7f0000000b40)=[{{&(0x7f0000000000)=@caif=@rfm={0x25, 0x4, "cd63ac6de8bd3c404654eaf9280cc6d3"}, 0x80, 0x0}}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 685.582434] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 685.596876] Memory cgroup stats for /syz3: cache:88KB rss:194436KB rss_huge:145408KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:194552KB inactive_file:4KB active_file:4KB unevictable:12KB [ 685.728038] Memory cgroup out of memory: Kill process 8442 (syz-executor.3) score 124 or sacrifice child [ 685.771609] Killed process 8442 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:35812kB, shmem-rss:0kB [ 685.977586] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 685.997491] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 686.003678] CPU: 1 PID: 8494 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 686.010540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 686.019910] Call Trace: [ 686.022527] dump_stack+0x172/0x1f0 [ 686.026178] dump_header+0x15e/0x929 [ 686.029916] ? oom_kill_process+0x136/0x150 [ 686.034263] oom_kill_process.cold+0x10/0x6f5 [ 686.038753] ? task_will_free_mem+0x139/0x6e0 [ 686.043242] ? find_held_lock+0x35/0x130 [ 686.047295] out_of_memory+0x936/0x12d0 [ 686.051272] ? lock_downgrade+0x810/0x810 [ 686.055412] ? oom_killer_disable+0x280/0x280 [ 686.059894] ? find_held_lock+0x35/0x130 [ 686.063949] mem_cgroup_out_of_memory+0x1d2/0x240 [ 686.068777] ? memcg_event_wake+0x230/0x230 [ 686.073089] ? do_raw_spin_unlock+0x57/0x270 [ 686.077574] ? _raw_spin_unlock+0x2d/0x50 [ 686.081725] try_charge+0x1028/0x15b0 [ 686.085698] ? find_held_lock+0x35/0x130 [ 686.089754] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 686.094851] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 686.099681] ? find_held_lock+0x35/0x130 [ 686.103737] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 686.108660] memcg_kmem_charge_memcg+0x7c/0x130 [ 686.113322] ? memcg_kmem_put_cache+0xb0/0xb0 [ 686.117805] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 686.122640] memcg_kmem_charge+0x136/0x300 [ 686.126882] __alloc_pages_nodemask+0x3c6/0x760 [ 686.131572] ? __alloc_pages_slowpath+0x2870/0x2870 [ 686.136603] copy_process.part.0+0x3e0/0x7970 [ 686.141091] ? mark_held_locks+0x100/0x100 [ 686.145331] ? __might_fault+0x12b/0x1e0 [ 686.149384] ? __cleanup_sighand+0x70/0x70 [ 686.153604] ? lock_downgrade+0x810/0x810 [ 686.157744] _do_fork+0x257/0xfe0 [ 686.161361] ? fork_idle+0x1d0/0x1d0 [ 686.165088] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 686.169852] ? retint_kernel+0x2d/0x2d [ 686.173755] __x64_sys_clone+0xbf/0x150 [ 686.177737] ? __x64_sys_clone+0x1/0x150 [ 686.181786] do_syscall_64+0x103/0x610 [ 686.185663] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 686.190844] RIP: 0033:0x458c29 [ 686.194024] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 686.213269] RSP: 002b:00007f546898bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 686.220969] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 686.228222] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000802102001ffc [ 686.235476] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 686.242734] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546898c6d4 [ 686.249998] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 686.266133] Task in /syz3 killed as a result of limit of /syz3 [ 686.273084] memory: usage 307192kB, limit 307200kB, failcnt 3136 [ 686.279809] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 686.288148] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 686.294986] Memory cgroup stats for /syz3: cache:88KB rss:194436KB rss_huge:145408KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:194588KB inactive_file:4KB active_file:0KB unevictable:12KB [ 686.316839] Memory cgroup out of memory: Kill process 24696 (syz-executor.3) score 124 or sacrifice child [ 686.327049] Killed process 24696 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:35800kB, shmem-rss:0kB [ 686.353370] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 686.366334] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 686.375405] CPU: 1 PID: 8493 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 686.382250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 686.391620] Call Trace: [ 686.394248] dump_stack+0x172/0x1f0 [ 686.397891] dump_header+0x15e/0x929 [ 686.401608] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 686.406729] ? ___ratelimit+0x60/0x595 [ 686.410617] ? do_raw_spin_unlock+0x57/0x270 [ 686.415032] oom_kill_process.cold+0x10/0x6f5 [ 686.419529] ? task_will_free_mem+0x139/0x6e0 [ 686.424033] out_of_memory+0x936/0x12d0 [ 686.428010] ? oom_killer_disable+0x280/0x280 [ 686.432498] ? find_held_lock+0x35/0x130 [ 686.436616] mem_cgroup_out_of_memory+0x1d2/0x240 [ 686.441494] ? memcg_event_wake+0x230/0x230 [ 686.445825] ? do_raw_spin_unlock+0x57/0x270 [ 686.450339] ? _raw_spin_unlock+0x2d/0x50 [ 686.454744] try_charge+0xd25/0x15b0 [ 686.458450] ? find_held_lock+0x35/0x130 [ 686.462507] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 686.467376] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 686.479961] ? find_held_lock+0x35/0x130 [ 686.485457] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 686.490302] memcg_kmem_charge_memcg+0x7c/0x130 [ 686.494958] ? memcg_kmem_put_cache+0xb0/0xb0 [ 686.499446] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 686.504387] memcg_kmem_charge+0x136/0x300 [ 686.508617] __alloc_pages_nodemask+0x3c6/0x760 [ 686.513281] ? __alloc_pages_slowpath+0x2870/0x2870 [ 686.518728] ? lockdep_hardirqs_on+0x415/0x5d0 [ 686.523302] ? trace_hardirqs_on+0x67/0x230 [ 686.527615] ? kasan_check_read+0x11/0x20 [ 686.531759] copy_process.part.0+0x3e0/0x7970 [ 686.536250] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 686.541343] ? delayacct_end+0x5c/0x100 [ 686.545324] ? __delayacct_freepages_end+0xe0/0x140 [ 686.550342] ? __lock_acquire+0x6eb/0x48f0 [ 686.554593] ? __cleanup_sighand+0x70/0x70 [ 686.558849] ? mark_held_locks+0x100/0x100 [ 686.563085] _do_fork+0x257/0xfe0 [ 686.566531] ? fork_idle+0x1d0/0x1d0 [ 686.570239] ? blkcg_print_stat+0xb90/0xb90 [ 686.574573] ? kasan_check_read+0x11/0x20 [ 686.578722] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 686.583478] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 686.588239] ? do_syscall_64+0x26/0x610 [ 686.592207] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 686.597564] ? do_syscall_64+0x26/0x610 [ 686.601620] __x64_sys_clone+0xbf/0x150 [ 686.605596] do_syscall_64+0x103/0x610 [ 686.609479] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 686.614673] RIP: 0033:0x45b5f9 [ 686.617856] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 686.636754] RSP: 002b:00007fffea33a168 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 686.644478] RAX: ffffffffffffffda RBX: 00007f546896b700 RCX: 000000000045b5f9 [ 686.651789] RDX: 00007f546896b9d0 RSI: 00007f546896adb0 RDI: 00000000003d0f00 [ 686.659070] RBP: 00007fffea33a370 R08: 00007f546896b700 R09: 00007f546896b700 [ 686.666332] R10: 00007f546896b9d0 R11: 0000000000000202 R12: 0000000000000000 [ 686.673609] R13: 00007fffea33a21f R14: 00007f546896b9c0 R15: 000000000073bfac [ 686.682484] Task in /syz3 killed as a result of limit of /syz3 [ 686.688518] memory: usage 304880kB, limit 307200kB, failcnt 3136 [ 686.694761] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 686.701597] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 686.707767] Memory cgroup stats for /syz3: cache:88KB rss:192352KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:192440KB inactive_file:4KB active_file:0KB unevictable:12KB [ 686.728796] Memory cgroup out of memory: Kill process 24935 (syz-executor.3) score 124 or sacrifice child [ 686.738652] Killed process 24935 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:35800kB, shmem-rss:0kB [ 686.751303] oom_reaper: reaped process 24935 (syz-executor.3), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 01:46:53 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r2 = syz_open_dev$video(0x0, 0x3, 0x0) ioctl$GIO_UNISCRNMAP(r2, 0x4b69, &(0x7f0000000440)=""/235) r3 = creat(&(0x7f0000000540)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r4 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) ioctl$TUNSETPERSIST(r1, 0x400454cb, 0x0) ioctl$PPPIOCSPASS(r3, 0x40107447, &(0x7f0000000140)={0x8, &(0x7f0000000100)=[{0x8000, 0x200, 0x6, 0x8}, {0xffffffffffffffff, 0x6, 0x2, 0x100}, {0x2, 0xfc2a, 0x8000, 0x8}, {0x6, 0x5, 0x3ff, 0x4}, {0x5f, 0x5, 0x1, 0x2}, {0x5, 0x0, 0x7fff, 0x1000}, {0x0, 0x81, 0x6, 0x4}, {0x1c8e, 0x8001, 0x7, 0x5}]}) socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$VIDIOC_QUERYCTRL(r3, 0xc0445624, &(0x7f00000003c0)={0x4, 0x102, "50c3fc9f688ab44a1c8ca670f822a4d53c8624e9f719080ef488c31e152fa843", 0x3, 0xffffffffffffff58, 0xffffffffffffffe1, 0x400, 0x208}) connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) ioctl$KVM_GET_MSR_INDEX_LIST(r0, 0xc004ae02, &(0x7f0000000280)=ANY=[@ANYBLOB="0300"/16]) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r4, 0x800448d3, &(0x7f00000002c0)={{0x101, 0x4, 0xcad, 0x10040000, 0xfffffffffffffff7, 0x7e00000000}, 0x269, 0x9, 0x98d3, 0x1, 0xd5d, "7f5169bf8d9bf27b5d7d69a9835616bc290355211db8c7c7180faeab3e8e9655086b935ed7be5f31211d3ef89ec792943577dd29170711b9d70b61d02d6263508f5d66959df355245de5af2b670ebd141c63915890d2d166863f276bc90e4cc71134204d3cbeae97279021b699670330c1da7ab7ebd454f4e6728554e65e3111"}) accept4$netrom(r3, &(0x7f00000001c0)={{0x3, @null}, [@remote, @rose, @null, @remote, @null, @null, @remote, @bcast]}, &(0x7f0000000240)=0x48, 0x80800) 01:46:53 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) 01:46:53 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x8800000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:53 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x543}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:53 executing program 0: r0 = socket(0xa, 0x2400000001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000034000)={0x20000000, {{0xa, 0x0, 0x0, @mcast2}}}, 0x88) getsockopt$inet6_buf(r0, 0x29, 0x10000000000030, &(0x7f0000034000)=""/144, &(0x7f0000e5f000)=0x90) 01:46:53 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0xe, 0x0, &(0x7f0000000380)="263abd030e981f000000106688a8", 0x0, 0x1200}, 0x28) dup2(r0, 0xffffffffffffffff) 01:46:53 executing program 0: r0 = socket$inet(0x2, 0x3, 0x2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000740), 0x8c) 01:46:53 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) [ 686.986840] netlink: 'syz-executor.4': attribute type 29 has an invalid length. 01:46:53 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f00001fefe4)={0xa, 0x4e22}, 0x1c) listen(r1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x20000001, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) close(r1) recvmmsg(r0, &(0x7f0000008d80)=[{{&(0x7f0000004b80)=@nl, 0x80, &(0x7f0000006100), 0x0, &(0x7f0000006140)=""/105, 0x69}}], 0x8000000000003bf, 0x0, 0x0) 01:46:53 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x600}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 687.049594] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 687.099764] FS-Cache: Duplicate cookie detected [ 687.104926] FS-Cache: O-cookie c=00000000f63a8627 [p=000000004114b303 fl=222 nc=0 na=1] [ 687.113380] FS-Cache: O-cookie d=00000000656b88e0 n=000000007f8eeaff [ 687.120035] FS-Cache: O-key=[10] '02000200000002000000' [ 687.126416] FS-Cache: N-cookie c=00000000bf9f28a4 [p=000000004114b303 fl=2 nc=0 na=1] [ 687.134658] FS-Cache: N-cookie d=00000000656b88e0 n=00000000e04e9e14 [ 687.141387] FS-Cache: N-key=[10] '02000200000002000000' [ 687.163341] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 687.213027] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 01:46:53 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x608}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 687.262403] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 01:46:53 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x9400000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:54 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r1, 0x84, 0x1a, &(0x7f00000001c0)={0x0, 0xf9, "9b961a212ab79b6c1f689adf10e3f7acce1711cfbbe63e45454161aba46d53d2692142ae5b23f3109f90f0082b83fd824230fc14122a15b7121add1f6ff882da1019a30274a3bf7309167c1022b9aa5c38fe3e2e0b258ead13e7c939c13937883e8031bc6a61f81a3a9939fb0caed5fcb0ccf4791a448fa72b8501ff7507d34d5548ba73352330c1da8b186a36ae925abdfd5ac40d5e892a3151ae38ca8b096d16953b6ba0ed2106df79af2891edd8d6b4ac80364a6b73c5f915c01f49ddb9bb5a1a05985dd6d5c0bba88c07c927a1532aa7d97205dc946365929318ebc4313c5a791e492497cce27d9aa8797af54f346011a242831fc12581"}, &(0x7f0000000080)=0x101) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(r1, 0x84, 0x1b, &(0x7f0000000100)={r2, 0x4, "22c28b95"}, &(0x7f0000000140)=0xc) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:54 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)}, 0x0) 01:46:54 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0xe, 0x0, &(0x7f0000000380)="263abd030e981f000000106688a8", 0x0, 0x1200}, 0x28) dup2(r0, 0xffffffffffffffff) [ 687.433271] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 01:46:54 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x689}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:54 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000180)='net/ip6_tables_matches\x00') readv(r0, &(0x7f0000002340)=[{&(0x7f00000001c0)=""/4096, 0x141b}], 0x1) readv(r0, &(0x7f0000000580), 0x3c1) 01:46:54 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x700}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:54 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) madvise(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) ioctl$PPPIOCGNPMODE(r1, 0xc008744c, &(0x7f0000000080)={0x2b, 0x1}) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:54 executing program 0: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x5, 0x42, 0x400000000007e, 0x2}, 0x2c) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r0, 0x0, 0x0}, 0x18) [ 687.677943] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 01:46:54 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) statfs(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)=""/224) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:54 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r1, 0x0, 0xe, 0x0, &(0x7f0000000380)="263abd030e981f000000106688a8", 0x0, 0x1200}, 0x28) dup2(r0, 0xffffffffffffffff) [ 687.771051] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 687.816010] CPU: 0 PID: 8551 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 687.822912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 687.832283] Call Trace: [ 687.834905] dump_stack+0x172/0x1f0 [ 687.838566] dump_header+0x15e/0x929 [ 687.842300] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 687.847423] ? ___ratelimit+0x60/0x595 [ 687.851320] ? do_raw_spin_unlock+0x57/0x270 [ 687.855755] oom_kill_process.cold+0x10/0x6f5 [ 687.860271] ? task_will_free_mem+0x139/0x6e0 [ 687.864792] out_of_memory+0x936/0x12d0 [ 687.868786] ? lock_downgrade+0x810/0x810 [ 687.872955] ? oom_killer_disable+0x280/0x280 [ 687.877454] ? find_held_lock+0x35/0x130 [ 687.881527] mem_cgroup_out_of_memory+0x1d2/0x240 [ 687.886393] ? memcg_event_wake+0x230/0x230 [ 687.890731] ? do_raw_spin_unlock+0x57/0x270 [ 687.895146] ? _raw_spin_unlock+0x2d/0x50 [ 687.899303] try_charge+0x1028/0x15b0 [ 687.903114] ? find_held_lock+0x35/0x130 [ 687.907195] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 687.912047] ? kasan_check_read+0x11/0x20 01:46:54 executing program 0: mlock2(&(0x7f00007e0000/0x1000)=nil, 0x1000, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) [ 687.916203] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 687.921060] mem_cgroup_try_charge+0x24d/0x5e0 [ 687.925670] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 687.930607] wp_page_copy+0x430/0x16a0 [ 687.934617] ? follow_pfn+0x2a0/0x2a0 [ 687.938451] ? kasan_check_read+0x11/0x20 [ 687.942611] ? do_raw_spin_unlock+0x57/0x270 [ 687.947037] do_wp_page+0x57d/0x10b0 [ 687.950864] ? lock_acquire+0x16f/0x3f0 [ 687.954847] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 687.959507] ? kasan_check_write+0x14/0x20 [ 687.963748] ? do_raw_spin_lock+0xc8/0x240 [ 687.968002] __handle_mm_fault+0x230a/0x3f80 [ 687.972415] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 687.977251] ? find_held_lock+0x35/0x130 [ 687.981311] ? handle_mm_fault+0x322/0xb30 [ 687.985581] ? kasan_check_read+0x11/0x20 [ 687.989740] handle_mm_fault+0x43f/0xb30 [ 687.993801] __do_page_fault+0x62a/0xe90 [ 687.997920] ? vmalloc_fault+0x770/0x770 [ 688.001995] ? trace_hardirqs_off_caller+0x65/0x220 [ 688.007054] ? trace_hardirqs_on_caller+0x6a/0x220 [ 688.011988] ? page_fault+0x8/0x30 [ 688.015541] do_page_fault+0x71/0x581 [ 688.019470] ? page_fault+0x8/0x30 [ 688.023111] page_fault+0x1e/0x30 [ 688.026577] RIP: 0033:0x400590 [ 688.029857] Code: 06 e9 49 01 00 00 48 8b 44 24 10 48 0b 44 24 28 75 1f 48 8b 14 24 48 8b 7c 24 20 be 04 00 00 00 e8 75 52 00 00 48 8b 74 24 08 <89> 06 e9 1e 01 00 00 48 8b 44 24 08 48 8b 14 24 be 04 00 00 00 8b [ 688.048768] RSP: 002b:00007ffc0bec0190 EFLAGS: 00010206 [ 688.054135] RAX: 0000000000000001 RBX: 0000000000740468 RCX: 0000000000000000 [ 688.061641] RDX: 0000000000000000 RSI: 000000002001d000 RDI: 0000000000000001 [ 688.068922] RBP: 0000000000740470 R08: 0000000000000000 R09: 0000000000000000 [ 688.076205] R10: 00007ffc0bec0290 R11: 0000000000000246 R12: fffffffffffffffe [ 688.083491] R13: 00000000000a7e11 R14: 00000000000a7e3e R15: 000000000073bf0c [ 688.093997] Task in /syz4 killed as a result of limit of /syz4 [ 688.100038] memory: usage 307200kB, limit 307200kB, failcnt 1720 [ 688.106289] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 688.106298] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 688.106305] Memory cgroup stats for /syz4: cache:20KB rss:180744KB rss_huge:118784KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:180748KB inactive_file:4KB active_file:0KB unevictable:0KB [ 688.213438] Memory cgroup out of memory: Kill process 24227 (syz-executor.4) score 1113 or sacrifice child [ 688.239255] Killed process 24227 (syz-executor.4) total-vm:72452kB, anon-rss:2188kB, file-rss:35804kB, shmem-rss:0kB [ 688.292389] oom_reaper: reaped process 24227 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 688.369017] syz-executor.1 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 688.396856] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 688.415510] CPU: 0 PID: 8561 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 688.422405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 688.431890] Call Trace: [ 688.434524] dump_stack+0x172/0x1f0 [ 688.438187] dump_header+0x15e/0x929 [ 688.441942] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 688.447071] ? ___ratelimit+0x60/0x595 [ 688.450979] ? do_raw_spin_unlock+0x57/0x270 [ 688.455406] oom_kill_process.cold+0x10/0x6f5 [ 688.461214] ? task_will_free_mem+0x139/0x6e0 [ 688.465735] out_of_memory+0x936/0x12d0 [ 688.469731] ? oom_killer_disable+0x280/0x280 [ 688.474244] ? find_held_lock+0x35/0x130 [ 688.478334] mem_cgroup_out_of_memory+0x1d2/0x240 [ 688.488051] ? memcg_event_wake+0x230/0x230 [ 688.492506] ? do_raw_spin_unlock+0x57/0x270 [ 688.496936] ? _raw_spin_unlock+0x2d/0x50 [ 688.501107] try_charge+0x1028/0x15b0 [ 688.504937] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 688.509797] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 688.514675] ? find_held_lock+0x35/0x130 [ 688.518755] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 688.523635] memcg_kmem_charge_memcg+0x7c/0x130 [ 688.528326] ? memcg_kmem_put_cache+0xb0/0xb0 [ 688.532854] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 688.537721] memcg_kmem_charge+0x136/0x300 [ 688.541984] __alloc_pages_nodemask+0x3c6/0x760 [ 688.546944] ? __alloc_pages_slowpath+0x2870/0x2870 [ 688.551998] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 688.557655] alloc_pages_current+0x107/0x210 [ 688.562084] pte_alloc_one+0x1b/0x1a0 [ 688.565900] __pte_alloc+0x2a/0x360 01:46:55 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xac03000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:55 executing program 0: getpgid(0x0) rt_sigprocmask(0x0, &(0x7f00000000c0)={0xfffffffffffffff6}, 0x0, 0x8) r0 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x7, 0x20000000004, @tid=r0}, &(0x7f0000001400)) timer_settime(0x0, 0x10003, &(0x7f000004a000)={{0x0, 0x1}, {0x7, 0xe4c}}, 0x0) rt_sigreturn() [ 688.569538] copy_page_range+0x151f/0x1f90 [ 688.573798] ? vma_compute_subtree_gap+0x158/0x230 [ 688.578768] ? vma_gap_callbacks_rotate+0x62/0x80 [ 688.583623] ? pmd_alloc+0x180/0x180 [ 688.587362] ? __vma_link_rb+0x279/0x370 [ 688.591459] copy_process.part.0+0x5434/0x7970 [ 688.596112] ? __cleanup_sighand+0x70/0x70 [ 688.600403] _do_fork+0x257/0xfe0 [ 688.603894] ? fork_idle+0x1d0/0x1d0 [ 688.607710] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 688.612504] ? retint_kernel+0x2d/0x2d [ 688.616433] __x64_sys_clone+0xbf/0x150 [ 688.620432] ? do_syscall_64+0x5b/0x610 [ 688.624421] do_syscall_64+0x103/0x610 [ 688.628337] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 688.633542] RIP: 0033:0x458c29 [ 688.636754] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 688.655678] RSP: 002b:00007f66b1fafc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 688.663411] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 688.670689] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 688.677966] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 688.685235] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f66b1fb06d4 [ 688.692627] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 688.702539] Task in /syz1 killed as a result of limit of /syz1 [ 688.709027] memory: usage 307200kB, limit 307200kB, failcnt 1436 [ 688.717231] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 688.724586] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 688.731688] Memory cgroup stats for /syz1: cache:64KB rss:177100KB rss_huge:114688KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:177284KB inactive_file:4KB active_file:0KB unevictable:0KB [ 688.755589] Memory cgroup out of memory: Kill process 30031 (syz-executor.1) score 1113 or sacrifice child [ 688.766605] Killed process 30031 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:35804kB, shmem-rss:0kB 01:46:55 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x83, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) splice(r2, &(0x7f0000000080), r0, &(0x7f0000000100), 0x400, 0x8) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:55 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x806}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:55 executing program 5: mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00000, 0x1, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @dev}, 0x10) r1 = socket$inet6(0xa, 0x2, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000002c0)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) perf_event_open(&(0x7f0000000180)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r2, 0x0, 0x48b, &(0x7f0000000000)={0x2, 'bond0\x00'}, 0x18) getsockopt$IP6T_SO_GET_REVISION_MATCH(r1, 0x29, 0x44, &(0x7f0000000300)={'NETMAP\x00'}, 0x0) ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80046601, 0x0) r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000240)='memory.swap.max\x00', 0x2, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000100), &(0x7f0000000140)=0x8) times(&(0x7f0000000200)) socket(0x1e, 0x4, 0x0) sync() recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0xffc99a3b, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000001e000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000040)="660f3a177c564b0f019a27dbbaa000ec66b9800000c00f326635000400000f30360f01dfba6100b81bffef66b9910300000f3236876a0066b9800000c00f326635002000000f30f226260f01df", 0x4d}], 0x1, 0x0, 0x0, 0x0) sendfile(r3, r3, 0x0, 0x8) prctl$PR_GET_FP_MODE(0x2e) clone(0x102001ffc, 0x0, 0xfffffffffffffffe, &(0x7f0000000280), 0xffffffffffffffff) setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f00000001c0)=@broute={'broute\x00', 0x20, 0x1, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20000540], 0x0, &(0x7f0000000000), &(0x7f0000000540)=ANY=[@ANYBLOB]}, 0x78) get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000377000/0x1000)=nil, 0x0) 01:46:55 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)}, 0x0) 01:46:55 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000005500)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f00003b9fdc)) ioctl$TIOCPKT(r0, 0x5420, &(0x7f0000000380)=0x80800008) read(r0, &(0x7f0000000040)=""/11, 0x158) r1 = syz_open_pts(r0, 0x0) read(r0, 0x0, 0x0) ioctl$TCXONC(r1, 0x540a, 0x0) 01:46:55 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xbc03000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:55 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xc00}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 688.971978] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 0, id = 0 01:46:55 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) ioctl$RNDCLEARPOOL(r1, 0x5206, &(0x7f0000000080)=0x1f) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:55 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") clone(0x1000000010027fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x38) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x0, 0x16}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x18, r1, 0x0, 0x0) 01:46:55 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)}, 0x0) [ 689.215400] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 689.245328] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 689.254899] netlink: 'syz-executor.4': attribute type 29 has an invalid length. 01:46:55 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xd00}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 689.265952] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 01:46:56 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe80}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:56 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x2000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:56 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xbd01000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:56 executing program 5: unshare(0x100000040600) unshare(0x4000400) 01:46:56 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2800}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 689.682068] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 689.747525] syz-executor.3 cpuset=syz3 mems_allowed=0-1 01:46:56 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) [ 689.791560] CPU: 0 PID: 8665 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 689.798464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 689.807832] Call Trace: [ 689.810445] dump_stack+0x172/0x1f0 [ 689.814097] dump_header+0x15e/0x929 [ 689.817826] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 689.822943] ? ___ratelimit+0x60/0x595 [ 689.826843] ? do_raw_spin_unlock+0x57/0x270 [ 689.831271] oom_kill_process.cold+0x10/0x6f5 [ 689.835785] out_of_memory+0x936/0x12d0 [ 689.839773] ? retint_kernel+0x2d/0x2d [ 689.843671] ? oom_killer_disable+0x280/0x280 [ 689.843701] mem_cgroup_out_of_memory+0x1d2/0x240 [ 689.853014] ? memcg_event_wake+0x230/0x230 [ 689.853036] ? do_raw_spin_unlock+0x57/0x270 [ 689.853054] ? _raw_spin_unlock+0x2d/0x50 [ 689.853071] try_charge+0x1028/0x15b0 [ 689.853086] ? find_held_lock+0x35/0x130 [ 689.853114] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 689.878653] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 689.883522] ? find_held_lock+0x35/0x130 [ 689.887603] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 689.892484] memcg_kmem_charge_memcg+0x7c/0x130 [ 689.897173] ? memcg_kmem_put_cache+0xb0/0xb0 [ 689.901689] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 689.906559] memcg_kmem_charge+0x136/0x300 [ 689.910913] __alloc_pages_nodemask+0x3c6/0x760 [ 689.915600] ? __alloc_pages_slowpath+0x2870/0x2870 [ 689.920635] ? retint_kernel+0x2d/0x2d [ 689.924541] ? copy_process.part.0+0x1cfe/0x7970 [ 689.929317] copy_process.part.0+0x3e0/0x7970 [ 689.933838] ? mark_held_locks+0x100/0x100 [ 689.938092] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 689.942860] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 689.947629] ? lockdep_hardirqs_on+0x415/0x5d0 [ 689.952224] ? retint_kernel+0x2d/0x2d [ 689.956138] ? __cleanup_sighand+0x70/0x70 [ 689.960397] ? retint_kernel+0x2d/0x2d [ 689.964317] _do_fork+0x257/0xfe0 [ 689.967800] ? fork_idle+0x1d0/0x1d0 [ 689.971540] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 689.976304] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 689.981064] ? do_syscall_64+0x26/0x610 [ 689.985073] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 689.990466] ? do_syscall_64+0x26/0x610 [ 689.994567] __x64_sys_clone+0xbf/0x150 [ 689.998561] do_syscall_64+0x103/0x610 [ 690.002466] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 690.007673] RIP: 0033:0x458c29 [ 690.010882] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 690.029888] RSP: 002b:00007f546898bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 01:46:56 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2900}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:56 executing program 5: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x5, 0x42, 0x400000000007e, 0x2}, 0x2c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r0, &(0x7f0000000180), 0x0}, 0x20) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000140)={r0, &(0x7f0000000100)="dede24087c0ab8955304577497e144bce2dd8ef292ead06bda2b4df2d4f905cff17692fbef024548ae70685425919f0a8d8da915bd", 0x0}, 0x18) [ 690.037628] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 690.044915] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000802102001ffc [ 690.052215] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 690.052224] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546898c6d4 [ 690.052232] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 690.123837] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 690.131844] Task in /syz3 killed as a result of limit of /syz3 [ 690.143686] memory: usage 307200kB, limit 307200kB, failcnt 3190 [ 690.151385] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 690.178848] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 690.191234] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 690.205700] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 690.219537] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 01:46:56 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) [ 690.223751] Memory cgroup stats for /syz3: cache:88KB rss:193304KB rss_huge:143360KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:193336KB inactive_file:0KB active_file:0KB unevictable:12KB [ 690.311728] Memory cgroup out of memory: Kill process 8532 (syz-executor.3) score 124 or sacrifice child [ 690.390363] Killed process 8532 (syz-executor.3) total-vm:72584kB, anon-rss:2216kB, file-rss:35800kB, shmem-rss:0kB [ 690.496357] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 690.513641] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 690.519380] CPU: 0 PID: 8664 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 690.526244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 690.535605] Call Trace: [ 690.538215] dump_stack+0x172/0x1f0 [ 690.541865] dump_header+0x15e/0x929 [ 690.545595] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 690.550715] ? ___ratelimit+0x60/0x595 [ 690.554611] ? do_raw_spin_unlock+0x57/0x270 [ 690.559032] oom_kill_process.cold+0x10/0x6f5 [ 690.563525] ? task_will_free_mem+0x139/0x6e0 [ 690.568028] out_of_memory+0x936/0x12d0 [ 690.572020] ? oom_killer_disable+0x280/0x280 [ 690.576527] ? find_held_lock+0x35/0x130 [ 690.580595] mem_cgroup_out_of_memory+0x1d2/0x240 [ 690.585436] ? memcg_event_wake+0x230/0x230 [ 690.589771] ? do_raw_spin_unlock+0x57/0x270 [ 690.594187] ? _raw_spin_unlock+0x2d/0x50 [ 690.598336] try_charge+0xd25/0x15b0 [ 690.602056] ? find_held_lock+0x35/0x130 [ 690.606127] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 690.610972] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 690.615811] ? find_held_lock+0x35/0x130 [ 690.619866] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 690.624710] memcg_kmem_charge_memcg+0x7c/0x130 [ 690.629374] ? memcg_kmem_put_cache+0xb0/0xb0 [ 690.633880] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 690.638739] memcg_kmem_charge+0x136/0x300 [ 690.642972] __alloc_pages_nodemask+0x3c6/0x760 [ 690.647634] ? __alloc_pages_slowpath+0x2870/0x2870 [ 690.652654] ? lockdep_hardirqs_on+0x415/0x5d0 [ 690.657242] ? trace_hardirqs_on+0x67/0x230 [ 690.661564] copy_process.part.0+0x3e0/0x7970 [ 690.666057] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 690.671155] ? delayacct_end+0x5c/0x100 [ 690.675134] ? __delayacct_freepages_end+0xe0/0x140 [ 690.680179] ? __lock_acquire+0x6eb/0x48f0 [ 690.684427] ? __cleanup_sighand+0x70/0x70 [ 690.688662] ? mark_held_locks+0x100/0x100 [ 690.692926] _do_fork+0x257/0xfe0 [ 690.696416] ? fork_idle+0x1d0/0x1d0 [ 690.700128] ? blkcg_print_stat+0xb90/0xb90 [ 690.704443] ? kasan_check_read+0x11/0x20 [ 690.708592] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 690.713357] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 690.718127] ? do_syscall_64+0x26/0x610 [ 690.722111] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 690.727494] ? do_syscall_64+0x26/0x610 [ 690.731488] __x64_sys_clone+0xbf/0x150 [ 690.735464] do_syscall_64+0x103/0x610 [ 690.739375] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 690.744554] RIP: 0033:0x45b5f9 [ 690.747737] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 690.766639] RSP: 002b:00007fffea33a168 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 690.774371] RAX: ffffffffffffffda RBX: 00007f546896b700 RCX: 000000000045b5f9 [ 690.781643] RDX: 00007f546896b9d0 RSI: 00007f546896adb0 RDI: 00000000003d0f00 [ 690.788913] RBP: 00007fffea33a370 R08: 00007f546896b700 R09: 00007f546896b700 [ 690.796176] R10: 00007f546896b9d0 R11: 0000000000000202 R12: 0000000000000000 [ 690.803435] R13: 00007fffea33a21f R14: 00007f546896b9c0 R15: 000000000073bfac [ 690.827911] Task in /syz3 killed as a result of limit of /syz3 [ 690.834394] memory: usage 304872kB, limit 307200kB, failcnt 3190 [ 690.840622] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 690.847865] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 690.854454] Memory cgroup stats for /syz3: cache:88KB rss:191204KB rss_huge:141312KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:191176KB inactive_file:0KB active_file:0KB unevictable:12KB [ 690.875522] Memory cgroup out of memory: Kill process 24953 (syz-executor.3) score 124 or sacrifice child [ 690.885360] Killed process 24953 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:35800kB, shmem-rss:0kB [ 690.898804] oom_reaper: reaped process 24953 (syz-executor.3), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB 01:46:58 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") prctl$PR_GET_SPECULATION_CTRL(0x34, 0x0, 0x0) 01:46:58 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2b00}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:58 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") r1 = inotify_init1(0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) 01:46:58 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xbe01000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:46:58 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{0x0}], 0x1}, 0x0) 01:46:58 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fsetxattr$security_smack_transmute(r1, &(0x7f0000000080)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000100)='TRUE', 0x4, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:46:58 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2c00}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:58 executing program 3: r0 = openat$null(0xffffffffffffff9c, &(0x7f0000002680)='/dev/null\x00', 0x4000, 0x0) ioctl$IOC_PR_CLEAR(r0, 0x401070cd, &(0x7f00000026c0)={0x777}) r1 = socket$inet(0x10, 0x3, 0x0) r2 = socket$inet(0x2, 0x3, 0x1e) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r3 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) setxattr$trusted_overlay_redirect(&(0x7f0000000080)='./file0\x00', &(0x7f0000000100)='trusted.overlay.redirect\x00', &(0x7f0000000140)='./file0\x00', 0x8, 0x3) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2000000, 0x190010, r3, 0x0) r4 = syz_open_dev$video(0x0, 0x3, 0x0) r5 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f0000002580)={0x2, &(0x7f0000002540)=[{0x334c6739, 0x4, 0x0, 0xc621}, {0x1, 0x800, 0x7fffffff, 0x101}]}, 0x10) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000280)=0x0) process_vm_writev(r6, &(0x7f0000002400)=[{&(0x7f0000001400)=""/4096, 0x1000}, {&(0x7f00000002c0)=""/177, 0xb1}], 0x2, &(0x7f0000002480)=[{&(0x7f0000002440)=""/58, 0x3a}], 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfff7ffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) ioctl$TCSBRK(r2, 0x5409, 0x1) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp_SCTP_RTOINFO(r5, 0x84, 0x0, &(0x7f00000001c0)={0x0, 0x20, 0x400, 0x40}, &(0x7f0000000200)=0x10) getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r3, 0x84, 0x1a, &(0x7f00000003c0)=ANY=[@ANYRES32=r7, @ANYBLOB="0010000033bfc71fbafdd782cd36d6fa5e2cd192403e1b32d3dde38bc081eb86611a7c4e4d218c95ff37b7a2ab3b86d2983f82a90957512e06ce2f0fccf0d966ddb879b2ad584a10ae7e828e4a13828f8edc72a5f96ce631f678e929bedae6d9fb99dcbd795faf8187ead6db91ad348b4b4871d942888ebf69185cb6021bb8ac641c4dad57bcd97ad7aeb68642f1050ccb17a76e18c5446f056da57487e8b50780d1e2b107e7d36c75676de8be3db04067fd6a7b9d459e614432bfd3ac8bb6f9733625745df32100a921a67563dff9c13471e7fe8dc98e94ef4db416b42f992b177b8b5d072f711979f06c46cdc455ee8e586ba142105c441379f5725f326b3c476df4e76f249c7027af661837d5727abc45822097c5dfb9cf9efec917e253bb4b1fefa0b8ca1480413bd60996d67087d13eba85319f6d5735c0d51882ad65103bbdbaee5e5d432147247ea14888a698120ca017ed4b19ac52162a8eadaa058ff8853da0de3392f5fd716aaf2f05f5ba14e73b59dbbb8c7c17e6e7b63d6f35d37d044a9da7730c19be7cd13a6553405f0c39aa36ffe59048e3c2f65566130cd868f400f19b9f5e845af0fe7435d2363cfc7311802751e680c21f3cb0ba516ebf180744e65a87b106f106bbc047c948a7c11f8d6c47047d7b6e75f062563fe936dd891f76946a743f3d09108f6d328538bc1a49a9a56a37c2f026430909ec2573df5acd1e52cb7eda5667ef36bde5e1a84dfcaa9e2bb61262fc9679e83b244929ba2ecb82878a6002c60ce02886af9568b4160e344e9f07aa7268bf77c7b8834b57cb0750ec267e863b05dd8463fed05166e6bddb680cf85db20603b4d0cde8ed582e2ed3d6b56ad3a92a99f8c484a463bbca177ddefa6565d2e1fc2a301b8b57d49035887b67518bb3ce8893f2c441ce1300ad53f5f9a212e8ee8c9e2b3eb91d1786eb578e4af63ec665514168e8a39bb5da99f95d82d155fd441abd4f1bac31d5d8308adfd7d26e6b99fbcd5eefddb9078ae1866fe8471a1f4dbdbddb0076acc30fcde528217e542925fc33545b4cb44d85f7373bd9da79ade37e98782239050a9ecb509079d6ad2a5d0e0246b92d8d7049d56a63f02dc30c153a9cc173de55de727108924db6bc83a30bdcc734e57d9ba12d584c161e504f7b2395581fdbade340731563c0b9809bdfaf8c3c1ca711a4c26c4a60486b92ff30783cb7cf3a18be5bce2dff047c200c191e3b8a4347a433da4ec598b66e3a72a7f3b0da183ff083ab6acf48f37aa7a1a9ea9201a0a25d958f156728e9bf874b88e70b4157d47d8cceee0bb1381ae937678fd427d1d6cb2ab89dd8a3a7f64954f1f3feeb6d779c21f27b782df078cfc667f349c345d6c01811310c466c54ea545350383d94c25abe522789fa7b020597f18822101c5f82e56e46cccbb8696116207a62466134b4a84d7692d79a5e356aab57b36aae5e35781b1ff3a277f999cc660ec953b4784594b53030f215f61ecac7d681660a1aa0746cdeb80c0fc824327406621cb16bc306bb18c1c3c0555b5a600a90c8dd5898c72de9197f9b82aaa6dfe8b878618f876c72e1bf16df22c1f9ef6635219877871469fafae3126679b68502595fd36c02d3fe5dd64ff9b8354752d07a607080f40691dfb86f4f9eed106120b24b85ecfa289ddf018ea76ffb8d280d4b0911a93b6449a95718aa96cdef3b1b60a10fbf2efa588b748d0d7b9f73edeab88390d133663870597293564bb0c39223644f9cab504e99ad7498f708b9dde642fd7f62d65b6ba61c829c8eeaf3248fb360c93a7708d1c5d516c1f730c66761e24be9fce98f4246d415a8ef5b798468a7cf16df340ea9a5ffcb75e56533c7346db8306e80d0763b9f183930166c8785b182dcb6deaf420900da8b63f24a2fa75abe6965b848fdf2539b9e3a033ed8f983b301e26236937e7a925648ac08b5e12e72a5ef00d041dc44af43a22fd7338b28a800ee55fa85718c489acfea1dc262c98e455008a30057a9ed6d4a08b06ae828993c1d64347aa7437829cf39ccbfed5dcef29691bd95e73f4af9396e2b0565c51a442967963277a95b95caa2e70d76a5a4e9b4f209491d242afc48ed47679ec4d0c38054ded108b84ded3af7f59b5594c406ac323a66b6c196341f4391a0e9289ad1fceea44a7757559cefbea608cac0096b6f82321b119f6685c65283f9b6843795642fa6aa687d0d0b4b22ba664d4fc3851ddc0ab6c36cce2ceca5d7f8463fb5ec6b1f5f3ab8830072027b8b2cd2f7ff361b1b3fc707f4aa95cee15e9c4df60e1cc043ec7a13c492edbbf21d0e05bf90c9eef9d3a4ae968b643112375b7d568620f28cef1513177f34e3ebeb84b50171cf5aa6616cf6adb5f232c3a063c1d93e7e9b10bf015e23247f7bf90857c3bbc21b6943c9a469bbfab005f1d4e4921e9426defbd37618b57766be5e7903039e54fe1e6cbb335e923b865e91cc3ed1902c5bbbc20e8128e966d67910eb87f166206c1ee3318f4017e1fe3451b787e6bd897808ebda4a58164da119b101d5cf1a684468052fac6c9eebf239440c60384da18f01eb6a75016de49ac6436690bcbb1b3876f8ac7f390c72e9dd20f6eb564d642d071ad827795590327b89512747dfed2a84632718189fc6fdf16452e698791481d2aa0633eb97a80a5f0859676e12cb25deb774b3e175a6ddd7b7dcad504c93a672dd544d29173d5a7b1147450423555196d8f122dd48843865516bbcfaf1a18a088abdcef47b5f37cfe9a250a513e11809ff030930067de3e8e0b15155b60f5db9a446087c623eaeb2e7540a771198267d27a8db2cf9e3ea0cae5f4a44e0e30441c19b9267eabbe3864ce7c6c3431c75f68aad2c448bb3f41bca198f88490f0dda69ebe2f9283f7b3a51b6ec028e0102a1d724a70a46731c93b042be6ab75ab23ea2745ab1d164063663aba393b0f6fd24cb8e5182771388847a366fd9dae04634bfe6f3e6d7d143ac5e75d4bc5f06b11a4212cdc2ceea543927bb8c8dfda1845ea4a6b8b901c761cfed53f6310fd06a1e587058b7e44d2d41f46c880d187b4832e903966e48c2f5a05dd5b9b80bc05833e99318baf7432a0052098d85ba10c071f612a9a6ddba87b4f07e3eb3f928bda64851c4c39e112d192e86ef46b330a15cf67917cdc2f338d506eeb611e680fd568d49f59e07c770c0ea43d261fe328bb36c3cbcf2ac2ec6d5f832154bb6af3daaa32e92401cdceea727afa8a001c1b886b58c0c4f690a2eed2421dc4b4b647950a40d559df4d9456d0e36480a96b5e0fe754e3d5c81ac327a0db3465dbeb5791ef9d5d2eded58c29702a17d33c00bb2c0334db63ae94d8c99700228d6f946ff29664e270bc8d6059564e55c9246d70e9cf58d6be4106f03053afc8aa7f5410a898d501257a5f301a5dc4e8c43d29fd15588cd71c69c7f1471a78529442850f241df683ca3e1319f1697482b061d39c8720c110d6e4a2abeb35279506d73e49423990e2b496cdbabec06d716b7c87afa67ac7b3d5b6ba970357295f50211d90e59d0aa5b8c74a0cbf0b1b33f02a48cf2dbabdb720ddc624282073047f5b650c863a58f190477e4931841b42c06ed41b8c76771220d9f54abd8497754bc811acbb889bfbc12cc4cf20e9f7577925aa81e1e97ac89b7dca28b2dc119ae59a3bd3207a7507b363f6cb8e0da57f82640c2f63aba8c3cbca9d0df0e7fc965c05035013d6d5f9141edde6956b2ff8b71e50721681548484f4b4411574b50e8ea934979e6c19c97b1572c03b448f9674201a780adfee80004000000000000e13d3acfc39de4d950e9d924048ea7175f03246e85b128d34f147424defd8c6b058a0dcf540a84dad3db589f63e66ede074e0ff74338ca52c82c10ceab993ffc082688329853d8053322a998ea65a2fba30d7d5a0bf85d6718a34e6a4028c56b6c4bc3fcc0db6fc3956a500663948b95b6020677c1be764f35f7befe9984967f67252faae800192c34c01fcd6ed95f39bd08ec2376c231a08d7f060521f9fd56865d1358ffac678c4b917e4d637670947bac8b2e719e43634327650641b012efa3afd67e6d9a684ccc5999977806be2769678109bbb7c979aefa4c1bcc8d788f4bd6d65f57c6756ae63c2990b1208e945b7f9f7448ee34fef9195d89a710678e5626f77ac67983d1d6ef3c7e432c06ceb3a148ec8ff7ea9b133a3765be7491cfed594a2398ecff4fde18ea7ab942e3e8fe4c621b6c4a98efbee44b5ca49de3f985fc901a81d089dca96d20117487e8cc40dbc55a88212149cbcfa2bd0992eacb3fcc5e709cea61990afad5ee80d771f17189848b6fccec7c31e0940fbab50edc0229e79a9b5bcda198a2d36aea9f5cad3730a02912957c5787a0698f03e06f543bcfe1fb7d466c8c2c011fd2f6d3ac3c582be90533ab87da9927f4c1cf6aa6b88931fc5492162d5d68ba0cf81e82643ef691f18f46d50b8b5a6cae456fc27d12e4eb814dc14476868c7b463f2a6b03ef22a67ff47eee72ff22c3dfb5be73393cedff3cd17bef3faf3538851569816860b596e9eeb58005bf8e7fc01b8dc2f66b8e03d74a29fd567cdc0118a0bb71741c41d3606c8bad34489f295cfbd20593ccd29296db012de62fa015104f10ed964b3b87a410c780b88bc165184b76c506ca097bab89f76cfa7133a4f4a64cb1aa49ce643be421c4bdb1ae7f1fb3ec0d43777c7f58d996f3a7c0588a7ff7f62894152a11202ad366ad95cea8717e042a9c65d3c062397dea9ab07a313854f4a5dc1261b92aedf3daae852f7b6b60fabc3e19871b28a9e0a36f1c44ea2e57565bff5cba90a9be120865635427b8a57db402cc64253bd98f5f01404c79391c1ecefb3b1bd00ef70ff2e504069381683827c18a4c35fe7ea1e57bbe91a110422b2e07b4e8792eae70bf5382d79a3fc7c67c700c0f8c1457881eccd219271638214bea5fd2100d9201f3770576291ce42d3301bff31733b83201181b84c8ba0e1c6099ef4b7206deca362ce048fe9fb760777bed7133026a894a518f7bfde45c787c94b96b52673b81e2070eac6a09b21bdd8197a21987d3d021139cc999f9d9f6d0f542c3de9ac4232ee365a4a3e62395da221a11bb2ba2fa5d435702efbae505ecf7dc40991aea5a9e33767f1cee42e7df711bdfc029c6d75574b8800469ec386badb0a20ca79776cd1fa1fcd9fae80d64370286a12b4519dfaafd062791a344d9623afc054f4d6e0cb789e1b6083cfc8e22370bfccc8c3e7c7f12052565773be5631ab5363a322a28c014e58562dfadd2e691e6e5cdc0c49e1cbc3de3935d492bbb679d001b5b2c94aa263ec76c85fa9f5ece4b545eced778790381bc68475031232366720cb1a7a5003ade647e7882559c87ee884381ce0ae66118ce140839c8d831835b21b7ea8f0adf0e3b18711f6ee822bd439c9138d75ee40fc40ac5238ffac26a038513810569b2c52694cbde8a9cc8d459ba9cf20a5d847bb5f3f6102c255da1b5cbf322b3e804bd1b3a30aa0cb60157eb2212565410660a73c23bf3912940801aa54b8b950722379fb856f97ce2292ffbe53d8b1d8d772b7bd1f011a2796214a7cbfeabc77479a677a695cde13e35fa5e3ecc3708bc31ba1a0bfde2d9a184f035e9c066ec02af8e71865f337afeea36dee01bd5994405ff14ddb83aad2fa02190a4e0c9290171e3f68910124cf71f8cd8d9abbb2dd5f69f78e38b54f6db799f5a4c6dc1bc7c7f970225a06e12bb705964f0ad97226392dbefa6a9a7890a85011c36b340228cbefb5895"], &(0x7f0000000240)=0x1008) clone(0x3, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$rtc(0xffffffffffffff9c, &(0x7f0000002700)='/dev/rtc0\x00', 0x101000, 0x0) ioctl$SIOCAX25NOUID(r5, 0x89e3, &(0x7f00000024c0)=0x1) sendmsg(0xffffffffffffffff, 0x0, 0x0) ioctl$VIDIOC_S_JPEGCOMP(r4, 0x408c563e, &(0x7f00000025c0)={0x3ff, 0x1, 0x5, "1bf16bcfddfb525ddec9a18eb6df053f1172e8d8f3de3e80dd9feb73aa6eda1cd8190f9199ac16feb35e927673f9691c48b55fe74f625d15d3ff52f9", 0x3a, "7f03749723a51b46bd9df2b25b0ae44753509f1a13972095618465f0515f7b53427281dbda496d133793cfde1b6f7ad752f7f750fc5739c3b79300c2"}) 01:46:59 executing program 5: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/fib_triestat\x00') preadv(r0, &(0x7f0000000180)=[{&(0x7f00000022c0)=""/4096, 0x1000}], 0x1, 0x0) 01:46:59 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, 0x0) [ 692.469086] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 692.499568] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 692.516097] CPU: 0 PID: 8724 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 692.522986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 692.532344] Call Trace: [ 692.534929] dump_stack+0x172/0x1f0 [ 692.538554] dump_header+0x15e/0x929 [ 692.542286] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 692.547380] ? ___ratelimit+0x60/0x595 [ 692.551254] ? do_raw_spin_unlock+0x57/0x270 [ 692.555677] oom_kill_process.cold+0x10/0x6f5 [ 692.560165] ? task_will_free_mem+0x139/0x6e0 [ 692.564655] out_of_memory+0x936/0x12d0 [ 692.568623] ? retint_kernel+0x2d/0x2d [ 692.572502] ? oom_killer_disable+0x280/0x280 [ 692.577027] mem_cgroup_out_of_memory+0x1d2/0x240 [ 692.581882] ? memcg_event_wake+0x230/0x230 [ 692.586212] ? do_raw_spin_unlock+0x57/0x270 [ 692.590612] ? _raw_spin_unlock+0x2d/0x50 [ 692.594753] try_charge+0x1028/0x15b0 [ 692.598632] ? find_held_lock+0x35/0x130 [ 692.602687] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 692.607624] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 692.612465] ? find_held_lock+0x35/0x130 [ 692.616521] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 692.621366] memcg_kmem_charge_memcg+0x7c/0x130 [ 692.626027] ? memcg_kmem_put_cache+0xb0/0xb0 [ 692.630703] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 692.635552] memcg_kmem_charge+0x136/0x300 [ 692.639779] __alloc_pages_nodemask+0x3c6/0x760 [ 692.644443] ? __alloc_pages_slowpath+0x2870/0x2870 [ 692.649483] copy_process.part.0+0x3e0/0x7970 [ 692.653990] ? mark_held_locks+0x100/0x100 [ 692.658220] ? __might_fault+0x12b/0x1e0 [ 692.662279] ? __cleanup_sighand+0x70/0x70 [ 692.666508] ? lock_downgrade+0x810/0x810 [ 692.670660] _do_fork+0x257/0xfe0 [ 692.674237] ? fork_idle+0x1d0/0x1d0 [ 692.677941] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 692.682805] ? retint_kernel+0x2d/0x2d [ 692.686688] __x64_sys_clone+0xbf/0x150 [ 692.690670] ? do_syscall_64+0x5b/0x610 [ 692.694729] do_syscall_64+0x103/0x610 [ 692.698623] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 692.703816] RIP: 0033:0x458c29 01:46:59 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2f00}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 692.706998] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 692.725897] RSP: 002b:00007f90eb557c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 692.733598] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 692.740865] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000802102001ffc [ 692.748241] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 692.755499] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f90eb5586d4 [ 692.762760] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff 01:46:59 executing program 1: r0 = socket$inet(0x10, 0x3, 0x0) socket$inet(0x2, 0x3, 0x1e) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r1, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)}], 0x1}, 0x0) [ 692.789966] Task in /syz4 killed as a result of limit of /syz4 [ 692.824955] memory: usage 307192kB, limit 307200kB, failcnt 1783 01:46:59 executing program 3: r0 = accept$nfc_llcp(0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000080)=0x60) r1 = syz_open_dev$sndpcmc(&(0x7f00000001c0)='/dev/snd/pcmC#D#c\x00', 0x7, 0x8100) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000200)=r1, 0x4) ioctl$BLKGETSIZE(r1, 0x1260, &(0x7f0000000240)) r2 = socket$inet(0x10, 0x3, 0x0) r3 = socket$inet(0x2, 0x3, 0x1e) ioctl(r3, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) setsockopt$TIPC_IMPORTANCE(r2, 0x10f, 0x7f, &(0x7f0000000280)=0x1, 0x4) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r4, 0x0, 0x1) 01:46:59 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3300}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:46:59 executing program 0: r0 = socket$inet(0x2, 0x3, 0x2) r1 = dup(r0) sendmmsg$unix(r1, &(0x7f0000000680)=[{&(0x7f00000000c0)=@abs, 0x6e, 0x0, 0x0, &(0x7f00000005c0)=[@cred={0x18}], 0x18}], 0x1, 0x0) [ 692.864193] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 692.889869] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 692.918169] Memory cgroup stats for /syz4: cache:20KB rss:179280KB rss_huge:116736KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:179316KB inactive_file:4KB active_file:0KB unevictable:0KB [ 692.999997] raw_sendmsg: syz-executor.0 forgot to set AF_INET. Fix it! [ 693.015176] Memory cgroup out of memory: Kill process 24678 (syz-executor.4) score 1113 or sacrifice child [ 693.072771] Killed process 24678 (syz-executor.4) total-vm:72452kB, anon-rss:2188kB, file-rss:35804kB, shmem-rss:0kB [ 693.175469] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 693.188665] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 693.194807] CPU: 0 PID: 8717 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 693.201676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 693.211402] Call Trace: [ 693.214009] dump_stack+0x172/0x1f0 [ 693.217659] dump_header+0x15e/0x929 [ 693.221392] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 693.226513] ? ___ratelimit+0x60/0x595 [ 693.230412] ? do_raw_spin_unlock+0x57/0x270 [ 693.234844] oom_kill_process.cold+0x10/0x6f5 [ 693.239362] ? task_will_free_mem+0x139/0x6e0 [ 693.243881] out_of_memory+0x936/0x12d0 [ 693.247874] ? oom_killer_disable+0x280/0x280 [ 693.252468] ? find_held_lock+0x35/0x130 [ 693.256561] mem_cgroup_out_of_memory+0x1d2/0x240 [ 693.261421] ? memcg_event_wake+0x230/0x230 [ 693.265761] ? do_raw_spin_unlock+0x57/0x270 [ 693.270180] ? _raw_spin_unlock+0x2d/0x50 [ 693.274340] try_charge+0xd25/0x15b0 [ 693.278079] ? find_held_lock+0x35/0x130 [ 693.282208] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 693.287077] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 693.291939] ? find_held_lock+0x35/0x130 [ 693.296022] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 693.300880] memcg_kmem_charge_memcg+0x7c/0x130 [ 693.305550] ? memcg_kmem_put_cache+0xb0/0xb0 [ 693.310051] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 693.314901] memcg_kmem_charge+0x136/0x300 [ 693.319127] __alloc_pages_nodemask+0x3c6/0x760 [ 693.323896] ? __alloc_pages_slowpath+0x2870/0x2870 [ 693.328913] ? lockdep_hardirqs_on+0x415/0x5d0 [ 693.333600] ? trace_hardirqs_on+0x67/0x230 [ 693.337916] copy_process.part.0+0x3e0/0x7970 [ 693.342422] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 693.347529] ? delayacct_end+0x5c/0x100 [ 693.351503] ? __delayacct_freepages_end+0xe0/0x140 [ 693.356522] ? __lock_acquire+0x6eb/0x48f0 [ 693.360893] ? __cleanup_sighand+0x70/0x70 [ 693.365129] ? mark_held_locks+0x100/0x100 [ 693.369376] _do_fork+0x257/0xfe0 [ 693.372835] ? fork_idle+0x1d0/0x1d0 [ 693.376554] ? blkcg_print_stat+0xb90/0xb90 [ 693.380874] ? kasan_check_read+0x11/0x20 [ 693.385027] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 693.389783] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 693.394550] ? do_syscall_64+0x26/0x610 [ 693.398521] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 693.403872] ? do_syscall_64+0x26/0x610 [ 693.407839] __x64_sys_clone+0xbf/0x150 [ 693.411815] do_syscall_64+0x103/0x610 [ 693.415713] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 693.420905] RIP: 0033:0x45b5f9 [ 693.424093] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 693.443000] RSP: 002b:00007ffc0bec0098 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 693.450730] RAX: ffffffffffffffda RBX: 00007f90eb537700 RCX: 000000000045b5f9 [ 693.457998] RDX: 00007f90eb5379d0 RSI: 00007f90eb536db0 RDI: 00000000003d0f00 [ 693.465260] RBP: 00007ffc0bec02a0 R08: 00007f90eb537700 R09: 00007f90eb537700 [ 693.472524] R10: 00007f90eb5379d0 R11: 0000000000000202 R12: 0000000000000000 [ 693.479792] R13: 00007ffc0bec014f R14: 00007f90eb5379c0 R15: 000000000073bfac [ 693.487936] Task in /syz4 killed as a result of limit of /syz4 [ 693.494029] memory: usage 304880kB, limit 307200kB, failcnt 1783 [ 693.500182] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 693.507017] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 693.513241] Memory cgroup stats for /syz4: cache:20KB rss:177160KB rss_huge:114688KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:177168KB inactive_file:4KB active_file:0KB unevictable:0KB [ 693.534587] Memory cgroup out of memory: Kill process 25461 (syz-executor.4) score 1113 or sacrifice child [ 693.544603] Killed process 25461 (syz-executor.4) total-vm:72452kB, anon-rss:2188kB, file-rss:35804kB, shmem-rss:0kB [ 693.557849] oom_reaper: reaped process 25461 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 01:47:00 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xc202000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:47:00 executing program 1: r0 = socket$inet(0x2, 0x3, 0x2) r1 = dup(r0) sendmmsg$unix(r1, &(0x7f0000000680)=[{&(0x7f00000000c0)=@abs, 0x6e, 0x0, 0x0, &(0x7f00000005c0)=[@rights={0xc}], 0xc}], 0x1, 0x0) 01:47:00 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3580}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:00 executing program 5: ioctl$TIOCSWINSZ(0xffffffffffffffff, 0x5414, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, 0x0) r0 = gettid() setsockopt$SO_TIMESTAMPING(0xffffffffffffffff, 0x1, 0x25, 0x0, 0x1ea) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x4000, 0x0) bind$inet(r1, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x10) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, 0x0, 0xfffffffffffffd0f) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) socket$unix(0x1, 0x0, 0x0) tkill(r0, 0x2001000000000016) 01:47:00 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioprio_get$pid(0x2, 0x0) 01:47:00 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) mkdir(&(0x7f0000000100)='./file0\x00', 0x110) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000080)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r1, 0x0, 0x10) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) [ 693.643248] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 693.650876] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 693.659591] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 693.667274] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 01:47:00 executing program 0: r0 = gettid() creat(0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0) socket$unix(0x1, 0x0, 0x0) ptrace(0x10, r0) sysinfo(0x0) connect(0xffffffffffffffff, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x1000000000016) 01:47:00 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3b00}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:00 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") fcntl$setpipe(r0, 0x407, 0x0) [ 693.792294] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 693.825378] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 693.832572] CPU: 1 PID: 8783 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 693.839452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 693.848814] Call Trace: [ 693.851423] dump_stack+0x172/0x1f0 [ 693.855071] dump_header+0x15e/0x929 [ 693.858800] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 693.863919] ? ___ratelimit+0x60/0x595 [ 693.867815] ? do_raw_spin_unlock+0x57/0x270 [ 693.872241] oom_kill_process.cold+0x10/0x6f5 [ 693.876749] ? task_will_free_mem+0x139/0x6e0 [ 693.881253] out_of_memory+0x936/0x12d0 [ 693.885222] ? lock_downgrade+0x810/0x810 [ 693.889360] ? oom_killer_disable+0x280/0x280 [ 693.893845] ? find_held_lock+0x35/0x130 [ 693.897910] mem_cgroup_out_of_memory+0x1d2/0x240 [ 693.902742] ? memcg_event_wake+0x230/0x230 [ 693.907055] ? do_raw_spin_unlock+0x57/0x270 [ 693.911471] ? _raw_spin_unlock+0x2d/0x50 [ 693.915618] try_charge+0x1028/0x15b0 [ 693.919409] ? find_held_lock+0x35/0x130 [ 693.923466] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 693.928317] ? kasan_check_read+0x11/0x20 [ 693.932470] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 693.937306] mem_cgroup_try_charge+0x24d/0x5e0 [ 693.941885] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 693.946808] wp_page_copy+0x430/0x16a0 [ 693.950695] ? follow_pfn+0x2a0/0x2a0 [ 693.954487] ? kasan_check_read+0x11/0x20 [ 693.958622] ? do_raw_spin_unlock+0x57/0x270 [ 693.963027] do_wp_page+0x57d/0x10b0 [ 693.966734] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 693.971414] ? kasan_check_write+0x14/0x20 [ 693.975725] ? do_raw_spin_lock+0xc8/0x240 [ 693.979950] __handle_mm_fault+0x230a/0x3f80 [ 693.984352] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 693.989205] ? find_held_lock+0x35/0x130 [ 693.993269] ? handle_mm_fault+0x322/0xb30 [ 693.997518] ? kasan_check_read+0x11/0x20 [ 694.001677] handle_mm_fault+0x43f/0xb30 [ 694.005734] __do_page_fault+0x62a/0xe90 [ 694.009793] ? vmalloc_fault+0x770/0x770 [ 694.013879] ? trace_hardirqs_off_caller+0x65/0x220 [ 694.018884] ? trace_hardirqs_on_caller+0x6a/0x220 [ 694.023803] ? page_fault+0x8/0x30 [ 694.027345] do_page_fault+0x71/0x581 [ 694.031148] ? page_fault+0x8/0x30 [ 694.034700] page_fault+0x1e/0x30 [ 694.038150] RIP: 0033:0x40b8f8 [ 694.041336] Code: d9 48 8b 47 78 48 83 f8 ff 0f 84 0b 01 00 00 48 8b 73 18 48 83 fe ff 74 29 48 81 fe e7 03 00 00 0f 87 5e 01 00 00 48 c1 e6 04 86 60 80 73 00 01 48 89 86 68 80 73 00 66 2e 0f 1f 84 00 00 00 [ 694.060223] RSP: 002b:00007ffe7cbd7d30 EFLAGS: 00010246 [ 694.065589] RAX: 0000000000000003 RBX: 000000000073bf00 RCX: 0000000000000001 [ 694.072968] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000073bf00 [ 694.080231] RBP: 000000000073bf00 R08: 00000000000a95d1 R09: 00000000000a95d1 [ 694.087491] R10: 00007ffe7cbd7e20 R11: 0000000000000246 R12: 000000000000002d [ 694.094756] R13: 00000000000a95e6 R14: 00000000000a9613 R15: 000000000073bf0c [ 694.113369] Task in /syz1 killed as a result of limit of /syz1 [ 694.119929] memory: usage 307200kB, limit 307200kB, failcnt 1472 [ 694.167905] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 694.205773] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 01:47:00 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3c00}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 694.223996] Memory cgroup stats for /syz1: cache:64KB rss:175744KB rss_huge:114688KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:175836KB inactive_file:0KB active_file:0KB unevictable:0KB [ 694.256827] netlink: 'syz-executor.4': attribute type 29 has an invalid length. 01:47:00 executing program 5: perf_event_open(&(0x7f000025c000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) [ 694.283481] Memory cgroup out of memory: Kill process 1583 (syz-executor.1) score 1113 or sacrifice child [ 694.297332] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 694.306851] Killed process 1588 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:34816kB, shmem-rss:0kB 01:47:00 executing program 0: r0 = socket$inet(0x2, 0x3, 0x2) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) ioctl$sock_SIOCGIFBR(r0, 0x8940, &(0x7f00000000c0)=@add_del={0x2, 0x0}) [ 694.339206] oom_reaper: reaped process 1588 (syz-executor.1), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 694.392974] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 694.428829] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 01:47:01 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xd003000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:47:01 executing program 1: 01:47:01 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) ioctl$BLKTRACESTART(r2, 0x1274, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SIOCGIFHWADDR(r2, 0x8927, &(0x7f0000000440)) write$P9_RREADLINK(r2, &(0x7f0000000140)=ANY=[@ANYBLOB="000000000000000047d3ed7c88000000000400245de68670f7a887775c16b5414a22f303a7d3a76fa3ac552edbea8c"], 0x10) bind$inet(r2, &(0x7f0000000100)={0x2, 0x4e21, @empty}, 0x10) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getsockname$packet(r1, &(0x7f0000000280)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r2, &(0x7f0000000400)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="5c0000001500090428bd7000fbdbdf250a1020c8", @ANYRES32=r3, @ANYBLOB="140006004d0f0000dbfa000002679949c50100000002000081000000060000001400060008000000ff03000000000000030000000800080008000000"], 0x5c}}, 0x4010) ioctl$SIOCX25GCALLUSERDATA(r2, 0x89e4, &(0x7f00000001c0)={0x7f, "a702c10926f0116f3fc4b97e681e5c11fc41a3cc98f7daaa7980e40a0bf15437ff8c54d58b10f94f63f58f95800ca9a5d2a864dc36144dec617e3ff7bfe2a3c5f183136abc3beb8f9b395f02ff7d2e8a7e24d52c9fa0785e26fb910fa3ab25d59960c2905ac6520fce5518ea1a686eab5273bf7ed6d851a50619daa640c0a8b3"}) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:47:01 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x2, 0x0) write$P9_RREAD(r1, &(0x7f00000001c0)={0xb}, 0xb) 01:47:01 executing program 0: 01:47:01 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x4305}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:01 executing program 0: r0 = open(&(0x7f0000000140)='.\x00', 0x143042, 0x0) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x276) r1 = gettid() ptrace$peekuser(0x3, 0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) semctl$GETNCNT(0x0, 0x0, 0xe, 0x0) uname(0x0) timer_settime(0x0, 0x0, &(0x7f0000000080)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) semget$private(0x0, 0x2, 0x0) semctl$GETPID(0x0, 0xfffffffffffffffc, 0xb, &(0x7f00000000c0)=""/94) write$P9_RUNLINKAT(r0, 0x0, 0x0) write$P9_RXATTRWALK(r0, 0x0, 0x0) timer_create(0x0, 0x0, 0x0) tkill(r1, 0x1000000000016) 01:47:01 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x4788}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:01 executing program 5: readv(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f00000000c0)=""/14, 0xe}], 0x1b9) timerfd_settime(0xffffffffffffffff, 0x0, &(0x7f0000000040)={{}, {0x0, 0x1c9c380}}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x80000003, 0x8031, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mlockall(0x3) syz_execute_func(0x0) 01:47:01 executing program 1: r0 = syz_open_dev$usbmon(0x0, 0x0, 0x0) recvfrom$inet(0xffffffffffffffff, 0x0, 0xa42478c4, 0x102005, 0x0, 0xffffff45) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x400000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = shmget(0x2, 0x3000, 0xa07, &(0x7f0000ffc000/0x3000)=nil) fstat(0xffffffffffffffff, 0x0) lstat(0x0, &(0x7f00000007c0)) r3 = gettid() getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000000540)) r4 = getpgid(r3) shmctl$IPC_SET(r2, 0x1, &(0x7f0000000840)={{}, 0xb8fb, 0xffc, 0x0, 0x8000, 0x0, r4, 0x81}) r5 = syz_open_dev$loop(&(0x7f0000000300)='/dev/loop#\x00', 0x4, 0x2000) ioctl$TIOCSCTTY(r0, 0x540e, 0x0) sendmsg(r0, &(0x7f0000001b40)={&(0x7f00000003c0)=@in={0x2, 0x4e24, @multicast1}, 0x80, &(0x7f0000001a00)=[{&(0x7f00000019c0)="c99d74", 0x3}], 0x1}, 0x40000) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(0xffffffffffffffff, 0x6, 0x21, 0x0, 0x0) sendto$unix(r0, &(0x7f0000000000)="71b3a342361e4732fa1c1dc39fddd4509e48823e63e1747907af8bc4c3e9cb97d2826926507d2556495eac25", 0x2c, 0x4000001, 0x0, 0x0) write$P9_RFSYNC(r0, &(0x7f0000000140)={0x7, 0x33, 0x2}, 0x7) ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000080)={[0x6c], 0x2, 0x400, 0x2}) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xe, 0xd00, 0x7f, 0x2, 0xfffffffffffffff8, 0x0, 0x0, 0x8001, 0x4, 0x9e6d, 0x73d9, 0x5c97, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x6, 0xfff, 0x4, 0x0, 0x200, 0x0, 0x80000000, 0x6, @perf_bp={0x0, 0x8}, 0x100, 0x8, 0x5, 0x6, 0x0, 0x8880, 0xc1f}, 0x0, 0xe, r1, 0x0) r6 = add_key(&(0x7f0000000180)='asymmetric\x00', &(0x7f0000000340)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) request_key(&(0x7f0000000500)='pkcs7_test\x00', &(0x7f0000000640)={'syz', 0x1}, 0x0, r6) lsetxattr$security_smack_transmute(&(0x7f0000000280)='./file1\x00', &(0x7f0000000200)='security.SMACK64TRANSMUTE\x00', &(0x7f0000000240)='TRUE', 0x4, 0x2) r7 = add_key(&(0x7f00000008c0)='dns_resolver\x00', 0x0, &(0x7f0000000ac0), 0x0, 0xfffffffffffffff9) r8 = request_key(&(0x7f0000000980)='keyring\x00', 0x0, &(0x7f0000000bc0)='vboxnet1em1vboxnet1\'\'\x00', 0xfffffffffffffffb) add_key$keyring(&(0x7f00000001c0)='keyring\x00', &(0x7f00000002c0)={'syz', 0x2}, 0x0, 0x0, r8) keyctl$instantiate_iov(0x14, r7, &(0x7f0000000440)=[{0x0}], 0xffffffffffffd5b, r7) io_setup(0xa7e7, &(0x7f0000000480)) syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') write$UHID_INPUT2(r0, &(0x7f0000000cc0)=ANY=[@ANYBLOB="0c000000c90096dcdd5a31c56117ec9bfbfe2f8dd5637274a6bbc6903f30a22a77257e03e9a681956c2908168d0570b2e22155f780d0f0f1fa04003c894c1a639af2ba6c00000000000091b5864ca0391cd64a110c7b3041c6dcf1be8ad7af2e3b89fbfae6d104acd13eecf2b8ee262f82343d21de9a2d18dbf6df69a534e0fcbf1d6401d139f176540fe6de4c0de0183fd1d538c521e74fae81e35b04511ec44d6c43f5d44caf2b2b8923cdb3112ab44855eefc18a939238ab6224f09ee7366c5cfc6fca9ebe6fbe953190cad55b461926f042a3bb4631b4faa410c50a9cf2dc94e7cbdff4d645c77b51341d234d6de3000000000000000000000ae367b4cfbebb124a9ef0356d18b60d0ffb4e691fdc2ba346f5d4ed41e20d79e32818df0ca58a382af35e11ad0369ba1dfaf7363dd06cc2b035bc9ff58923133a155957db8a7f013844762343d56be16bf04987ef4104ab6f6b3e5f036deed2125c528d360cd70f4c592a098333b252ae878995973f34fff85cd4761c3812129a97be0412dab80e5e88d4ace016a51219ec7d134e274c8076c78cc7d95f11a611b380665977a3b5bb5ff443ef89babcb00a9612bf3a82eb25f70af86ab5da94f86bdf58a772bf864fb7e0900000079c722d9b401a3b74bc5c09ea93d735c4b4e268771c056d521ad31718f2f69cf5fc16060080083c8327ae6031c680000000079bc3886a0f38531460e1fa0476fc1c16bb6746af1d8b3f490104189a432c9dd432333fab162e4527ac0ea7fc7fcb30a8ad1ca3c0dfa5227c5a49c543ed12ae88948faebbc656670c1e43236b904c9f76a5222edf5c202f902b17d1a7faee54ab05d9e36aa3c57344404c97a34e1daa9c00ffc8804b66860e22f1b3e8197287de4de2ad7e180156c53d069c9d10840d29edd00ead1f7d98d06a0ed038b7a1b20f069a6c86f07b89931fce3cfb584eef5a81b402f65e3adbdc9386f67905db119fc6fdf8b62db94b7dbf2c1f20dadb8c73bde665b334e9ca69e5cde0692c6"], 0x1) memfd_create(&(0x7f0000000100)='3\x00\x1e\x18J', 0x1) syz_open_procfs(0x0, &(0x7f0000000040)='net/icmp6\x00') 01:47:01 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x200}, 0x200000000, 0x2, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:47:01 executing program 0: capset(&(0x7f0000000000)={0x24020019980330}, &(0x7f0000000140)) ioprio_set$pid(0x3, 0x0, 0x0) [ 694.811711] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 694.894495] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 694.971288] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 694.991332] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 01:47:01 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xd403000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:47:01 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x4888}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:01 executing program 0: [ 695.026520] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 01:47:01 executing program 0: 01:47:01 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x6488}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 695.161289] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 695.179268] CPU: 0 PID: 8871 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 695.186180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 695.192995] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 695.195543] Call Trace: [ 695.195570] dump_stack+0x172/0x1f0 [ 695.195592] dump_header+0x15e/0x929 [ 695.195618] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 695.218099] ? ___ratelimit+0x60/0x595 [ 695.222006] ? do_raw_spin_unlock+0x57/0x270 [ 695.226433] oom_kill_process.cold+0x10/0x6f5 [ 695.231072] ? task_will_free_mem+0x139/0x6e0 [ 695.235581] ? find_held_lock+0x35/0x130 [ 695.239661] out_of_memory+0x936/0x12d0 [ 695.243648] ? lock_downgrade+0x810/0x810 [ 695.247979] ? oom_killer_disable+0x280/0x280 [ 695.252319] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 695.252477] ? find_held_lock+0x35/0x130 [ 695.252503] mem_cgroup_out_of_memory+0x1d2/0x240 [ 695.269878] ? memcg_event_wake+0x230/0x230 [ 695.274230] ? do_raw_spin_unlock+0x57/0x270 [ 695.278663] ? _raw_spin_unlock+0x2d/0x50 [ 695.281380] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 695.282820] try_charge+0x1028/0x15b0 [ 695.282837] ? find_held_lock+0x35/0x130 [ 695.282860] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 695.282887] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 695.290594] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 695.294117] ? find_held_lock+0x35/0x130 [ 695.294135] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 695.294163] memcg_kmem_charge_memcg+0x7c/0x130 [ 695.294179] ? memcg_kmem_put_cache+0xb0/0xb0 [ 695.294198] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 695.294217] memcg_kmem_charge+0x136/0x300 [ 695.294241] __alloc_pages_nodemask+0x3c6/0x760 [ 695.294259] ? __alloc_pages_slowpath+0x2870/0x2870 [ 695.294278] ? find_held_lock+0x35/0x130 [ 695.294294] ? copy_page_range+0x124f/0x1f90 [ 695.294313] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 695.294333] alloc_pages_current+0x107/0x210 [ 695.294352] pte_alloc_one+0x1b/0x1a0 [ 695.294364] __pte_alloc+0x2a/0x360 [ 695.294380] copy_page_range+0x151f/0x1f90 [ 695.294418] ? pmd_alloc+0x180/0x180 [ 695.294434] ? __vma_link_rb+0x279/0x370 [ 695.294455] copy_process.part.0+0x5434/0x7970 [ 695.294492] ? __cleanup_sighand+0x70/0x70 [ 695.294524] _do_fork+0x257/0xfe0 [ 695.294544] ? fork_idle+0x1d0/0x1d0 [ 695.294568] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 695.412045] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 695.416819] ? do_syscall_64+0x26/0x610 [ 695.420915] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 695.427746] ? do_syscall_64+0x26/0x610 [ 695.431742] __x64_sys_clone+0xbf/0x150 [ 695.435735] do_syscall_64+0x103/0x610 [ 695.439637] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 695.444835] RIP: 0033:0x458c29 01:47:01 executing program 0: 01:47:01 executing program 0: 01:47:02 executing program 0: [ 695.448036] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 695.466950] RSP: 002b:00007f546898bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 695.474680] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 695.481959] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 695.489240] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 695.496521] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546898c6d4 [ 695.503806] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 695.526795] Task in /syz3 killed as a result of limit of /syz3 [ 695.540979] memory: usage 307200kB, limit 307200kB, failcnt 3228 [ 695.558785] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 695.577478] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 695.585506] Memory cgroup stats for /syz3: cache:0KB rss:191856KB rss_huge:141312KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:191800KB inactive_file:4KB active_file:0KB unevictable:12KB [ 695.610828] Memory cgroup out of memory: Kill process 8727 (syz-executor.3) score 124 or sacrifice child [ 695.621527] Killed process 8734 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB [ 695.718270] syz-executor.1 invoked oom-killer: gfp_mask=0x6040c0(GFP_KERNEL|__GFP_COMP), nodemask=(null), order=1, oom_score_adj=1000 [ 695.736683] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 695.747170] CPU: 1 PID: 8872 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 695.754268] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 695.763729] Call Trace: [ 695.766333] dump_stack+0x172/0x1f0 [ 695.769980] dump_header+0x15e/0x929 [ 695.773816] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 695.779147] ? ___ratelimit+0x60/0x595 [ 695.783172] ? do_raw_spin_unlock+0x57/0x270 [ 695.787600] oom_kill_process.cold+0x10/0x6f5 [ 695.792124] ? task_will_free_mem+0x139/0x6e0 [ 695.796637] out_of_memory+0x936/0x12d0 [ 695.800632] ? oom_killer_disable+0x280/0x280 [ 695.805137] ? find_held_lock+0x35/0x130 [ 695.809251] mem_cgroup_out_of_memory+0x1d2/0x240 [ 695.814111] ? memcg_event_wake+0x230/0x230 [ 695.818450] ? do_raw_spin_unlock+0x57/0x270 [ 695.822880] ? _raw_spin_unlock+0x2d/0x50 [ 695.827043] try_charge+0x1028/0x15b0 [ 695.830965] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 695.835825] ? rcu_read_lock_sched_held+0x110/0x130 [ 695.840866] ? __alloc_pages_nodemask+0x63e/0x760 [ 695.845805] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 695.850588] memcg_kmem_charge_memcg+0x7c/0x130 [ 695.855270] ? memcg_kmem_put_cache+0xb0/0xb0 [ 695.859787] cache_grow_begin+0x25f/0x8c0 [ 695.863966] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 695.869513] ? __cpuset_node_allowed+0x136/0x540 [ 695.874285] fallback_alloc+0x1fd/0x2d0 [ 695.878282] ____cache_alloc_node+0x1be/0x1e0 [ 695.882807] kmem_cache_alloc+0x1f3/0x700 [ 695.887092] hugetlbfs_alloc_inode+0x84/0x1e0 [ 695.891603] ? init_once+0x20/0x20 [ 695.895157] alloc_inode+0x66/0x190 [ 695.898797] new_inode_pseudo+0x19/0xf0 [ 695.902793] new_inode+0x1f/0x40 [ 695.906176] hugetlbfs_get_inode+0x40/0x460 [ 695.910665] ? ns_capable_common+0x141/0x170 [ 695.915095] hugetlb_file_setup+0x367/0x671 [ 695.919574] newseg+0x4a3/0xe90 [ 695.922876] ? shm_mmap+0x240/0x240 [ 695.926518] ? kasan_check_read+0x11/0x20 [ 695.930726] ipcget+0xb7c/0xd40 [ 695.934035] ? ipc_obtain_object_check+0xd0/0xd0 [ 695.938801] ? nsecs_to_jiffies+0x30/0x30 [ 695.942976] __x64_sys_shmget+0x146/0x1d0 [ 695.947310] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 695.952071] ? ksys_shmget+0x150/0x150 [ 695.955965] ? do_syscall_64+0x26/0x610 [ 695.959954] ? lockdep_hardirqs_on+0x415/0x5d0 [ 695.964560] ? trace_hardirqs_on+0x67/0x230 [ 695.968904] do_syscall_64+0x103/0x610 [ 695.972809] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 695.978099] RIP: 0033:0x458c29 [ 695.981305] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 696.000217] RSP: 002b:00007f66b1fafc78 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 696.007946] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000458c29 [ 696.015224] RDX: 0000000000000a07 RSI: 0000000000003000 RDI: 00000000798dd819 [ 696.022504] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 696.029782] R10: 0000000020ffc000 R11: 0000000000000246 R12: 00007f66b1fb06d4 [ 696.037068] R13: 00000000004c7154 R14: 00000000004dcda0 R15: 00000000ffffffff [ 696.050256] Task in /syz1 killed as a result of limit of /syz1 [ 696.057552] memory: usage 307200kB, limit 307200kB, failcnt 1506 [ 696.064737] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 696.072784] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 696.079402] Memory cgroup stats for /syz1: cache:64KB rss:175744KB rss_huge:114688KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:175872KB inactive_file:0KB active_file:4KB unevictable:0KB [ 696.104057] Memory cgroup out of memory: Kill process 1583 (syz-executor.1) score 1113 or sacrifice child [ 696.116696] Killed process 1583 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:35804kB, shmem-rss:0kB [ 696.145329] oom_reaper: reaped process 1583 (syz-executor.1), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB [ 696.173571] syz-executor.1 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 696.202182] syz-executor.1 cpuset=syz1 mems_allowed=0-1 [ 696.208846] CPU: 1 PID: 8869 Comm: syz-executor.1 Not tainted 4.19.35 #3 [ 696.215710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 696.225068] Call Trace: [ 696.227681] dump_stack+0x172/0x1f0 [ 696.231328] dump_header+0x15e/0x929 [ 696.235056] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 696.240167] ? ___ratelimit+0x60/0x595 [ 696.244059] ? do_raw_spin_unlock+0x57/0x270 [ 696.248477] oom_kill_process.cold+0x10/0x6f5 [ 696.253072] ? task_will_free_mem+0x139/0x6e0 [ 696.257696] out_of_memory+0x936/0x12d0 [ 696.261692] ? oom_killer_disable+0x280/0x280 [ 696.266198] ? find_held_lock+0x35/0x130 [ 696.270281] mem_cgroup_out_of_memory+0x1d2/0x240 [ 696.275132] ? memcg_event_wake+0x230/0x230 [ 696.279464] ? do_raw_spin_unlock+0x57/0x270 [ 696.284004] ? _raw_spin_unlock+0x2d/0x50 [ 696.288167] try_charge+0xd25/0x15b0 [ 696.291888] ? find_held_lock+0x35/0x130 [ 696.295968] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 696.300830] ? kasan_check_read+0x11/0x20 [ 696.304989] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 696.309842] mem_cgroup_try_charge+0x24d/0x5e0 [ 696.314440] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 696.319385] __handle_mm_fault+0x1e55/0x3f80 [ 696.323813] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 696.328670] ? find_held_lock+0x35/0x130 [ 696.332741] ? handle_mm_fault+0x322/0xb30 [ 696.336997] ? kasan_check_read+0x11/0x20 [ 696.341154] handle_mm_fault+0x43f/0xb30 [ 696.345225] __do_page_fault+0x62a/0xe90 [ 696.349301] ? vmalloc_fault+0x770/0x770 [ 696.353473] ? trace_hardirqs_off_caller+0x65/0x220 [ 696.358500] ? trace_hardirqs_on_caller+0x6a/0x220 [ 696.363444] ? page_fault+0x8/0x30 [ 696.366997] do_page_fault+0x71/0x581 [ 696.370809] ? page_fault+0x8/0x30 [ 696.374352] page_fault+0x1e/0x30 [ 696.377814] RIP: 0033:0x41063f [ 696.381017] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 696.399951] RSP: 002b:00007ffe7cbd7c70 EFLAGS: 00010206 [ 696.405321] RAX: 00007f66b1f6f000 RBX: 0000000000020000 RCX: 0000000000458c7a [ 696.412577] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 01:47:03 executing program 5: [ 696.419831] RBP: 00007ffe7cbd7d50 R08: ffffffffffffffff R09: 0000000000000000 [ 696.427087] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe7cbd7e30 [ 696.434356] R13: 00007f66b1f8f700 R14: 0000000000000002 R15: 000000000073bfac [ 696.455948] Task in /syz1 killed as a result of limit of /syz1 [ 696.462552] memory: usage 304900kB, limit 307200kB, failcnt 1506 [ 696.472571] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 696.479411] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 696.486381] Memory cgroup stats for /syz1: cache:64KB rss:173648KB rss_huge:112640KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:173728KB inactive_file:0KB active_file:4KB unevictable:0KB [ 696.509021] Memory cgroup out of memory: Kill process 1882 (syz-executor.1) score 1113 or sacrifice child [ 696.519249] Killed process 1883 (syz-executor.1) total-vm:72452kB, anon-rss:2196kB, file-rss:34816kB, shmem-rss:0kB [ 696.551254] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 696.575838] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 696.583453] CPU: 0 PID: 8886 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 696.590332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 696.599695] Call Trace: [ 696.602312] dump_stack+0x172/0x1f0 [ 696.605964] dump_header+0x15e/0x929 [ 696.609702] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 696.614909] ? ___ratelimit+0x60/0x595 [ 696.618812] ? do_raw_spin_unlock+0x57/0x270 [ 696.623241] oom_kill_process.cold+0x10/0x6f5 [ 696.627753] ? task_will_free_mem+0x139/0x6e0 [ 696.632361] out_of_memory+0x936/0x12d0 [ 696.636358] ? oom_killer_disable+0x280/0x280 [ 696.640866] ? find_held_lock+0x35/0x130 [ 696.644947] mem_cgroup_out_of_memory+0x1d2/0x240 [ 696.649798] ? memcg_event_wake+0x230/0x230 [ 696.654135] ? do_raw_spin_unlock+0x57/0x270 [ 696.658551] ? _raw_spin_unlock+0x2d/0x50 [ 696.662701] try_charge+0x1028/0x15b0 [ 696.666502] ? find_held_lock+0x35/0x130 [ 696.670569] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 696.675412] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 696.680269] ? find_held_lock+0x35/0x130 [ 696.684345] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 696.689213] memcg_kmem_charge_memcg+0x7c/0x130 [ 696.693898] ? memcg_kmem_put_cache+0xb0/0xb0 [ 696.698407] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 696.704656] memcg_kmem_charge+0x136/0x300 [ 696.708901] __alloc_pages_nodemask+0x3c6/0x760 [ 696.713570] ? save_stack+0xa9/0xd0 [ 696.717195] ? __alloc_pages_slowpath+0x2870/0x2870 [ 696.722197] ? kmem_cache_alloc+0x12e/0x700 [ 696.726501] ? anon_vma_fork+0x1ea/0x4a0 [ 696.730545] ? copy_process.part.0+0x34dc/0x7970 [ 696.735294] ? __lock_acquire+0x6eb/0x48f0 [ 696.739513] ? mark_held_locks+0x100/0x100 [ 696.743735] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 696.749264] alloc_pages_current+0x107/0x210 [ 696.753674] __pmd_alloc+0x41/0x460 [ 696.757296] ? __pmd+0x60/0x60 [ 696.760472] pmd_alloc+0x10c/0x180 [ 696.764003] copy_page_range+0x633/0x1f90 [ 696.768139] ? anon_vma_fork+0x371/0x4a0 [ 696.772210] ? find_held_lock+0x35/0x130 [ 696.776266] ? anon_vma_fork+0x371/0x4a0 [ 696.780317] ? lock_downgrade+0x810/0x810 [ 696.784454] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 696.789458] ? pmd_alloc+0x180/0x180 [ 696.793171] ? __vma_link_rb+0x279/0x370 [ 696.797231] copy_process.part.0+0x5434/0x7970 [ 696.801819] ? __cleanup_sighand+0x70/0x70 [ 696.806049] _do_fork+0x257/0xfe0 [ 696.809493] ? fork_idle+0x1d0/0x1d0 [ 696.813214] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 696.817979] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 696.822720] ? do_syscall_64+0x26/0x610 [ 696.826685] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 696.832044] ? do_syscall_64+0x26/0x610 [ 696.836016] __x64_sys_clone+0xbf/0x150 [ 696.839978] do_syscall_64+0x103/0x610 [ 696.843857] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 696.849146] RIP: 0033:0x458c29 [ 696.852343] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 696.871248] RSP: 002b:00007f90eb536c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 696.878966] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 696.886221] RDX: 9999999999999999 RSI: 0000000000000000 RDI: d403000000000000 [ 696.893483] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 696.900758] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f90eb5376d4 [ 696.908021] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 696.919053] Task in /syz4 killed as a result of limit of /syz4 [ 696.926080] memory: usage 307200kB, limit 307200kB, failcnt 1808 [ 696.935896] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 696.943656] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 01:47:03 executing program 1: [ 696.949810] Memory cgroup stats for /syz4: cache:20KB rss:177676KB rss_huge:114688KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:177872KB inactive_file:8KB active_file:0KB unevictable:0KB [ 696.984924] Memory cgroup out of memory: Kill process 8812 (syz-executor.4) score 1113 or sacrifice child [ 696.999942] Killed process 8822 (syz-executor.4) total-vm:72584kB, anon-rss:2204kB, file-rss:34816kB, shmem-rss:0kB [ 697.048635] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 697.068979] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 697.074600] CPU: 1 PID: 8865 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 697.081447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 697.081453] Call Trace: [ 697.081477] dump_stack+0x172/0x1f0 [ 697.081499] dump_header+0x15e/0x929 [ 697.081517] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 697.081533] ? ___ratelimit+0x60/0x595 [ 697.081549] ? do_raw_spin_unlock+0x57/0x270 [ 697.081568] oom_kill_process.cold+0x10/0x6f5 [ 697.081591] ? task_will_free_mem+0x139/0x6e0 [ 697.081613] out_of_memory+0x936/0x12d0 [ 697.081633] ? oom_killer_disable+0x280/0x280 [ 697.081650] ? find_held_lock+0x35/0x130 [ 697.100924] mem_cgroup_out_of_memory+0x1d2/0x240 [ 697.100940] ? memcg_event_wake+0x230/0x230 [ 697.100963] ? do_raw_spin_unlock+0x57/0x270 [ 697.114345] ? _raw_spin_unlock+0x2d/0x50 [ 697.114366] try_charge+0x1028/0x15b0 [ 697.123326] ? find_held_lock+0x35/0x130 [ 697.123349] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 697.123367] ? kasan_check_read+0x11/0x20 [ 697.123387] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 697.175194] mem_cgroup_try_charge+0x24d/0x5e0 [ 697.179882] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 697.184807] __handle_mm_fault+0x1e55/0x3f80 [ 697.189210] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 697.194043] ? find_held_lock+0x35/0x130 [ 697.198095] ? handle_mm_fault+0x322/0xb30 [ 697.202341] ? kasan_check_read+0x11/0x20 [ 697.206479] handle_mm_fault+0x43f/0xb30 [ 697.210534] __do_page_fault+0x62a/0xe90 [ 697.214588] ? vmalloc_fault+0x770/0x770 [ 697.218684] ? trace_hardirqs_off_caller+0x65/0x220 [ 697.223694] ? trace_hardirqs_on_caller+0x6a/0x220 [ 697.228625] ? page_fault+0x8/0x30 [ 697.232169] do_page_fault+0x71/0x581 [ 697.235959] ? page_fault+0x8/0x30 [ 697.239498] page_fault+0x1e/0x30 [ 697.242936] RIP: 0033:0x45b5dd [ 697.246114] Code: 5b 5d f3 c3 66 0f 1f 84 00 00 00 00 00 48 c7 c0 ea ff ff ff 48 85 ff 0f 84 e0 8e fb ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 <48> 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 [ 697.265011] RSP: 002b:00007fffea33a168 EFLAGS: 00010202 [ 697.270388] RAX: ffffffffffffffea RBX: 00007f546894a700 RCX: 00007f546894a700 [ 697.277666] RDX: 00000000003d0f00 RSI: 00007f5468949db0 RDI: 000000000040fa30 [ 697.284937] RBP: 00007fffea33a370 R08: 00007f546894a9d0 R09: 00007f546894a700 [ 697.292198] R10: 00007f5468949dc0 R11: 0000000000000246 R12: 0000000000000000 [ 697.299466] R13: 00007fffea33a21f R14: 00007f546894a9c0 R15: 000000000073c04c [ 697.307740] Task in /syz3 killed as a result of limit of /syz3 [ 697.313908] memory: usage 307168kB, limit 307200kB, failcnt 3255 [ 697.320092] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 697.327053] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 697.333370] Memory cgroup stats for /syz3: cache:0KB rss:191856KB rss_huge:141312KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:191844KB inactive_file:0KB active_file:0KB unevictable:12KB [ 697.354375] Memory cgroup out of memory: Kill process 8727 (syz-executor.3) score 124 or sacrifice child [ 697.364151] Killed process 8727 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:35804kB, shmem-rss:0kB [ 697.376413] oom_reaper: reaped process 8727 (syz-executor.3), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 01:47:04 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = syz_open_dev$sndtimer(&(0x7f0000000080)='/dev/snd/timer\x00', 0x0, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r1, 0x110, 0x4, &(0x7f0000000100), 0x4) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$PPPIOCSCOMPRESS(r2, 0x4010744d) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:47:04 executing program 5: 01:47:04 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x800e}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:04 executing program 0: 01:47:04 executing program 1: 01:47:04 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xee03000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:47:04 executing program 1: 01:47:04 executing program 0: 01:47:04 executing program 5: [ 697.684564] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 01:47:04 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x8035}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 697.744481] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 697.761773] CPU: 1 PID: 8915 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 697.768648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 697.768659] Call Trace: [ 697.780741] dump_stack+0x172/0x1f0 [ 697.784385] dump_header+0x15e/0x929 [ 697.788119] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 697.793241] ? ___ratelimit+0x60/0x595 [ 697.797229] ? do_raw_spin_unlock+0x57/0x270 [ 697.801656] oom_kill_process.cold+0x10/0x6f5 [ 697.806268] ? task_will_free_mem+0x139/0x6e0 [ 697.810785] ? find_held_lock+0x35/0x130 [ 697.814867] out_of_memory+0x936/0x12d0 [ 697.818851] ? lock_downgrade+0x810/0x810 [ 697.823013] ? oom_killer_disable+0x280/0x280 [ 697.827575] ? find_held_lock+0x35/0x130 [ 697.831667] mem_cgroup_out_of_memory+0x1d2/0x240 [ 697.836529] ? memcg_event_wake+0x230/0x230 [ 697.840862] ? do_raw_spin_unlock+0x57/0x270 [ 697.845290] ? _raw_spin_unlock+0x2d/0x50 [ 697.849453] try_charge+0x1028/0x15b0 [ 697.853261] ? find_held_lock+0x35/0x130 [ 697.857360] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 697.862216] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 697.867086] ? find_held_lock+0x35/0x130 [ 697.871161] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 697.876019] memcg_kmem_charge_memcg+0x7c/0x130 [ 697.880704] ? memcg_kmem_put_cache+0xb0/0xb0 [ 697.885216] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 697.890073] memcg_kmem_charge+0x136/0x300 01:47:04 executing program 5: [ 697.894317] __alloc_pages_nodemask+0x3c6/0x760 [ 697.898997] ? __alloc_pages_slowpath+0x2870/0x2870 [ 697.904030] ? lockdep_hardirqs_on+0x415/0x5d0 [ 697.904048] ? trace_hardirqs_on+0x67/0x230 [ 697.904068] copy_process.part.0+0x3e0/0x7970 [ 697.904086] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 697.904101] ? delayacct_end+0x5c/0x100 [ 697.904118] ? __delayacct_freepages_end+0xe0/0x140 [ 697.904135] ? __lock_acquire+0x6eb/0x48f0 [ 697.904156] ? __cleanup_sighand+0x70/0x70 [ 697.913064] ? mark_held_locks+0x100/0x100 01:47:04 executing program 1: [ 697.913092] _do_fork+0x257/0xfe0 [ 697.913110] ? fork_idle+0x1d0/0x1d0 [ 697.913131] ? blkcg_print_stat+0xb90/0xb90 [ 697.913149] ? kasan_check_read+0x11/0x20 [ 697.960059] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 697.964822] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 697.969598] ? do_syscall_64+0x26/0x610 [ 697.973588] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 697.978958] ? do_syscall_64+0x26/0x610 [ 697.982947] __x64_sys_clone+0xbf/0x150 [ 697.986932] do_syscall_64+0x103/0x610 [ 697.990831] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 697.996025] RIP: 0033:0x45b5f9 [ 697.999221] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 698.018130] RSP: 002b:00007ffc0bec0098 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 698.025848] RAX: ffffffffffffffda RBX: 00007f90eb558700 RCX: 000000000045b5f9 [ 698.025857] RDX: 00007f90eb5589d0 RSI: 00007f90eb557db0 RDI: 00000000003d0f00 [ 698.025867] RBP: 00007ffc0bec02a0 R08: 00007f90eb558700 R09: 00007f90eb558700 [ 698.025875] R10: 00007f90eb5589d0 R11: 0000000000000202 R12: 0000000000000000 [ 698.025882] R13: 00007ffc0bec014f R14: 00007f90eb5589c0 R15: 000000000073bf0c [ 698.069256] Task in /syz4 killed as a result of limit of /syz4 [ 698.075902] memory: usage 307176kB, limit 307200kB, failcnt 1836 [ 698.082726] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 698.089871] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 698.098802] Memory cgroup stats for /syz4: cache:20KB rss:177676KB rss_huge:114688KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:177876KB inactive_file:0KB active_file:4KB unevictable:0KB [ 698.125269] Memory cgroup out of memory: Kill process 8812 (syz-executor.4) score 1113 or sacrifice child [ 698.141868] Killed process 8812 (syz-executor.4) total-vm:72716kB, anon-rss:2212kB, file-rss:35812kB, shmem-rss:0kB [ 698.181564] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 698.198285] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 698.204552] CPU: 0 PID: 8933 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 698.211423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 698.220776] Call Trace: [ 698.223367] dump_stack+0x172/0x1f0 [ 698.227000] dump_header+0x15e/0x929 [ 698.230975] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 698.236090] ? ___ratelimit+0x60/0x595 [ 698.239970] ? do_raw_spin_unlock+0x57/0x270 [ 698.244380] oom_kill_process.cold+0x10/0x6f5 [ 698.248886] ? task_will_free_mem+0x139/0x6e0 [ 698.253398] out_of_memory+0x936/0x12d0 [ 698.257366] ? oom_killer_disable+0x280/0x280 [ 698.261851] ? find_held_lock+0x35/0x130 [ 698.265920] mem_cgroup_out_of_memory+0x1d2/0x240 [ 698.270775] ? memcg_event_wake+0x230/0x230 [ 698.275116] ? do_raw_spin_unlock+0x57/0x270 [ 698.279544] ? _raw_spin_unlock+0x2d/0x50 [ 698.283714] try_charge+0x1028/0x15b0 [ 698.287525] ? find_held_lock+0x35/0x130 [ 698.291725] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 698.296563] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 698.301397] ? find_held_lock+0x35/0x130 [ 698.305449] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 698.310311] memcg_kmem_charge_memcg+0x7c/0x130 [ 698.315003] ? memcg_kmem_put_cache+0xb0/0xb0 [ 698.319520] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 698.324460] memcg_kmem_charge+0x136/0x300 [ 698.328693] __alloc_pages_nodemask+0x3c6/0x760 [ 698.333350] ? save_stack+0xa9/0xd0 [ 698.336976] ? __alloc_pages_slowpath+0x2870/0x2870 [ 698.341985] ? copy_process.part.0+0x34dc/0x7970 [ 698.346754] ? mark_held_locks+0x100/0x100 [ 698.351019] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 698.356659] alloc_pages_current+0x107/0x210 [ 698.361072] pte_alloc_one+0x1b/0x1a0 [ 698.364872] __pte_alloc+0x2a/0x360 [ 698.368514] copy_page_range+0x151f/0x1f90 [ 698.372760] ? anon_vma_fork+0x371/0x4a0 [ 698.376998] ? find_held_lock+0x35/0x130 [ 698.381058] ? anon_vma_fork+0x371/0x4a0 [ 698.385115] ? vma_compute_subtree_gap+0x158/0x230 [ 698.390051] ? vma_gap_callbacks_rotate+0x62/0x80 [ 698.394897] ? pmd_alloc+0x180/0x180 [ 698.398620] ? __vma_link_rb+0x279/0x370 [ 698.402686] copy_process.part.0+0x5434/0x7970 [ 698.407278] ? __cleanup_sighand+0x70/0x70 [ 698.411532] _do_fork+0x257/0xfe0 [ 698.414986] ? fork_idle+0x1d0/0x1d0 [ 698.418698] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 698.423468] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 698.428223] ? do_syscall_64+0x26/0x610 [ 698.432209] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 698.437567] ? do_syscall_64+0x26/0x610 [ 698.441538] __x64_sys_clone+0xbf/0x150 [ 698.445507] do_syscall_64+0x103/0x610 [ 698.449399] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 698.454588] RIP: 0033:0x458c29 [ 698.457868] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 698.476763] RSP: 002b:00007f5468949c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 698.484467] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 698.491745] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 698.499104] RBP: 000000000073c040 R08: ffffffffffffffff R09: 0000000000000000 [ 698.506368] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546894a6d4 [ 698.513636] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 698.522801] Task in /syz3 killed as a result of limit of /syz3 [ 698.528828] memory: usage 307200kB, limit 307200kB, failcnt 3280 [ 698.535158] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 698.541964] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 698.548187] Memory cgroup stats for /syz3: cache:0KB rss:191800KB rss_huge:141312KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:191764KB inactive_file:0KB active_file:0KB unevictable:12KB [ 698.569218] Memory cgroup out of memory: Kill process 25003 (syz-executor.3) score 124 or sacrifice child [ 698.579090] Killed process 25003 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:35800kB, shmem-rss:0kB [ 698.593036] oom_reaper: reaped process 25003 (syz-executor.3), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 698.639036] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 698.654241] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 698.660032] CPU: 1 PID: 8940 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 698.666880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 698.676238] Call Trace: [ 698.678840] dump_stack+0x172/0x1f0 [ 698.682540] dump_header+0x15e/0x929 [ 698.686277] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 698.691393] ? ___ratelimit+0x60/0x595 [ 698.695377] ? do_raw_spin_unlock+0x57/0x270 [ 698.699803] oom_kill_process.cold+0x10/0x6f5 [ 698.704317] ? task_will_free_mem+0x139/0x6e0 [ 698.708828] out_of_memory+0x936/0x12d0 [ 698.712862] ? oom_killer_disable+0x280/0x280 [ 698.717368] ? find_held_lock+0x35/0x130 [ 698.721463] mem_cgroup_out_of_memory+0x1d2/0x240 [ 698.726318] ? memcg_event_wake+0x230/0x230 [ 698.730657] ? do_raw_spin_unlock+0x57/0x270 [ 698.735076] ? _raw_spin_unlock+0x2d/0x50 01:47:05 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) socket$isdn_base(0x22, 0x3, 0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:47:05 executing program 5: 01:47:05 executing program 0: [ 698.739239] try_charge+0x1028/0x15b0 [ 698.743054] ? find_held_lock+0x35/0x130 [ 698.747138] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 698.751991] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 698.756845] ? find_held_lock+0x35/0x130 [ 698.760919] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 698.765788] memcg_kmem_charge_memcg+0x7c/0x130 [ 698.770472] ? memcg_kmem_put_cache+0xb0/0xb0 [ 698.774978] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 698.779847] memcg_kmem_charge+0x136/0x300 [ 698.784094] __alloc_pages_nodemask+0x3c6/0x760 01:47:05 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x8100}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:05 executing program 1: [ 698.788777] ? __alloc_pages_slowpath+0x2870/0x2870 [ 698.793813] ? lockdep_hardirqs_on+0x415/0x5d0 [ 698.798409] ? trace_hardirqs_on+0x67/0x230 [ 698.802758] copy_process.part.0+0x3e0/0x7970 [ 698.807277] ? mark_held_locks+0x100/0x100 [ 698.811529] ? __might_fault+0x12b/0x1e0 [ 698.815617] ? __cleanup_sighand+0x70/0x70 [ 698.819872] ? lock_downgrade+0x810/0x810 [ 698.824048] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 698.828823] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 698.833608] _do_fork+0x257/0xfe0 [ 698.837084] ? fork_idle+0x1d0/0x1d0 [ 698.840826] ? retint_kernel+0x2d/0x2d [ 698.844740] __x64_sys_clone+0xbf/0x150 [ 698.848736] do_syscall_64+0x103/0x610 [ 698.852676] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 698.857870] RIP: 0033:0x458c29 [ 698.861075] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 698.879984] RSP: 002b:00007f90eb557c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 698.887703] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 698.894983] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000802102001ffc [ 698.902261] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 698.909654] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f90eb5586d4 [ 698.917054] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 699.033005] Task in /syz4 killed as a result of limit of /syz4 [ 699.039331] memory: usage 307116kB, limit 307200kB, failcnt 1866 [ 699.055925] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 699.067195] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 699.076536] Memory cgroup stats for /syz4: cache:20KB rss:177676KB rss_huge:114688KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:177892KB inactive_file:0KB active_file:4KB unevictable:0KB [ 699.099680] Memory cgroup out of memory: Kill process 25525 (syz-executor.4) score 1113 or sacrifice child [ 699.110297] Killed process 25525 (syz-executor.4) total-vm:72452kB, anon-rss:2188kB, file-rss:35804kB, shmem-rss:0kB [ 699.139636] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 699.152033] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 699.157478] CPU: 0 PID: 8915 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 699.164314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 699.173671] Call Trace: [ 699.176260] dump_stack+0x172/0x1f0 [ 699.179908] dump_header+0x15e/0x929 [ 699.183622] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 699.188717] ? ___ratelimit+0x60/0x595 [ 699.192595] ? do_raw_spin_unlock+0x57/0x270 [ 699.197008] oom_kill_process.cold+0x10/0x6f5 [ 699.201496] ? task_will_free_mem+0x139/0x6e0 [ 699.205982] out_of_memory+0x936/0x12d0 [ 699.209951] ? oom_killer_disable+0x280/0x280 [ 699.214438] ? find_held_lock+0x35/0x130 [ 699.218493] mem_cgroup_out_of_memory+0x1d2/0x240 [ 699.223323] ? memcg_event_wake+0x230/0x230 [ 699.227646] ? do_raw_spin_unlock+0x57/0x270 [ 699.232086] ? _raw_spin_unlock+0x2d/0x50 [ 699.236226] try_charge+0xd25/0x15b0 [ 699.239930] ? find_held_lock+0x35/0x130 [ 699.243988] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 699.248861] ? kasan_check_read+0x11/0x20 [ 699.252999] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 699.257832] mem_cgroup_try_charge+0x24d/0x5e0 [ 699.262407] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 699.267329] __handle_mm_fault+0x1e55/0x3f80 [ 699.271733] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 699.276574] ? find_held_lock+0x35/0x130 [ 699.280993] ? handle_mm_fault+0x322/0xb30 [ 699.285227] ? kasan_check_read+0x11/0x20 [ 699.289366] handle_mm_fault+0x43f/0xb30 [ 699.293424] __do_page_fault+0x62a/0xe90 [ 699.297504] ? vmalloc_fault+0x770/0x770 [ 699.301567] ? trace_hardirqs_off_caller+0x65/0x220 [ 699.306570] ? trace_hardirqs_on_caller+0x6a/0x220 [ 699.311492] ? page_fault+0x8/0x30 [ 699.315045] do_page_fault+0x71/0x581 [ 699.318846] ? page_fault+0x8/0x30 [ 699.322396] page_fault+0x1e/0x30 [ 699.325851] RIP: 0033:0x41063f [ 699.329044] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 699.347949] RSP: 002b:00007ffc0bec00e0 EFLAGS: 00010206 [ 699.353313] RAX: 00007f90eb4f6000 RBX: 0000000000020000 RCX: 0000000000458c7a [ 699.360570] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 699.367836] RBP: 00007ffc0bec01c0 R08: ffffffffffffffff R09: 0000000000000000 [ 699.375093] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc0bec02a0 [ 699.382351] R13: 00007f90eb516700 R14: 0000000000000003 R15: 000000000073c04c [ 699.391956] Task in /syz4 killed as a result of limit of /syz4 [ 699.397992] memory: usage 304804kB, limit 307200kB, failcnt 1866 [ 699.404217] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 699.411055] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 699.417196] Memory cgroup stats for /syz4: cache:20KB rss:175640KB rss_huge:112640KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:175744KB inactive_file:0KB active_file:4KB unevictable:0KB [ 699.439607] Memory cgroup out of memory: Kill process 25540 (syz-executor.4) score 1113 or sacrifice child [ 699.449527] Killed process 25540 (syz-executor.4) total-vm:72452kB, anon-rss:2188kB, file-rss:35804kB, shmem-rss:0kB [ 699.462986] oom_reaper: reaped process 25540 (syz-executor.4), now anon-rss:0kB, file-rss:34844kB, shmem-rss:0kB 01:47:06 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xf003000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:47:06 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x8847}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:06 executing program 0: 01:47:06 executing program 1: 01:47:06 executing program 5: 01:47:06 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) fsetxattr$security_evm(r1, &(0x7f0000000080)='security.evm\x00', &(0x7f0000000100)=@v1={0x2, "1a130d722e63c8ff767047f8100c33c006e3f1"}, 0x14, 0x2) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) [ 699.536312] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 699.544108] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 699.554794] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 699.562763] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 01:47:06 executing program 0: 01:47:06 executing program 1: [ 699.715460] FS-Cache: Duplicate cookie detected [ 699.720391] FS-Cache: O-cookie c=0000000026556cd8 [p=000000004114b303 fl=222 nc=0 na=1] [ 699.729583] FS-Cache: O-cookie d=00000000656b88e0 n=000000006b5ed7e1 [ 699.736290] FS-Cache: O-key=[10] '02000200000002000000' [ 699.742437] FS-Cache: N-cookie c=000000002678b48b [p=000000004114b303 fl=2 nc=0 na=1] [ 699.742462] netlink: 'syz-executor.4': attribute type 29 has an invalid length. 01:47:06 executing program 5: 01:47:06 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xf200000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:47:06 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x8848}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 699.742472] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 699.742681] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 699.750624] FS-Cache: N-cookie d=00000000656b88e0 n=000000005f8b62b2 [ 699.759013] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 699.766652] FS-Cache: N-key=[10] '02000200000002000000' 01:47:06 executing program 0: sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000680)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000001e00090100"/20], 0x1}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) 01:47:06 executing program 1: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$inet_sctp(r0, &(0x7f00000007c0)={&(0x7f0000000180)=@in={0x2, 0x0, @loopback}, 0x10, &(0x7f0000000640), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000840000000000000000008b1100000000"], 0x18}, 0x0) 01:47:06 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x8864}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:06 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000080)="0adc1f123c123f319bd070") r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) write$binfmt_script(r1, &(0x7f0000000b00)=ANY=[@ANYBLOB='#'], 0x1) close(r1) 01:47:06 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x8906}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:06 executing program 0: r0 = socket$inet_sctp(0x2, 0x800000000001, 0x84) connect$inet(r0, &(0x7f0000f6fff0)={0x2, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r0, 0x100000000009) r1 = accept(r0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000000)={0x0, @in={{0x2, 0x0, @empty}}}, 0x0) [ 700.145875] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 700.182587] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 700.247415] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 700.256254] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 01:47:07 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:47:07 executing program 1: 01:47:07 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:07 executing program 5: 01:47:07 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xf5ffffff00000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:47:07 executing program 1: r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x0, 0x0, 0x0) read(r0, &(0x7f0000000200)=""/4096, 0x1000) 01:47:07 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x2e4, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") dup3(r1, r0, 0x80000) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') preadv(r2, &(0x7f0000000480), 0x100000000000010f, 0x0) 01:47:07 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xf0ffff}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 700.546274] FS-Cache: Duplicate cookie detected [ 700.551318] FS-Cache: O-cookie c=0000000045d22362 [p=000000004114b303 fl=222 nc=0 na=1] [ 700.559609] FS-Cache: O-cookie d=00000000656b88e0 n=00000000c8d6f3c7 [ 700.566486] FS-Cache: O-key=[10] '02000200000002000000' [ 700.572731] FS-Cache: N-cookie c=000000003c2d4967 [p=000000004114b303 fl=2 nc=0 na=1] [ 700.580982] FS-Cache: N-cookie d=00000000656b88e0 n=000000002720f66d [ 700.587635] FS-Cache: N-key=[10] '02000200000002000000' 01:47:07 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f0000000100)={0x0, 0x3f, 0x7, &(0x7f0000000080)=0x993}) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x4d621fc75633e412, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:47:07 executing program 5: openat$tun(0xffffffffffffff9c, &(0x7f0000000280)='/dev/net/tun\x00', 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000001380)=[{&(0x7f0000000180)=""/148, 0x13d}], 0x2e4, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') preadv(r0, &(0x7f0000000480), 0x100000000000010f, 0x0) [ 700.718030] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 700.797088] FS-Cache: Duplicate cookie detected [ 700.802207] FS-Cache: O-cookie c=000000007acdf6ae [p=000000004114b303 fl=222 nc=0 na=1] [ 700.806704] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 700.810513] FS-Cache: O-cookie d=00000000656b88e0 n=000000005e47d154 [ 700.826165] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 700.826230] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 700.843099] FS-Cache: O-key=[10] '02000200000002000000' [ 700.844671] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 700.848952] FS-Cache: N-cookie c=0000000087fab216 [p=000000004114b303 fl=2 nc=0 na=1] [ 700.868663] syz-executor.4 cpuset= [ 700.869933] FS-Cache: N-cookie d=00000000656b88e0 n=00000000da99eee1 [ 700.873987] syz4 [ 700.880278] FS-Cache: N-key=[10] ' [ 700.880667] mems_allowed=0-1 [ 700.882347] 02 [ 700.886308] CPU: 0 PID: 9057 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 700.889026] 00 [ 700.890802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 700.890808] Call Trace: [ 700.890837] dump_stack+0x172/0x1f0 [ 700.890860] dump_header+0x15e/0x929 [ 700.890879] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 700.897706] 02 [ 700.899504] ? ___ratelimit+0x60/0x595 [ 700.899518] ? do_raw_spin_unlock+0x57/0x270 [ 700.899540] oom_kill_process.cold+0x10/0x6f5 [ 700.908909] 00 [ 700.911461] ? task_will_free_mem+0x139/0x6e0 01:47:07 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 700.911477] ? find_held_lock+0x35/0x130 [ 700.911497] out_of_memory+0x936/0x12d0 [ 700.911515] ? lock_downgrade+0x810/0x810 [ 700.911537] ? oom_killer_disable+0x280/0x280 [ 700.915175] 00 [ 700.918843] ? find_held_lock+0x35/0x130 [ 700.918869] mem_cgroup_out_of_memory+0x1d2/0x240 [ 700.918883] ? memcg_event_wake+0x230/0x230 [ 700.918903] ? do_raw_spin_unlock+0x57/0x270 [ 700.918920] ? _raw_spin_unlock+0x2d/0x50 [ 700.924089] 00 [ 700.925830] try_charge+0x1028/0x15b0 [ 700.925842] ? find_held_lock+0x35/0x130 [ 700.925871] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 700.925889] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 700.929779] 02 [ 700.934149] ? find_held_lock+0x35/0x130 [ 700.934166] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 700.934196] memcg_kmem_charge_memcg+0x7c/0x130 [ 700.934211] ? memcg_kmem_put_cache+0xb0/0xb0 [ 700.934230] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 700.938713] 00 [ 700.940501] memcg_kmem_charge+0x136/0x300 [ 700.940519] __alloc_pages_nodemask+0x3c6/0x760 [ 700.940537] ? __alloc_pages_slowpath+0x2870/0x2870 01:47:07 executing program 0: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmsg$inet_sctp(r1, &(0x7f00000007c0)={&(0x7f0000000180)=@in={0x2, 0x0, @loopback}, 0x10, &(0x7f0000000640), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000840000000000000000008b1100000000"], 0x18}, 0x0) 01:47:07 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000580)={'nr0\x01\x00', 0x1000000802}) ioctl$TUNSETOFFLOAD(r0, 0x400454d0, 0xfffffffffffffffd) [ 700.940554] ? retint_kernel+0x2d/0x2d [ 700.945083] 00 [ 700.949074] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 700.949095] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 700.953076] 00 [ 700.957179] alloc_pages_current+0x107/0x210 [ 700.957198] pte_alloc_one+0x1b/0x1a0 [ 700.957217] __pte_alloc+0x2a/0x360 [ 700.961724] ' [ 700.963480] copy_page_range+0x151f/0x1f90 [ 700.963517] ? pmd_alloc+0x180/0x180 [ 701.084295] ? __vma_link_rb+0x279/0x370 [ 701.088355] copy_process.part.0+0x5434/0x7970 [ 701.092977] ? __cleanup_sighand+0x70/0x70 01:47:07 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='ip6_vti0\x00', 0x10) r1 = socket$l2tp(0x18, 0x1, 0x1) connect$inet6(r0, &(0x7f0000000280)={0xa, 0x0, 0x0, @ipv4={[], [], @remote}}, 0x1c) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") connect$l2tp(r1, &(0x7f0000000200)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x0, @multicast2}, 0x4}}, 0x2e) sendmmsg(r1, &(0x7f0000005d40)=[{{0x0, 0x0, &(0x7f0000002480)=[{&(0x7f00000002c0)="550ccb5d3957c46549febf392bd58a00df4fa6d4fbb2d0d3b773e5714b808aa21f57fb97637f49785e515bd5ddb45e5bb7f678acac92cc68dfa206f36a27c2011093512443f1862f8f1094f26f3ad78c527d283b6c5060d07314d1a7c65927611dedac8976b3e4e78dfdd1866c56815f0eaf941568e98dedb472c515c96f45b0da04b665fb1f36f697e783d3c53fd5b0d2745ec241f535d5abbf47c7221c98174302f1a52c00af99ce42338686605bec41c6e81d95ad5e06606eecf09f76b6b2a12583eecd603799d31798ce16bb6f57109943132daec7e37046e5202877c72b5f8e1ebeb18da505ca1032e8b2e4d260ee6f6cee96086f795a3eb18f84f4df74de349a8a171f607a27c3726e0ed68b7e5c34bbcb989fdfe9964602579e8c9582d01bc074a018f79070c67f1f473e5399ba17176e08d07fb7d053d3dc65dd1d67c4b746b09b0c66098eddc34b1f52cc86debb858334af8705d03b3bd2b6c75c997c1f06ad4c7bc37a3da135bd34fd76e2f6675458f2732d8953763e48be061c5234fbeb3eafe42ef1ae1b9793a41a8ccf1395cca8f407cd18c1ecba49562ee6fd76fc1cf0af51e5a012fd12ef9841a74923840d22c7f01d2e04109b2158c6c97c04693184da7fa68b0047c5e9f481e7b3ecfde5fb1ba92cf90757440a1d85f9602038acff2b5c9a16fb99ffd8818cec8f0368ed558383235c9b23d42d0211c737f331d4e0b5eb9b9060eaf4b8b716b9bd4586d3e4ef57d3dc360bbe00ae9d9e89bafdecbbe206ff8b6765c6d7bc4238b18ae219521a87455e280eb7a18e583fd0162baf2250a2c7dd287a99e6af1a2bbaffca7336ed9f433f899d2273e0d1ca2293aa18bfdbf914d104907467a840c73be822f302601c4e7aee2213813ebe9f9639f1feb8d73ceb8cdbae4b1cfc1d61d448ada798d07b4d0e94b50e02bb661c9c6264b9109a7a365d2855de2a842dba397b9f378941102159b5e4a5d849c0a2c536cf0d84d5acd8aa2cd5970777da26d72b997e996d676c5afec65d8f583931c1b7a363e11a529fc4e08a2b094af235ccd57ffbeef5613145d5436021f519a33092f50e1956321df29ecfa95b8d5dfd08fddb4f6a8d13f1fbfe4cdb932f6dc95be2c974a14527f1a7f3cfdad5bb1df4ae22fd111a69a9ea70d14d86ef4e836d9840a9a1cbdfc08c0f6e5af76a8660b92e3f821a452ac01b211cd90a1ddb8f8e0aef99558a564e1a6b02fb0b304a6b5027564e76b15ebae2ab1807e712f33dc39757a896931a57acbf416d425ac091585aad5160068857f4bce0af8bb1f91a84258b8e5d42a43784dcec57002d5588edfb58e8e8eec022800699642894f2e1c63658814c8404048a5ffaeaa2dad6bfa2992c8b2700f803362b206b1e550e942c5ad217d72d7e9c591b75965a01aae4094556844c58e8e86b61b09bd4823831f0abc8f170ab3fdb024443e832f9639c62c6b4a017d6097461220239f0022157da02722f602ae9349ff243c336d0141621b559c7c4904a7220f9ff37d9f75ab57e15e7cffd3d7604c0e509d025077b3b1371012dff244f021c27324387f97b4d98ac601462cf30c6507b0c1091c134944cd490c37e45e2292a5077c1fbbacee9f50b24420a58b75e454a11dedea4552cef4e7a71fab11a60b5d4cef80ed0b3ff616f865d73b1a950341c3679963bcb25d584f0ffc44be2e8760e790fcbe1ff1faa80a670a7c4e8d4f385960dccd0d5b91caf594b83ada1537f78820e6ce0987555dc8a2a43fe3ce39012da6c871a73706875087aafa8a9ccabedd084981568c6816baa1095e6d31e4694b68ec558aff36a", 0x50f}], 0x1}}], 0x1, 0x0) [ 701.097243] _do_fork+0x257/0xfe0 [ 701.100715] ? fork_idle+0x1d0/0x1d0 [ 701.104463] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 701.109223] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 701.113984] ? do_syscall_64+0x26/0x610 [ 701.117972] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 701.123343] ? do_syscall_64+0x26/0x610 [ 701.127335] __x64_sys_clone+0xbf/0x150 [ 701.131327] do_syscall_64+0x103/0x610 [ 701.135221] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 701.140417] RIP: 0033:0x458c29 01:47:07 executing program 0: mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x0, 0x32, 0xffffffffffffffff, 0x0) r0 = getpid() r1 = syz_open_procfs(r0, &(0x7f0000000100)='\x00\x16\x00\x00\x00\x00\x00\x00\r\x85\xca\xc0\x8d\xbc\xc6\xebk\x91b\x89\xb8\xea\x1b\xb8\xf4h\xb5\x84C|L\x97HB\x9e\xa0\x97mn\xab\x8d\xab\xf3\xbb\x86\x8f\x9bN~\xe8fm\xe3\x10\xc4hC${\xa1\xcd.') getdents64(r1, &(0x7f0000000b40)=""/528, 0x421429fa) [ 701.143614] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 701.162528] RSP: 002b:00007f90eb536c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 701.170259] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 701.177538] RDX: 9999999999999999 RSI: 0000000000000000 RDI: f5ffffff00000000 [ 701.184806] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 01:47:07 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000280)=0x400100000001, 0x4) connect$inet6(r0, &(0x7f0000000080), 0x1c) r1 = dup2(r0, r0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000440), 0x132224) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() setsockopt$IP6T_SO_SET_ADD_COUNTERS(r0, 0x29, 0x41, &(0x7f00000000c0)=ANY=[@ANYBLOB="66696c7465720000000000000000000000000000000000000000000000a56614255bb600520000000000000000000000000000000800"/72], 0x1) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x33) fcntl$setstatus(r1, 0x4, 0x42803) [ 701.192080] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f90eb5376d4 [ 701.199441] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 701.215630] Task in /syz4 killed as a result of limit of /syz4 [ 701.230670] memory: usage 307080kB, limit 307200kB, failcnt 1878 [ 701.240798] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 701.247588] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 701.300783] Memory cgroup stats for /syz4: cache:20KB rss:176204KB rss_huge:112640KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:176376KB inactive_file:0KB active_file:0KB unevictable:0KB [ 701.332973] Memory cgroup out of memory: Kill process 8978 (syz-executor.4) score 1113 or sacrifice child [ 701.355625] Killed process 8979 (syz-executor.4) total-vm:72452kB, anon-rss:2196kB, file-rss:34816kB, shmem-rss:0kB 01:47:08 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xf803000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 701.409934] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 701.433864] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 701.453401] CPU: 1 PID: 9059 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 701.460293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 701.469660] Call Trace: [ 701.472266] dump_stack+0x172/0x1f0 [ 701.475915] dump_header+0x15e/0x929 [ 701.479644] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 701.484761] ? ___ratelimit+0x60/0x595 [ 701.488660] ? do_raw_spin_unlock+0x57/0x270 [ 701.493089] oom_kill_process.cold+0x10/0x6f5 [ 701.497604] ? task_will_free_mem+0x139/0x6e0 [ 701.502124] out_of_memory+0x936/0x12d0 [ 701.506124] ? oom_killer_disable+0x280/0x280 [ 701.510631] ? find_held_lock+0x35/0x130 [ 701.514712] mem_cgroup_out_of_memory+0x1d2/0x240 [ 701.519559] ? memcg_event_wake+0x230/0x230 [ 701.523893] ? do_raw_spin_unlock+0x57/0x270 [ 701.528314] ? _raw_spin_unlock+0x2d/0x50 [ 701.532496] try_charge+0x1028/0x15b0 [ 701.536294] ? find_held_lock+0x35/0x130 [ 701.540359] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 701.545194] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 701.550029] ? find_held_lock+0x35/0x130 [ 701.554083] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 701.558924] memcg_kmem_charge_memcg+0x7c/0x130 [ 701.563586] ? memcg_kmem_put_cache+0xb0/0xb0 [ 701.568074] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 701.572910] memcg_kmem_charge+0x136/0x300 [ 701.577138] __alloc_pages_nodemask+0x3c6/0x760 [ 701.581801] ? __alloc_pages_slowpath+0x2870/0x2870 [ 701.586811] ? find_held_lock+0x35/0x130 [ 701.590875] ? copy_page_range+0x124f/0x1f90 [ 701.597806] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 701.603348] alloc_pages_current+0x107/0x210 [ 701.607755] pte_alloc_one+0x1b/0x1a0 [ 701.611548] __pte_alloc+0x2a/0x360 [ 701.615168] copy_page_range+0x151f/0x1f90 [ 701.619416] ? pmd_alloc+0x180/0x180 [ 701.623124] ? __vma_link_rb+0x279/0x370 [ 701.627186] copy_process.part.0+0x5434/0x7970 [ 701.631780] ? __cleanup_sighand+0x70/0x70 [ 701.636138] _do_fork+0x257/0xfe0 [ 701.639586] ? fork_idle+0x1d0/0x1d0 [ 701.643300] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 701.648054] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 701.652801] ? do_syscall_64+0x26/0x610 [ 701.656769] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 701.662123] ? do_syscall_64+0x26/0x610 [ 701.666094] __x64_sys_clone+0xbf/0x150 [ 701.670060] do_syscall_64+0x103/0x610 [ 701.673943] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 701.679124] RIP: 0033:0x458c29 [ 701.682309] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 701.701293] RSP: 002b:00007f546896ac78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 01:47:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000180)="0adc1f123c123f319bd070") r1 = getpgrp(0x0) prctl$PR_SET_PTRACER(0x59616d61, r1) clone(0x800000409ff, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() futex(&(0x7f0000000140)=0x2, 0x0, 0x2, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x38) write$P9_RREAD(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="79e43f47b8205c5bf72600b0f9163e7e992c8009f190323eeb9f17da79be98b13e951600000038040033a1eb53b64ad4837414b2a01d329402"], 0x39) ptrace$cont(0x18, r2, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f00000000c0)) ptrace$cont(0x7, r2, 0x0, 0x0) 01:47:08 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 701.708998] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 701.716343] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 701.723601] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 701.730867] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546896b6d4 [ 701.738125] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff 01:47:08 executing program 5: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="2e000000120081aee4050cecdb4cb90480001e510befccd77f3e9cf0758ef9000600b0eba06ac400040002000000", 0x2e}], 0x1}, 0x0) [ 701.766521] Task in /syz3 killed as a result of limit of /syz3 [ 701.788638] memory: usage 307200kB, limit 307200kB, failcnt 3309 [ 701.870313] netlink: 2 bytes leftover after parsing attributes in process `syz-executor.5'. [ 701.968218] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 701.976062] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 701.994918] Memory cgroup stats for /syz3: cache:0KB rss:190224KB rss_huge:139264KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:190364KB inactive_file:4KB active_file:0KB unevictable:12KB [ 702.031955] Memory cgroup out of memory: Kill process 25050 (syz-executor.3) score 124 or sacrifice child [ 702.042688] Killed process 25052 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB [ 702.125418] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 702.144879] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 702.152491] CPU: 1 PID: 9089 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 702.159348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 702.168715] Call Trace: [ 702.171332] dump_stack+0x172/0x1f0 [ 702.175099] dump_header+0x15e/0x929 [ 702.178918] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 702.184033] ? ___ratelimit+0x60/0x595 [ 702.187936] ? do_raw_spin_unlock+0x57/0x270 [ 702.192355] oom_kill_process.cold+0x10/0x6f5 [ 702.196858] ? task_will_free_mem+0x139/0x6e0 [ 702.201364] out_of_memory+0x936/0x12d0 [ 702.205387] ? oom_killer_disable+0x280/0x280 [ 702.209892] ? find_held_lock+0x35/0x130 [ 702.213975] mem_cgroup_out_of_memory+0x1d2/0x240 [ 702.218826] ? memcg_event_wake+0x230/0x230 [ 702.223171] ? do_raw_spin_unlock+0x57/0x270 [ 702.227692] ? _raw_spin_unlock+0x2d/0x50 [ 702.231858] try_charge+0x1028/0x15b0 [ 702.235689] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 702.240556] ? lock_release+0x47a/0xa30 [ 702.244553] memcg_kmem_charge_memcg+0x7c/0x130 [ 702.249230] ? memcg_kmem_put_cache+0xb0/0xb0 [ 702.253742] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 702.258600] memcg_kmem_charge+0x136/0x300 [ 702.262961] __alloc_pages_nodemask+0x3c6/0x760 [ 702.267650] ? __alloc_pages_slowpath+0x2870/0x2870 [ 702.272699] copy_process.part.0+0x3e0/0x7970 [ 702.277212] ? mark_held_locks+0x100/0x100 [ 702.281468] ? __might_fault+0x12b/0x1e0 [ 702.285555] ? __cleanup_sighand+0x70/0x70 [ 702.289805] ? lock_downgrade+0x810/0x810 [ 702.293986] _do_fork+0x257/0xfe0 [ 702.297460] ? fork_idle+0x1d0/0x1d0 [ 702.301187] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 702.301213] ? retint_kernel+0x2d/0x2d [ 702.301235] __x64_sys_clone+0xbf/0x150 [ 702.301253] ? do_syscall_64+0x5b/0x610 [ 702.309897] do_syscall_64+0x103/0x610 01:47:08 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x4, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:47:08 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:08 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r1, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) sendmmsg(r1, &(0x7f0000002d80)=[{{&(0x7f0000000340)=@nfc={0x27, 0x1}, 0x80, 0x0}}], 0x400001b, 0x0) 01:47:08 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000580)={'nr0\x01\x00', 0x1000000802}) ioctl$TUNSETVNETLE(r0, 0x400454dc, &(0x7f0000000000)) [ 702.309917] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 702.309933] RIP: 0033:0x458c29 [ 702.321750] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 702.330098] RSP: 002b:00007f90eb557c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 702.330116] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 702.330138] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000802102001ffc 01:47:09 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x4000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 702.330147] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 702.330156] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f90eb5586d4 [ 702.330169] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff 01:47:09 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x1, 0x0) ioctl$KDSKBMODE(0xffffffffffffffff, 0x4b45, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004640)=[{{0x0, 0x0, &(0x7f0000004200)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) writev(r0, &(0x7f00000023c0), 0x1000000000000252) 01:47:09 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x5000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 702.490821] Task in /syz4 killed as a result of limit of /syz4 [ 702.499218] memory: usage 307200kB, limit 307200kB, failcnt 1942 [ 702.515654] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 702.524794] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 702.538715] Memory cgroup stats for /syz4: cache:20KB rss:176336KB rss_huge:112640KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:176488KB inactive_file:0KB active_file:0KB unevictable:0KB [ 702.569191] Memory cgroup out of memory: Kill process 8978 (syz-executor.4) score 1113 or sacrifice child [ 702.586748] Killed process 8978 (syz-executor.4) total-vm:72584kB, anon-rss:2204kB, file-rss:35804kB, shmem-rss:0kB [ 702.676517] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 702.735938] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 702.747708] CPU: 1 PID: 9095 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 702.754596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 702.763963] Call Trace: [ 702.766570] dump_stack+0x172/0x1f0 [ 702.770220] dump_header+0x15e/0x929 [ 702.773964] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 702.779091] ? ___ratelimit+0x60/0x595 [ 702.782998] ? do_raw_spin_unlock+0x57/0x270 [ 702.787433] oom_kill_process.cold+0x10/0x6f5 [ 702.791948] ? task_will_free_mem+0x139/0x6e0 [ 702.796466] out_of_memory+0x936/0x12d0 [ 702.800456] ? oom_killer_disable+0x280/0x280 [ 702.804963] ? find_held_lock+0x35/0x130 [ 702.809044] mem_cgroup_out_of_memory+0x1d2/0x240 [ 702.813901] ? memcg_event_wake+0x230/0x230 [ 702.818243] ? do_raw_spin_unlock+0x57/0x270 [ 702.818263] ? _raw_spin_unlock+0x2d/0x50 [ 702.826813] try_charge+0xd25/0x15b0 [ 702.826832] ? find_held_lock+0x35/0x130 [ 702.834591] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 702.839441] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 702.844287] ? find_held_lock+0x35/0x130 [ 702.848337] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 702.853189] memcg_kmem_charge_memcg+0x7c/0x130 [ 702.857952] ? memcg_kmem_put_cache+0xb0/0xb0 [ 702.862454] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 702.867299] memcg_kmem_charge+0x136/0x300 [ 702.871529] __alloc_pages_nodemask+0x3c6/0x760 [ 702.876338] ? __alloc_pages_slowpath+0x2870/0x2870 [ 702.881363] ? lockdep_hardirqs_on+0x415/0x5d0 [ 702.885937] ? trace_hardirqs_on+0x67/0x230 [ 702.890254] copy_process.part.0+0x3e0/0x7970 [ 702.894744] ? mark_held_locks+0x100/0x100 [ 702.898999] ? __might_fault+0x12b/0x1e0 [ 702.903112] ? __cleanup_sighand+0x70/0x70 [ 702.907355] ? lock_downgrade+0x810/0x810 [ 702.911594] _do_fork+0x257/0xfe0 [ 702.915177] ? fork_idle+0x1d0/0x1d0 [ 702.918889] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 702.923649] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 702.928402] ? do_syscall_64+0x26/0x610 [ 702.932367] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 702.937721] ? do_syscall_64+0x26/0x610 [ 702.941704] __x64_sys_clone+0xbf/0x150 [ 702.945670] do_syscall_64+0x103/0x610 [ 702.949550] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 702.954815] RIP: 0033:0x458c29 [ 702.957995] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 702.976977] RSP: 002b:00007f90eb536c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 702.984708] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000458c29 [ 702.991968] RDX: 9999999999999999 RSI: 0000000000000000 RDI: f803000000000000 [ 702.999332] RBP: 000000000073bfa0 R08: ffffffffffffffff R09: 0000000000000000 [ 703.006656] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f90eb5376d4 [ 703.013916] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 703.023407] Task in /syz4 killed as a result of limit of /syz4 [ 703.029812] memory: usage 304832kB, limit 307200kB, failcnt 1942 [ 703.036365] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 703.043525] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 703.049704] Memory cgroup stats for /syz4: cache:20KB rss:174232KB rss_huge:110592KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:174320KB inactive_file:0KB active_file:0KB unevictable:0KB [ 703.071306] Memory cgroup out of memory: Kill process 25609 (syz-executor.4) score 1113 or sacrifice child [ 703.081494] Killed process 25609 (syz-executor.4) total-vm:72452kB, anon-rss:2188kB, file-rss:35804kB, shmem-rss:0kB [ 703.097556] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=1000 [ 703.111427] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 703.121570] CPU: 0 PID: 9087 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 703.128537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 703.137879] Call Trace: [ 703.140464] dump_stack+0x172/0x1f0 [ 703.144086] dump_header+0x15e/0x929 [ 703.147793] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 703.152906] ? ___ratelimit+0x60/0x595 [ 703.156783] ? do_raw_spin_unlock+0x57/0x270 [ 703.161187] oom_kill_process.cold+0x10/0x6f5 [ 703.165685] ? task_will_free_mem+0x139/0x6e0 [ 703.170173] out_of_memory+0x936/0x12d0 [ 703.174150] ? oom_killer_disable+0x280/0x280 [ 703.178635] ? find_held_lock+0x35/0x130 [ 703.182693] mem_cgroup_out_of_memory+0x1d2/0x240 [ 703.187523] ? memcg_event_wake+0x230/0x230 [ 703.191842] ? do_raw_spin_unlock+0x57/0x270 [ 703.196239] ? _raw_spin_unlock+0x2d/0x50 [ 703.200387] try_charge+0xd25/0x15b0 [ 703.204092] ? find_held_lock+0x35/0x130 [ 703.208149] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 703.212982] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 703.217817] ? find_held_lock+0x35/0x130 [ 703.221873] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 703.226714] memcg_kmem_charge_memcg+0x7c/0x130 [ 703.231373] ? memcg_kmem_put_cache+0xb0/0xb0 [ 703.235880] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 703.240719] memcg_kmem_charge+0x136/0x300 [ 703.244946] __alloc_pages_nodemask+0x3c6/0x760 [ 703.250196] ? __alloc_pages_slowpath+0x2870/0x2870 [ 703.255213] ? lockdep_hardirqs_on+0x415/0x5d0 [ 703.259789] ? trace_hardirqs_on+0x67/0x230 [ 703.264192] ? kasan_check_read+0x11/0x20 [ 703.268335] copy_process.part.0+0x3e0/0x7970 [ 703.272825] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 703.277917] ? delayacct_end+0x5c/0x100 [ 703.281901] ? __delayacct_freepages_end+0xe0/0x140 [ 703.286911] ? __lock_acquire+0x6eb/0x48f0 [ 703.291141] ? __cleanup_sighand+0x70/0x70 [ 703.295383] ? mark_held_locks+0x100/0x100 [ 703.299620] _do_fork+0x257/0xfe0 [ 703.303069] ? fork_idle+0x1d0/0x1d0 [ 703.306778] ? blkcg_print_stat+0xb90/0xb90 [ 703.311088] ? kasan_check_read+0x11/0x20 [ 703.315240] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 703.319984] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 703.324732] ? do_syscall_64+0x26/0x610 [ 703.328694] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 703.334045] ? do_syscall_64+0x26/0x610 [ 703.338011] __x64_sys_clone+0xbf/0x150 [ 703.341979] do_syscall_64+0x103/0x610 [ 703.345858] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 703.351038] RIP: 0033:0x45b5f9 [ 703.354222] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 703.373111] RSP: 002b:00007ffc0bec0098 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 703.380812] RAX: ffffffffffffffda RBX: 00007f90eb516700 RCX: 000000000045b5f9 [ 703.388068] RDX: 00007f90eb5169d0 RSI: 00007f90eb515db0 RDI: 00000000003d0f00 [ 703.395412] RBP: 00007ffc0bec02a0 R08: 00007f90eb516700 R09: 00007f90eb516700 [ 703.402685] R10: 00007f90eb5169d0 R11: 0000000000000202 R12: 0000000000000000 [ 703.409943] R13: 00007ffc0bec014f R14: 00007f90eb5169c0 R15: 000000000073c04c [ 703.420776] Task in /syz4 killed as a result of limit of /syz4 [ 703.428908] memory: usage 302812kB, limit 307200kB, failcnt 1942 [ 703.435429] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 703.442564] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 703.449089] Memory cgroup stats for /syz4: cache:20KB rss:172204KB rss_huge:108544KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:172172KB inactive_file:0KB active_file:0KB unevictable:0KB [ 703.470659] Memory cgroup out of memory: Kill process 30572 (syz-executor.4) score 1113 or sacrifice child [ 703.480626] Killed process 30572 (syz-executor.4) total-vm:72584kB, anon-rss:2196kB, file-rss:35796kB, shmem-rss:0kB [ 703.495320] oom_reaper: reaped process 30572 (syz-executor.4), now anon-rss:0kB, file-rss:34836kB, shmem-rss:0kB [ 703.511982] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 703.530737] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 703.533699] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 703.543097] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 703.556565] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 703.569736] CPU: 1 PID: 9121 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 703.576615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 703.585988] Call Trace: [ 703.588657] dump_stack+0x172/0x1f0 [ 703.592427] dump_header+0x15e/0x929 [ 703.598674] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 703.603797] ? ___ratelimit+0x60/0x595 [ 703.607699] ? do_raw_spin_unlock+0x57/0x270 [ 703.612134] oom_kill_process.cold+0x10/0x6f5 [ 703.616640] ? task_will_free_mem+0x139/0x6e0 [ 703.621144] out_of_memory+0x936/0x12d0 [ 703.625245] ? oom_killer_disable+0x280/0x280 [ 703.629753] ? trace_hardirqs_on_caller+0x6a/0x220 [ 703.634727] mem_cgroup_out_of_memory+0x1d2/0x240 [ 703.639587] ? memcg_event_wake+0x230/0x230 [ 703.643921] ? retint_kernel+0x2d/0x2d [ 703.647841] try_charge+0x1028/0x15b0 [ 703.651638] ? find_held_lock+0x35/0x130 [ 703.651663] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 703.651685] ? kasan_check_read+0x11/0x20 [ 703.651704] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 703.651725] mem_cgroup_try_charge+0x24d/0x5e0 [ 703.651748] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 703.651765] wp_page_copy+0x430/0x16a0 [ 703.651787] ? follow_pfn+0x2a0/0x2a0 [ 703.664803] ? kasan_check_read+0x11/0x20 [ 703.664824] ? do_raw_spin_unlock+0x57/0x270 [ 703.695378] do_wp_page+0x57d/0x10b0 [ 703.699118] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 703.703855] ? kasan_check_write+0x14/0x20 [ 703.708100] ? do_raw_spin_lock+0xc8/0x240 [ 703.712473] __handle_mm_fault+0x230a/0x3f80 [ 703.716884] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 703.721719] ? find_held_lock+0x35/0x130 [ 703.725770] ? handle_mm_fault+0x322/0xb30 [ 703.730020] ? kasan_check_read+0x11/0x20 [ 703.734185] handle_mm_fault+0x43f/0xb30 [ 703.738249] __do_page_fault+0x62a/0xe90 [ 703.742320] ? vmalloc_fault+0x770/0x770 [ 703.746371] ? trace_hardirqs_off_caller+0x65/0x220 [ 703.751386] ? trace_hardirqs_on_caller+0x6a/0x220 [ 703.756318] ? page_fault+0x8/0x30 [ 703.759847] do_page_fault+0x71/0x581 [ 703.763636] ? page_fault+0x8/0x30 [ 703.767168] page_fault+0x1e/0x30 [ 703.770612] RIP: 0033:0x404f57 [ 703.773800] Code: eb 18 90 45 31 c0 31 c9 ba 80 00 00 00 48 89 de bf ca 00 00 00 e8 c9 3c 05 00 8b 03 85 c0 74 e3 48 89 ef c7 45 08 00 00 00 00 64 fb ff ff 4c 89 e7 e8 7c e2 ff ff eb e1 66 2e 0f 1f 84 00 00 [ 703.792710] RSP: 002b:00007f546896ad00 EFLAGS: 00010202 [ 703.798079] RAX: 0000000000000001 RBX: 000000000073bfa8 RCX: 0000000000458c29 [ 703.805339] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 000000000073bfa0 [ 703.812604] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 703.819876] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000073bfac [ 703.827141] R13: 00007fffea33a21f R14: 00007f546896b9c0 R15: 000000000073bfac [ 703.835807] Task in /syz3 killed as a result of limit of /syz3 [ 703.842430] memory: usage 307200kB, limit 307200kB, failcnt 3346 [ 703.848698] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 703.855742] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 703.862768] Memory cgroup stats for /syz3: cache:0KB rss:190356KB rss_huge:139264KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:190448KB inactive_file:0KB active_file:4KB unevictable:12KB [ 703.884482] Memory cgroup out of memory: Kill process 25050 (syz-executor.3) score 124 or sacrifice child [ 703.894677] Killed process 25050 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:35800kB, shmem-rss:0kB [ 703.923139] syz-executor.3 invoked oom-killer: gfp_mask=0x6040d0(GFP_KERNEL|__GFP_COMP|__GFP_RECLAIMABLE), nodemask=(null), order=0, oom_score_adj=0 [ 703.936785] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 703.943256] CPU: 1 PID: 9117 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 703.950127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 703.959475] Call Trace: [ 703.962070] dump_stack+0x172/0x1f0 [ 703.965695] dump_header+0x15e/0x929 [ 703.969403] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 703.974594] ? ___ratelimit+0x60/0x595 [ 703.978567] ? do_raw_spin_unlock+0x57/0x270 [ 703.982973] oom_kill_process.cold+0x10/0x6f5 [ 703.987465] ? task_will_free_mem+0x139/0x6e0 [ 703.991956] out_of_memory+0x936/0x12d0 [ 703.995930] ? oom_killer_disable+0x280/0x280 [ 704.000415] ? find_held_lock+0x35/0x130 [ 704.004475] mem_cgroup_out_of_memory+0x1d2/0x240 [ 704.009308] ? memcg_event_wake+0x230/0x230 [ 704.013629] ? do_raw_spin_unlock+0x57/0x270 [ 704.018041] ? _raw_spin_unlock+0x2d/0x50 [ 704.022299] try_charge+0xd25/0x15b0 [ 704.026097] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 704.031637] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 704.036476] ? rcu_read_lock_sched_held+0x110/0x130 [ 704.041486] ? __alloc_pages_nodemask+0x63e/0x760 [ 704.046327] memcg_kmem_charge_memcg+0x7c/0x130 [ 704.051005] ? memcg_kmem_put_cache+0xb0/0xb0 [ 704.055496] ? cache_grow_begin+0x59a/0x8c0 [ 704.059808] ? lockdep_hardirqs_on+0x415/0x5d0 [ 704.064384] ? trace_hardirqs_on+0x67/0x230 [ 704.068699] cache_grow_begin+0x25f/0x8c0 [ 704.072926] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 704.078455] ? __cpuset_node_allowed+0x136/0x540 [ 704.083291] fallback_alloc+0x1fd/0x2d0 [ 704.087262] ____cache_alloc_node+0x1be/0x1e0 [ 704.091749] kmem_cache_alloc+0x1f3/0x700 [ 704.095894] ? sock_destroy_inode+0x60/0x60 [ 704.100238] sock_alloc_inode+0x1d/0x260 [ 704.104289] alloc_inode+0x66/0x190 [ 704.107914] new_inode_pseudo+0x19/0xf0 [ 704.111972] sock_alloc+0x41/0x270 [ 704.115503] __sock_create+0xc0/0x750 [ 704.119298] __sys_socket+0x103/0x220 [ 704.123089] ? move_addr_to_kernel+0x80/0x80 [ 704.127497] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 704.132246] ? do_syscall_64+0x26/0x610 [ 704.136213] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 704.141566] ? do_syscall_64+0x26/0x610 [ 704.145534] __x64_sys_socket+0x73/0xb0 [ 704.149499] do_syscall_64+0x103/0x610 [ 704.153381] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 704.158567] RIP: 0033:0x458c29 [ 704.161752] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 704.180644] RSP: 002b:00007f546898bc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 704.188463] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 704.195736] RDX: 000000000000001e RSI: 0000000000000003 RDI: 0000000000000002 [ 704.202993] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 704.210251] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546898c6d4 [ 704.217597] R13: 00000000004c7233 R14: 00000000004dcf38 R15: 00000000ffffffff [ 704.227755] Task in /syz3 killed as a result of limit of /syz3 [ 704.234863] memory: usage 305144kB, limit 307200kB, failcnt 3346 [ 704.241677] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 704.249303] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 704.255956] Memory cgroup stats for /syz3: cache:0KB rss:188304KB rss_huge:137216KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:188320KB inactive_file:0KB active_file:4KB unevictable:12KB 01:47:10 executing program 0: r0 = gettid() r1 = creat(0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) sysinfo(0x0) connect(0xffffffffffffffff, 0x0, 0x0) write$P9_RXATTRWALK(0xffffffffffffffff, 0x0, 0x719) semctl$GETPID(0x0, 0x0, 0xb, 0x0) renameat(0xffffffffffffffff, 0x0, r1, &(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00') timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x1000000000016) 01:47:10 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) flock(0xffffffffffffffff, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x1, 0x0) ioctl$KDSKBMODE(0xffffffffffffffff, 0x4b45, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004640)=[{{0x0, 0x0, &(0x7f0000004200)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) writev(r0, &(0x7f00000023c0), 0x1000000000000252) 01:47:10 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x6000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:10 executing program 5: sched_setattr(0x0, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x0, 0x3}, 0x0) futex(&(0x7f000000cffc)=0x4, 0x80000000000b, 0x4, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) 01:47:10 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xfe00000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 704.288845] Memory cgroup out of memory: Kill process 25070 (syz-executor.3) score 124 or sacrifice child [ 704.299924] Killed process 25072 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB [ 704.384446] syz-executor.3 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=0 [ 704.426629] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 704.439573] CPU: 0 PID: 9125 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 704.446471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 704.455846] Call Trace: [ 704.458463] dump_stack+0x172/0x1f0 [ 704.462123] dump_header+0x15e/0x929 [ 704.465850] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 704.470967] ? ___ratelimit+0x60/0x595 01:47:11 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000140)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) setsockopt$netrom_NETROM_T2(r1, 0x103, 0x2, &(0x7f0000000100)=0x6, 0x4) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000080)={0x0, 0x6, 0x3f, 0xfffffffffffffffc, 0xc, 0x0, 0x2, 0x6, 0xffffffff7fffffff, 0x6, 0x2, 0x4}) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:47:11 executing program 5: r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$VT_DISALLOCATE(r0, 0x5608) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) ioctl$TIOCNXCL(0xffffffffffffffff, 0x540d) lsetxattr$security_smack_entry(0x0, 0x0, 0x0, 0x344, 0x0) connect(0xffffffffffffffff, &(0x7f0000931ff4)=@ax25={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x4}, [@null, @default, @default, @bcast, @null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x80) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) tkill(r1, 0x1000000000016) 01:47:11 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x7000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:11 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xffffffff00000000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 704.474863] ? do_raw_spin_unlock+0x57/0x270 [ 704.485462] oom_kill_process.cold+0x10/0x6f5 [ 704.492792] ? task_will_free_mem+0x139/0x6e0 [ 704.497315] out_of_memory+0x936/0x12d0 [ 704.501313] ? oom_killer_disable+0x280/0x280 [ 704.505821] ? find_held_lock+0x35/0x130 [ 704.509900] mem_cgroup_out_of_memory+0x1d2/0x240 [ 704.514754] ? memcg_event_wake+0x230/0x230 [ 704.520483] ? do_raw_spin_unlock+0x57/0x270 [ 704.524908] ? _raw_spin_unlock+0x2d/0x50 [ 704.529089] try_charge+0xd25/0x15b0 [ 704.532818] ? find_held_lock+0x35/0x130 [ 704.536903] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 704.541759] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 704.546616] ? find_held_lock+0x35/0x130 [ 704.550689] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 704.555559] memcg_kmem_charge_memcg+0x7c/0x130 [ 704.560247] ? memcg_kmem_put_cache+0xb0/0xb0 [ 704.564759] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 704.569618] memcg_kmem_charge+0x136/0x300 [ 704.573966] __alloc_pages_nodemask+0x3c6/0x760 [ 704.578775] ? __alloc_pages_slowpath+0x2870/0x2870 [ 704.583815] ? __lock_acquire+0x6eb/0x48f0 [ 704.588245] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 704.593895] alloc_pages_current+0x107/0x210 [ 704.598323] pte_alloc_one+0x1b/0x1a0 [ 704.602147] __handle_mm_fault+0x3533/0x3f80 [ 704.606588] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 704.611446] ? find_held_lock+0x35/0x130 [ 704.615515] ? handle_mm_fault+0x322/0xb30 [ 704.619777] ? kasan_check_read+0x11/0x20 [ 704.623945] handle_mm_fault+0x43f/0xb30 01:47:11 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0xffffffff87400000, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) [ 704.628031] __do_page_fault+0x62a/0xe90 [ 704.632118] ? vmalloc_fault+0x770/0x770 [ 704.636191] ? trace_hardirqs_off_caller+0x65/0x220 [ 704.641215] ? trace_hardirqs_on_caller+0x6a/0x220 [ 704.646154] ? page_fault+0x8/0x30 [ 704.649706] do_page_fault+0x71/0x581 [ 704.653518] ? page_fault+0x8/0x30 [ 704.657077] page_fault+0x1e/0x30 [ 704.660535] RIP: 0033:0x458c29 [ 704.663745] Code: Bad RIP value. [ 704.667114] RSP: 002b:00007f546898bc78 EFLAGS: 00010246 01:47:11 executing program 0: r0 = gettid() creat(0x0, 0x0) timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0) connect(0xffffffffffffffff, 0x0, 0x0) times(0x0) write$P9_RXATTRWALK(0xffffffffffffffff, 0x0, 0x0) semctl$GETPID(0x0, 0x0, 0xb, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x1c9c380}, {0x0, 0x9}}, 0x0) fcntl$lock(0xffffffffffffffff, 0x0, 0x0) tkill(r0, 0x1000000000016) 01:47:11 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2001001, 0x0) r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f0000000040)) r1 = socket$inet6(0xa, 0x0, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240)) pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x2) umount2(&(0x7f0000000080)='./file0\x00', 0x0) syz_mount_image$msdos(&(0x7f0000001a40)='msdos\x00', &(0x7f0000001a80)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB]) [ 704.672487] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000458c29 [ 704.679760] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000004 [ 704.687035] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 704.694318] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f546898c6d4 [ 704.701595] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff 01:47:11 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x8000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:11 executing program 5: mbind(&(0x7f0000008000/0x1000)=nil, 0x1000, 0x1, 0x0, 0x0, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0adc1f123c123f319bd070") mlock(&(0x7f0000002000/0x3000)=nil, 0x3000) mlock(&(0x7f0000000000/0x9000)=nil, 0x9000) 01:47:11 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x1, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004640)=[{{0x0, 0x0, &(0x7f0000004200)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) writev(r0, &(0x7f00000023c0), 0x1000000000000252) [ 704.927268] validate_nla: 4 callbacks suppressed [ 704.927319] netlink: 'syz-executor.4': attribute type 29 has an invalid length. 01:47:11 executing program 5: socket$inet6(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x40, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0xfffffffffffffdc3, &(0x7f0000000180)=0x9) open(0x0, 0x3ffff, 0x0) pipe(&(0x7f0000000040)) r0 = syz_open_dev$usbmon(&(0x7f0000000540)='/dev/usbmon#\x00', 0x7f, 0x2000) ioctl$PPPIOCSDEBUG(r0, 0x40047440, &(0x7f0000000600)=0x80000001) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000580)) r1 = fcntl$dupfd(0xffffffffffffff9c, 0x0, 0xffffffffffffffff) getsockopt$IP6T_SO_GET_REVISION_TARGET(r1, 0x29, 0x45, &(0x7f0000000100)={'ipvs\x00'}, &(0x7f0000000380)=0xfffffffffffffdaa) r2 = creat(&(0x7f00000000c0)='./bus\x00', 0x0) r3 = socket$inet6(0xa, 0x400000000001, 0x0) ioctl$sock_TIOCINQ(r3, 0x541b, &(0x7f00000002c0)) ioctl$TIOCSIG(r2, 0x40045436, 0x27) dup(r3) ioctl$PPPIOCSMRRU(r0, 0x4004743b, &(0x7f0000000000)=0xfff) ioctl$FICLONE(0xffffffffffffffff, 0x40049409, r3) setsockopt$inet6_tcp_int(r3, 0x6, 0x12, &(0x7f00000003c0)=0x7f, 0x4) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x2000000c, &(0x7f00008d4fe4)={0xa, 0x4e20, 0x0, @loopback, 0x8}, 0x1c) [ 705.011808] nla_parse: 5 callbacks suppressed [ 705.011839] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 705.048207] netlink: 'syz-executor.4': attribute type 29 has an invalid length. 01:47:11 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x8060000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 705.071408] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 705.171132] Task in /syz3 killed as a result of limit of /syz3 [ 705.182763] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 705.195156] memory: usage 305372kB, limit 307200kB, failcnt 3347 [ 705.265974] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 705.291047] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 705.306404] Memory cgroup stats for /syz3: cache:0KB rss:188436KB rss_huge:137216KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:188464KB inactive_file:0KB active_file:8KB unevictable:12KB [ 705.353375] Memory cgroup out of memory: Kill process 25070 (syz-executor.3) score 124 or sacrifice child [ 705.376874] Killed process 25070 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:35800kB, shmem-rss:0kB 01:47:12 executing program 3: socket$inet(0x10, 0x3, 0xc0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r2 = syz_open_dev$video(0x0, 0x3, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) getdents(r3, &(0x7f00000002c0)=""/170, 0xaa) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) fcntl$setpipe(r2, 0x407, 0xb2) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$bt_rfcomm(r1, &(0x7f0000000080)={0x1f, {0x7f, 0x2, 0x82a7, 0x40, 0x4, 0xfffffffffffffffc}, 0x1}, 0xfffffffffffffca1) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sysinfo(&(0x7f00000001c0)=""/24) sendmsg(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000140)={0xffffffffffffffff}, 0x2, 0x9}}, 0x20) ioctl$VT_GETMODE(r3, 0x5601, &(0x7f0000000240)) write$RDMA_USER_CM_CMD_MIGRATE_ID(r3, &(0x7f0000000200)={0x12, 0x10, 0xfa00, {&(0x7f0000000100), r4, r1}}, 0x18) ioctl$TIOCVHANGUP(r3, 0x5437, 0x0) 01:47:12 executing program 1: msgsnd(0x0, 0x0, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000140)={'lo\x00', 0x101}) 01:47:12 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0xfffffffffffffffe) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000140)) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = gettid() getpgid(r3) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) accept4$x25(r0, &(0x7f0000000080)={0x9, @remote}, &(0x7f0000000100)=0x12, 0x80800) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:47:12 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptmx\x00', 0x1, 0x0) ioctl$KDSKBMODE(0xffffffffffffffff, 0x4b45, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000004640)=[{{0x0, 0x0, &(0x7f0000004200)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0) lsetxattr$trusted_overlay_origin(0x0, 0x0, &(0x7f00000001c0)='y\x00', 0x2, 0x1) writev(r0, &(0x7f00000023c0), 0x1000000000000252) 01:47:12 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xc000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:12 executing program 5: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000580)={'nr0\x01\x00', 0x1000000802}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x301) r1 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x3e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) close(r1) r2 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r2, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f00000001c0)='nr0\x01\x00`\x00\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb96\x9b\xcda\xef~Iy:\xe1\x87\x12\xec\x97\x80\xe9\xa1S\f\xc7?\xa6\x95I\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\r\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~\xff\xff\x00\x00#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xd5\x1b\xca\xa9\xc7[\xa2\xef\xacM\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83\xf2\xf3\xcf7\x8aCZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x982\xeck+8Dk;\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xb4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x14\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\x04R\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xafh_\x9c\x91\xc1q_|L\x11\x03\x94\xc0\t=\x17\x95P\xd7\xcdH\x1c8^ARL\x9b\x1f\xf6P\rSj\x95\xd9o\x03\xd4\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x13\x82Rk\x9cAz\xab\rT\xadLO\f\x17Y\x1dg\x10\xe3LL\x1fC\xfa\xd9\xb0\xfb\xb4\xf3[\xdf\xd0\xd6\x82\xf6~0\xb8\xf4\xb0X\xfew\xbdY\n\xd6\x105\x9c\xb7\xe5F\xc1:9\xb8\xc2\x85\b\xfd\x92\xb0k\x93\xd7\xc40J\xc2\xf0=p\xd6\xe3\xe4W:\xd2\xf6\xfc\x83\xb1\xcb\xd1K\xb9(\"9(~\xf4\xf4\x94`\xe8\xa61\x12\x91 \xd7\x92\xc0\xd0s\xa9\xe4\x18:\x97e\xa7\x1f\xbfD\x1e\x903V#\x10\x90_\xf7\xd3=M\x80cCn=\xf2\xe1u\x83=\'\xa4\xa1V\xe47y}\xd9\xf1\xa7p\xea\x86W\xd1\x00'/591) 01:47:12 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xd000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 705.503393] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 705.584685] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 705.611101] CPU: 1 PID: 9229 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 705.618026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 705.627399] Call Trace: [ 705.630015] dump_stack+0x172/0x1f0 [ 705.633669] dump_header+0x15e/0x929 [ 705.637399] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 705.642518] ? ___ratelimit+0x60/0x595 [ 705.646416] ? do_raw_spin_unlock+0x57/0x270 [ 705.650844] oom_kill_process.cold+0x10/0x6f5 [ 705.655352] ? task_will_free_mem+0x139/0x6e0 [ 705.659866] out_of_memory+0x936/0x12d0 [ 705.663858] ? lock_downgrade+0x810/0x810 [ 705.668020] ? oom_killer_disable+0x280/0x280 [ 705.672523] ? find_held_lock+0x35/0x130 [ 705.676607] mem_cgroup_out_of_memory+0x1d2/0x240 [ 705.681458] ? memcg_event_wake+0x230/0x230 [ 705.685796] ? do_raw_spin_unlock+0x57/0x270 [ 705.690224] ? _raw_spin_unlock+0x2d/0x50 [ 705.694386] try_charge+0x1028/0x15b0 [ 705.698192] ? find_held_lock+0x35/0x130 [ 705.702270] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 705.707514] ? kasan_check_read+0x11/0x20 [ 705.711676] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 705.716531] mem_cgroup_try_charge+0x24d/0x5e0 [ 705.721134] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 705.726076] __handle_mm_fault+0x1e55/0x3f80 [ 705.730614] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 705.735465] ? find_held_lock+0x35/0x130 [ 705.739532] ? handle_mm_fault+0x322/0xb30 [ 705.743788] ? kasan_check_read+0x11/0x20 [ 705.747952] handle_mm_fault+0x43f/0xb30 [ 705.752038] __do_page_fault+0x62a/0xe90 [ 705.756115] ? vmalloc_fault+0x770/0x770 [ 705.760184] ? trace_hardirqs_off_caller+0x65/0x220 [ 705.765208] ? trace_hardirqs_on_caller+0x6a/0x220 [ 705.770145] ? page_fault+0x8/0x30 [ 705.773701] do_page_fault+0x71/0x581 [ 705.777511] ? page_fault+0x8/0x30 [ 705.781059] page_fault+0x1e/0x30 [ 705.784517] RIP: 0033:0x41063f [ 705.787716] Code: 0f 84 c8 02 00 00 48 83 bd 78 ff ff ff 00 0f 84 f9 04 00 00 48 8b 95 68 ff ff ff 44 89 95 38 ff ff ff 4c 8d ac 10 00 f7 ff ff <49> 89 85 90 06 00 00 49 8d 85 10 03 00 00 49 89 95 98 06 00 00 41 [ 705.806625] RSP: 002b:00007ffc0bec00e0 EFLAGS: 00010206 [ 705.812000] RAX: 00007f90eb538000 RBX: 0000000000020000 RCX: 0000000000458c7a [ 705.819273] RDX: 0000000000021000 RSI: 0000000000021000 RDI: 0000000000000000 [ 705.826550] RBP: 00007ffc0bec01c0 R08: ffffffffffffffff R09: 0000000000000000 01:47:12 executing program 3: r0 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0xb0, 0x8001) ioctl$BLKGETSIZE(r0, 0x1260, &(0x7f0000000100)) socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r2 = syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$FICLONE(r3, 0x40049409, r2) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:47:12 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000000140)='./file0\x00', 0x0) write$P9_RREAD(r1, &(0x7f0000000200)=ANY=[], 0x5aa78d33) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fallocate(r0, 0x0, 0x0, 0x10fffe) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000100)={0x0, r1}) openat$selinux_status(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c) poll(&(0x7f0000000000)=[{r0, 0x91}, {r1, 0x1}, {r1, 0x100}, {r1, 0x10a}, {r0, 0x20}], 0x5, 0x72) [ 705.833832] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc0bec02a0 [ 705.841108] R13: 00007f90eb558700 R14: 0000000000000003 R15: 000000000073bf0c 01:47:12 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x28000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:12 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x29000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:12 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2b000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:12 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2c000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 706.306078] Task in /syz4 killed as a result of limit of /syz4 [ 706.335173] memory: usage 307200kB, limit 307200kB, failcnt 1981 [ 706.351908] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 706.370126] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 706.398069] Memory cgroup stats for /syz4: cache:20KB rss:174728KB rss_huge:110592KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:174904KB inactive_file:0KB active_file:0KB unevictable:0KB [ 706.445785] Memory cgroup out of memory: Kill process 9159 (syz-executor.4) score 1113 or sacrifice child [ 706.463389] Killed process 9161 (syz-executor.4) total-vm:72452kB, anon-rss:2196kB, file-rss:34816kB, shmem-rss:0kB [ 706.528940] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 [ 706.568870] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 706.591481] CPU: 0 PID: 9249 Comm: syz-executor.0 Not tainted 4.19.35 #3 [ 706.598389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 706.607765] Call Trace: [ 706.610380] dump_stack+0x172/0x1f0 [ 706.614039] dump_header+0x15e/0x929 [ 706.617778] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 706.622906] ? ___ratelimit+0x60/0x595 [ 706.626806] ? do_raw_spin_unlock+0x57/0x270 [ 706.631234] oom_kill_process.cold+0x10/0x6f5 [ 706.635755] ? task_will_free_mem+0x139/0x6e0 [ 706.640273] out_of_memory+0x936/0x12d0 [ 706.644270] ? oom_killer_disable+0x280/0x280 [ 706.648776] ? find_held_lock+0x35/0x130 [ 706.652857] mem_cgroup_out_of_memory+0x1d2/0x240 [ 706.657715] ? memcg_event_wake+0x230/0x230 [ 706.662052] ? do_raw_spin_unlock+0x57/0x270 [ 706.666477] ? _raw_spin_unlock+0x2d/0x50 [ 706.670738] try_charge+0x1028/0x15b0 [ 706.674549] ? find_held_lock+0x35/0x130 [ 706.678631] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 706.679506] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 706.683569] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 706.683589] ? find_held_lock+0x35/0x130 [ 706.683604] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 706.683634] memcg_kmem_charge_memcg+0x7c/0x130 [ 706.699970] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 706.700068] ? memcg_kmem_put_cache+0xb0/0xb0 [ 706.722546] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 706.727410] memcg_kmem_charge+0x136/0x300 [ 706.731662] __alloc_pages_nodemask+0x3c6/0x760 [ 706.736343] ? __alloc_pages_slowpath+0x2870/0x2870 [ 706.741375] ? lockdep_hardirqs_on+0x415/0x5d0 [ 706.745967] ? trace_hardirqs_on+0x67/0x230 [ 706.750307] copy_process.part.0+0x3e0/0x7970 [ 706.754813] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 706.759926] ? delayacct_end+0x5c/0x100 [ 706.763919] ? __delayacct_freepages_end+0xe0/0x140 [ 706.768949] ? __lock_acquire+0x6eb/0x48f0 [ 706.773213] ? __cleanup_sighand+0x70/0x70 [ 706.777475] ? mark_held_locks+0x100/0x100 [ 706.781741] _do_fork+0x257/0xfe0 [ 706.785213] ? fork_idle+0x1d0/0x1d0 [ 706.788947] ? blkcg_print_stat+0xb90/0xb90 [ 706.793277] ? kasan_check_read+0x11/0x20 [ 706.797437] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 706.802204] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 706.806976] ? do_syscall_64+0x26/0x610 [ 706.810963] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 706.816421] ? do_syscall_64+0x26/0x610 [ 706.820411] __x64_sys_clone+0xbf/0x150 [ 706.824403] do_syscall_64+0x103/0x610 [ 706.828309] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 706.833504] RIP: 0033:0x45b5f9 [ 706.836701] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 706.855611] RSP: 002b:00007ffea86699e8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 706.863345] RAX: ffffffffffffffda RBX: 00007fcba7dd9700 RCX: 000000000045b5f9 [ 706.870630] RDX: 00007fcba7dd99d0 RSI: 00007fcba7dd8db0 RDI: 00000000003d0f00 [ 706.877914] RBP: 00007ffea8669bf0 R08: 00007fcba7dd9700 R09: 00007fcba7dd9700 [ 706.885190] R10: 00007fcba7dd99d0 R11: 0000000000000202 R12: 0000000000000000 [ 706.892479] R13: 00007ffea8669a9f R14: 00007fcba7dd99c0 R15: 000000000073bfac [ 707.256638] Task in /syz0 killed as a result of limit of /syz0 [ 707.266943] memory: usage 307188kB, limit 307200kB, failcnt 3876 [ 707.284147] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 707.301095] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 707.319084] Memory cgroup stats for /syz0: cache:92KB rss:196232KB rss_huge:147456KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:196220KB inactive_file:20KB active_file:0KB unevictable:8KB [ 707.370330] Memory cgroup out of memory: Kill process 6527 (syz-executor.0) score 120 or sacrifice child [ 707.395190] Killed process 6527 (syz-executor.0) total-vm:72848kB, anon-rss:2220kB, file-rss:34816kB, shmem-rss:0kB [ 707.420643] oom_reaper: reaped process 6527 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 711.046910] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 711.055886] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 01:47:18 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) syz_open_pts(0xffffffffffffffff, 0x80000000006) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$RTC_VL_READ(r1, 0x80047013, 0x0) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000400)={0x0, 0x0, 0x8}, 0x10) perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffff9c, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_MON_SET(r1, 0x0, 0x4000) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x3c, &(0x7f0000000140)=""/72, 0x0) ioctl$TIOCLINUX7(0xffffffffffffffff, 0x541c, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='\x00'/112], 0x1}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x8) 01:47:18 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2f000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:18 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000840)={0x2, 0x0, @local}, 0x10) r2 = openat$full(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/full\x00', 0x40200, 0x0) ioctl$PPPIOCSNPMODE(r2, 0x4008744b, &(0x7f0000000600)={0x2b, 0x2}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'sy\x17\xe9\x96\x1b\x00\x00r1\x00\x00\x00\x00\r\x00', 0x1}) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000c25000/0x4000)=nil, 0x4000, 0x4, 0x40010, r0, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f0000000880)={'broute\x00', 0x0, 0x0, 0x0, [], 0x3, &(0x7f0000000640)=[{}, {}], 0x0, [{}, {}, {}]}, 0xa8) ppoll(&(0x7f0000000000)=[{r3}], 0x1, 0x0, 0x0, 0x7c) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000002c0)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000a00000/0x600000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000a5f000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ec0000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ce7000/0x2000)=nil, &(0x7f0000000140)="29d27ac698da01f2418607daa48790b406f33af041e5f85882fc4bcd52538edefc6c0f799b9b4323a488a54aab8dd86d08cb19ba75ffe0cb3bf98f4e165d78a3d97c57f79f685d312dbf39953a373d17d9030f38cf", 0x55, r3}, 0x68) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[]}}, 0xfffffffffffffffc) ioctl$EVIOCSABS20(r2, 0x401845e0, &(0x7f0000000040)={0x3, 0x3, 0x4, 0x0, 0x100000000}) rename(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='./file0\x00') syz_mount_image$f2fs(&(0x7f0000000240)='f2fs\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000000c0)="1020f5f20100070009000000030000000c0000000900000001000000020000000000000000300000000000000e00000016000000020000000200000002000000020000000e000000000400000004000000080000000c00000010000000140000030000000100000002", 0x69, 0x1400}], 0x0, 0x0) 01:47:18 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) pipe2(&(0x7f0000000300), 0x7fffd) openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000100)='/proc/capi/capi20\x00', 0x40, 0x0) r2 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/commit_pending_bools\x00', 0x1, 0x0) openat$cgroup_ro(r2, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r3 = creat(&(0x7f0000000200)='./file0/file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) setsockopt$IP_VS_SO_SET_ZERO(r1, 0x0, 0x48f, &(0x7f0000000080)={0x5c, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x4e20, 0x2, 'ovf\x00', 0x2c, 0xf8c6, 0x69}, 0x2c) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r3, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:47:18 executing program 3: socket$inet(0x10, 0x2, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") syz_open_dev$amidi(&(0x7f0000000080)='/dev/amidi#\x00', 0x2, 0x101000) r1 = syz_open_dev$usbmon(&(0x7f0000000100)='/dev/usbmon#\x00', 0xfffffffffffffffa, 0x200) openat$cgroup_ro(r1, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:47:18 executing program 5: mkdir(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) write$9p(0xffffffffffffffff, &(0x7f00000014c0)="851fdb73158a0fae04a996bd27cac73bfb9e9997f0f809f81bc377afcc022b6c6ab2aab1edf11016f8cf33512da33ffe33724481eefc3550353e3374cc2e1a0689606c8f1a5618dad8e97869fd20cf6468cbfcde5b28872ec150fef2a4858b93babe33b719b27462203097ae959a6f984d6bedc5f2a9998978d86de8fb0c7a94f8a4df0a716ff4b5cd1bdcb52c3cf9256f00776e207838905b85ac3841ffde658194cac15df9a41ab407cb182514cb75b5b8294752e8f88612fdc3d09a8ea9414eb30135247593747101b41a76ab7960b09df2", 0xd3) r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) r1 = socket$inet6(0xa, 0x0, 0x7e) syz_execute_func(&(0x7f0000000200)="f3e100def9575c8ac2c2c9734e424a2664f0ff0666450f380a15410000003808d22e47666450e94d00c9c9c4625dbae5feabc4aba39ddf4507e50c420fae9972b57111f30f2a56a9") creat(0x0, 0x0) setsockopt$inet6_MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x21, &(0x7f0000000000), 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000008, 0x0, 0x0) r2 = open(&(0x7f0000000100)='./file0\x00', 0x20141042, 0x1000000000000) r3 = getpgid(0x0) ioctl$sock_SIOCSPGRP(r2, 0x8902, &(0x7f0000000500)=r3) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(r2, &(0x7f0000000300)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)={0x30, r4, 0x4, 0x0, 0x25dfdbfe, {}, [@TIPC_NLA_NODE={0x8, 0x6, [@TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1f}]}]}, 0x30}}, 0x801) ioctl$UI_SET_SWBIT(r2, 0x4004556d, 0x6) prctl$PR_GET_KEEPCAPS(0x7) sendfile(0xffffffffffffffff, r2, 0x0, 0x2008000fffffffe) setsockopt$inet6_MCAST_JOIN_GROUP(r1, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) ioctl(r0, 0x8916, 0x0) [ 712.224850] IPVS: set_ctl: invalid protocol: 92 172.30.0.5:20000 01:47:18 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x33000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 712.285689] netlink: 'syz-executor.4': attribute type 29 has an invalid length. 01:47:19 executing program 0: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") fcntl$setstatus(r0, 0x4, 0x21337628b0c9beda) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000240)=0xfff, 0x4) sendto$inet(r0, 0x0, 0x0, 0x20000806, &(0x7f0000001180)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='sit0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04', 0x10) setsockopt$inet_mtu(r0, 0x0, 0xa, 0x0, 0x0) sendto$inet(r0, &(0x7f00000003c0), 0x962be977, 0x0, 0x0, 0x184) [ 712.375660] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 01:47:19 executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0x12, 0x0, &(0x7f0000000280)="263afd030e981f000000106688a80eaa177a", 0x0}, 0x28) 01:47:19 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3b000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:19 executing program 5: r0 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x181002, 0x0) ioctl$TCSETS(r0, 0x40045431, 0x0) syz_open_pts(0xffffffffffffffff, 0x80000000006) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$RTC_VL_READ(r1, 0x80047013, &(0x7f0000000100)) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000400)={0x0, 0x0, 0x8}, 0x10) perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffff9c, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$TIPC_NL_MON_SET(r1, &(0x7f0000000540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20100}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)={0x1c, 0x0, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x8, 0x6, [@TIPC_NLA_NODE_UP={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x4000) getsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x3c, &(0x7f0000000140)=""/72, 0x0) ioctl$TIOCLINUX7(0xffffffffffffffff, 0x541c, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='\x00'/112], 0x1}}, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x8) [ 712.798183] syz-executor.0 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=3, oom_score_adj=0 01:47:19 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3c000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 712.880779] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 712.933493] CPU: 0 PID: 9315 Comm: syz-executor.0 Not tainted 4.19.35 #3 [ 712.940412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 712.949798] Call Trace: [ 712.952430] dump_stack+0x172/0x1f0 [ 712.956096] dump_header+0x15e/0x929 [ 712.959847] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 712.964998] ? ___ratelimit+0x60/0x595 [ 712.968909] ? do_raw_spin_unlock+0x57/0x270 [ 712.973373] oom_kill_process.cold+0x10/0x6f5 [ 712.977899] ? task_will_free_mem+0x139/0x6e0 [ 712.982418] ? find_held_lock+0x35/0x130 [ 712.986506] out_of_memory+0x936/0x12d0 [ 712.990506] ? lock_downgrade+0x810/0x810 [ 712.994672] ? oom_killer_disable+0x280/0x280 [ 712.999199] ? find_held_lock+0x35/0x130 [ 713.003290] mem_cgroup_out_of_memory+0x1d2/0x240 [ 713.008158] ? memcg_event_wake+0x230/0x230 [ 713.012507] ? do_raw_spin_unlock+0x57/0x270 [ 713.016935] ? _raw_spin_unlock+0x2d/0x50 [ 713.021103] try_charge+0x1028/0x15b0 [ 713.025008] ? find_held_lock+0x35/0x130 [ 713.029095] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 713.034041] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 713.038904] ? find_held_lock+0x35/0x130 [ 713.043070] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 713.047944] memcg_kmem_charge_memcg+0x7c/0x130 [ 713.052641] ? memcg_kmem_put_cache+0xb0/0xb0 [ 713.057161] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 713.062020] memcg_kmem_charge+0x136/0x300 [ 713.066280] __alloc_pages_nodemask+0x3c6/0x760 [ 713.071010] ? __alloc_pages_slowpath+0x2870/0x2870 [ 713.076055] ? lockdep_hardirqs_on+0x415/0x5d0 [ 713.080664] ? trace_hardirqs_on+0x67/0x230 [ 713.085005] ? kasan_check_read+0x11/0x20 [ 713.089177] copy_process.part.0+0x3e0/0x7970 [ 713.093699] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 713.098823] ? delayacct_end+0x5c/0x100 [ 713.102818] ? __delayacct_freepages_end+0xe0/0x140 [ 713.107850] ? __lock_acquire+0x6eb/0x48f0 [ 713.112115] ? __cleanup_sighand+0x70/0x70 [ 713.116397] ? mark_held_locks+0x100/0x100 [ 713.120664] _do_fork+0x257/0xfe0 [ 713.124142] ? fork_idle+0x1d0/0x1d0 [ 713.127878] ? blkcg_print_stat+0xb90/0xb90 [ 713.132265] ? kasan_check_read+0x11/0x20 [ 713.136436] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 713.141210] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 713.145985] ? do_syscall_64+0x26/0x610 [ 713.149976] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 713.155364] ? do_syscall_64+0x26/0x610 [ 713.159444] __x64_sys_clone+0xbf/0x150 [ 713.163437] do_syscall_64+0x103/0x610 [ 713.167357] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 713.172558] RIP: 0033:0x45b5f9 [ 713.175761] Code: ff 48 85 f6 0f 84 d7 8e fb ff 48 83 ee 10 48 89 4e 08 48 89 3e 48 89 d7 4c 89 c2 4d 89 c8 4c 8b 54 24 08 b8 38 00 00 00 0f 05 <48> 85 c0 0f 8c ae 8e fb ff 74 01 c3 31 ed 48 f7 c7 00 00 01 00 75 [ 713.194729] RSP: 002b:00007ffea86699e8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 713.202477] RAX: ffffffffffffffda RBX: 00007fcba7dd9700 RCX: 000000000045b5f9 [ 713.209762] RDX: 00007fcba7dd99d0 RSI: 00007fcba7dd8db0 RDI: 00000000003d0f00 [ 713.217039] RBP: 00007ffea8669bf0 R08: 00007fcba7dd9700 R09: 00007fcba7dd9700 [ 713.224581] R10: 00007fcba7dd99d0 R11: 0000000000000202 R12: 0000000000000000 [ 713.231860] R13: 00007ffea8669a9f R14: 00007fcba7dd99c0 R15: 000000000073bfac 01:47:19 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1c) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000200)=@assoc_id=0x0, &(0x7f0000000240)=0x4) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r2, 0x84, 0x7b, &(0x7f0000000280)={r3, 0x80}, 0x8) r4 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000080)=0x0) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r4, 0xc040564a, &(0x7f00000004c0)={0x8000, 0x0, 0x3017, 0x0, 0x90b, 0x8, 0x0, 0x1}) r6 = gettid() getsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000140), &(0x7f00000001c0)=0x4) ioctl$TIOCGSID(r2, 0x5429, &(0x7f0000000100)) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r2, 0x84, 0xf, &(0x7f00000003c0)={r3, @in6={{0xa, 0x4e22, 0x65bd22e, @remote, 0x20}}, 0x7b3381, 0x6, 0x9, 0x120000000000000, 0x9}, &(0x7f0000000340)=0x98) r7 = getpid() setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000480)=0x2, 0x4) getpgid(r7) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) kcmp$KCMP_EPOLL_TFD(r5, r6, 0x7, r4, &(0x7f0000000300)={0xffffffffffffffff, r4, 0x7f}) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$BLKROTATIONAL(r4, 0x127e, &(0x7f00000002c0)) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:47:19 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x43050000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 713.350534] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 713.360947] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. 01:47:20 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x800e0000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 713.441334] Task in /syz0 killed as a result of limit of /syz0 [ 713.452346] memory: usage 307196kB, limit 307200kB, failcnt 3924 [ 713.487792] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 713.697901] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 713.705234] Memory cgroup stats for /syz0: cache:32KB rss:196024KB rss_huge:147456KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:196220KB inactive_file:4KB active_file:0KB unevictable:8KB [ 713.747644] Memory cgroup out of memory: Kill process 9308 (syz-executor.0) score 124 or sacrifice child [ 713.760401] Killed process 9308 (syz-executor.0) total-vm:72848kB, anon-rss:2220kB, file-rss:35804kB, shmem-rss:0kB [ 713.813736] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 713.862240] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 713.867697] CPU: 1 PID: 9298 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 713.874537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 713.883889] Call Trace: [ 713.886491] dump_stack+0x172/0x1f0 [ 713.890133] dump_header+0x15e/0x929 [ 713.893856] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 713.898961] ? ___ratelimit+0x60/0x595 [ 713.902871] ? do_raw_spin_unlock+0x57/0x270 [ 713.907296] oom_kill_process.cold+0x10/0x6f5 [ 713.911823] ? task_will_free_mem+0x139/0x6e0 [ 713.916330] out_of_memory+0x936/0x12d0 [ 713.920314] ? oom_killer_disable+0x280/0x280 [ 713.924821] ? find_held_lock+0x35/0x130 [ 713.928906] mem_cgroup_out_of_memory+0x1d2/0x240 [ 713.933755] ? memcg_event_wake+0x230/0x230 [ 713.938091] ? do_raw_spin_unlock+0x57/0x270 [ 713.942510] ? _raw_spin_unlock+0x2d/0x50 [ 713.946667] try_charge+0x1028/0x15b0 [ 713.950470] ? find_held_lock+0x35/0x130 [ 713.954542] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 713.959394] ? kasan_check_read+0x11/0x20 [ 713.963555] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 713.968412] mem_cgroup_try_charge+0x24d/0x5e0 [ 713.973015] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 713.978056] wp_page_copy+0x430/0x16a0 [ 713.982046] ? follow_pfn+0x2a0/0x2a0 [ 713.985859] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 713.990967] ? kasan_check_read+0x11/0x20 [ 713.995129] ? do_raw_spin_unlock+0x57/0x270 [ 713.999638] do_wp_page+0x57d/0x10b0 [ 714.003371] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 714.008047] ? kasan_check_write+0x14/0x20 [ 714.012289] ? do_raw_spin_lock+0xc8/0x240 [ 714.016535] __handle_mm_fault+0x230a/0x3f80 [ 714.020959] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 714.025827] ? find_held_lock+0x35/0x130 [ 714.029894] ? handle_mm_fault+0x322/0xb30 [ 714.034161] ? kasan_check_read+0x11/0x20 [ 714.038317] handle_mm_fault+0x43f/0xb30 [ 714.042392] __do_page_fault+0x62a/0xe90 [ 714.046470] ? vmalloc_fault+0x770/0x770 [ 714.050536] ? trace_hardirqs_off_caller+0x65/0x220 [ 714.055561] ? trace_hardirqs_on_caller+0x6a/0x220 [ 714.060501] ? page_fault+0x8/0x30 [ 714.064057] do_page_fault+0x71/0x581 [ 714.067865] ? page_fault+0x8/0x30 [ 714.071416] page_fault+0x1e/0x30 [ 714.074877] RIP: 0033:0x40c0dc [ 714.078079] Code: 8d 99 20 03 00 00 48 39 d8 48 0f 43 d8 80 7c 24 36 00 48 8d 83 d0 07 00 00 48 0f 45 d8 83 3d 2e 3f 53 00 00 0f 8e 93 00 00 00 8f 5d ff ff 48 39 c3 72 34 bf e8 03 00 00 bd 00 bf 73 00 e8 bb [ 714.097021] RSP: 002b:00007ffc0bec01d0 EFLAGS: 00010202 [ 714.102391] RAX: 0000000000000000 RBX: 00000000000ae112 RCX: 0000000000486411 [ 714.110007] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 714.117265] RBP: 000000000073c900 R08: 00000000000addf2 R09: 00000000000addf2 [ 714.124525] R10: 00007ffc0bec0290 R11: 0000000000000000 R12: 0000000000000001 [ 714.131875] R13: 000000000073c900 R14: 00000000000ade67 R15: 000000000073bf0c [ 714.140615] Task in /syz4 killed as a result of limit of /syz4 [ 714.147015] memory: usage 307180kB, limit 307200kB, failcnt 2046 [ 714.153484] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 714.160433] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 714.167054] Memory cgroup stats for /syz4: cache:20KB rss:174944KB rss_huge:110592KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:174896KB inactive_file:0KB active_file:0KB unevictable:0KB [ 714.188819] Memory cgroup out of memory: Kill process 9159 (syz-executor.4) score 1113 or sacrifice child [ 714.199193] Killed process 9159 (syz-executor.4) total-vm:72452kB, anon-rss:2196kB, file-rss:35804kB, shmem-rss:0kB [ 714.218699] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 714.229978] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 714.235786] CPU: 1 PID: 9298 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 714.242634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 714.242640] Call Trace: [ 714.242663] dump_stack+0x172/0x1f0 [ 714.242684] dump_header+0x15e/0x929 [ 714.262020] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 714.267139] ? ___ratelimit+0x60/0x595 [ 714.267157] ? do_raw_spin_unlock+0x57/0x270 [ 714.275453] oom_kill_process.cold+0x10/0x6f5 [ 714.279963] ? task_will_free_mem+0x139/0x6e0 [ 714.284469] out_of_memory+0x936/0x12d0 [ 714.284489] ? lock_downgrade+0x810/0x810 [ 714.292587] ? oom_killer_disable+0x280/0x280 [ 714.292600] ? find_held_lock+0x35/0x130 [ 714.292625] mem_cgroup_out_of_memory+0x1d2/0x240 [ 714.292639] ? memcg_event_wake+0x230/0x230 [ 714.292655] ? do_raw_spin_unlock+0x57/0x270 [ 714.292673] ? _raw_spin_unlock+0x2d/0x50 [ 714.292690] try_charge+0x1028/0x15b0 [ 714.292711] ? find_held_lock+0x35/0x130 [ 714.292732] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 714.318951] ? kasan_check_read+0x11/0x20 [ 714.318972] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 714.331648] mem_cgroup_try_charge+0x24d/0x5e0 [ 714.331670] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 714.331687] wp_page_copy+0x430/0x16a0 [ 714.331707] ? follow_pfn+0x2a0/0x2a0 [ 714.331723] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 714.331739] ? kasan_check_read+0x11/0x20 [ 714.331753] ? do_raw_spin_unlock+0x57/0x270 [ 714.331769] do_wp_page+0x57d/0x10b0 [ 714.375299] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 714.379973] ? kasan_check_write+0x14/0x20 [ 714.384214] ? do_raw_spin_lock+0xc8/0x240 [ 714.388449] __handle_mm_fault+0x230a/0x3f80 [ 714.392864] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 714.397711] ? find_held_lock+0x35/0x130 [ 714.401881] ? handle_mm_fault+0x322/0xb30 [ 714.406132] ? kasan_check_read+0x11/0x20 [ 714.410286] handle_mm_fault+0x43f/0xb30 [ 714.414366] __do_page_fault+0x62a/0xe90 [ 714.418450] ? vmalloc_fault+0x770/0x770 [ 714.422515] ? trace_hardirqs_off_caller+0x65/0x220 [ 714.427619] ? trace_hardirqs_on_caller+0x6a/0x220 [ 714.432550] ? page_fault+0x8/0x30 [ 714.436115] do_page_fault+0x71/0x581 [ 714.439928] ? page_fault+0x8/0x30 [ 714.443473] page_fault+0x1e/0x30 [ 714.446940] RIP: 0033:0x40de50 [ 714.450126] Code: 89 f8 89 c6 81 e6 ff 1f 00 00 8b 14 b5 00 00 73 00 41 39 d0 74 23 85 d2 74 58 83 c0 01 41 39 c1 75 e0 48 89 f8 25 ff 1f 00 00 <89> 3c 85 00 00 73 00 83 c5 01 e8 11 38 ff ff 41 83 c7 01 45 39 7c [ 714.469032] RSP: 002b:00007ffc0bec0130 EFLAGS: 00010202 [ 714.477979] RAX: 000000000000195b RBX: 00000000ed67c8b8 RCX: 0000001b2d520000 [ 714.485689] RDX: 00000000cee0f95e RSI: 000000000000195e RDI: ffffffffdc03395b [ 714.493868] RBP: 0000000000000002 R08: 00000000dc03395b R09: 00000000dc03395f [ 714.501136] R10: 00007ffc0bec0290 R11: 0000000000000246 R12: 000000000073bf88 [ 714.508422] R13: 0000000080000000 R14: 00007f90ed559008 R15: 00000000000000b1 [ 714.526110] Task in /syz4 killed as a result of limit of /syz4 [ 714.535286] memory: usage 304892kB, limit 307200kB, failcnt 2058 [ 714.544799] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 714.554744] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 714.564004] Memory cgroup stats for /syz4: cache:20KB rss:172820KB rss_huge:108544KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:172748KB inactive_file:0KB active_file:0KB unevictable:0KB [ 714.591843] Memory cgroup out of memory: Kill process 2783 (syz-executor.4) score 1113 or sacrifice child [ 714.609591] Killed process 2783 (syz-executor.4) total-vm:72584kB, anon-rss:2204kB, file-rss:35788kB, shmem-rss:0kB [ 714.624011] oom_reaper: reaped process 2783 (syz-executor.4), now anon-rss:0kB, file-rss:34828kB, shmem-rss:0kB [ 714.638511] syz-executor.4 invoked oom-killer: gfp_mask=0x7080c0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), nodemask=(null), order=0, oom_score_adj=1000 [ 714.652159] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 714.657604] CPU: 0 PID: 9328 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 714.664561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 714.673915] Call Trace: [ 714.676517] dump_stack+0x172/0x1f0 [ 714.680158] dump_header+0x15e/0x929 [ 714.683899] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 714.689013] ? ___ratelimit+0x60/0x595 [ 714.692907] ? do_raw_spin_unlock+0x57/0x270 [ 714.697333] oom_kill_process.cold+0x10/0x6f5 [ 714.701843] ? task_will_free_mem+0x139/0x6e0 [ 714.706354] out_of_memory+0x936/0x12d0 [ 714.710342] ? oom_killer_disable+0x280/0x280 [ 714.714843] ? find_held_lock+0x35/0x130 [ 714.718931] mem_cgroup_out_of_memory+0x1d2/0x240 [ 714.723778] ? memcg_event_wake+0x230/0x230 [ 714.728097] ? do_raw_spin_unlock+0x57/0x270 [ 714.732501] ? _raw_spin_unlock+0x2d/0x50 [ 714.736654] try_charge+0xd25/0x15b0 [ 714.740364] ? find_held_lock+0x35/0x130 [ 714.744982] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 714.749823] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 714.754685] ? find_held_lock+0x35/0x130 [ 714.759206] ? get_mem_cgroup_from_mm+0x10b/0x2b0 [ 714.764066] memcg_kmem_charge_memcg+0x7c/0x130 [ 714.768727] ? memcg_kmem_put_cache+0xb0/0xb0 [ 714.773317] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 714.778163] memcg_kmem_charge+0x136/0x300 [ 714.782403] __alloc_pages_nodemask+0x3c6/0x760 [ 714.787079] ? __alloc_pages_slowpath+0x2870/0x2870 [ 714.792089] ? lockdep_hardirqs_on+0x415/0x5d0 [ 714.796679] ? __lock_acquire+0x6eb/0x48f0 [ 714.800911] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 714.806018] ? __sanitizer_cov_trace_const_cmp2+0x18/0x20 [ 714.811566] alloc_pages_current+0x107/0x210 [ 714.815971] pte_alloc_one+0x1b/0x1a0 [ 714.819766] __handle_mm_fault+0x3533/0x3f80 [ 714.824256] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 714.829215] ? find_held_lock+0x35/0x130 [ 714.833300] ? handle_mm_fault+0x322/0xb30 [ 714.837662] ? kasan_check_read+0x11/0x20 [ 714.841829] handle_mm_fault+0x43f/0xb30 [ 714.845914] __do_page_fault+0x62a/0xe90 [ 714.850004] ? vmalloc_fault+0x770/0x770 [ 714.854078] ? trace_hardirqs_off_caller+0x65/0x220 [ 714.859112] ? trace_hardirqs_on_caller+0x6a/0x220 [ 714.864060] ? page_fault+0x8/0x30 [ 714.867623] do_page_fault+0x71/0x581 [ 714.871440] ? page_fault+0x8/0x30 [ 714.874997] page_fault+0x1e/0x30 [ 714.878460] RIP: 0033:0x458c29 [ 714.881670] Code: Bad RIP value. [ 714.885039] RSP: 002b:00007f90eb557c78 EFLAGS: 00010246 [ 714.890411] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 0000000000458c29 [ 714.897794] RDX: 9999999999999999 RSI: 0000000000000000 RDI: 0000000000000000 [ 714.905076] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 714.912354] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f90eb5586d4 [ 714.919731] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 714.928081] Task in /syz4 killed as a result of limit of /syz4 [ 714.934236] memory: usage 302680kB, limit 307200kB, failcnt 2058 [ 714.940382] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 714.940395] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 714.953461] Memory cgroup stats for /syz4: cache:20KB rss:170652KB rss_huge:106496KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:170624KB inactive_file:0KB active_file:0KB unevictable:0KB [ 714.974781] Memory cgroup out of memory: Kill process 8793 (syz-executor.4) score 1113 or sacrifice child [ 714.979694] Killed process 8793 (syz-executor.4) total-vm:72452kB, anon-rss:2188kB, file-rss:35800kB, shmem-rss:0kB [ 715.009236] IPVS: ftp: loaded support on port[0] = 21 [ 715.047432] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 715.060302] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 715.066796] CPU: 0 PID: 9299 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 715.073647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 715.073654] Call Trace: [ 715.073679] dump_stack+0x172/0x1f0 [ 715.073701] dump_header+0x15e/0x929 [ 715.073719] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 715.073735] ? ___ratelimit+0x60/0x595 [ 715.073748] ? do_raw_spin_unlock+0x57/0x270 [ 715.073771] oom_kill_process.cold+0x10/0x6f5 [ 715.089344] ? mem_cgroup_get_max+0x6a/0x240 [ 715.098135] out_of_memory+0x936/0x12d0 [ 715.106415] ? oom_killer_disable+0x280/0x280 [ 715.115280] ? find_held_lock+0x35/0x130 [ 715.123721] mem_cgroup_out_of_memory+0x1d2/0x240 [ 715.123736] ? memcg_event_wake+0x230/0x230 [ 715.123755] ? do_raw_spin_unlock+0x57/0x270 [ 715.123775] ? _raw_spin_unlock+0x2d/0x50 [ 715.132651] try_charge+0xd25/0x15b0 [ 715.132669] ? find_held_lock+0x35/0x130 [ 715.132692] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 715.141536] ? kasan_check_read+0x11/0x20 [ 715.141558] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 715.141579] mem_cgroup_try_charge+0x24d/0x5e0 [ 715.149420] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 715.158294] wp_page_copy+0x430/0x16a0 [ 715.167260] ? follow_pfn+0x2a0/0x2a0 [ 715.176847] ? kasan_check_read+0x11/0x20 [ 715.184527] ? do_raw_spin_unlock+0x57/0x270 [ 715.193091] do_wp_page+0x57d/0x10b0 [ 715.193109] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 715.193124] ? kasan_check_write+0x14/0x20 [ 715.193148] ? do_raw_spin_lock+0xc8/0x240 [ 715.193167] __handle_mm_fault+0x230a/0x3f80 [ 715.201549] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 715.201566] ? find_held_lock+0x35/0x130 [ 715.201580] ? handle_mm_fault+0x322/0xb30 [ 715.201608] ? kasan_check_read+0x11/0x20 [ 715.210046] handle_mm_fault+0x43f/0xb30 [ 715.219273] __do_page_fault+0x62a/0xe90 [ 715.227553] ? blkcg_print_stat+0xb90/0xb90 [ 715.235740] ? vmalloc_fault+0x770/0x770 [ 715.244110] ? trace_hardirqs_off_caller+0x65/0x220 [ 715.244124] ? trace_hardirqs_on_caller+0x6a/0x220 [ 715.244149] ? page_fault+0x8/0x30 [ 715.244174] do_page_fault+0x71/0x581 [ 715.253216] ? page_fault+0x8/0x30 [ 715.253233] page_fault+0x1e/0x30 [ 715.253245] RIP: 0033:0x404bee [ 715.253264] Code: 48 8b 55 40 48 8b 75 38 48 8b 7d 30 ff 75 70 ff 75 68 ff 75 60 4c 8b 4d 58 4c 8b 45 50 ff d0 48 83 c4 20 48 89 c3 48 83 fb ff <48> 89 5d 78 41 8b 04 24 0f 85 d4 00 00 00 85 c0 0f 85 cc 00 00 00 [ 715.261698] RSP: 002b:00007f90eb557c90 EFLAGS: 00010213 [ 715.261711] RAX: 0000000000000000 RBX: 0000000000001b01 RCX: 0000000000458c29 [ 715.261720] RDX: 0000000000404ba6 RSI: 0000000000000000 RDI: 0000000000000000 [ 715.261729] RBP: 000000000073bf00 R08: ffffffffffffffff R09: 0000000000000000 [ 715.261737] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f90eb5586d4 [ 715.261749] R13: 00000000004befd3 R14: 00000000004d0020 R15: 00000000ffffffff [ 715.281309] Task in [ 715.308296] /syz4 [ 715.323223] killed as a result of limit of [ 715.347030] /syz4 [ 715.349672] memory: usage 300484kB, limit 307200kB, failcnt 2058 [ 715.357056] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 715.364510] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 715.371554] Memory cgroup stats for /syz4: cache:20KB rss:168484KB rss_huge:104448KB [ 715.371793] shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:168464KB inactive_file:0KB [ 715.380597] active_file:0KB unevictable:0KB [ 715.398267] Memory cgroup out of memory: Kill process 8805 (syz-executor.4) score 1113 or sacrifice child [ 715.410035] Killed process 8805 (syz-executor.4) total-vm:72452kB, anon-rss:2188kB, file-rss:35800kB, shmem-rss:0kB [ 715.436743] oom_reaper: reaped process 8805 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 715.451836] syz-executor.4 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=1000 [ 715.463859] syz-executor.4 cpuset=syz4 mems_allowed=0-1 [ 715.469596] CPU: 0 PID: 9304 Comm: syz-executor.4 Not tainted 4.19.35 #3 [ 715.476445] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 715.485799] Call Trace: [ 715.488400] dump_stack+0x172/0x1f0 [ 715.492041] dump_header+0x15e/0x929 [ 715.495882] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 715.501093] ? ___ratelimit+0x60/0x595 [ 715.504996] ? do_raw_spin_unlock+0x57/0x270 [ 715.509418] oom_kill_process.cold+0x10/0x6f5 [ 715.513922] ? task_will_free_mem+0x139/0x6e0 [ 715.518427] out_of_memory+0x936/0x12d0 [ 715.522420] ? oom_killer_disable+0x280/0x280 [ 715.526920] ? find_held_lock+0x35/0x130 [ 715.530997] mem_cgroup_out_of_memory+0x1d2/0x240 [ 715.535843] ? memcg_event_wake+0x230/0x230 [ 715.540171] ? do_raw_spin_unlock+0x57/0x270 [ 715.544595] ? _raw_spin_unlock+0x2d/0x50 [ 715.548785] try_charge+0xd25/0x15b0 [ 715.552502] ? find_held_lock+0x35/0x130 [ 715.556578] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 715.561517] ? kasan_check_read+0x11/0x20 [ 715.565677] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 715.570615] mem_cgroup_try_charge+0x24d/0x5e0 [ 715.575207] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 715.580145] wp_page_copy+0x430/0x16a0 [ 715.584045] ? follow_pfn+0x2a0/0x2a0 [ 715.587850] ? kasan_check_read+0x11/0x20 [ 715.594003] ? do_raw_spin_unlock+0x57/0x270 [ 715.598510] do_wp_page+0x57d/0x10b0 [ 715.602215] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 715.606873] ? kasan_check_write+0x14/0x20 [ 715.611109] ? do_raw_spin_lock+0xc8/0x240 [ 715.615347] __handle_mm_fault+0x230a/0x3f80 [ 715.619746] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 715.624594] ? find_held_lock+0x35/0x130 [ 715.628641] ? handle_mm_fault+0x322/0xb30 [ 715.632873] ? kasan_check_read+0x11/0x20 [ 715.637009] handle_mm_fault+0x43f/0xb30 [ 715.641062] __do_page_fault+0x62a/0xe90 [ 715.645229] ? vmalloc_fault+0x770/0x770 [ 715.649279] ? trace_hardirqs_off_caller+0x65/0x220 [ 715.654290] ? trace_hardirqs_on_caller+0x6a/0x220 [ 715.659204] ? page_fault+0x8/0x30 [ 715.662733] do_page_fault+0x71/0x581 [ 715.666525] ? page_fault+0x8/0x30 [ 715.670051] page_fault+0x1e/0x30 [ 715.673488] RIP: 0033:0x404bee [ 715.676668] Code: 48 8b 55 40 48 8b 75 38 48 8b 7d 30 ff 75 70 ff 75 68 ff 75 60 4c 8b 4d 58 4c 8b 45 50 ff d0 48 83 c4 20 48 89 c3 48 83 fb ff <48> 89 5d 78 41 8b 04 24 0f 85 d4 00 00 00 85 c0 0f 85 cc 00 00 00 [ 715.695557] RSP: 002b:00007f90eb557c90 EFLAGS: 00010217 [ 715.700907] RAX: 0000000000000000 RBX: 000000000000004c RCX: 0000000000458c29 [ 715.708192] RDX: 0000000000404ba6 RSI: 0000000020000000 RDI: 0000000000000003 [ 715.715653] RBP: 000000000073bf00 R08: 0000000000000000 R09: 0000000000000000 [ 715.722905] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f90eb5586d4 [ 715.730167] R13: 00000000004c5e62 R14: 00000000004da658 R15: 00000000ffffffff [ 715.742512] Task in /syz4 killed as a result of limit of /syz4 01:47:22 executing program 4: r0 = socket$inet(0x10, 0x2, 0x4) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000400)='/selinux/checkreqprot\x00', 0x40, 0x0) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x400000, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x7, 0x200) openat$cgroup_ro(r2, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r3, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:47:22 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) ioctl$TCSETAW(r1, 0x5407, &(0x7f0000000080)={0x80000001, 0x7, 0x1, 0x9, 0x17, 0x100, 0x3, 0xf37c, 0x7ff, 0x3}) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:47:22 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x80350000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:22 executing program 5: clone(0xacf96ad433ea2d72, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) 01:47:22 executing program 0: openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x3, &(0x7f0000001fd8)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x13, 0x5d}}, &(0x7f0000000000)='PL \x00L\xf7\xd1*\xf1\x1c\xe9%7\xb5\xe3\x19\x1ef\xde]N\xc1\x8eL-\xf0\x14\x84\xa8mw\x84/bIF\xea\xe3\x10yL\x8c\x96\xff\x14f#.%\x95\x119\xbd\xa5\xd2\x99\x0eR?\x8e\xc3\b\x0f\xfc\x12$\xd8\xdcL\x84\xa9\xc8\xe8\xab1Wh\x06qU#\xfat\x9e\x86\x15\xc6\x10I\xb8\xb1\xbej\xa7t\a\x02\xccZ\xdd', 0x5, 0x487, &(0x7f000000cf3d)=""/195}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0xe, 0x0, &(0x7f0000000380)="263abd030e981f000000106688a8", 0x0, 0x1200}, 0x28) [ 715.748551] memory: usage 298004kB, limit 307200kB, failcnt 2058 [ 715.754936] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 715.761898] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 715.768051] Memory cgroup stats for /syz4: cache:20KB rss:166328KB rss_huge:102400KB shmem:16KB mapped_file:0KB dirty:132KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:166312KB inactive_file:0KB active_file:0KB unevictable:0KB [ 715.789884] Memory cgroup out of memory: Kill process 8819 (syz-executor.4) score 1113 or sacrifice child [ 715.800319] Killed process 8819 (syz-executor.4) total-vm:72452kB, anon-rss:2188kB, file-rss:35800kB, shmem-rss:0kB [ 715.861249] oom_reaper: reaped process 8819 (syz-executor.4), now anon-rss:0kB, file-rss:34840kB, shmem-rss:0kB [ 716.496075] chnl_net:caif_netlink_parms(): no params data found [ 716.645325] bridge0: port 1(bridge_slave_0) entered blocking state [ 716.656099] bridge0: port 1(bridge_slave_0) entered disabled state [ 716.667069] device bridge_slave_0 entered promiscuous mode [ 716.794157] bridge0: port 2(bridge_slave_1) entered blocking state [ 716.803483] bridge0: port 2(bridge_slave_1) entered disabled state [ 716.823725] device bridge_slave_1 entered promiscuous mode [ 716.842774] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 716.860320] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 716.869389] device bridge_slave_1 left promiscuous mode [ 716.876261] bridge0: port 2(bridge_slave_1) entered disabled state [ 716.922101] device bridge_slave_0 left promiscuous mode [ 716.927647] bridge0: port 1(bridge_slave_0) entered disabled state [ 719.812994] device hsr_slave_1 left promiscuous mode [ 719.894335] device hsr_slave_0 left promiscuous mode [ 719.975881] team0 (unregistering): Port device team_slave_1 removed [ 719.987692] team0 (unregistering): Port device team_slave_0 removed [ 719.999352] bond0 (unregistering): Releasing backup interface bond_slave_1 [ 720.065148] bond0 (unregistering): Releasing backup interface bond_slave_0 [ 720.147495] bond0 (unregistering): Released all slaves [ 720.225411] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 720.232892] team0: Port device team_slave_0 added [ 720.238659] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 720.246222] team0: Port device team_slave_1 added [ 720.251953] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 720.259406] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 720.314071] device hsr_slave_0 entered promiscuous mode [ 720.381230] device hsr_slave_1 entered promiscuous mode [ 720.451688] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 720.458736] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 720.480343] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 720.516052] 8021q: adding VLAN 0 to HW filter on device bond0 [ 720.563263] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 720.578884] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 720.586366] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 720.599944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 720.610935] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 720.617048] 8021q: adding VLAN 0 to HW filter on device team0 [ 720.628536] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 720.636764] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 720.646106] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 720.655149] bridge0: port 1(bridge_slave_0) entered blocking state [ 720.661597] bridge0: port 1(bridge_slave_0) entered forwarding state [ 720.672299] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 720.682728] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 720.690134] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 720.698911] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 720.708004] bridge0: port 2(bridge_slave_1) entered blocking state [ 720.714429] bridge0: port 2(bridge_slave_1) entered forwarding state [ 720.723683] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 720.731790] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 720.743960] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 720.751239] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 720.765010] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 720.772614] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 720.782458] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 720.809284] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 720.817550] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 720.832224] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 720.839821] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 720.856964] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 720.866909] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 720.895378] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 720.916715] 8021q: adding VLAN 0 to HW filter on device batadv0 01:47:27 executing program 5: mkdir(&(0x7f0000000680)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000240)='tmpfs\x00', 0x0, 0x0) r0 = open(&(0x7f00000002c0)='./file0\x00', 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f00000000c0)="0adc1f123c123f319bd070") ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) fchdir(r0) symlink(&(0x7f0000001000)='./file0\x00', &(0x7f0000000080)='./file0\x00') 01:47:27 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="fe8000000000000000000000000000aa0000000032000000fe8000000000000000000000000000bb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000c7bcedf11b5eb26da199f2afab120f94b3027b36f7f9399b0863fe70c367b32fcaf84369062d7e6e336a131c7a5cf4f54e39825ffa10acc1ec3dd325f8d08d6ef3768fe1d149bbb6fb273a1ab0d0f101efdc582d23e1ba702b3d6c48aa1497297ce4553ccd78afd1fc11d09c3486d2f8b51db1ab6efdad3784df46333e956f2cbd7dbdf2c134523c3b2cd09fd2ba0e3b9192d84c97cd61e9790b0a1110dd0c7b38eddfca31422e320175be8f4cb6883e108a81a2639a8e382421a695d667df2d17abfa62b829bcc9a10c3f95025653fcb667ffc8575f509a26842ebe350f5301c644a8f066c5cd3a1ab073fadd5e3"], 0x1}}, 0x0) 01:47:27 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x81000000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:27 executing program 0: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000840)={0x2, 0x0, @local}, 0x10) r2 = openat$full(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/full\x00', 0x40200, 0x0) ioctl$PPPIOCSNPMODE(r2, 0x4008744b, &(0x7f0000000600)={0x2b, 0x2}) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'sy\x17\xe9\x96\x1b\x00\x00r1\x00\x00\x00\x00\r\x00', 0x1}) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000c25000/0x4000)=nil, 0x4000, 0x4, 0x40010, r0, 0x0) setsockopt$EBT_SO_SET_COUNTERS(r1, 0x0, 0x81, &(0x7f0000000880)={'broute\x00', 0x0, 0x0, 0x0, [], 0x3, &(0x7f0000000640)=[{}, {}], 0x0, [{}, {}, {}]}, 0xa8) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000002c0)={&(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000a00000/0x600000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000a5f000/0x4000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ec0000/0x1000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ce7000/0x2000)=nil, &(0x7f0000000140)="29d27ac698da01f2418607daa48790b406f33af041e5f85882fc4bcd52538edefc6c0f799b9b4323a488a54aab8dd86d08cb19ba75ffe0cb3bf98f4e165d78a3d97c57f79f685d312dbf39953a373d17d9030f38cf", 0x55, r3}, 0x68) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) getpriority(0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=ANY=[]}}, 0xfffffffffffffffc) ioctl$EVIOCSABS20(r2, 0x401845e0, &(0x7f0000000040)={0x3, 0x3, 0x4, 0x2, 0x100000000, 0x4}) rename(&(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)='./file0\x00') syz_mount_image$f2fs(&(0x7f0000000240)='f2fs\x00', &(0x7f0000000340)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f00000000c0)="1020f5f20100070009000000030000000c0000000900000001000000020000000000000000300000000000000e00000016000000020000000200000002000000020000000e000000000400000004000000080000000c00000010000000140000030000000100000002", 0x69, 0x1400}], 0x0, 0x0) 01:47:27 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(r3, 0x0, 0x484, 0x0, &(0x7f0000000540)) ioctl$IOC_PR_PREEMPT(r3, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TUNSETSTEERINGEBPF(r3, 0x800454e0, &(0x7f0000000080)=r2) ioctl$PPPOEIOCDFWD(r3, 0xb101, 0x0) r4 = getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x1, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, r4, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000140)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4') write$eventfd(r3, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:47:27 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) r1 = socket$key(0xf, 0x3, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000000c0)='veth1_to_team\x00', r2}, 0x10) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100038a584b59a0802000000"], 0x10}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) dup2(r3, r1) sendmmsg(r1, &(0x7f0000000180), 0x400000000000117, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) 01:47:27 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x86ddffff}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:27 executing program 3: socket$inet(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x1e) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) r1 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) getsockopt$IP_VS_SO_GET_DESTS(0xffffffffffffffff, 0x0, 0x484, 0x0, 0x0) ioctl$IOC_PR_PREEMPT(0xffffffffffffffff, 0x401870cb, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) epoll_create(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(0xffffffffffffffff, 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCGPHYS(r1, 0x80404507, &(0x7f00000001c0)=""/226) 01:47:27 executing program 5: r0 = socket(0xa, 0x2400000001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, &(0x7f0000034000)={0x0, {{0xa, 0x0, 0x0, @ipv4={[], [], @broadcast}}}}, 0x88) perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x10000000000030, &(0x7f0000034000)=""/144, &(0x7f0000e5f000)=0x90) 01:47:27 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") fcntl$setstatus(r0, 0x4, 0x21337628b0c9beda) setsockopt$inet_tcp_int(r0, 0x6, 0x2, &(0x7f0000000240)=0xfff, 0x4) sendto$inet(r0, 0x0, 0x0, 0x20000806, &(0x7f0000001180)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='sit0\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04', 0x10) sendto$inet(r0, &(0x7f00000003c0), 0x962be977, 0x0, 0x0, 0x184) [ 721.394574] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 01:47:28 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x88470000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:28 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xd, &(0x7f0000000200)=ANY=[@ANYBLOB="85000000130000005d0000000000000095000000000000004d60f386ece0635096f7aeb7bbe853c35032a85adf352e49c32e2d4551462c3a608cb47171df99d8c903acf78782cdef871127838078677c73a4a2bd8bf7b378f4bbc4dd5cc9d3f038b18d8a3903afc5fe58"], 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cgroup.controllers\x00', 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000100)={r0, 0x0, 0xe, 0x0, &(0x7f0000000380)="263abd030e981f000000106688a8", 0x0, 0x1200}, 0x28) [ 721.478479] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 721.491151] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 721.496945] CPU: 0 PID: 9403 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 721.503834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 721.513207] Call Trace: [ 721.515809] dump_stack+0x172/0x1f0 [ 721.519448] dump_header+0x15e/0x929 [ 721.523175] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 721.528283] ? ___ratelimit+0x60/0x595 [ 721.532176] ? do_raw_spin_unlock+0x57/0x270 [ 721.536595] oom_kill_process.cold+0x10/0x6f5 [ 721.541086] ? task_will_free_mem+0x139/0x6e0 [ 721.545583] out_of_memory+0x936/0x12d0 [ 721.549550] ? lock_downgrade+0x810/0x810 [ 721.553696] ? oom_killer_disable+0x280/0x280 [ 721.558180] ? find_held_lock+0x35/0x130 [ 721.562239] mem_cgroup_out_of_memory+0x1d2/0x240 [ 721.567080] ? memcg_event_wake+0x230/0x230 [ 721.571393] ? do_raw_spin_unlock+0x57/0x270 [ 721.575796] ? _raw_spin_unlock+0x2d/0x50 [ 721.580546] try_charge+0x1028/0x15b0 [ 721.584433] ? find_held_lock+0x35/0x130 [ 721.588498] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 721.595527] ? kasan_check_read+0x11/0x20 [ 721.599673] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 721.604509] mem_cgroup_try_charge+0x24d/0x5e0 [ 721.609096] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 721.614018] wp_page_copy+0x430/0x16a0 [ 721.617900] ? follow_pfn+0x2a0/0x2a0 [ 721.621780] ? kasan_check_read+0x11/0x20 [ 721.625931] ? do_raw_spin_unlock+0x57/0x270 [ 721.630327] do_wp_page+0x57d/0x10b0 [ 721.634037] ? lock_acquire+0x16f/0x3f0 [ 721.638000] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 721.642702] ? kasan_check_write+0x14/0x20 [ 721.646991] ? do_raw_spin_lock+0xc8/0x240 [ 721.651231] __handle_mm_fault+0x230a/0x3f80 [ 721.655631] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 721.660461] ? find_held_lock+0x35/0x130 [ 721.664510] ? handle_mm_fault+0x322/0xb30 [ 721.668742] ? kasan_check_read+0x11/0x20 [ 721.672883] handle_mm_fault+0x43f/0xb30 [ 721.676941] __do_page_fault+0x62a/0xe90 [ 721.681007] ? vmalloc_fault+0x770/0x770 [ 721.685067] ? trace_hardirqs_off_caller+0x65/0x220 [ 721.690080] ? trace_hardirqs_on_caller+0x6a/0x220 [ 721.695014] ? page_fault+0x8/0x30 [ 721.698552] do_page_fault+0x71/0x581 [ 721.702347] ? page_fault+0x8/0x30 [ 721.705877] page_fault+0x1e/0x30 [ 721.709326] RIP: 0033:0x40de98 [ 721.712775] Code: 8b 34 c6 4a 8d 04 2e 48 3d ff ff ff 7e 0f 86 77 ff ff ff bf 2c e2 4b 00 31 c0 e8 83 3a ff ff 31 ff e8 cc 36 ff ff 0f 1f 40 00 <89> 3c b5 00 00 73 00 eb b6 31 ed 0f 1f 44 00 00 80 3d ce 25 64 00 [ 721.731668] RSP: 002b:00007fffea33a1d0 EFLAGS: 00010246 [ 721.737021] RAX: 00000000cb970d14 RBX: 0000000037469d6d RCX: 0000001b30920000 [ 721.744281] RDX: 0000000000000000 RSI: 0000000000000d14 RDI: ffffffffcb970d14 [ 721.751536] RBP: 000000000000000a R08: 00000000cb970d14 R09: 00000000cb970d18 [ 721.758977] R10: 00007fffea33a360 R11: 0000000000000246 R12: 000000000073bf88 [ 721.766234] R13: 0000000080000000 R14: 00007f546a98d008 R15: 000000000000000a [ 721.782223] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 721.840958] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 721.841146] Task in /syz3 killed as a result of limit of /syz3 01:47:28 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x88480000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 721.881782] memory: usage 307156kB, limit 307200kB, failcnt 3386 [ 721.894023] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 721.901463] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 721.916656] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 01:47:28 executing program 0: r0 = socket$inet(0x2, 0x3, 0x1c) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) recvmsg(r1, &(0x7f0000000240)={0x0, 0x214, &(0x7f0000000180)=[{&(0x7f0000003ac0)=""/4096, 0x9400}], 0x1}, 0x102) write$binfmt_elf64(r1, &(0x7f0000002300)=ANY=[@ANYRES64], 0x10000054d) ioctl(r0, 0x1000008912, &(0x7f00000000c0)="0ad401003c123f319bd070") 01:47:28 executing program 1: mkdir(0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$9p(0xffffffffffffffff, &(0x7f00000014c0)="851fdb73158a0fae04a996bd27cac73bfb9e9997f0f809f81bc377afcc022b6c6ab2aab1edf11016f8cf33512da33ffe33724481eefc3550353e3374cc2e1a0689606c8f1a5618dad8e97869fd20cf6468cbfcde5b28872ec150fef2a4858b93babe33b719b27462203097ae959a6f984d6bedc5f2a9998978d86de8fb0c7a94f8a4df0a716ff4b5cd1bdcb52c3cf9256f00776e207838905b85ac3841ffde658194cac15df9a41ab407cb182514cb75b5b8294752e8f88612fdc3d09a8ea9414eb30135247593747101b41a76ab7960b09df2", 0xd3) r0 = socket$inet6(0xa, 0x0, 0x7e) syz_execute_func(&(0x7f0000000200)="f3e100def9575c8ac2c2c9734e424a2664f0ff0666450f380a15410000003808d22e47666450e94d00c9c9c4625dbae5feabc4aba39ddf4507e50c420fae9972b57111f30f2a56a9") creat(0x0, 0x0) setsockopt$inet6_MRT6_ADD_MFC_PROXY(0xffffffffffffffff, 0x29, 0xd2, 0x0, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x21, &(0x7f0000000000), 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000180)={0xa, 0x4e20}, 0x1c) splice(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x20141042, 0x1000000000000) r2 = getpgid(0x0) ioctl$sock_SIOCSPGRP(r1, 0x8902, &(0x7f0000000500)=r2) syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000300)={&(0x7f0000000040), 0xc, 0x0}, 0x801) ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x6) prctl$PR_GET_KEEPCAPS(0x7) sendfile(0xffffffffffffffff, r1, 0x0, 0x2008000fffffffe) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) ioctl(0xffffffffffffffff, 0x8916, 0x0) [ 721.925777] Memory cgroup stats for /syz3: cache:0KB rss:189084KB rss_huge:137216KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:0KB active_anon:189200KB inactive_file:8KB active_file:0KB unevictable:12KB [ 721.957683] Memory cgroup out of memory: Kill process 9239 (syz-executor.3) score 124 or sacrifice child 01:47:28 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x88640000}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) [ 722.011348] Killed process 9245 (syz-executor.3) total-vm:72452kB, anon-rss:2208kB, file-rss:34816kB, shmem-rss:0kB [ 722.056575] oom_reaper: reaped process 9245 (syz-executor.3), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 722.201771] syz-executor.0 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=3, oom_score_adj=0 [ 722.245834] syz-executor.0 cpuset=syz0 mems_allowed=0-1 [ 722.299319] CPU: 1 PID: 9443 Comm: syz-executor.0 Not tainted 4.19.35 #3 [ 722.306324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 722.315692] Call Trace: [ 722.318309] dump_stack+0x172/0x1f0 [ 722.321964] dump_header+0x15e/0x929 [ 722.325697] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 722.330803] ? ___ratelimit+0x60/0x595 [ 722.334695] ? do_raw_spin_unlock+0x57/0x270 [ 722.339125] oom_kill_process.cold+0x10/0x6f5 [ 722.343738] ? task_will_free_mem+0x139/0x6e0 [ 722.348340] out_of_memory+0x936/0x12d0 [ 722.352335] ? lock_downgrade+0x810/0x810 [ 722.356557] ? oom_killer_disable+0x280/0x280 [ 722.361055] ? find_held_lock+0x35/0x130 [ 722.365145] mem_cgroup_out_of_memory+0x1d2/0x240 [ 722.370008] ? memcg_event_wake+0x230/0x230 [ 722.375135] ? do_raw_spin_unlock+0x57/0x270 [ 722.379567] ? _raw_spin_unlock+0x2d/0x50 [ 722.383738] try_charge+0x1028/0x15b0 [ 722.387569] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 722.392443] ? mark_held_locks+0xb1/0x100 [ 722.396609] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 722.402160] ? mem_cgroup_charge_skmem+0x11a/0x280 [ 722.407114] ? __sk_mem_raise_allocated+0x557/0x1390 [ 722.412221] ? mem_cgroup_charge_skmem+0x11a/0x280 [ 722.417171] ? lockdep_hardirqs_on+0x415/0x5d0 [ 722.421770] ? trace_hardirqs_on+0x67/0x230 [ 722.426109] mem_cgroup_charge_skmem+0x12f/0x280 [ 722.430890] ? mem_cgroup_sk_free+0x90/0x90 [ 722.435319] ? __sanitizer_cov_trace_cmp8+0x18/0x20 [ 722.440359] ? iov_iter_advance+0x261/0xe30 [ 722.444704] __sk_mem_raise_allocated+0x557/0x1390 [ 722.449735] ? alloc_pages_current+0x10f/0x210 [ 722.454343] __sk_mem_schedule+0x6d/0xe0 [ 722.458427] ? __sanitizer_cov_trace_const_cmp1+0x1a/0x20 [ 722.464030] tcp_sendmsg_locked+0x1a5f/0x3560 [ 722.468791] ? tcp_sendpage+0x60/0x60 [ 722.475402] ? trace_hardirqs_on+0x67/0x230 [ 722.484780] ? lock_sock_nested+0x9a/0x120 [ 722.489416] ? __local_bh_enable_ip+0x15a/0x270 [ 722.494203] tcp_sendmsg+0x30/0x50 [ 722.497768] inet_sendmsg+0x147/0x5d0 [ 722.501595] ? ipip_gro_receive+0x100/0x100 [ 722.505937] sock_sendmsg+0xdd/0x130 [ 722.509675] sock_write_iter+0x27c/0x3e0 [ 722.513789] ? sock_sendmsg+0x130/0x130 [ 722.517790] ? __sanitizer_cov_trace_const_cmp8+0x18/0x20 [ 722.523363] ? iov_iter_init+0xc6/0x1f0 [ 722.527455] __vfs_write+0x58e/0x820 [ 722.531206] ? kernel_read+0x120/0x120 [ 722.535131] ? selinux_file_permission+0x92/0x550 [ 722.540009] ? security_file_permission+0x8f/0x230 [ 722.544968] ? rw_verify_area+0x118/0x360 [ 722.549144] vfs_write+0x20c/0x560 [ 722.552711] ksys_write+0xea/0x1f0 [ 722.556467] ? __ia32_sys_read+0xb0/0xb0 [ 722.572302] ? do_syscall_64+0x26/0x610 [ 722.576316] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 722.581727] ? do_syscall_64+0x26/0x610 [ 722.585753] __x64_sys_write+0x73/0xb0 [ 722.589680] do_syscall_64+0x103/0x610 [ 722.593610] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 722.598821] RIP: 0033:0x458c29 [ 722.602038] Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 722.621399] RSP: 002b:00007fcba7dd8c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 722.629147] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000458c29 [ 722.636446] RDX: 000000010000054d RSI: 0000000020002300 RDI: 0000000000000004 [ 722.643749] RBP: 000000000073bfa0 R08: 0000000000000000 R09: 0000000000000000 01:47:29 executing program 4: r0 = socket$inet(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x1e) ioctl(r1, 0x1000008912, &(0x7f00000000c0)) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) syz_open_dev$video(0x0, 0x3, 0x0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x3, &(0x7f0000000100)=[{0x800, 0x2, 0x1, 0x6}, {0x2, 0xfffffffffffffff8, 0x3, 0x9}, {0xbf58, 0x9, 0xffffffffffffffff, 0x968}]}, 0x10) r2 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) setsockopt$inet_tcp_TLS_TX(r2, 0x6, 0x1, &(0x7f0000000080), 0x4) getsockopt$IP_VS_SO_GET_DESTS(r2, 0x0, 0x484, 0x0, &(0x7f0000000540)=0xffffffffffffff18) ioctl$IOC_PR_PREEMPT(r2, 0x401870cb, &(0x7f00000001c0)={0x1f, 0x0, 0xfffffffffffffffb, 0x3}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpgid(0x0) clone(0x802102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={0x0}, 0x200000000, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)='nfs\x00\xef\xf1a\x17\x12\x9e\xd0Y\x8a\xa8\xd4', 0x0, &(0x7f0000000000)) write$eventfd(r2, &(0x7f0000000340)=0x80000000, 0x8) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000240)="4c0000001200ff09fffefd956fa283b724a6008000000000000000683540150024001d001fc41180b598bc593ab6821148a730de33a49868c62b2ca654a6613b6aabf35d0f1cbc882b079881", 0x4c}], 0x1}, 0x0) 01:47:29 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x88a8ffff}, [], {@ipv6={0x86dd, {0x0, 0x6, "d8652b", 0x14, 0x2b, 0x0, @local={0xfe, 0x80, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd]}, @local, {[], @tcp={{0x0, 0x80040200, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 01:47:29 executing program 1: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) fchdir(r0) mkdir(&(0x7f0000000740)='./file0\x00', 0x0) stat(&(0x7f0000000300)='./file0\x00', 0x0) [ 722.651037] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fcba7dd96d4 [ 722.657546] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 722.658312] R13: 00000000004c8636 R14: 00000000004ded80 R15: 00000000ffffffff [ 722.801315] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 722.813638] Task in /syz0 killed as a result of limit of /syz0 [ 722.819795] memory: usage 307240kB, limit 307200kB, failcnt 3959 [ 722.841121] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 722.849630] netlink: 'syz-executor.4': attribute type 29 has an invalid length. [ 722.857704] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 722.868349] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 722.877738] Memory cgroup stats for /syz0: cache:32KB rss:196068KB rss_huge:147456KB shmem:0KB mapped_file:0KB dirty:0KB writeback:0KB swap:0KB inactive_anon:8KB active_anon:196092KB inactive_file:0KB active_file:0KB unevictable:8KB [ 722.931382] Memory cgroup out of memory: Kill process 8831 (syz-executor.0) score 120 or sacrifice child [ 722.953027] Killed process 8831 (syz-executor.0) total-vm:72716kB, anon-rss:2212kB, file-rss:34816kB, shmem-rss:0kB [ 722.995978] oom_reaper: reaped process 8831 (syz-executor.0), now anon-rss:0kB, file-rss:34688kB, shmem-rss:0kB [ 723.025050] syz-executor.3 invoked oom-killer: gfp_mask=0x6000c0(GFP_KERNEL), nodemask=(null), order=0, oom_score_adj=0 [ 723.042129] syz-executor.3 cpuset=syz3 mems_allowed=0-1 [ 723.047957] CPU: 1 PID: 9403 Comm: syz-executor.3 Not tainted 4.19.35 #3 [ 723.054810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 723.064185] Call Trace: [ 723.066777] dump_stack+0x172/0x1f0 [ 723.070400] dump_header+0x15e/0x929 [ 723.074106] ? _raw_spin_unlock_irqrestore+0xa4/0xe0 [ 723.079197] ? ___ratelimit+0x60/0x595 [ 723.083083] ? do_raw_spin_unlock+0x57/0x270 [ 723.087482] oom_kill_process.cold+0x10/0x6f5 [ 723.091969] ? task_will_free_mem+0x139/0x6e0 [ 723.096468] out_of_memory+0x936/0x12d0 [ 723.100449] ? lock_downgrade+0x810/0x810 [ 723.104587] ? oom_killer_disable+0x280/0x280 [ 723.109069] ? find_held_lock+0x35/0x130 [ 723.113129] mem_cgroup_out_of_memory+0x1d2/0x240 [ 723.117958] ? memcg_event_wake+0x230/0x230 [ 723.122275] ? do_raw_spin_unlock+0x57/0x270 [ 723.126677] ? _raw_spin_unlock+0x2d/0x50 [ 723.130819] try_charge+0x1028/0x15b0 [ 723.134607] ? find_held_lock+0x35/0x130 [ 723.138662] ? mem_cgroup_oom_trylock+0x1a0/0x1a0 [ 723.143517] ? kasan_check_read+0x11/0x20 [ 723.147659] ? get_mem_cgroup_from_mm+0x128/0x2b0 [ 723.152504] mem_cgroup_try_charge+0x24d/0x5e0 [ 723.157086] mem_cgroup_try_charge_delay+0x1f/0xa0 [ 723.162004] wp_page_copy+0x430/0x16a0 [ 723.165898] ? follow_pfn+0x2a0/0x2a0 [ 723.169688] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 723.174780] ? kasan_check_read+0x11/0x20 [ 723.178918] ? do_raw_spin_unlock+0x57/0x270 [ 723.183324] do_wp_page+0x57d/0x10b0 [ 723.187030] ? finish_mkwrite_fault+0x4f0/0x4f0 [ 723.191692] ? kasan_check_write+0x14/0x20 [ 723.195918] ? do_raw_spin_lock+0xc8/0x240 [ 723.200159] __handle_mm_fault+0x230a/0x3f80 [ 723.204564] ? vmf_insert_mixed_mkwrite+0x90/0x90 [ 723.209394] ? find_held_lock+0x35/0x130 [ 723.213451] ? handle_mm_fault+0x322/0xb30 [ 723.217685] ? kasan_check_read+0x11/0x20 [ 723.221836] handle_mm_fault+0x43f/0xb30 [ 723.225890] __do_page_fault+0x62a/0xe90 [ 723.229954] ? vmalloc_fault+0x770/0x770 [ 723.234006] ? trace_hardirqs_off_caller+0x65/0x220 [ 723.239008] ? trace_hardirqs_on_caller+0x6a/0x220 [ 723.243930] ? page_fault+0x8/0x30 [ 723.247467] do_page_fault+0x71/0x581 [ 723.251258] ? page_fault+0x8/0x30 [ 723.254789] page_fault+0x1e/0x30 [ 723.258231] RIP: 0033:0x40e3d0 [ 723.261423] Code: 83 c3 01 e8 c2 32 ff ff 39 dd 77 ee 48 8b 44 24 08 89 28 48 83 c4 18 5b 5d 41 5c 41 5d 41 5e 41 5f c3 0f 1f 84 00 00 00 00 00 <89> 3c b5 00 00 73 00 eb 8f 89 eb 48 c1 e3 02 49 8d 6c 1d 00 49 39 [ 723.280502] RSP: 002b:00007fffea33a1e0 EFLAGS: 00010246 [ 723.285859] RAX: 00000000a48129a0 RBX: 0000000070f499d3 RCX: 0000001b30920000 [ 723.293125] RDX: 0000000000000000 RSI: 00000000000009a0 RDI: 00000000a481299d [ 723.300381] RBP: 0000000000000013 R08: 00000000a48129a1 R09: 00000000000b0187 [ 723.307645] R10: 00007fffea33a360 R11: 0000000000000246 R12: 000000000073bf88 [ 723.314914] R13: 00007f546a98d004 R14: 00007f546a98d000 R15: 0000000000000740 [ 723.330309] Task in /syz3 killed as a result of limit of /syz3 [ 723.333723] WARNING: CPU: 0 PID: 2289 at net/ipv6/xfrm6_tunnel.c:351 xfrm6_tunnel_net_exit+0x1df/0x370 [ 723.336908] memory: usage 307136kB, limit 307200kB, failcnt 3429 [ 723.345811] Kernel panic - not syncing: panic_on_warn set ... [ 723.345811] [ 723.345828] CPU: 0 PID: 2289 Comm: kworker/u4:4 Not tainted 4.19.35 #3 [ 723.345834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 723.345858] Workqueue: netns cleanup_net [ 723.345867] Call Trace: [ 723.345885] dump_stack+0x172/0x1f0 [ 723.345906] panic+0x263/0x51d [ 723.345919] ? __warn_printk+0xf3/0xf3 [ 723.345941] ? xfrm6_tunnel_net_exit+0x1df/0x370 [ 723.345957] ? __sanitizer_cov_trace_const_cmp4+0x16/0x20 [ 723.345970] ? __warn.cold+0x5/0x54 [ 723.345981] ? __warn+0xe8/0x1d0 [ 723.346000] ? xfrm6_tunnel_net_exit+0x1df/0x370 [ 723.357247] memory+swap: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 723.359510] __warn.cold+0x20/0x54 [ 723.359525] ? kasan_check_read+0x11/0x20 [ 723.359543] ? xfrm6_tunnel_net_exit+0x1df/0x370 [ 723.366539] kmem: usage 0kB, limit 9007199254740988kB, failcnt 0 [ 723.375561] report_bug+0x263/0x2b0 [ 723.375656] do_error_trap+0x204/0x360 [ 723.375671] ? math_error+0x340/0x340 [ 723.375689] ? __flush_work+0x48c/0x840 [ 723.384883] Memory cgroup stats for [ 723.385948] ? error_entry+0x76/0xd0 [ 723.385972] ? trace_hardirqs_off_caller+0x65/0x220 [ 723.389307] /syz3 [ 723.393016] ? flush_workqueue_prep_pwqs+0x590/0x590 [ 723.398850] : [ 723.403296] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 723.403316] do_invalid_op+0x1b/0x20 [ 723.403333] invalid_op+0x14/0x20 [ 723.403352] RIP: 0010:xfrm6_tunnel_net_exit+0x1df/0x370 [ 723.403368] Code: 4c 89 e0 48 c1 e8 03 42 80 3c 38 00 0f 85 73 01 00 00 4d 8b 34 24 31 ff 4c 89 f6 e8 3b b3 61 fb 4d 85 f6 74 b3 e8 91 b1 61 fb <0f> 0b eb aa 48 81 c3 00 08 00 00 45 31 e4 49 be 00 00 00 00 00 fc [ 723.403375] RSP: 0018:ffff8880a1ee7be0 EFLAGS: 00010293 [ 723.403386] RAX: ffff8880a1ed2700 RBX: ffff8880913c5c00 RCX: ffffffff86098375 [ 723.403393] RDX: 0000000000000000 RSI: ffffffff8609837f RDI: 0000000000000007 [ 723.403405] RBP: ffff8880a1ee7c08 R08: ffff8880a1ed2700 R09: ffff8880a1ed2ff0 [ 723.411001] cache:0KB [ 723.415120] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880913c5ff8 [ 723.415129] R13: 000000000000007f R14: ffff8880a8dac780 R15: dffffc0000000000 [ 723.415162] ? xfrm6_tunnel_net_exit+0x1d5/0x370 [ 723.426449] rss:189216KB [ 723.429699] ? xfrm6_tunnel_net_exit+0x1df/0x370 [ 723.429721] ? xfrm6_tunnel_alloc_spi+0x920/0x920 [ 723.434788] rss_huge:137216KB [ 723.440604] ops_exit_list.isra.0+0xb0/0x160 [ 723.440623] cleanup_net+0x3fb/0x960 [ 723.449438] shmem:0KB [ 723.451899] ? unregister_pernet_device+0x80/0x80 [ 723.451915] ? __lock_is_held+0xb6/0x140 [ 723.451940] process_one_work+0x98e/0x1760 [ 723.451961] ? pwq_dec_nr_in_flight+0x320/0x320 [ 723.456141] mapped_file:0KB [ 723.459640] ? lock_acquire+0x16f/0x3f0 [ 723.459660] ? kasan_check_write+0x14/0x20 [ 723.459675] ? do_raw_spin_lock+0xc8/0x240 [ 723.468551] dirty:0KB [ 723.468583] worker_thread+0x98/0xe40 [ 723.470891] writeback:0KB [ 723.475742] kthread+0x357/0x430 [ 723.475757] ? process_one_work+0x1760/0x1760 [ 723.477594] swap:0KB [ 723.482287] ? kthread_delayed_work_timer_fn+0x290/0x290 [ 723.482306] ret_from_fork+0x3a/0x50 [ 723.487626] Kernel Offset: disabled [ 723.655866] Rebooting in 86400 seconds..